Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(794)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: test/cctest/test-unboxed-doubles.cc

Issue 1379493003: Revert of [heap] Remove retry space from AllocateRaw. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « test/cctest/test-strings.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: test/cctest/test-unboxed-doubles.cc
diff --git a/test/cctest/test-unboxed-doubles.cc b/test/cctest/test-unboxed-doubles.cc
index d0da13713b8aeec67db9cd55a4fb3c2d132ab2eb..3299e12c5e4308ed7bf975f2e2ab156c2fead126 100644
--- a/test/cctest/test-unboxed-doubles.cc
+++ b/test/cctest/test-unboxed-doubles.cc
@@ -1404,6 +1404,89 @@
}
+static int LenFromSize(int size) {
+ return (size - FixedArray::kHeaderSize) / kPointerSize;
+}
+
+
+HEAP_TEST(WriteBarriersInCopyJSObject) {
+ FLAG_max_semi_space_size = 1; // Ensure new space is not growing.
+ CcTest::InitializeVM();
+ Isolate* isolate = CcTest::i_isolate();
+ Heap* heap = CcTest::heap();
+
+ v8::HandleScope scope(CcTest::isolate());
+
+ // The plan: create JSObject which contains unboxed double value that looks
+ // like a reference to an object in new space.
+ // Then clone this object (forcing it to go into old space) and check
+ // that the value of the unboxed double property of the cloned object has
+ // was not corrupted by GC.
+
+ // Step 1: prepare a map for the object. We add unboxed double property to it.
+ // Create a map with single inobject property.
+ Handle<Map> my_map = Map::Create(isolate, 1);
+ Handle<String> name = isolate->factory()->InternalizeUtf8String("foo");
+ my_map = Map::CopyWithField(my_map, name, HeapType::Any(isolate), NONE,
+ Representation::Double(),
+ INSERT_TRANSITION).ToHandleChecked();
+
+ int object_size = my_map->instance_size();
+
+ // Step 2: allocate a lot of objects so to almost fill new space: we need
+ // just enough room to allocate JSObject and thus fill the newspace.
+
+ int allocation_amount =
+ Min(FixedArray::kMaxSize, Page::kMaxRegularHeapObjectSize + kPointerSize);
+ int allocation_len = LenFromSize(allocation_amount);
+ NewSpace* new_space = heap->new_space();
+ DisableInlineAllocationSteps(new_space);
+ Address* top_addr = new_space->allocation_top_address();
+ Address* limit_addr = new_space->allocation_limit_address();
+ while ((*limit_addr - *top_addr) > allocation_amount) {
+ CHECK(!heap->always_allocate());
+ Object* array = heap->AllocateFixedArray(allocation_len).ToObjectChecked();
+ CHECK(new_space->Contains(array));
+ }
+
+ // Step 3: now allocate fixed array and JSObject to fill the whole new space.
+ int to_fill = static_cast<int>(*limit_addr - *top_addr - object_size);
+ int fixed_array_len = LenFromSize(to_fill);
+ CHECK(fixed_array_len < FixedArray::kMaxLength);
+
+ CHECK(!heap->always_allocate());
+ Object* array = heap->AllocateFixedArray(fixed_array_len).ToObjectChecked();
+ CHECK(new_space->Contains(array));
+
+ Object* object = heap->AllocateJSObjectFromMap(*my_map).ToObjectChecked();
+ CHECK(new_space->Contains(object));
+ JSObject* jsobject = JSObject::cast(object);
+ CHECK_EQ(0, FixedArray::cast(jsobject->elements())->length());
+ CHECK_EQ(0, jsobject->properties()->length());
+
+ // Construct a double value that looks like a pointer to the new space object
+ // and store it into the obj.
+ Address fake_object = reinterpret_cast<Address>(array) + kPointerSize;
+ double boom_value = bit_cast<double>(fake_object);
+ FieldIndex index = FieldIndex::ForDescriptor(*my_map, 0);
+ jsobject->RawFastDoublePropertyAtPut(index, boom_value);
+
+ CHECK_EQ(0, static_cast<int>(*limit_addr - *top_addr));
+
+ // Step 4: clone jsobject, but force always allocate first to create a clone
+ // in old pointer space.
+ AlwaysAllocateScope aa_scope(isolate);
+ Object* clone_obj = heap->CopyJSObject(jsobject).ToObjectChecked();
+ Handle<JSObject> clone(JSObject::cast(clone_obj));
+ CHECK(heap->old_space()->Contains(clone->address()));
+
+ CcTest::heap()->CollectGarbage(NEW_SPACE, "boom");
+
+ // The value in cloned object should not be corrupted by GC.
+ CHECK_EQ(boom_value, clone->RawFastDoublePropertyAt(index));
+}
+
+
static void TestWriteBarrier(Handle<Map> map, Handle<Map> new_map,
int tagged_descriptor, int double_descriptor,
bool check_tagged_value = true) {
« no previous file with comments | « test/cctest/test-strings.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698