Revert "[heap] Remove slots when shrinking objects"

This reverts commit aba185a7. Reason for revert: We want to keep this API. Original change's description: > [heap] Remove slots when shrinking objects > > Immediately remove recorded old-to-new slots when shrinking objects. > This operation needs to drain the store buffer, however the store buffer > is supposed to be removed anyway. > > Also do not remove slots when left-trimming since this isn't needed for > correctness. > > Bug: v8:9454 > Change-Id: I751baf2dcd03c87aee9cb1ebd168e05bf373a738 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762012 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63271} TBR=ulan@chromium.org,dinfuehr@chromium.org Bug: v8:9454 Change-Id: I9524a7448cc49948915fdccc5a6b1aa22e4de4a9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762524Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#63342}

Revert "[heap] Remove slots when shrinking objects"
This reverts commit aba185a7. Reason for revert: We want to keep this API. Original change's description: > [heap] Remove slots when shrinking objects > > Immediately remove recorded old-to-new slots when shrinking objects. > This operation needs to drain the store buffer, however the store buffer > is supposed to be removed anyway. > > Also do not remove slots when left-trimming since this isn't needed for > correctness. > > Bug: v8:9454 > Change-Id: I751baf2dcd03c87aee9cb1ebd168e05bf373a738 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762012 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63271} TBR=ulan@chromium.org,dinfuehr@chromium.org Bug: v8:9454 Change-Id: I9524a7448cc49948915fdccc5a6b1aa22e4de4a9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762524Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#63342}
6fa5de0b · Dominik Inführ · Commit Bot · 0bd19ddb · 6fa5de0b · 6fa5de0b
Commit 6fa5de0b authored Aug 22, 2019 by Dominik Inführ Committed by Commit Bot Aug 22, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 27 deletions

heap.cc src/heap/heap.cc +6 -19

heap.h src/heap/heap.h +0 -2

js-objects.cc src/objects/js-objects.cc +2 -6

No files found.
--- a/src/heap/heap.cc
+++ b/src/heap/heap.cc
@@ -2986,7 +2986,7 @@ FixedArrayBase Heap::LeftTrimFixedArray(FixedArrayBase object,
  // debug mode which iterates through the heap), but to play safer
  // we still do it.
  HeapObject filler =
-      CreateFillerObjectAt(old_start, bytes_to_trim, ClearRecordedSlots::kNo);
+      CreateFillerObjectAt(old_start, bytes_to_trim, ClearRecordedSlots::kYes);

  // Initialize header of the trimmed array. Since left trimming is only
  // performed on pages which are not concurrently swept creating a filler
@@ -2998,6 +2998,11 @@ FixedArrayBase Heap::LeftTrimFixedArray(FixedArrayBase object,
  FixedArrayBase new_object =
      FixedArrayBase::cast(HeapObject::FromAddress(new_start));

+  // Remove recorded slots for the new map and length offset.
+  ClearRecordedSlot(new_object, new_object.RawField(0));
+  ClearRecordedSlot(new_object,
+                    new_object.RawField(FixedArrayBase::kLengthOffset));
+
  // Handle invalidated old-to-old slots.
  if (incremental_marking()->IsCompacting() &&
      MayContainRecordedSlots(new_object)) {
@@ -3083,12 +3088,6 @@ void Heap::CreateFillerForArray(T object, int elements_to_trim,
  Address old_end = object.address() + old_size;
  Address new_end = old_end - bytes_to_trim;

-  // Remove recorded old-to-new slots in right-trimmed area.
-  if (MayContainRecordedSlots(object)) {
-    int new_size = old_size - bytes_to_trim;
-    RemoveRecordedSlotsAfterObjectShrinking(object, new_size, old_size);
-  }
-
  // Register the array as an object with invalidated old-to-old slots. We
  // cannot use NotifyObjectLayoutChange as it would mark the array black,
  // which is not safe for left-trimming because left-trimming re-pushes
@@ -4144,18 +4143,6 @@ void Heap::VerifyCountersBeforeConcurrentSweeping() {
 }
 #endif

-void Heap::RemoveRecordedSlotsAfterObjectShrinking(HeapObject object,
-                                                   int new_size, int old_size) {
-  DCHECK_LE(new_size, old_size);
-  if (new_size == old_size) return;
-  store_buffer()->MoveAllEntriesToRememberedSet();
-  MemoryChunk* chunk = MemoryChunk::FromHeapObject(object);
-  Address free_start = object.address() + new_size;
-  Address free_end = object.address() + old_size;
-  RememberedSet<OLD_TO_NEW>::RemoveRange(chunk, free_start, free_end,
-                                         SlotSet::KEEP_EMPTY_BUCKETS);
-}
-
 void Heap::ZapFromSpace() {
  if (!new_space_->IsFromSpaceCommitted()) return;
  for (Page* page : PageRange(new_space_->from_space().first_page(), nullptr)) {

--- a/src/heap/heap.h
+++ b/src/heap/heap.h
@@ -439,8 +439,6 @@ class Heap {
  V8_EXPORT_PRIVATE void RightTrimFixedArray(FixedArrayBase obj,
                                             int elements_to_trim);
  void RightTrimWeakFixedArray(WeakFixedArray obj, int elements_to_trim);
-  void RemoveRecordedSlotsAfterObjectShrinking(HeapObject object, int new_size,
-                                               int old_size);

  // Converts the given boolean condition to JavaScript boolean value.
  inline Oddball ToBoolean(bool condition);

--- a/src/objects/js-objects.cc
+++ b/src/objects/js-objects.cc
@@ -2816,9 +2816,7 @@ void MigrateFastToFast(Isolate* isolate, Handle<JSObject> object,
  if (instance_size_delta > 0) {
    Address address = object->address();
    heap->CreateFillerObjectAt(address + new_instance_size, instance_size_delta,
-                               ClearRecordedSlots::kNo);
-    heap->RemoveRecordedSlotsAfterObjectShrinking(*object, new_instance_size,
-                                                  old_instance_size);
+                               ClearRecordedSlots::kYes);
  }

  // We are storing the new map using release store after creating a filler for
@@ -2903,9 +2901,7 @@ void MigrateFastToSlow(Isolate* isolate, Handle<JSObject> object,

  if (instance_size_delta > 0) {
    heap->CreateFillerObjectAt(object->address() + new_instance_size,
-                               instance_size_delta, ClearRecordedSlots::kNo);
-    heap->RemoveRecordedSlotsAfterObjectShrinking(*object, new_instance_size,
-                                                  old_instance_size);
+                               instance_size_delta, ClearRecordedSlots::kYes);
  }

  // We are storing the new map using release store after creating a filler for