Fix region space when used with SetLengthToUsableSizeVisitor.

The region space relies on obj->SizeOf for some of its logic.
By having SetLengthToUsableSizeVisitor "change" the SizeOf
what's being allocated.

The bug happens during RegionSpace::ClearFromSpace: for unevac regions
we iterate over following regions. If LiveBytes != Top() - Begin()
(which happen for large allocations using SetLengthToUsableSizeVisitor),
we break the loop.

The next region to analyze is a large tail, and we see LiveBytes() == 0
(tails apparently always have live bytes == 0), the code is then
happy to release the large tail, even though the large object is still
live.

bug: 37187694
bug: 62889232
Test: 659-unpadded-array
Change-Id: Ia99b67256b0e28a80095bd5cdae9068ea5e8b4a8

6 files changed, 68 insertions, 6 deletions

diff --git a/runtime/gc/collector/concurrent_copying.cc b/runtime/gc/collector/concurrent_copying.cc
index c0d648117c..458e830eda 100644
--- a/runtime/gc/collector/concurrent_copying.cc
+++ b/runtime/gc/collector/concurrent_copying.cc
@@ -2287,7 +2287,9 @@ mirror::Object* ConcurrentCopying::Copy(mirror::Object* from_ref,
   // Note that from_ref is a from space ref so the SizeOf() call will access the from-space meta
   // objects, but it's ok and necessary.
   size_t obj_size = from_ref->SizeOf<kDefaultVerifyFlags>();
-  size_t region_space_alloc_size = RoundUp(obj_size, space::RegionSpace::kAlignment);
+  size_t region_space_alloc_size = (obj_size <= space::RegionSpace::kRegionSize)
+      ? RoundUp(obj_size, space::RegionSpace::kAlignment)
+      : RoundUp(obj_size, space::RegionSpace::kRegionSize);
   size_t region_space_bytes_allocated = 0U;
   size_t non_moving_space_bytes_allocated = 0U;
   size_t bytes_allocated = 0U;
diff --git a/runtime/gc/space/region_space-inl.h b/runtime/gc/space/region_space-inl.h
index 2e67f34648..2fba4a8bd1 100644
--- a/runtime/gc/space/region_space-inl.h
+++ b/runtime/gc/space/region_space-inl.h
@@ -277,18 +277,21 @@ mirror::Object* RegionSpace::AllocLarge(size_t num_bytes, size_t* bytes_allocate
       DCHECK(first_reg->IsFree());
       first_reg->UnfreeLarge(this, time_);
       ++num_non_free_regions_;
-      first_reg->SetTop(first_reg->Begin() + num_bytes);
+      size_t allocated = num_regs * kRegionSize;
+      // We make 'top' all usable bytes, as the caller of this
+      // allocation may use all of 'usable_size' (see mirror::Array::Alloc).
+      first_reg->SetTop(first_reg->Begin() + allocated);
       for (size_t p = left + 1; p < right; ++p) {
         DCHECK_LT(p, num_regions_);
         DCHECK(regions_[p].IsFree());
         regions_[p].UnfreeLargeTail(this, time_);
         ++num_non_free_regions_;
       }
-      *bytes_allocated = num_bytes;
+      *bytes_allocated = allocated;
       if (usable_size != nullptr) {
-        *usable_size = num_regs * kRegionSize;
+        *usable_size = allocated;
       }
-      *bytes_tl_bulk_allocated = num_bytes;
+      *bytes_tl_bulk_allocated = allocated;
       return reinterpret_cast<mirror::Object*>(first_reg->Begin());
     } else {
       // right points to the non-free region. Start with the one after it.
diff --git a/runtime/gc/space/region_space.h b/runtime/gc/space/region_space.h
index 8907b07bf2..7b16ffe23d 100644
--- a/runtime/gc/space/region_space.h
+++ b/runtime/gc/space/region_space.h
@@ -387,7 +387,9 @@ class RegionSpace FINAL : public ContinuousMemMapAllocSpace {
       DCHECK(IsInUnevacFromSpace());
       DCHECK(!IsLargeTail());
       DCHECK_NE(live_bytes_, static_cast<size_t>(-1));
-      live_bytes_ += live_bytes;
+      // For large allocations, we always consider all bytes in the
+      // regions live.
+      live_bytes_ += IsLarge() ? Top() - begin_ : live_bytes;
       DCHECK_LE(live_bytes_, BytesAllocated());
     }
 
diff --git a/test/659-unpadded-array/expected.txt b/test/659-unpadded-array/expected.txt
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/test/659-unpadded-array/expected.txt
diff --git a/test/659-unpadded-array/info.txt b/test/659-unpadded-array/info.txt
new file mode 100644
index 0000000000..905c5290ae
--- /dev/null
+++ b/test/659-unpadded-array/info.txt
@@ -0,0 +1,3 @@
+Regression test for the concurrent GC whose region space had
+a bug when the request for allocation ended up using 'usable_size'
+instead of the initially requested number of bytes.
diff --git a/test/659-unpadded-array/src-art/Main.java b/test/659-unpadded-array/src-art/Main.java
new file mode 100644
index 0000000000..80fd6e2f6f
--- /dev/null
+++ b/test/659-unpadded-array/src-art/Main.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import dalvik.system.VMRuntime;
+
+public class Main {
+  public static void main(String[] args) {
+    // Call our optimization API, we used to have a bug in the RegionSpace on large
+    // objects allocated through it.
+    Object[] o = (Object[]) VMRuntime.getRuntime().newUnpaddedArray(Object.class, 70000);
+
+    // Make the test run for 30 seconds to be less dependent on GC heuristics.
+    long time = System.currentTimeMillis();
+    int i = 1;
+    do {
+      allocateIntArray(i);
+      for (int j = 0; j < o.length; j++) {
+        if (o[j] != null) {
+          // Just print, not throw, to get into "interesting" issues (eg the first
+          // element that will not be null is the class of the object, the second is
+          // actually the first element of the int array).
+          System.out.println("Unexpected value: " + o[j]);
+        }
+      }
+      if (i < 100000) {
+        i++;
+      } else {
+        i = 0;
+      }
+    } while (System.currentTimeMillis() - time < 30000);
+  }
+
+  static void allocateIntArray(int i) {
+    int[] intArray = new int[i];
+    for (int j = 0; j < intArray.length; j++) {
+      intArray[j] = 1;
+    }
+  }
+}