Promptly Free Backing for Stack Allocated Heap Collections, so we can reduce load GC.
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f04093f0a668cc7e31b8f891d882fc2adb445db7 commit f04093f0a668cc7e31b8f891d882fc2adb445db7 Author: Haruka Matsumura <harukamt@google.com> Date: Tue Jul 17 07:29:15 2018 Oilpan: Add Destructor to Promptly Free Stack Allocated HeapHashCollections This CL adds the destructor in order to promptly freed stack-allocated HeapHashCollections, and also added tests to check it work exactly. heap_allocator: We needs to check whether the backing collection is sweep-forbidden when the destructor is called. So, we added this check flag. Bug: 854480 Change-Id: If9fc8324b839714ae978665b6f7540d7f5ea15e4 Reviewed-on: https://chromium-review.googlesource.com/1123969 Commit-Queue: Haruka Matsumura <harukamt@google.com> Reviewed-by: Hayato Ito <hayato@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Cr-Commit-Position: refs/heads/master@{#575570} [modify] https://crrev.com/f04093f0a668cc7e31b8f891d882fc2adb445db7/third_party/blink/renderer/core/dom/node_rare_data.cc [modify] https://crrev.com/f04093f0a668cc7e31b8f891d882fc2adb445db7/third_party/blink/renderer/core/dom/node_rare_data.h [modify] https://crrev.com/f04093f0a668cc7e31b8f891d882fc2adb445db7/third_party/blink/renderer/platform/heap/heap_allocator.h [modify] https://crrev.com/f04093f0a668cc7e31b8f891d882fc2adb445db7/third_party/blink/renderer/platform/heap/heap_test.cc [modify] https://crrev.com/f04093f0a668cc7e31b8f891d882fc2adb445db7/third_party/blink/renderer/platform/heap/incremental_marking_test.cc [modify] https://crrev.com/f04093f0a668cc7e31b8f891d882fc2adb445db7/third_party/blink/renderer/platform/wtf/allocator/partition_allocator.h [modify] https://crrev.com/f04093f0a668cc7e31b8f891d882fc2adb445db7/third_party/blink/renderer/platform/wtf/hash_table.h [modify] https://crrev.com/f04093f0a668cc7e31b8f891d882fc2adb445db7/third_party/blink/renderer/platform/wtf/list_hash_set.h
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6e7487848976f30a8bd3a216e89dafaea48bd979 commit 6e7487848976f30a8bd3a216e89dafaea48bd979 Author: Haruka Matsumura <harukamt@google.com> Date: Wed Jul 18 08:08:01 2018 Oilpan: Add Destructor to Promptly Free Stack Allocated HeapVector and HeapDeque This CL adds the destructor in order to promptly freed stack-allocated HeapVector and HeapDeque, and also added tests to check it work exactly. Moreover, some tests in rtc_peer_connection_test.cc running precise GC while a HeapVector was on stack, causing the backing to be collected and be used-after-free in the Vector destructor. So, I modified the scope of stack object before GC. Bug: 854480 Change-Id: I003e318d2de0f8a106b664c85d1a1ee455fd8140 Reviewed-on: https://chromium-review.googlesource.com/1121951 Commit-Queue: Haruka Matsumura <harukamt@google.com> Reviewed-by: Henrik Boström <hbos@chromium.org> Reviewed-by: Guido Urdaneta <guidou@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Cr-Commit-Position: refs/heads/master@{#575974} [modify] https://crrev.com/6e7487848976f30a8bd3a216e89dafaea48bd979/third_party/blink/renderer/modules/mediasession/media_metadata.cc [modify] https://crrev.com/6e7487848976f30a8bd3a216e89dafaea48bd979/third_party/blink/renderer/modules/mediasession/media_metadata.h [modify] https://crrev.com/6e7487848976f30a8bd3a216e89dafaea48bd979/third_party/blink/renderer/modules/peerconnection/rtc_peer_connection_test.cc [modify] https://crrev.com/6e7487848976f30a8bd3a216e89dafaea48bd979/third_party/blink/renderer/modules/shapedetection/detected_face.cc [modify] https://crrev.com/6e7487848976f30a8bd3a216e89dafaea48bd979/third_party/blink/renderer/modules/shapedetection/detected_face.h [modify] https://crrev.com/6e7487848976f30a8bd3a216e89dafaea48bd979/third_party/blink/renderer/platform/heap/heap_allocator.h [modify] https://crrev.com/6e7487848976f30a8bd3a216e89dafaea48bd979/third_party/blink/renderer/platform/heap/heap_test.cc [modify] https://crrev.com/6e7487848976f30a8bd3a216e89dafaea48bd979/third_party/blink/renderer/platform/wtf/deque.h [modify] https://crrev.com/6e7487848976f30a8bd3a216e89dafaea48bd979/third_party/blink/renderer/platform/wtf/vector.h
iOS does not use Blink
Comment 1 by bokan@chromium.org
, Jun 20 2018