[heap] Use restrictive updating visitor for global handles

There's no need to use the regular Scavenge visitor that would possibly populate the worklists again as we already know that we merely want to update the references at this point. Bug: chromium:1336158 Change-Id: I137d0bc990473cd6bc23f3a8849d83314807f6a2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3723500Reviewed-by: Omer Katz <omerkatz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#81353}

[heap] Use restrictive updating visitor for global handles
There's no need to use the regular Scavenge visitor that would possibly populate the worklists again as we already know that we merely want to update the references at this point. Bug: chromium:1336158 Change-Id: I137d0bc990473cd6bc23f3a8849d83314807f6a2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3723500Reviewed-by: Omer Katz <omerkatz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#81353}
7681b6a9 · Michael Lippautz · V8 LUCI CQ · 00b30232 · 7681b6a9
Commit 7681b6a9 authored Jun 24, 2022 by Michael Lippautz Committed by V8 LUCI CQ Jun 24, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 42 additions and 3 deletions

scavenger.cc src/heap/scavenger.cc +42 -3

No files found.
--- a/src/heap/scavenger.cc
+++ b/src/heap/scavenger.cc
@@ -25,6 +25,7 @@
 #include "src/objects/embedder-data-array-inl.h"
 #include "src/objects/js-array-buffer-inl.h"
 #include "src/objects/objects-body-descriptors-inl.h"
+#include "src/objects/slots.h"
 #include "src/objects/transitions-inl.h"
 #include "src/utils/utils-inl.h"

@@ -248,6 +249,45 @@ void ScavengerCollector::JobTask::ConcurrentScavengePages(
 ScavengerCollector::ScavengerCollector(Heap* heap)
    : isolate_(heap->isolate()), heap_(heap) {}

+namespace {
+
+// Helper class for updating weak global handles. There's no additional scavenge
+// processing required here as this phase runs after actual scavenge.
+class GlobalHandlesWeakRootsUpdatingVisitor final : public RootVisitor {
+ public:
+  void VisitRootPointer(Root root, const char* description,
+                        FullObjectSlot p) final {
+    UpdatePointer(p);
+  }
+  void VisitRootPointers(Root root, const char* description,
+                         FullObjectSlot start, FullObjectSlot end) final {
+    for (FullObjectSlot p = start; p < end; ++p) {
+      UpdatePointer(p);
+    }
+  }
+
+ private:
+  void UpdatePointer(FullObjectSlot p) {
+    HeapObject object = HeapObject::cast(*p);
+    DCHECK(!HasWeakHeapObjectTag(object));
+    // The object may be in the old generation as global handles over
+    // approximates the list of young nodes.
+    if (!Heap::InYoungGeneration(object)) return;
+
+    // TODO(chromium:1336158): Turn the following CHECKs into DCHECKs after
+    // flushing out potential issues.
+    CHECK(Heap::InFromPage(object));
+    MapWord first_word = object.map_word(kRelaxedLoad);
+    CHECK(first_word.IsForwardingAddress());
+    HeapObject dest = first_word.ToForwardingAddress();
+    HeapObjectReference::Update(FullHeapObjectSlot(p), dest);
+    CHECK_IMPLIES(Heap::InYoungGeneration(dest),
+                  Heap::InToPage(dest) || Heap::IsLargeObject(dest));
+  }
+};
+
+}  // namespace
+
 // Remove this crashkey after chromium:1010312 is fixed.
 class V8_NODISCARD ScopedFullHeapCrashKey {
 public:
@@ -351,10 +391,9 @@ void ScavengerCollector::CollectGarbage() {
      // Scavenge weak global handles.
      TRACE_GC(heap_->tracer(),
               GCTracer::Scope::SCAVENGER_SCAVENGE_WEAK_GLOBAL_HANDLES_PROCESS);
+      GlobalHandlesWeakRootsUpdatingVisitor visitor;
      isolate_->global_handles()->ProcessWeakYoungObjects(
-          &root_scavenge_visitor, &IsUnscavengedHeapObjectSlot);
-      DCHECK(copied_list.IsEmpty());
-      DCHECK(promotion_list.IsEmpty());
+          &visitor, &IsUnscavengedHeapObjectSlot);
    }

    {