[heap] Make LiveObjectIterator concurrency safe

LiveObjectIterator sometimes runs concurrently to the main thread. In this scenarios we are not allowed to access memory of live objects in non-atomic ways. Use synchronized reads where needed. Correctness (already ok in current state): - Reading a larger size is fine per definition. - Reading a smaller size is fine since are guaranteed that one word fillers will follow. BUG=v8:5583 R=ulan@chromium.org,hpayer@chromium.org Review-Url: https://codereview.chromium.org/2477823003 Cr-Commit-Position: refs/heads/master@{#40798}

[heap] Make LiveObjectIterator concurrency safe
LiveObjectIterator sometimes runs concurrently to the main thread. In this scenarios we are not allowed to access memory of live objects in non-atomic ways. Use synchronized reads where needed. Correctness (already ok in current state): - Reading a larger size is fine per definition. - Reading a smaller size is fine since are guaranteed that one word fillers will follow. BUG=v8:5583 R=ulan@chromium.org,hpayer@chromium.org Review-Url: https://codereview.chromium.org/2477823003 Cr-Commit-Position: refs/heads/master@{#40798}
142d4f97 · mlippautz · Commit bot · 072ea0c8 · 142d4f97 · 142d4f97
Commit 142d4f97 authored Nov 07, 2016 by mlippautz Committed by Commit bot Nov 07, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 4 deletions

mark-compact-inl.h src/heap/mark-compact-inl.h +6 -4

mark-compact.h src/heap/mark-compact.h +2 -0

No files found.
--- a/src/heap/mark-compact-inl.h
+++ b/src/heap/mark-compact-inl.h
@@ -163,12 +163,14 @@ HeapObject* LiveObjectIterator<T>::Next() {
        current_cell_ = *it_.CurrentCell();
      }

+      Map* map = nullptr;
      if (current_cell_ & second_bit_index) {
        // We found a black object. If the black object is within a black area,
        // make sure that we skip all set bits in the black area until the
        // object ends.
        HeapObject* black_object = HeapObject::FromAddress(addr);
-        Address end = addr + black_object->Size() - kPointerSize;
+        map = base::NoBarrierAtomicValue<Map*>::FromAddress(addr)->Value();
+        Address end = addr + black_object->SizeFromMap(map) - kPointerSize;
        // One word filler objects do not borrow the second mark bit. We have
        // to jump over the advancing and clearing part.
        // Note that we know that we are at a one word filler when
@@ -198,9 +200,9 @@ HeapObject* LiveObjectIterator<T>::Next() {

      // We found a live object.
      if (object != nullptr) {
-        if (object->IsFiller()) {
-          // Black areas together with slack tracking may result in black filler
-          // objects. We filter these objects out in the iterator.
+        if (map != nullptr && map == heap()->one_pointer_filler_map()) {
+          // Black areas together with slack tracking may result in black one
+          // word filler objects. We filter these objects out in the iterator.
          object = nullptr;
        } else {
          break;

--- a/src/heap/mark-compact.h
+++ b/src/heap/mark-compact.h
@@ -321,6 +321,8 @@ class LiveObjectIterator BASE_EMBEDDED {
  HeapObject* Next();

 private:
+  inline Heap* heap() { return chunk_->heap(); }
+
  MemoryChunk* chunk_;
  MarkBitCellIterator it_;
  Address cell_base_;