Revision: 22634
Author: rmcil...@chromium.org
Date: Mon Jul 28 10:04:36 2014 UTC
Log: Tests that the GC doesn't mistake non-pointer constant pool
entries as pointers.
Adds a test for ConstantPoolArray to ensure that the GC
doesn't mistake non-pointer entries as pointers and try
to modify them during scavenge operations.
Also adds asserts to ConstantPoolArray::set(int, *Object) to
ensure we don't add new-space pointers in constant pool
array.
R=hpa...@chromium.org
Committed: https://code.google.com/p/v8/source/detail?r=22608
Review URL: https://codereview.chromium.org/396803009
http://code.google.com/p/v8/source/detail?r=22634
Modified:
/branches/bleeding_edge/src/objects-inl.h
/branches/bleeding_edge/test/cctest/test-constantpool.cc
=======================================
--- /branches/bleeding_edge/src/objects-inl.h Fri Jul 25 18:32:11 2014 UTC
+++ /branches/bleeding_edge/src/objects-inl.h Mon Jul 28 10:04:36 2014 UTC
@@ -2540,6 +2540,7 @@
void ConstantPoolArray::set(int index, Object* value) {
ASSERT(map() == GetHeap()->constant_pool_array_map());
+ ASSERT(!GetHeap()->InNewSpace(value));
ASSERT(get_type(index) == HEAP_PTR);
WRITE_FIELD(this, OffsetOfElementAt(index), value);
WRITE_BARRIER(GetHeap(), this, OffsetOfElementAt(index), value);
@@ -2584,6 +2585,7 @@
void ConstantPoolArray::set_at_offset(int offset, Object* value) {
ASSERT(map() == GetHeap()->constant_pool_array_map());
+ ASSERT(!GetHeap()->InNewSpace(value));
ASSERT(offset_is_type(offset, HEAP_PTR));
WRITE_FIELD(this, offset, value);
WRITE_BARRIER(GetHeap(), this, offset, value);
=======================================
--- /branches/bleeding_edge/test/cctest/test-constantpool.cc Thu Jul 24
18:59:19 2014 UTC
+++ /branches/bleeding_edge/test/cctest/test-constantpool.cc Mon Jul 28
10:04:36 2014 UTC
@@ -31,7 +31,6 @@
TEST(ConstantPoolSmall) {
LocalContext context;
Isolate* isolate = CcTest::i_isolate();
- Heap* heap = isolate->heap();
Factory* factory = isolate->factory();
v8::HandleScope scope(context->GetIsolate());
@@ -51,7 +50,7 @@
// Check getters and setters.
int64_t big_number = V8_2PART_UINT64_C(0x12345678, 9ABCDEF0);
- Handle<Object> object = factory->NewHeapNumber(4.0);
+ Handle<Object> object = factory->NewHeapNumber(4.0, IMMUTABLE, TENURED);
Code* code = DummyCode(&context);
array->set(0, big_number);
array->set(1, 0.5);
@@ -67,21 +66,12 @@
CHECK_EQ(code, array->get_heap_ptr_entry(4));
CHECK_EQ(*object, array->get_heap_ptr_entry(5));
CHECK_EQ(50, array->get_int32_entry(6));
-
- // Check pointers are updated on GC.
- Object* old_ptr = array->get_heap_ptr_entry(5);
- CHECK_EQ(*object, old_ptr);
- heap->CollectGarbage(NEW_SPACE);
- Object* new_ptr = array->get_heap_ptr_entry(5);
- CHECK_NE(*object, old_ptr);
- CHECK_EQ(*object, new_ptr);
}
TEST(ConstantPoolExtended) {
LocalContext context;
Isolate* isolate = CcTest::i_isolate();
- Heap* heap = isolate->heap();
Factory* factory = isolate->factory();
v8::HandleScope scope(context->GetIsolate());
@@ -116,12 +106,14 @@
// Check small and large section's don't overlap.
int64_t small_section_int64 = V8_2PART_UINT64_C(0x56781234, DEF09ABC);
Code* small_section_code_ptr = DummyCode(&context);
- Handle<Object> small_section_heap_ptr = factory->NewHeapNumber(4.0);
+ Handle<Object> small_section_heap_ptr =
+ factory->NewHeapNumber(4.0, IMMUTABLE, TENURED);
int32_t small_section_int32 = 0xab12cd45;
int64_t extended_section_int64 = V8_2PART_UINT64_C(0x12345678, 9ABCDEF0);
Code* extended_section_code_ptr = DummyCode(&context);
- Handle<Object> extended_section_heap_ptr = factory->NewHeapNumber(4.0);
+ Handle<Object> extended_section_heap_ptr =
+ factory->NewHeapNumber(5.0, IMMUTABLE, TENURED);
int32_t extended_section_int32 = 0xef67ab89;
for (int i = array->first_index(ConstantPoolArray::INT64, kSmall);
@@ -178,14 +170,6 @@
CHECK_EQ(extended_section_int32, array->get_int32_entry(i));
}
}
- // Check pointers are updated on GC in extended section.
- int index = array->first_index(ConstantPoolArray::HEAP_PTR, kExtended);
- Object* old_ptr = array->get_heap_ptr_entry(index);
- CHECK_EQ(*extended_section_heap_ptr, old_ptr);
- heap->CollectGarbage(NEW_SPACE);
- Object* new_ptr = array->get_heap_ptr_entry(index);
- CHECK_NE(*extended_section_heap_ptr, old_ptr);
- CHECK_EQ(*extended_section_heap_ptr, new_ptr);
}
@@ -242,3 +226,86 @@
int expected_int32_indexs[] = { 1, 2, 3, 4 };
CheckIterator(array, ConstantPoolArray::INT32, expected_int32_indexs, 4);
}
+
+
+TEST(ConstantPoolPreciseGC) {
+ LocalContext context;
+ Isolate* isolate = CcTest::i_isolate();
+ Heap* heap = isolate->heap();
+ Factory* factory = isolate->factory();
+ v8::HandleScope scope(context->GetIsolate());
+
+ ConstantPoolArray::NumberOfEntries small(1, 0, 0, 1);
+ Handle<ConstantPoolArray> array = factory->NewConstantPoolArray(small);
+
+ // Check that the store buffer knows which entries are pointers and
which are
+ // not. To do this, make non-pointer entries which look like new space
+ // pointers but are actually invalid and ensure the GC doesn't try to
move
+ // them.
+ Handle<HeapObject> object = factory->NewHeapNumber(4.0);
+ Object* raw_ptr = *object;
+ // If interpreted as a pointer, this should be right inside the heap
number
+ // which will cause a crash when trying to lookup the 'map' pointer.
+ intptr_t invalid_ptr = reinterpret_cast<intptr_t>(raw_ptr) + kInt32Size;
+ int32_t invalid_ptr_int32 = static_cast<int32_t>(invalid_ptr);
+ int64_t invalid_ptr_int64 = static_cast<int64_t>(invalid_ptr);
+ array->set(0, invalid_ptr_int64);
+ array->set(1, invalid_ptr_int32);
+
+ // Ensure we perform a scan on scavenge for the constant pool's page.
+ MemoryChunk::FromAddress(array->address())->set_scan_on_scavenge(true);
+ heap->CollectGarbage(NEW_SPACE);
+
+ // Check the object was moved by GC.
+ CHECK_NE(*object, raw_ptr);
+
+ // Check the non-pointer entries weren't changed.
+ CHECK_EQ(invalid_ptr_int64, array->get_int64_entry(0));
+ CHECK_EQ(invalid_ptr_int32, array->get_int32_entry(1));
+}
+
+
+TEST(ConstantPoolCompacting) {
+ if (i::FLAG_never_compact) return;
+ i::FLAG_always_compact = true;
+ LocalContext context;
+ Isolate* isolate = CcTest::i_isolate();
+ Heap* heap = isolate->heap();
+ Factory* factory = isolate->factory();
+ v8::HandleScope scope(context->GetIsolate());
+
+ ConstantPoolArray::NumberOfEntries small(0, 0, 1, 0);
+ ConstantPoolArray::NumberOfEntries extended(0, 0, 1, 0);
+ Handle<ConstantPoolArray> array =
+ factory->NewExtendedConstantPoolArray(small, extended);
+
+ // Start a second old-space page so that the heap pointer added to the
+ // constant pool array ends up on the an evacuation candidate page.
+ Page* first_page = heap->old_data_space()->anchor()->next_page();
+ {
+ HandleScope scope(isolate);
+ Handle<HeapObject> temp =
+ factory->NewFixedDoubleArray(900 * KB / kDoubleSize, TENURED);
+ CHECK(heap->InOldDataSpace(temp->address()));
+ Handle<HeapObject> heap_ptr =
+ factory->NewHeapNumber(5.0, IMMUTABLE, TENURED);
+ CHECK(heap->InOldDataSpace(heap_ptr->address()));
+ CHECK(!first_page->Contains(heap_ptr->address()));
+ array->set(0, *heap_ptr);
+ array->set(1, *heap_ptr);
+ }
+
+ // Check heap pointers are correctly updated on GC.
+ Object* old_ptr = array->get_heap_ptr_entry(0);
+ Handle<Object> object(old_ptr, isolate);
+ CHECK_EQ(old_ptr, *object);
+ CHECK_EQ(old_ptr, array->get_heap_ptr_entry(1));
+
+ // Force compacting garbage collection.
+ CHECK(FLAG_always_compact);
+ heap->CollectAllGarbage(Heap::kNoGCFlags);
+
+ CHECK_NE(old_ptr, *object);
+ CHECK_EQ(*object, array->get_heap_ptr_entry(0));
+ CHECK_EQ(*object, array->get_heap_ptr_entry(1));
+}
--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
