[heap] Initialize the write_unprotect_counter_ of new code pages with the...

[heap] Initialize the write_unprotect_counter_ of new code pages with the number of open CodeSpaceMemoryModificationScopes.

Bug: chromium:774108,v8:6792
Change-Id: Ib5306075aeff61160762c685c343970ceb32b66a
Reviewed-on: https://chromium-review.googlesource.com/779201Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49521}

src/heap/heap-inl.h

@@ -600,6 +600,7 @@ AlwaysAllocateScope::~AlwaysAllocateScope() {
 CodeSpaceMemoryModificationScope::CodeSpaceMemoryModificationScope(Heap* heap)
     : heap_(heap) {
   if (FLAG_write_protect_code_memory) {
+    heap_->increment_code_space_memory_modification_scope_depth();
     heap_->code_space()->SetReadAndWritable();
     LargePage* page = heap_->lo_space()->first_page();
     while (page != nullptr) {
@@ -613,6 +614,7 @@ CodeSpaceMemoryModificationScope::CodeSpaceMemoryModificationScope(Heap* heap)
 
 CodeSpaceMemoryModificationScope::~CodeSpaceMemoryModificationScope() {
   if (FLAG_write_protect_code_memory) {
+    heap_->decrement_code_space_memory_modification_scope_depth();
     heap_->code_space()->SetReadAndExecutable();
     LargePage* page = heap_->lo_space()->first_page();
     while (page != nullptr) {

src/heap/heap.cc

@@ -165,6 +165,7 @@ Heap::Heap()
       code_space_(nullptr),
       map_space_(nullptr),
       lo_space_(nullptr),
+      code_space_memory_modification_scope_depth_(0),
       gc_state_(NOT_IN_GC),
       gc_post_processing_depth_(0),
       allocations_count_(0),

src/heap/heap.h

@@ -808,6 +808,18 @@ class Heap {
   // Print short heap statistics.
   void PrintShortHeapStatistics();
 
+  uintptr_t code_space_memory_modification_scope_depth() {
+    return code_space_memory_modification_scope_depth_;
+  }
+
+  void increment_code_space_memory_modification_scope_depth() {
+    code_space_memory_modification_scope_depth_++;
+  }
+
+  void decrement_code_space_memory_modification_scope_depth() {
+    code_space_memory_modification_scope_depth_--;
+  }
+
   inline HeapState gc_state() { return gc_state_; }
   void SetGCState(HeapState state);
 
@@ -2316,6 +2328,10 @@ class Heap {
   LargeObjectSpace* lo_space_;
   // Map from the space id to the space.
   Space* space_[LAST_SPACE + 1];
+
+  // Holds the number of open CodeSpaceMemoryModificationScopes.
+  uintptr_t code_space_memory_modification_scope_depth_;
+
   HeapState gc_state_;
   int gc_post_processing_depth_;
 

src/heap/spaces.cc

@@ -624,7 +624,8 @@ MemoryChunk* MemoryChunk::Initialize(Heap* heap, Address base, size_t size,
   if (executable == EXECUTABLE) {
     chunk->SetFlag(IS_EXECUTABLE);
     if (FLAG_write_protect_code_memory) {
-      chunk->write_unprotect_counter_ = 1;
+      chunk->write_unprotect_counter_ =
+          heap->code_space_memory_modification_scope_depth();
     } else {
       size_t page_size = MemoryAllocator::GetCommitPageSize();
       DCHECK(IsAddressAligned(area_start, page_size));

src/heap/spaces.h

@@ -700,9 +700,10 @@ class MemoryChunk {
   // If Value() >= 1 => The Memory is read and writable (and maybe executable).
   // The maximum value can right now only be 3.
   // All executable MemoryChunks are allocated rw based on the assumption that
-  // they will be used immediatelly for an allocation. Hence they are
-  // initialized with 1. The caller that triggers the page allocation is
-  // responsible to make the MemoryChunk rx.
+  // they will be used immediatelly for an allocation. They are initialized
+  // with the number of open CodeSpaceMemoryModificationScopes. The caller
+  // that triggers the page allocation is responsible for decrementing the
+  // counter.
   uintptr_t write_unprotect_counter_;
 
   // Byte allocated on the page, which includes all objects on the page