[heap] Fix OLD_TO_SHARED recording in Scavenger

Objects in the from page could be promoted into the shared heap as well. While this shouldn't happen for references into evacuation candidates, I think it's easier to understand when there is a single conditional branch at the end. Bug: v8:13227, v8:11708 Change-Id: I999f10228ed5fdd70675a6d9c1e178eb152f39f0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3854502Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#82694}

[heap] Fix OLD_TO_SHARED recording in Scavenger
Objects in the from page could be promoted into the shared heap as well. While this shouldn't happen for references into evacuation candidates, I think it's easier to understand when there is a single conditional branch at the end. Bug: v8:13227, v8:11708 Change-Id: I999f10228ed5fdd70675a6d9c1e178eb152f39f0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3854502Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#82694}
5b78f174 · Dominik Inführ · V8 LUCI CQ · d75462ec · 5b78f174
Commit 5b78f174 authored Aug 24, 2022 by Dominik Inführ Committed by V8 LUCI CQ Aug 24, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 1 deletion

scavenger.cc src/heap/scavenger.cc +6 -1

No files found.
--- a/src/heap/scavenger.cc
+++ b/src/heap/scavenger.cc
@@ -142,13 +142,18 @@ class IterateAndScavengePromotedObjectsVisitor final : public ObjectVisitor {
      DCHECK_IMPLIES(V8_EXTERNAL_CODE_SPACE_BOOL,
                     !MemoryChunk::FromHeapObject(target)->IsFlagSet(
                         MemoryChunk::IS_EXECUTABLE));
+      // Shared heap pages do not have evacuation candidates outside an atomic
+      // shared GC pause.
+      DCHECK(!target.InSharedWritableHeap());

      // We cannot call MarkCompactCollector::RecordSlot because that checks
      // that the host page is not in young generation, which does not hold
      // for pending large pages.
      RememberedSet<OLD_TO_OLD>::Insert<AccessMode::ATOMIC>(
          MemoryChunk::FromHeapObject(host), slot.address());
-    } else if (target.InSharedWritableHeap()) {
+    }
+
+    if (target.InSharedWritableHeap()) {
      DCHECK(!scavenger_->heap()->IsShared());
      MemoryChunk* chunk = MemoryChunk::FromHeapObject(host);
      RememberedSet<OLD_TO_SHARED>::Insert<AccessMode::ATOMIC>(chunk,