Skip to content

Commit

Permalink
deps: V8: cherry-pick 81181a8ad80a
Browse files Browse the repository at this point in the history
Original commit message:

    [JSON] Fix GC issue in BuildJsonObject
    We must ensure that the sweeper is not running or has already swept
    mutable_double_buffer. Otherwise the GC can add it to the free list.

    Bug: v8:11837
    Change-Id: Ifd9cf15f1c94f664fd6489c70bb38b59730cdd78
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928181
    Commit-Queue: Victor Gomes <victorgomes@chromium.org>
    Reviewed-by: Toon Verwaest <verwaest@chromium.org>
    Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#74859}

Refs: v8/v8@81181a8

PR-URL: #39187
Fixes: #37553
Refs: v8/v8@81181a8
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
  • Loading branch information
thomasmichaelwallace authored and richardlau committed Jul 15, 2021
1 parent 3543ed2 commit 848cf46
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 1 deletion.
2 changes: 1 addition & 1 deletion common.gypi
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@

# Reset this number to 0 on major V8 upgrades.
# Increment by one for each non-official patch applied to deps/v8.
'v8_embedder_string': '-node.72',
'v8_embedder_string': '-node.73',

##### V8 defaults for Node.js #####

Expand Down
4 changes: 4 additions & 0 deletions deps/v8/src/heap/heap.cc
Original file line number Diff line number Diff line change
Expand Up @@ -3347,6 +3347,10 @@ void Heap::MakeHeapIterable() {
mark_compact_collector()->EnsureSweepingCompleted();
}

void Heap::EnsureSweepingCompleted() {
mark_compact_collector()->EnsureSweepingCompleted();
}

namespace {

double ComputeMutatorUtilizationImpl(double mutator_speed, double gc_speed) {
Expand Down
2 changes: 2 additions & 0 deletions deps/v8/src/heap/heap.h
Original file line number Diff line number Diff line change
Expand Up @@ -1001,6 +1001,8 @@ class Heap {
Reservation* reservations, const std::vector<HeapObject>& large_objects,
const std::vector<Address>& maps);

void EnsureSweepingCompleted();

IncrementalMarking* incremental_marking() {
return incremental_marking_.get();
}
Expand Down
5 changes: 5 additions & 0 deletions deps/v8/src/json/json-parser.cc
Original file line number Diff line number Diff line change
Expand Up @@ -633,6 +633,11 @@ Handle<Object> JsonParser<Char>::BuildJsonObject(
DCHECK_EQ(mutable_double_address, end);
}
#endif
// Before setting the length of mutable_double_buffer back to zero, we
// must ensure that the sweeper is not running or has already swept the
// object's page. Otherwise the GC can add the contents of
// mutable_double_buffer to the free list.
isolate()->heap()->EnsureSweepingCompleted();
mutable_double_buffer->set_length(0);
}
}
Expand Down

0 comments on commit 848cf46

Please sign in to comment.