[heap] Perform filler check based on map instead of instance type in LiveObjectIterator.

BUG=v8:6139 Review-Url: https://codereview.chromium.org/2771073003 Cr-Commit-Position: refs/heads/master@{#44107}

[heap] Perform filler check based on map instead of instance type in LiveObjectIterator.
BUG=v8:6139 Review-Url: https://codereview.chromium.org/2771073003 Cr-Commit-Position: refs/heads/master@{#44107}
9a3b029b · hpayer · Commit bot · d0c2b8c4 · 9a3b029b
Commit 9a3b029b authored Mar 24, 2017 by hpayer Committed by Commit bot Mar 24, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 1 deletion

mark-compact-inl.h src/heap/mark-compact-inl.h +8 -1

No files found.
--- a/src/heap/mark-compact-inl.h
+++ b/src/heap/mark-compact-inl.h
@@ -122,6 +122,9 @@ void CodeFlusher::ClearNextCandidate(SharedFunctionInfo* candidate) {

 template <LiveObjectIterationMode T>
 HeapObject* LiveObjectIterator<T>::Next() {
+  Map* one_word_filler = heap()->one_pointer_filler_map();
+  Map* two_word_filler = heap()->two_pointer_filler_map();
+  Map* free_space_map = heap()->free_space_map();
  while (!it_.Done()) {
    HeapObject* object = nullptr;
    while (current_cell_ != 0) {
@@ -193,7 +196,11 @@ HeapObject* LiveObjectIterator<T>::Next() {

      // We found a live object.
      if (object != nullptr) {
-        if (object->IsFiller()) {
+        // Do not use IsFiller() here. This may cause a data race for reading
+        // out the instance type when a new map concurrently is written into
+        // this object while iterating over the object.
+        if (map == one_word_filler || map == two_word_filler ||
+            map == free_space_map) {
          // There are two reasons why we can get black or grey fillers:
          // 1) Black areas together with slack tracking may result in black one
          // word filler objects.