diff options
author | thomasmichaelwallace <tom.wallace@devicepilot.com> | 2021-06-28 23:53:38 +0300 |
---|---|---|
committer | Richard Lau <rlau@redhat.com> | 2021-07-20 14:11:14 +0300 |
commit | 4213e97d268dd8bfee6fb799313563f8389cf59d (patch) | |
tree | 32722c560e04ba99a744a34823e4a7110f562c16 /deps | |
parent | ccecea5f72211e84612e4417abbb357d488407e5 (diff) |
deps: V8: cherry-pick 81181a8ad80a
Original commit message:
[JSON] Fix GC issue in BuildJsonObject
We must ensure that the sweeper is not running or has already swept
mutable_double_buffer. Otherwise the GC can add it to the free list.
Bug: v8:11837
Change-Id: Ifd9cf15f1c94f664fd6489c70bb38b59730cdd78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928181
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74859}
Refs: v8/v8@81181a8
PR-URL: https://github.com/nodejs/node/pull/39187
Fixes: https://github.com/nodejs/node/issues/37553
Refs: https://github.com/v8/v8/commit/81181a8
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Diffstat (limited to 'deps')
-rw-r--r-- | deps/v8/src/heap/heap.cc | 4 | ||||
-rw-r--r-- | deps/v8/src/heap/heap.h | 2 | ||||
-rw-r--r-- | deps/v8/src/json/json-parser.cc | 5 |
3 files changed, 11 insertions, 0 deletions
diff --git a/deps/v8/src/heap/heap.cc b/deps/v8/src/heap/heap.cc index 5d5eaae0683..62033444ed0 100644 --- a/deps/v8/src/heap/heap.cc +++ b/deps/v8/src/heap/heap.cc @@ -3347,6 +3347,10 @@ void Heap::MakeHeapIterable() { mark_compact_collector()->EnsureSweepingCompleted(); } +void Heap::EnsureSweepingCompleted() { + mark_compact_collector()->EnsureSweepingCompleted(); +} + namespace { double ComputeMutatorUtilizationImpl(double mutator_speed, double gc_speed) { diff --git a/deps/v8/src/heap/heap.h b/deps/v8/src/heap/heap.h index b2105a96bad..4ca8c3b201f 100644 --- a/deps/v8/src/heap/heap.h +++ b/deps/v8/src/heap/heap.h @@ -1001,6 +1001,8 @@ class Heap { Reservation* reservations, const std::vector<HeapObject>& large_objects, const std::vector<Address>& maps); + void EnsureSweepingCompleted(); + IncrementalMarking* incremental_marking() { return incremental_marking_.get(); } diff --git a/deps/v8/src/json/json-parser.cc b/deps/v8/src/json/json-parser.cc index da2f60d3209..2ac4e727e0b 100644 --- a/deps/v8/src/json/json-parser.cc +++ b/deps/v8/src/json/json-parser.cc @@ -633,6 +633,11 @@ Handle<Object> JsonParser<Char>::BuildJsonObject( DCHECK_EQ(mutable_double_address, end); } #endif + // Before setting the length of mutable_double_buffer back to zero, we + // must ensure that the sweeper is not running or has already swept the + // object's page. Otherwise the GC can add the contents of + // mutable_double_buffer to the free list. + isolate()->heap()->EnsureSweepingCompleted(); mutable_double_buffer->set_length(0); } } |