-
Dominik Inführ authored
The problem here was that IncrementalMarking::Step was invoking new_space()->ResetOriginalTop() which sets original_top to the current top. IncrementalMarking::Step could be invoked during InvokeAllocationObservers(), which is called right after acquiring a new LAB and allocating the first object in it. However this first allocation might be from generated code with allocation folding enabled. The generated code might not use all of the memory it allocated and in that process move top backwards again. Nevertheless InvokeAllocationObservers() could already set original_top to the current top. If the generated code later not uses all of that memory, original_top can be bigger than top. Fix this problem by ensuring that original_top always equals the LAB start. Each time LAB start is moved/accounted for, original_top is now updated as well for the new space. Also IncrementalMarking::Step() isn't allowed to move original_top anymore. Bug: chromium:1116278, v8:10315 Change-Id: Ib18a0b07e2665b8ba933555387b84329cbecdf5b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2398519Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#69840}
ca448997
