Heap::CopyCode misses old to new typed slots |
||
Issue descriptionHeap::CopyCode misses out on adding old to new typed slots. Currently this is broken on tip of tree, potentially resulting in random memory corruptions. The issue is that we copy the reloc info which essentially misses out on all write barriers of the set operations on the specific fields. We need a generational barrier that also covers recording typed slots. Ideally we would have a fused visitor that performs the marking barrier (IncrementalMarking::IterateBlackObject) and also updates old to new sots in reloc info. A quick search for IterateBlackObject suggests that this could also happen with: - Heap::RegisterReservationsForBlackAllocation (serialized code objects that contain new space references)
,
Aug 2 2016
I hope that the CL (https://codereview.chromium.org/2203783002) will eventually fix this issue.
,
Aug 4 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/c088aea9222c312a78e9eae26fab7ffd57704c2e commit c088aea9222c312a78e9eae26fab7ffd57704c2e Author: ahaas <ahaas@chromium.org> Date: Thu Aug 04 08:12:40 2016 [heap] Record references in the new code objects in heap::CopyCode. R=mlippautz@chromium.org BUG= chromium:633539 TEST=cctest/test-heap/TestNewSpaceRefsInCopiedCode Review-Url: https://codereview.chromium.org/2203783002 Cr-Commit-Position: refs/heads/master@{#38326} [modify] https://crrev.com/c088aea9222c312a78e9eae26fab7ffd57704c2e/src/heap/heap.cc [modify] https://crrev.com/c088aea9222c312a78e9eae26fab7ffd57704c2e/src/heap/heap.h [modify] https://crrev.com/c088aea9222c312a78e9eae26fab7ffd57704c2e/src/heap/scavenger-inl.h [modify] https://crrev.com/c088aea9222c312a78e9eae26fab7ffd57704c2e/test/cctest/heap/heap-tester.h [modify] https://crrev.com/c088aea9222c312a78e9eae26fab7ffd57704c2e/test/cctest/heap/test-heap.cc
,
Aug 12 2016
|
||
►
Sign in to add a comment |
||
Comment 1 by mtrofin@chromium.org
, Aug 2 2016