[heap] do not perform a step while a space is partially mutated

We were starting an allocation step during NewSpace::AddFreshPage. At this point, we had advanced the page, but not updated allocation_info_. This ultimately led to assertions as Space::Size was not expecting to be called when to_space_.page_{high,low} are inconsistent with allocation_info_.top(). The solution here is to avoid starting the step in the middle of the space state mutation. We account for memory allocated so far before the mutation is started, and then start a new step after the mutation has been completed. Bug: chromium:806179 Change-Id: I17ee896d80c4ec752baa2b17c3fd2bef7ea2ca33 Reviewed-on: https://chromium-review.googlesource.com/889981Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com> Cr-Commit-Position: refs/heads/master@{#50932}

[heap] do not perform a step while a space is partially mutated
We were starting an allocation step during NewSpace::AddFreshPage. At this point, we had advanced the page, but not updated allocation_info_. This ultimately led to assertions as Space::Size was not expecting to be called when to_space_.page_{high,low} are inconsistent with allocation_info_.top(). The solution here is to avoid starting the step in the middle of the space state mutation. We account for memory allocated so far before the mutation is started, and then start a new step after the mutation has been completed. Bug: chromium:806179 Change-Id: I17ee896d80c4ec752baa2b17c3fd2bef7ea2ca33 Reviewed-on: https://chromium-review.googlesource.com/889981Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com> Cr-Commit-Position: refs/heads/master@{#50932}
70c02375 · Ali Ijaz Sheikh · Commit Bot · 74915b73 · 70c02375
Commit 70c02375 authored Jan 26, 2018 by Ali Ijaz Sheikh Committed by Commit Bot Jan 29, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 4 deletions

spaces.cc src/heap/spaces.cc +10 -4

No files found.
--- a/src/heap/spaces.cc
+++ b/src/heap/spaces.cc
@@ -2092,19 +2092,21 @@ LocalAllocationBuffer& LocalAllocationBuffer::operator=(
 }

 void NewSpace::UpdateLinearAllocationArea() {
-  Address old_top = top();
-  Address new_top = to_space_.page_low();
-  InlineAllocationStep(old_top, new_top, nullptr, 0);
+  // Make sure there is no unaccounted allocations.
+  DCHECK(!AllocationObserversActive() || top_on_previous_step_ == top());

+  Address new_top = to_space_.page_low();
  MemoryChunk::UpdateHighWaterMark(allocation_info_.top());
  allocation_info_.Reset(new_top, to_space_.page_high());
  original_top_.SetValue(top());
  original_limit_.SetValue(limit());
-  UpdateInlineAllocationLimit(0);
+  StartNextInlineAllocationStep();
  DCHECK_SEMISPACE_ALLOCATION_INFO(allocation_info_, to_space_);
 }

 void NewSpace::ResetLinearAllocationArea() {
+  // Do a step to account for memory allocated so far before resetting.
+  InlineAllocationStep(top(), top(), nullptr, 0);
  to_space_.Reset();
  UpdateLinearAllocationArea();
  // Clear all mark-bits in the to-space.
@@ -2132,6 +2134,10 @@ void PagedSpace::UpdateInlineAllocationLimit(size_t min_size) {
 bool NewSpace::AddFreshPage() {
  Address top = allocation_info_.top();
  DCHECK(!Page::IsAtObjectStart(top));
+
+  // Do a step to account for memory allocated on previous page.
+  InlineAllocationStep(top, top, nullptr, 0);
+
  if (!to_space_.AdvancePage()) {
    // No more pages left to advance.
    return false;