Version 4.8.2.1 (cherry-pick)

test/cctest/test-heap.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 5547 matching lines @@
 
 
 TEST(ArrayShiftSweeping) {
   i::FLAG_expose_gc = true;
   CcTest::InitializeVM();
   v8::HandleScope scope(CcTest::isolate());
   Isolate* isolate = CcTest::i_isolate();
   Heap* heap = isolate->heap();
 
   v8::Local<v8::Value> result = CompileRun(
-      "var array = new Array(400);"
-      "var tmp = new Array(1000);"
+      "var array = new Array(40000);"
+      "var tmp = new Array(100000);"
       "array[0] = 10;"
       "gc();"
       "gc();"
       "array.shift();"
       "array;");
 
   Handle<JSObject> o =
       v8::Utils::OpenHandle(*v8::Handle<v8::Object>::Cast(result));
   CHECK(heap->InOldSpace(o->elements()));
   CHECK(heap->InOldSpace(*o));
@@ skipping 51 matching lines @@
     // promotion queue entries at the end of the second semi-space page.
     const int number_handles = 12;
     Handle<FixedArray> handles[number_handles];
     for (int i = 0; i < number_handles; i++) {
       handles[i] = i_isolate->factory()->NewFixedArray(1, NOT_TENURED);
     }
 
     heap->CollectGarbage(NEW_SPACE);
     CHECK(i::FLAG_min_semi_space_size * MB == new_space->TotalCapacity());
 
-    // Fill-up the first semi-space page.
-    FillUpOnePage(new_space);
+    // Create the first huge object which will exactly fit the first semi-space
+    // page.
+    DisableInlineAllocationSteps(new_space);
+    int new_linear_size =
+        static_cast<int>(*heap->new_space()->allocation_limit_address() -
+                         *heap->new_space()->allocation_top_address());
+    int length = (new_linear_size - FixedArray::kHeaderSize) / kPointerSize;
+    Handle<FixedArray> first =
+        i_isolate->factory()->NewFixedArray(length, NOT_TENURED);
+    CHECK(heap->InNewSpace(*first));
 
     // Create a small object to initialize the bump pointer on the second
     // semi-space page.
     Handle<FixedArray> small =
         i_isolate->factory()->NewFixedArray(1, NOT_TENURED);
     CHECK(heap->InNewSpace(*small));
 
-    // Fill-up the second semi-space page.
-    FillUpOnePage(new_space);
+
+    // Create the second huge object of maximum allocatable second semi-space
+    // page size.
+    DisableInlineAllocationSteps(new_space);
+    new_linear_size =
+        static_cast<int>(*heap->new_space()->allocation_limit_address() -
+                         *heap->new_space()->allocation_top_address());
+    length = (new_linear_size - FixedArray::kHeaderSize) / kPointerSize;
+    Handle<FixedArray> second =
+        i_isolate->factory()->NewFixedArray(length, NOT_TENURED);
+    CHECK(heap->InNewSpace(*second));
 
     // This scavenge will corrupt memory if the promotion queue is not
     // evacuated.
     heap->CollectGarbage(NEW_SPACE);
   }
   isolate->Dispose();
 }
 
 
 TEST(Regress388880) {
   i::FLAG_expose_gc = true;
   CcTest::InitializeVM();
   v8::HandleScope scope(CcTest::isolate());
   Isolate* isolate = CcTest::i_isolate();
   Factory* factory = isolate->factory();
   Heap* heap = isolate->heap();
 
   Handle<Map> map1 = Map::Create(isolate, 1);
   Handle<Map> map2 =
       Map::CopyWithField(map1, factory->NewStringFromStaticChars("foo"),
                          HeapType::Any(isolate), NONE, Representation::Tagged(),
                          OMIT_TRANSITION).ToHandleChecked();
 
   int desired_offset = Page::kPageSize - map1->instance_size();
 
-  // Allocate padding objects in old pointer space so, that object allocated
+  // Allocate fixed array in old pointer space so, that object allocated
   // afterwards would end at the end of the page.
-  SimulateFullSpace(heap->old_space());
-  int padding_size = desired_offset - Page::kObjectStartOffset;
-  CreatePadding(heap, padding_size, TENURED);
+  {
+    SimulateFullSpace(heap->old_space());
+    int padding_size = desired_offset - Page::kObjectStartOffset;
+    int padding_array_length =
+        (padding_size - FixedArray::kHeaderSize) / kPointerSize;
+
+    Handle<FixedArray> temp2 =
+        factory->NewFixedArray(padding_array_length, TENURED);
+    Page* page = Page::FromAddress(temp2->address());
+    CHECK_EQ(Page::kObjectStartOffset, page->Offset(temp2->address()));
+  }
 
   Handle<JSObject> o = factory->NewJSObjectFromMap(map1, TENURED);
   o->set_properties(*factory->empty_fixed_array());
 
   // Ensure that the object allocated where we need it.
   Page* page = Page::FromAddress(o->address());
   CHECK_EQ(desired_offset, page->Offset(o->address()));
 
   // Now we have an object right at the end of the page.
 
@@ skipping 732 matching lines @@
   // The CollectGarbage call above starts sweeper threads.
   // The crash will happen if the following two functions
   // are called before sweeping finishes.
   heap->StartIncrementalMarking();
   heap->FinalizeIncrementalMarkingIfComplete("test");
 }
 
 
 }  // namespace internal
 }  // namespace v8