diff options
| author | 2017-02-27 16:37:21 -0800 | |
|---|---|---|
| committer | 2017-02-28 10:08:04 -0800 | |
| commit | 1ceeecfba255bb09f131a5b5b55cbe6da424e9c8 (patch) | |
| tree | 1b70494eaf1c1dba56af1cd7d9bc6dea440d3bbe | |
| parent | 977c5104711c8730a22b17424e64de43d9c7ebdd (diff) | |
Avoid visiting dead large objects in RegionSpace::Walk
The motivation is to prevent large objects from being visited by
RegionSpace::Walk if it is called before the next GC's SetFromSpace
marks the large object as from-space. This fixes possible dangling
pointer issues.
A follow up CL will clear the empty unevac regions.
Bug: 35800768
Bug: 12687968
Test: test-art-host
Change-Id: I6323959f0b7b2a357e6d6483cd1c33fb63c3d54a
| -rw-r--r-- | runtime/gc/space/region_space-inl.h | 8 | ||||
| -rw-r--r-- | test/152-dead-large-object/expected.txt | 0 | ||||
| -rw-r--r-- | test/152-dead-large-object/info.txt | 1 | ||||
| -rw-r--r-- | test/152-dead-large-object/src/Main.java | 26 |
4 files changed, 33 insertions, 2 deletions
diff --git a/runtime/gc/space/region_space-inl.h b/runtime/gc/space/region_space-inl.h index 3e79223498..5d282f1ae9 100644 --- a/runtime/gc/space/region_space-inl.h +++ b/runtime/gc/space/region_space-inl.h @@ -233,8 +233,12 @@ void RegionSpace::WalkInternal(ObjectCallback* callback, void* arg) { continue; } if (r->IsLarge()) { - mirror::Object* obj = reinterpret_cast<mirror::Object*>(r->Begin()); - if (obj->GetClass() != nullptr) { + if (r->LiveBytes() > 0) { + // Avoid visiting dead large objects since they may contain dangling pointers to the + // from-space. + DCHECK_GT(r->LiveBytes(), 0u) << "Visiting dead large object"; + mirror::Object* obj = reinterpret_cast<mirror::Object*>(r->Begin()); + DCHECK(obj->GetClass() != nullptr); callback(obj, arg); } } else if (r->IsLargeTail()) { diff --git a/test/152-dead-large-object/expected.txt b/test/152-dead-large-object/expected.txt new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/test/152-dead-large-object/expected.txt diff --git a/test/152-dead-large-object/info.txt b/test/152-dead-large-object/info.txt new file mode 100644 index 0000000000..45023cd0b7 --- /dev/null +++ b/test/152-dead-large-object/info.txt @@ -0,0 +1 @@ +Test that large objects are freed properly after a GC. diff --git a/test/152-dead-large-object/src/Main.java b/test/152-dead-large-object/src/Main.java new file mode 100644 index 0000000000..72fd25c2c0 --- /dev/null +++ b/test/152-dead-large-object/src/Main.java @@ -0,0 +1,26 @@ +/* + * Copyright (C) 2017 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +public class Main { + static volatile Object a[] = null; + + public static void main(String[] args) { + for (int i = 0; i < 10; ++i) { + a = new Object[i * 300000]; + Runtime.getRuntime().gc(); + } + } +} |