| Index: test/cctest/heap/test-compaction.cc
|
| diff --git a/test/cctest/heap/test-compaction.cc b/test/cctest/heap/test-compaction.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..fec5ecc40b2c548ecec13c176b8fa2845ef05fc4
|
| --- /dev/null
|
| +++ b/test/cctest/heap/test-compaction.cc
|
| @@ -0,0 +1,344 @@
|
| +// Copyright 2015 the V8 project authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include "test/cctest/cctest.h"
|
| +#include "test/cctest/heap/heap-tester.h"
|
| +#include "test/cctest/heap/utils-inl.h"
|
| +
|
| +namespace v8 {
|
| +namespace internal {
|
| +
|
| +static std::vector<Handle<FixedArray>> FillUpFirstOldSpacePage(Heap* heap) {
|
| + // This functions assumes that old space top is still on the first page
|
| + heap->old_space()->EmptyAllocationInfo();
|
| + int free_on_first_page = static_cast<int>(heap->old_space()->Available());
|
| + return CreatePadding(heap, free_on_first_page, TENURED);
|
| +}
|
| +
|
| +
|
| +static void CheckInvariantsOfAbortedPage(Page* page) {
|
| + // Check invariants:
|
| + // 1) Markbits are cleared
|
| + // 2) The page is not marked as evacuation candidate anymore
|
| + // 3) The page is not marked as aborted compaction anymore.
|
| + CHECK(page->markbits()->IsClean());
|
| + CHECK(!page->IsEvacuationCandidate());
|
| + CHECK(!page->IsFlagSet(Page::COMPACTION_WAS_ABORTED));
|
| +}
|
| +
|
| +
|
| +HEAP_TEST(CompactionFullAbortedPage) {
|
| + // Test the scenario where we reach OOM during compaction and the whole page
|
| + // is aborted.
|
| +
|
| + FLAG_manual_evacuation_candidates_selection = true;
|
| + CcTest::InitializeVM();
|
| + Isolate* isolate = CcTest::i_isolate();
|
| + Heap* heap = isolate->heap();
|
| + // Disable concurrent sweeping to ensure memory is in an expected state, i.e.,
|
| + // we can reach the state of a half aborted page. We cannot just set
|
| + // {FLAG_concurrent_sweeping} because the flag is cached in heap, which is
|
| + // initialized earlier.
|
| + heap->concurrent_sweeping_enabled_ = false;
|
| + {
|
| + HandleScope scope1(isolate);
|
| + // Fill up the first page since it cannot be evacuated.
|
| + auto first_page_handles = FillUpFirstOldSpacePage(heap);
|
| +
|
| + {
|
| + HandleScope scope2(isolate);
|
| + heap->old_space()->EmptyAllocationInfo();
|
| + auto second_page_handles =
|
| + CreatePadding(heap, Page::kAllocatableMemory, TENURED);
|
| + Page* to_be_aborted_page =
|
| + Page::FromAddress(second_page_handles.front()->address());
|
| + to_be_aborted_page->SetFlag(
|
| + MemoryChunk::FORCE_EVACUATION_CANDIDATE_FOR_TESTING);
|
| + heap->set_force_oom(true);
|
| + heap->CollectAllGarbage();
|
| +
|
| + // Check that all handles still point to the same page, i.e., compaction
|
| + // has been aborted on the page.
|
| + for (Handle<FixedArray> object : second_page_handles) {
|
| + CHECK_EQ(to_be_aborted_page, Page::FromAddress(object->address()));
|
| + }
|
| + CheckInvariantsOfAbortedPage(to_be_aborted_page);
|
| + }
|
| + }
|
| +}
|
| +
|
| +
|
| +HEAP_TEST(CompactionPartiallyAbortedPage) {
|
| + // Test the scenario where we reach OOM during compaction and parts of the
|
| + // page have already been migrated to a new one.
|
| +
|
| + FLAG_manual_evacuation_candidates_selection = true;
|
| +
|
| + const int object_size = 128 * KB;
|
| +
|
| + CcTest::InitializeVM();
|
| + Isolate* isolate = CcTest::i_isolate();
|
| + Heap* heap = isolate->heap();
|
| + // Disable concurrent sweeping to ensure memory is in an expected state, i.e.,
|
| + // we can reach the state of a half aborted page. We cannot just set
|
| + // {FLAG_concurrent_sweeping} because the flag is cached in heap, which is
|
| + // initialized earlier.
|
| + heap->concurrent_sweeping_enabled_ = false;
|
| + {
|
| + HandleScope scope1(isolate);
|
| + // Fill up the first page since it cannot be evacuated.
|
| + auto first_page_handles = FillUpFirstOldSpacePage(heap);
|
| +
|
| + {
|
| + HandleScope scope2(isolate);
|
| + // Fill the second page with objects of size {object_size} (last one is
|
| + // properly adjusted).
|
| + heap->old_space()->EmptyAllocationInfo();
|
| + auto second_page_handles =
|
| + CreatePadding(heap, Page::kAllocatableMemory, TENURED, object_size);
|
| + // Mark the second page for evacuation.
|
| + Page* to_be_aborted_page =
|
| + Page::FromAddress(second_page_handles.front()->address());
|
| + to_be_aborted_page->SetFlag(
|
| + MemoryChunk::FORCE_EVACUATION_CANDIDATE_FOR_TESTING);
|
| +
|
| + {
|
| + // Add a third page that is filled with {num_objects} objects of size
|
| + // {object_size}.
|
| + HandleScope scope3(isolate);
|
| + heap->old_space()->EmptyAllocationInfo();
|
| + const int num_objects = 3;
|
| + std::vector<Handle<FixedArray>> third_page_handles = CreatePadding(
|
| + heap, object_size * num_objects, TENURED, object_size);
|
| + Page* third_page =
|
| + Page::FromAddress(third_page_handles.front()->address());
|
| + heap->set_force_oom(true);
|
| + heap->CollectAllGarbage();
|
| +
|
| + bool migration_aborted = false;
|
| + for (Handle<FixedArray> object : second_page_handles) {
|
| + // Once compaction has been aborted, all following objects still have
|
| + // to be on the initial page.
|
| + CHECK(!migration_aborted ||
|
| + (Page::FromAddress(object->address()) == to_be_aborted_page));
|
| + if (Page::FromAddress(object->address()) == to_be_aborted_page) {
|
| + // This object has not been migrated.
|
| + migration_aborted = true;
|
| + } else {
|
| + CHECK_EQ(Page::FromAddress(object->address()), third_page);
|
| + }
|
| + }
|
| + // Check that we actually created a scenario with a partially aborted
|
| + // page.
|
| + CHECK(migration_aborted);
|
| + CheckInvariantsOfAbortedPage(to_be_aborted_page);
|
| + }
|
| + }
|
| + }
|
| +}
|
| +
|
| +
|
| +HEAP_TEST(CompactionPartiallyAbortedPageIntraAbortedPointers) {
|
| + // Test the scenario where we reach OOM during compaction and parts of the
|
| + // page have already been migrated to a new one. Objects on the aborted page
|
| + // are linked together. This test makes sure that intra-aborted page pointers
|
| + // get properly updated.
|
| +
|
| + FLAG_manual_evacuation_candidates_selection = true;
|
| +
|
| + const int object_size = 128 * KB;
|
| +
|
| + CcTest::InitializeVM();
|
| + Isolate* isolate = CcTest::i_isolate();
|
| + Heap* heap = isolate->heap();
|
| + // Disable concurrent sweeping to ensure memory is in an expected state, i.e.,
|
| + // we can reach the state of a half aborted page. We cannot just set
|
| + // {FLAG_concurrent_sweeping} because the flag is cached in heap, which is
|
| + // initialized earlier.
|
| + heap->concurrent_sweeping_enabled_ = false;
|
| + {
|
| + HandleScope scope1(isolate);
|
| + // Fill up the first page since it cannot be evacuated.
|
| + auto first_page_handles = FillUpFirstOldSpacePage(heap);
|
| +
|
| + Page* to_be_aborted_page = nullptr;
|
| + {
|
| + HandleScope temporary_scope(isolate);
|
| + // Fill the second page with objects of size {object_size} (last one is
|
| + // properly adjusted).
|
| + heap->old_space()->EmptyAllocationInfo();
|
| + const int free_on_second_page = Page::kAllocatableMemory;
|
| + std::vector<Handle<FixedArray>> second_page_handles =
|
| + CreatePadding(heap, free_on_second_page, TENURED, object_size);
|
| + // Mark the second page for evacuation.
|
| + to_be_aborted_page =
|
| + Page::FromAddress(second_page_handles.front()->address());
|
| + to_be_aborted_page->SetFlag(
|
| + MemoryChunk::FORCE_EVACUATION_CANDIDATE_FOR_TESTING);
|
| +
|
| + for (size_t i = second_page_handles.size() - 1; i > 0; i--) {
|
| + second_page_handles[i]->set(0, *second_page_handles[i - 1]);
|
| + }
|
| + first_page_handles.front()->set(0, *second_page_handles.back());
|
| + }
|
| +
|
| + {
|
| + // Add a third page that is filled with {num_objects} objects of size
|
| + // {object_size}.
|
| + HandleScope scope3(isolate);
|
| + heap->old_space()->EmptyAllocationInfo();
|
| + const int num_objects = 2;
|
| + int used_memory = object_size * num_objects;
|
| + std::vector<Handle<FixedArray>> third_page_handles =
|
| + CreatePadding(heap, used_memory, TENURED, object_size);
|
| + Page* third_page =
|
| + Page::FromAddress(third_page_handles.front()->address());
|
| + heap->set_force_oom(true);
|
| + heap->CollectAllGarbage();
|
| +
|
| + // The following check makes sure that we compacted "some" objects, while
|
| + // leaving others in place.
|
| + bool in_place = true;
|
| + Handle<FixedArray> current = first_page_handles.front();
|
| + while (current->get(0) != heap->undefined_value()) {
|
| + current = Handle<FixedArray>(FixedArray::cast(current->get(0)));
|
| + CHECK(current->IsFixedArray());
|
| + if (Page::FromAddress(current->address()) != to_be_aborted_page) {
|
| + in_place = false;
|
| + }
|
| + bool on_aborted_page =
|
| + Page::FromAddress(current->address()) == to_be_aborted_page;
|
| + bool on_third_page =
|
| + Page::FromAddress(current->address()) == third_page;
|
| + CHECK((in_place && on_aborted_page) || (!in_place && on_third_page));
|
| + }
|
| + // Check that we at least migrated one object, as otherwise the test would
|
| + // not trigger.
|
| + CHECK(!in_place);
|
| +
|
| + CheckInvariantsOfAbortedPage(to_be_aborted_page);
|
| + }
|
| + }
|
| +}
|
| +
|
| +
|
| +HEAP_TEST(CompactionPartiallyAbortedPageWithStoreBufferEntries) {
|
| + // Test the scenario where we reach OOM during compaction and parts of the
|
| + // page have already been migrated to a new one. Objects on the aborted page
|
| + // are linked together and the very first object on the aborted page points
|
| + // into new space. The test verifies that the store buffer entries are
|
| + // properly cleared and rebuilt after aborting a page. Failing to do so can
|
| + // result in other objects being allocated in the free space where their
|
| + // payload looks like a valid new space pointer.
|
| +
|
| + FLAG_manual_evacuation_candidates_selection = true;
|
| +
|
| + const int object_size = 128 * KB;
|
| +
|
| + CcTest::InitializeVM();
|
| + Isolate* isolate = CcTest::i_isolate();
|
| + Heap* heap = isolate->heap();
|
| + // Disable concurrent sweeping to ensure memory is in an expected state, i.e.,
|
| + // we can reach the state of a half aborted page. We cannot just set
|
| + // {FLAG_concurrent_sweeping} because the flag is cached in heap, which is
|
| + // initialized earlier.
|
| + heap->concurrent_sweeping_enabled_ = false;
|
| + {
|
| + HandleScope scope1(isolate);
|
| + // Fill up the first page since it cannot be evacuated.
|
| + auto first_page_handles = FillUpFirstOldSpacePage(heap);
|
| +
|
| + Page* to_be_aborted_page = nullptr;
|
| + {
|
| + HandleScope temporary_scope(isolate);
|
| + // Fill the second page with objects of size {object_size} (last one is
|
| + // properly adjusted).
|
| + heap->old_space()->EmptyAllocationInfo();
|
| + auto second_page_handles =
|
| + CreatePadding(heap, Page::kAllocatableMemory, TENURED, object_size);
|
| + // Mark the second page for evacuation.
|
| + to_be_aborted_page =
|
| + Page::FromAddress(second_page_handles.front()->address());
|
| + to_be_aborted_page->SetFlag(
|
| + MemoryChunk::FORCE_EVACUATION_CANDIDATE_FOR_TESTING);
|
| +
|
| + for (size_t i = second_page_handles.size() - 1; i > 0; i--) {
|
| + second_page_handles[i]->set(0, *second_page_handles[i - 1]);
|
| + }
|
| + first_page_handles.front()->set(0, *second_page_handles.back());
|
| + Handle<FixedArray> new_space_array =
|
| + isolate->factory()->NewFixedArray(1, NOT_TENURED);
|
| + CHECK(heap->InNewSpace(*new_space_array));
|
| + second_page_handles.front()->set(1, *new_space_array);
|
| + }
|
| +
|
| + {
|
| + // Add a third page that is filled with {num_objects} objects of size
|
| + // {object_size}.
|
| + HandleScope scope3(isolate);
|
| + heap->old_space()->EmptyAllocationInfo();
|
| + const int num_objects = 2;
|
| + int used_memory = object_size * num_objects;
|
| + std::vector<Handle<FixedArray>> third_page_handles =
|
| + CreatePadding(heap, used_memory, TENURED, object_size);
|
| + Page* third_page =
|
| + Page::FromAddress(third_page_handles.front()->address());
|
| + heap->set_force_oom(true);
|
| + heap->CollectAllGarbage();
|
| +
|
| + // The following check makes sure that we compacted "some" objects, while
|
| + // leaving others in place.
|
| + bool in_place = true;
|
| + Handle<FixedArray> current = first_page_handles.front();
|
| + while (current->get(0) != heap->undefined_value()) {
|
| + current = Handle<FixedArray>(FixedArray::cast(current->get(0)));
|
| + CHECK(!heap->InNewSpace(*current));
|
| + CHECK(current->IsFixedArray());
|
| + if (Page::FromAddress(current->address()) != to_be_aborted_page) {
|
| + in_place = false;
|
| + }
|
| + bool on_aborted_page =
|
| + Page::FromAddress(current->address()) == to_be_aborted_page;
|
| + bool on_third_page =
|
| + Page::FromAddress(current->address()) == third_page;
|
| + CHECK((in_place && on_aborted_page) || (!in_place && on_third_page));
|
| + }
|
| + // Check that we at least migrated one object, as otherwise the test would
|
| + // not trigger.
|
| + CHECK(!in_place);
|
| +
|
| + CheckInvariantsOfAbortedPage(to_be_aborted_page);
|
| +
|
| + // Allocate a new object in new space.
|
| + Handle<FixedArray> holder =
|
| + isolate->factory()->NewFixedArray(10, NOT_TENURED);
|
| + // Create a broken address that looks like a tagged pointer to a new space
|
| + // object.
|
| + Address broken_address = holder->address() + 2 * kPointerSize + 1;
|
| + // Convert it to a vector to create a string from it.
|
| + Vector<const uint8_t> string_to_broken_addresss(
|
| + reinterpret_cast<const uint8_t*>(&broken_address), 8);
|
| +
|
| + Handle<String> string;
|
| + do {
|
| + // We know that the interesting slot will be on the aborted page and
|
| + // hence we allocate until we get our string on the aborted page.
|
| + // We used slot 1 in the fixed size array which corresponds to the
|
| + // the first word in the string. Since the first object definitely
|
| + // migrated we can just allocate until we hit the aborted page.
|
| + string = isolate->factory()
|
| + ->NewStringFromOneByte(string_to_broken_addresss, TENURED)
|
| + .ToHandleChecked();
|
| + } while (Page::FromAddress(string->address()) != to_be_aborted_page);
|
| +
|
| + // If store buffer entries are not properly filtered/reset for aborted
|
| + // pages we have now a broken address at an object slot in old space and
|
| + // the following scavenge will crash.
|
| + heap->CollectGarbage(NEW_SPACE);
|
| + }
|
| + }
|
| +}
|
| +
|
| +} // namespace internal
|
| +} // namespace v8
|
|
|
Chromium Code Reviews
Issue 1511933002:
[cctest] Add tests for aborting compaction of pages (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master