[heap] Fix visiting of FixedDoubleArray in concurrent marker.

FixedDoubleArray can be left-trimmed and should be treated similar to FixedArray in concurrent marker. Bug: v8:7595 Change-Id: I4046209b66d7ed8e649355f62296607234146793 Reviewed-on: https://chromium-review.googlesource.com/980874 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#52232}

[heap] Fix visiting of FixedDoubleArray in concurrent marker.
FixedDoubleArray can be left-trimmed and should be treated similar to FixedArray in concurrent marker. Bug: v8:7595 Change-Id: I4046209b66d7ed8e649355f62296607234146793 Reviewed-on: https://chromium-review.googlesource.com/980874 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#52232}
4e87d08c · Ulan Degenbaev · Commit Bot · 1983f305 · 4e87d08c · 4e87d08c
Commit 4e87d08c authored Mar 26, 2018 by Ulan Degenbaev Committed by Commit Bot Mar 26, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 13 deletions

concurrent-marking.cc src/heap/concurrent-marking.cc +20 -11

heap.cc src/heap/heap.cc +3 -2

No files found.
--- a/src/heap/concurrent-marking.cc
+++ b/src/heap/concurrent-marking.cc
@@ -251,17 +251,11 @@ class ConcurrentMarkingVisitor final
  // ===========================================================================

  int VisitFixedArray(Map* map, FixedArray* object) {
-    // The synchronized_length() function checks that the length is a Smi.
-    // This is not necessarily the case if the array is being left-trimmed.
-    Object* length = object->unchecked_synchronized_length();
-    if (!ShouldVisit(object)) return 0;
-    // The cached length must be the actual length as the array is not black.
-    // Left trimming marks the array black before over-writing the length.
-    DCHECK(length->IsSmi());
-    int size = FixedArray::SizeFor(Smi::ToInt(length));
-    VisitMapPointer(object, object->map_slot());
-    FixedArray::BodyDescriptor::IterateBody(map, object, size, this);
-    return size;
+    return VisitLeftTrimmableArray(map, object);
+  }
+
+  int VisitFixedDoubleArray(Map* map, FixedDoubleArray* object) {
+    return VisitLeftTrimmableArray(map, object);
  }

  // ===========================================================================
@@ -417,6 +411,21 @@ class ConcurrentMarkingVisitor final
    return size;
  }

+  template <typename T>
+  int VisitLeftTrimmableArray(Map* map, T* object) {
+    // The synchronized_length() function checks that the length is a Smi.
+    // This is not necessarily the case if the array is being left-trimmed.
+    Object* length = object->unchecked_synchronized_length();
+    if (!ShouldVisit(object)) return 0;
+    // The cached length must be the actual length as the array is not black.
+    // Left trimming marks the array black before over-writing the length.
+    DCHECK(length->IsSmi());
+    int size = T::SizeFor(Smi::ToInt(length));
+    VisitMapPointer(object, object->map_slot());
+    T::BodyDescriptor::IterateBody(map, object, size, this);
+    return size;
+  }
+
  template <typename T>
  const SlotSnapshot& MakeSlotSnapshot(Map* map, T* object, int size) {
    SlotSnapshottingVisitor visitor(&slot_snapshot_);

--- a/src/heap/heap.cc
+++ b/src/heap/heap.cc
@@ -3027,8 +3027,9 @@ FixedArrayBase* Heap::LeftTrimFixedArray(FixedArrayBase* object,
                                         int elements_to_trim) {
  CHECK_NOT_NULL(object);
  DCHECK(CanMoveObjectStart(object));
-  DCHECK(!object->IsFixedTypedArrayBase());
-  DCHECK(!object->IsByteArray());
+  // Add custom visitor to concurrent marker if new left-trimmable type
+  // is added.
+  DCHECK(object->IsFixedArray() || object->IsFixedDoubleArray());
  const int element_size = object->IsFixedArray() ? kPointerSize : kDoubleSize;
  const int bytes_to_trim = elements_to_trim * element_size;
  Map* map = object->map();