Reland r24737 "Read object pointer atomically while updating slots"

Crashes were fixed by r24914. BUG=chromium:427746 LOG=N Review URL: https://codereview.chromium.org/726543003 Cr-Commit-Position: refs/heads/master@{#25330}

Reland r24737 "Read object pointer atomically while updating slots"
Crashes were fixed by r24914. BUG=chromium:427746 LOG=N Review URL: https://codereview.chromium.org/726543003 Cr-Commit-Position: refs/heads/master@{#25330}
116a47f8 · ulan · Commit bot · 219b974f · 116a47f8
Commit 116a47f8 authored Nov 13, 2014 by ulan Committed by Commit bot Nov 13, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 2 deletions

mark-compact.cc src/heap/mark-compact.cc +6 -2

No files found.
--- a/src/heap/mark-compact.cc
+++ b/src/heap/mark-compact.cc
@@ -2882,7 +2882,8 @@ class PointersUpdatingVisitor : public ObjectVisitor {
  }

  static inline void UpdateSlot(Heap* heap, Object** slot) {
-    Object* obj = *slot;
+    Object* obj = reinterpret_cast<Object*>(
+        base::NoBarrier_Load(reinterpret_cast<base::AtomicWord*>(slot)));

    if (!obj->IsHeapObject()) return;

@@ -2893,7 +2894,10 @@ class PointersUpdatingVisitor : public ObjectVisitor {
      DCHECK(heap->InFromSpace(heap_obj) ||
             MarkCompactCollector::IsOnEvacuationCandidate(heap_obj));
      HeapObject* target = map_word.ToForwardingAddress();
-      *slot = target;
+      base::NoBarrier_CompareAndSwap(
+          reinterpret_cast<base::AtomicWord*>(slot),
+          reinterpret_cast<base::AtomicWord>(obj),
+          reinterpret_cast<base::AtomicWord>(target));
      DCHECK(!heap->InFromSpace(target) &&
             !MarkCompactCollector::IsOnEvacuationCandidate(target));
    }