cppgc: Fix shrink to free list

Add the object start bit when adding an entry to the free list. Introduce a GC at the end of the tests to make sure that the object start bitmap verification catches such issues. Bug: chromium:1056170 Change-Id: Id8ca257ce054fc3fb199955cf1c4f38004033747 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2752870Reviewed-by: Omer Katz <omerkatz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#73353}

cppgc: Fix shrink to free list
Add the object start bit when adding an entry to the free list. Introduce a GC at the end of the tests to make sure that the object start bitmap verification catches such issues. Bug: chromium:1056170 Change-Id: Id8ca257ce054fc3fb199955cf1c4f38004033747 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2752870Reviewed-by: Omer Katz <omerkatz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#73353}
b8e7d60d · Michael Lippautz · Commit Bot · ad0e581c · b8e7d60d · b8e7d60d
Commit b8e7d60d authored Mar 11, 2021 by Michael Lippautz Committed by Commit Bot Mar 11, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 3 deletions

explicit-management.cc src/heap/cppgc/explicit-management.cc +3 -2

explicit-management-unittest.cc test/unittests/heap/cppgc/explicit-management-unittest.cc +7 -1

No files found.
--- a/src/heap/cppgc/explicit-management.cc
+++ b/src/heap/cppgc/explicit-management.cc
@@ -59,6 +59,8 @@ void FreeUnreferencedObject(void* object) {
    } else {  // Returning to free list.
      base_page->heap()->stats_collector()->NotifyExplicitFree(header_size);
      normal_space.free_list().Add({&header, header_size});
+      // No need to update the bitmap as the same bit is reused for the free
+      // list entry.
    }
  }
 }
@@ -99,7 +101,6 @@ bool Shrink(HeapObjectHeader& header, BasePage& base_page, size_t new_size,
    // adjustments are needed.
    lab.Set(free_start, lab.size() + size_delta);
    SET_MEMORY_INACCESSIBLE(lab.start(), size_delta);
-
    header.SetSize(new_size);
    return true;
  }
@@ -109,7 +110,7 @@ bool Shrink(HeapObjectHeader& header, BasePage& base_page, size_t new_size,
    SET_MEMORY_INACCESSIBLE(free_start, size_delta);
    base_page.heap()->stats_collector()->NotifyExplicitFree(size_delta);
    normal_space.free_list().Add({free_start, size_delta});
-
+    NormalPage::From(&base_page)->object_start_bitmap().SetBit(free_start);
    header.SetSize(new_size);
  }
  // Return success in any case, as we want to avoid that embedders start

--- a/test/unittests/heap/cppgc/explicit-management-unittest.cc
+++ b/test/unittests/heap/cppgc/explicit-management-unittest.cc
@@ -6,6 +6,7 @@

 #include "include/cppgc/garbage-collected.h"
 #include "src/heap/cppgc/globals.h"
+#include "src/heap/cppgc/heap-base.h"
 #include "src/heap/cppgc/heap-object-header.h"
 #include "src/heap/cppgc/heap-space.h"
 #include "src/heap/cppgc/page-memory.h"
@@ -16,7 +17,7 @@
 namespace cppgc {
 namespace internal {

-class ExplicitManagementTest : public testing::TestSupportingAllocationOnly {
+class ExplicitManagementTest : public testing::TestWithHeap {
 public:
  size_t AllocatedObjectSize() const {
    auto* heap = Heap::From(GetHeap());
@@ -29,6 +30,11 @@ class ExplicitManagementTest : public testing::TestSupportingAllocationOnly {
        ->object_allocator()
        .ResetLinearAllocationBuffers();
  }
+
+  void TearDown() override {
+    PreciseGC();
+    TestWithHeap::TearDown();
+  }
 };

 namespace {