d86a7d7568
Resolves: RHBZ#1915296
93 lines
4.0 KiB
Diff
93 lines
4.0 KiB
Diff
From d4d05ceb418c525b0d07e76b81b8694ac2f5b309 Mon Sep 17 00:00:00 2001
|
|
From: Daniel Bevenius <daniel.bevenius@gmail.com>
|
|
Date: Wed, 16 Sep 2020 06:12:54 +0200
|
|
Subject: [PATCH] [deps] V8: cherry-pick 71736859756b2bd0444bdb0a87a
|
|
|
|
Original commit message:
|
|
|
|
[heap] Add large_object_threshold to AllocateRaw
|
|
|
|
This commit adds a check in Heap::AllocateRaw when setting the
|
|
large_object variable, when the AllocationType is of type kCode, to
|
|
take into account the size of the CodeSpace's area size.
|
|
|
|
The motivation for this change is that without this check it is
|
|
possible that size_in_bytes is less than 128, and hence not considered
|
|
a large object, but it might be larger than the available space
|
|
in code_space->AreaSize(), which will cause the object to be created
|
|
in the CodeLargeObjectSpace. This will later cause a segmentation fault
|
|
when calling the following chain of functions:
|
|
|
|
if (!large_object) {
|
|
MemoryChunk::FromHeapObject(heap_object)
|
|
->GetCodeObjectRegistry()
|
|
->RegisterNewlyAllocatedCodeObject(heap_object.address());
|
|
}
|
|
|
|
We (Red Hat) ran into this issue when running Node.js v12.16.1 in
|
|
combination with yarn on aarch64 (this was the only architecture that
|
|
this happed on).
|
|
|
|
Bug: v8:10808
|
|
Change-Id: I0c396b0eb64bc4cc91d9a3be521254f3130eac7b
|
|
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2390665
|
|
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
|
|
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
|
|
Cr-Commit-Position: refs/heads/master@{#69876}
|
|
|
|
Refs: https://github.com/v8/v8/commit/71736859756b2bd0444bdb0a87a61a0b090cbba2
|
|
---
|
|
deps/v8/src/heap/heap-inl.h | 13 +++--
|
|
deps/v8/src/heap/heap.h | 6 ++-
|
|
4 files changed, 83 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/deps/v8/src/heap/heap-inl.h b/deps/v8/src/heap/heap-inl.h
|
|
index 39f5ec6c66e..b56ebc03d58 100644
|
|
--- a/deps/v8/src/heap/heap-inl.h
|
|
+++ b/deps/v8/src/heap/heap-inl.h
|
|
@@ -192,7 +192,12 @@ AllocationResult Heap::AllocateRaw(int size_in_bytes, AllocationType type,
|
|
IncrementObjectCounters();
|
|
#endif
|
|
|
|
- bool large_object = size_in_bytes > kMaxRegularHeapObjectSize;
|
|
+ size_t large_object_threshold =
|
|
+ AllocationType::kCode == type
|
|
+ ? std::min(kMaxRegularHeapObjectSize, code_space()->AreaSize())
|
|
+ : kMaxRegularHeapObjectSize;
|
|
+ bool large_object =
|
|
+ static_cast<size_t>(size_in_bytes) > large_object_threshold;
|
|
|
|
HeapObject object;
|
|
AllocationResult allocation;
|
|
@@ -225,10 +230,10 @@ AllocationResult Heap::AllocateRaw(int size_in_bytes, AllocationType type,
|
|
allocation = old_space_->AllocateRaw(size_in_bytes, alignment, origin);
|
|
}
|
|
} else if (AllocationType::kCode == type) {
|
|
- if (size_in_bytes <= code_space()->AreaSize() && !large_object) {
|
|
- allocation = code_space_->AllocateRawUnaligned(size_in_bytes);
|
|
- } else {
|
|
+ if (large_object) {
|
|
allocation = code_lo_space_->AllocateRaw(size_in_bytes);
|
|
+ } else {
|
|
+ allocation = code_space_->AllocateRawUnaligned(size_in_bytes);
|
|
}
|
|
} else if (AllocationType::kMap == type) {
|
|
allocation = map_space_->AllocateRawUnaligned(size_in_bytes);
|
|
diff --git a/deps/v8/src/heap/heap.h b/deps/v8/src/heap/heap.h
|
|
index 888d174c02f..0165fa6970f 100644
|
|
--- a/deps/v8/src/heap/heap.h
|
|
+++ b/deps/v8/src/heap/heap.h
|
|
@@ -1404,8 +1404,10 @@ class Heap {
|
|
// Heap object allocation tracking. ==========================================
|
|
// ===========================================================================
|
|
|
|
- void AddHeapObjectAllocationTracker(HeapObjectAllocationTracker* tracker);
|
|
- void RemoveHeapObjectAllocationTracker(HeapObjectAllocationTracker* tracker);
|
|
+ V8_EXPORT_PRIVATE void AddHeapObjectAllocationTracker(
|
|
+ HeapObjectAllocationTracker* tracker);
|
|
+ V8_EXPORT_PRIVATE void RemoveHeapObjectAllocationTracker(
|
|
+ HeapObjectAllocationTracker* tracker);
|
|
bool has_heap_object_allocation_tracker() const {
|
|
return !allocation_trackers_.empty();
|
|
}
|