Commit 20f870c7 authored by Michael Lippautz's avatar Michael Lippautz Committed by Commit Bot

[heap] Scavenger: Fix benign race with forwarding pointer load

NOTRY=true

Bug: chromium:738865
Change-Id: I8e3ac86bf6f0b3356398053b157ec03217e78a08
Reviewed-on: https://chromium-review.googlesource.com/589129Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46928}
parent 80f6c19f
...@@ -230,8 +230,8 @@ void Scavenger::EvacuateObject(HeapObject** slot, Map* map, ...@@ -230,8 +230,8 @@ void Scavenger::EvacuateObject(HeapObject** slot, Map* map,
void Scavenger::ScavengeObject(HeapObject** p, HeapObject* object) { void Scavenger::ScavengeObject(HeapObject** p, HeapObject* object) {
DCHECK(heap()->InFromSpace(object)); DCHECK(heap()->InFromSpace(object));
// Relaxed load here. We either load a forwarding pointer or the map. // Synchronized load that consumes the publishing CAS of MigrateObject.
MapWord first_word = object->map_word(); MapWord first_word = object->synchronized_map_word();
// If the first word is a forwarding address, the object has already been // If the first word is a forwarding address, the object has already been
// copied. // copied.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment