heap: Apply some fixes to the generational barrier
1) Fix IsInLastAllocatedRegion() semi-interval check;
2) Simplify GenerationalBarrier() a bit.
Bug: 1029379
Change-Id: If2c23ffc2c9addb7a996b6094e8666b226173466
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2066729
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Cr-Commit-Position: refs/heads/master@{#743678}
diff --git a/third_party/blink/renderer/platform/heap/heap.h b/third_party/blink/renderer/platform/heap/heap.h
index efbd15514..66c8272 100644
--- a/third_party/blink/renderer/platform/heap/heap.h
+++ b/third_party/blink/renderer/platform/heap/heap.h
@@ -641,8 +641,8 @@
inline bool ThreadHeap::IsInLastAllocatedRegion(Address address) const {
return last_allocated_region_.start <= address &&
- address <=
- last_allocated_region_.start + last_allocated_region_.length;
+ address <
+ (last_allocated_region_.start + last_allocated_region_.length);
}
inline void ThreadHeap::SetLastAllocatedRegion(Address start, size_t length) {
diff --git a/third_party/blink/renderer/platform/heap/marking_visitor.cc b/third_party/blink/renderer/platform/heap/marking_visitor.cc
index da8b4eb..a96bffbb 100644
--- a/third_party/blink/renderer/platform/heap/marking_visitor.cc
+++ b/third_party/blink/renderer/platform/heap/marking_visitor.cc
@@ -184,9 +184,9 @@
if (UNLIKELY(slot_page->IsLargeObjectPage())) {
auto* large_page = static_cast<LargeObjectPage*>(slot_page);
- if (LIKELY(!large_page->ObjectHeader()->IsMarked()))
- return;
- large_page->SetRemembered(true);
+ if (UNLIKELY(large_page->ObjectHeader()->IsMarked())) {
+ large_page->SetRemembered(true);
+ }
return;
}
@@ -194,6 +194,7 @@
const HeapObjectHeader* source_header = reinterpret_cast<HeapObjectHeader*>(
normal_page->object_start_bit_map()->FindHeader(slot));
DCHECK_LT(0u, source_header->GcInfoIndex());
+ DCHECK_GT(source_header->PayloadEnd(), slot);
if (UNLIKELY(source_header->IsMarked())) {
normal_page->MarkCard(slot);
}
diff --git a/third_party/blink/renderer/platform/heap/marking_visitor.h b/third_party/blink/renderer/platform/heap/marking_visitor.h
index 7c99815..0cf6dd4 100644
--- a/third_party/blink/renderer/platform/heap/marking_visitor.h
+++ b/third_party/blink/renderer/platform/heap/marking_visitor.h
@@ -177,7 +177,7 @@
template <typename T>
static bool WriteBarrier(T** slot);
- static bool GenerationalBarrier(Address slot, ThreadState* state);
+ static void GenerationalBarrier(Address slot, ThreadState* state);
// Eagerly traces an already marked backing store ensuring that all its
// children are discovered by the marker. The barrier bails out if marking
@@ -227,6 +227,7 @@
// Dijkstra barrier if concurrent marking is in progress.
BasePage* value_page = PageFromObject(value);
ThreadState* thread_state = value_page->thread_state();
+
if (UNLIKELY(thread_state->IsIncrementalMarking()))
return MarkValue(value, value_page, thread_state);
@@ -243,14 +244,14 @@
}
// static
-ALWAYS_INLINE bool MarkingVisitor::GenerationalBarrier(Address slot,
+ALWAYS_INLINE void MarkingVisitor::GenerationalBarrier(Address slot,
ThreadState* state) {
+ // First, check if the source object is in the last allocated region of heap.
if (LIKELY(state->Heap().IsInLastAllocatedRegion(slot)))
- return false;
+ return;
if (UNLIKELY(state->IsOnStack(slot)))
- return false;
+ return;
GenerationalBarrierSlow(slot, state);
- return false;
}
// static
