|
 |
3d572d |
From d4d05ceb418c525b0d07e76b81b8694ac2f5b309 Mon Sep 17 00:00:00 2001
|
|
|
3d572d |
From: Daniel Bevenius <daniel.bevenius@gmail.com>
|
|
|
3d572d |
Date: Wed, 16 Sep 2020 06:12:54 +0200
|
|
|
3d572d |
Subject: [PATCH] [deps] V8: cherry-pick 71736859756b2bd0444bdb0a87a
|
|
|
3d572d |
|
|
|
3d572d |
Original commit message:
|
|
|
3d572d |
|
|
|
3d572d |
[heap] Add large_object_threshold to AllocateRaw
|
|
|
3d572d |
|
|
|
3d572d |
This commit adds a check in Heap::AllocateRaw when setting the
|
|
|
3d572d |
large_object variable, when the AllocationType is of type kCode, to
|
|
|
3d572d |
take into account the size of the CodeSpace's area size.
|
|
|
3d572d |
|
|
|
3d572d |
The motivation for this change is that without this check it is
|
|
|
3d572d |
possible that size_in_bytes is less than 128, and hence not considered
|
|
|
3d572d |
a large object, but it might be larger than the available space
|
|
|
3d572d |
in code_space->AreaSize(), which will cause the object to be created
|
|
|
3d572d |
in the CodeLargeObjectSpace. This will later cause a segmentation fault
|
|
|
3d572d |
when calling the following chain of functions:
|
|
|
3d572d |
|
|
|
3d572d |
if (!large_object) {
|
|
|
3d572d |
MemoryChunk::FromHeapObject(heap_object)
|
|
|
3d572d |
->GetCodeObjectRegistry()
|
|
|
3d572d |
->RegisterNewlyAllocatedCodeObject(heap_object.address());
|
|
|
3d572d |
}
|
|
|
3d572d |
|
|
|
3d572d |
We (Red Hat) ran into this issue when running Node.js v12.16.1 in
|
|
|
3d572d |
combination with yarn on aarch64 (this was the only architecture that
|
|
|
3d572d |
this happed on).
|
|
|
3d572d |
|
|
|
3d572d |
Bug: v8:10808
|
|
|
3d572d |
Change-Id: I0c396b0eb64bc4cc91d9a3be521254f3130eac7b
|
|
|
3d572d |
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2390665
|
|
|
3d572d |
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
|
|
|
3d572d |
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
|
|
|
3d572d |
Cr-Commit-Position: refs/heads/master@{#69876}
|
|
|
3d572d |
|
|
|
3d572d |
Refs: https://github.com/v8/v8/commit/71736859756b2bd0444bdb0a87a61a0b090cbba2
|
|
|
3d572d |
---
|
|
|
3d572d |
deps/v8/src/heap/heap-inl.h | 13 +++--
|
|
|
3d572d |
deps/v8/src/heap/heap.h | 6 ++-
|
|
|
3d572d |
4 files changed, 83 insertions(+), 6 deletions(-)
|
|
|
3d572d |
|
|
|
3d572d |
diff --git a/deps/v8/src/heap/heap-inl.h b/deps/v8/src/heap/heap-inl.h
|
|
|
3d572d |
index 39f5ec6c66e..b56ebc03d58 100644
|
|
|
3d572d |
--- a/deps/v8/src/heap/heap-inl.h
|
|
|
3d572d |
+++ b/deps/v8/src/heap/heap-inl.h
|
|
|
3d572d |
@@ -192,7 +192,12 @@ AllocationResult Heap::AllocateRaw(int size_in_bytes, AllocationType type,
|
|
|
3d572d |
IncrementObjectCounters();
|
|
|
3d572d |
#endif
|
|
|
3d572d |
|
|
|
3d572d |
- bool large_object = size_in_bytes > kMaxRegularHeapObjectSize;
|
|
|
3d572d |
+ size_t large_object_threshold =
|
|
|
3d572d |
+ AllocationType::kCode == type
|
|
|
3d572d |
+ ? std::min(kMaxRegularHeapObjectSize, code_space()->AreaSize())
|
|
|
3d572d |
+ : kMaxRegularHeapObjectSize;
|
|
|
3d572d |
+ bool large_object =
|
|
|
3d572d |
+ static_cast<size_t>(size_in_bytes) > large_object_threshold;
|
|
|
3d572d |
|
|
|
3d572d |
HeapObject object;
|
|
|
3d572d |
AllocationResult allocation;
|
|
|
3d572d |
@@ -225,10 +230,10 @@ AllocationResult Heap::AllocateRaw(int size_in_bytes, AllocationType type,
|
|
|
3d572d |
allocation = old_space_->AllocateRaw(size_in_bytes, alignment, origin);
|
|
|
3d572d |
}
|
|
|
3d572d |
} else if (AllocationType::kCode == type) {
|
|
|
3d572d |
- if (size_in_bytes <= code_space()->AreaSize() && !large_object) {
|
|
|
3d572d |
- allocation = code_space_->AllocateRawUnaligned(size_in_bytes);
|
|
|
3d572d |
- } else {
|
|
|
3d572d |
+ if (large_object) {
|
|
|
3d572d |
allocation = code_lo_space_->AllocateRaw(size_in_bytes);
|
|
|
3d572d |
+ } else {
|
|
|
3d572d |
+ allocation = code_space_->AllocateRawUnaligned(size_in_bytes);
|
|
|
3d572d |
}
|
|
|
3d572d |
} else if (AllocationType::kMap == type) {
|
|
|
3d572d |
allocation = map_space_->AllocateRawUnaligned(size_in_bytes);
|
|
|
3d572d |
diff --git a/deps/v8/src/heap/heap.h b/deps/v8/src/heap/heap.h
|
|
|
3d572d |
index 888d174c02f..0165fa6970f 100644
|
|
|
3d572d |
--- a/deps/v8/src/heap/heap.h
|
|
|
3d572d |
+++ b/deps/v8/src/heap/heap.h
|
|
|
3d572d |
@@ -1404,8 +1404,10 @@ class Heap {
|
|
|
3d572d |
// Heap object allocation tracking. ==========================================
|
|
|
3d572d |
// ===========================================================================
|
|
|
3d572d |
|
|
|
3d572d |
- void AddHeapObjectAllocationTracker(HeapObjectAllocationTracker* tracker);
|
|
|
3d572d |
- void RemoveHeapObjectAllocationTracker(HeapObjectAllocationTracker* tracker);
|
|
|
3d572d |
+ V8_EXPORT_PRIVATE void AddHeapObjectAllocationTracker(
|
|
|
3d572d |
+ HeapObjectAllocationTracker* tracker);
|
|
|
3d572d |
+ V8_EXPORT_PRIVATE void RemoveHeapObjectAllocationTracker(
|
|
|
3d572d |
+ HeapObjectAllocationTracker* tracker);
|
|
|
3d572d |
bool has_heap_object_allocation_tracker() const {
|
|
|
3d572d |
return !allocation_trackers_.empty();
|
|
|
3d572d |
}
|