Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(121)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/heap/heap.cc

Issue 2886223002: [heap] Expand verification of layout changes to non-JSObject objects. (Closed)
Patch Set: Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/heap/heap.h ('k') | src/heap/incremental-marking.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/heap/heap.h" 5 #include "src/heap/heap.h"
6 6
7 #include "src/accessors.h" 7 #include "src/accessors.h"
8 #include "src/api.h" 8 #include "src/api.h"
9 #include "src/assembler-inl.h" 9 #include "src/assembler-inl.h"
10 #include "src/ast/context-slot-cache.h" 10 #include "src/ast/context-slot-cache.h"
(...skipping 4275 matching lines...) Expand 10 before | Expand all | Expand 10 after
4286 if (FLAG_incremental_marking && incremental_marking()->IsMarking()) { 4286 if (FLAG_incremental_marking && incremental_marking()->IsMarking()) {
4287 incremental_marking()->MarkBlackAndPush(object); 4287 incremental_marking()->MarkBlackAndPush(object);
4288 } 4288 }
4289 #ifdef VERIFY_HEAP 4289 #ifdef VERIFY_HEAP
4290 DCHECK(pending_layout_change_object_ == nullptr); 4290 DCHECK(pending_layout_change_object_ == nullptr);
4291 pending_layout_change_object_ = object; 4291 pending_layout_change_object_ = object;
4292 #endif 4292 #endif
4293 } 4293 }
4294 4294
4295 #ifdef VERIFY_HEAP 4295 #ifdef VERIFY_HEAP
4296 // Helper class for collecting slot addresses.
4297 class SlotCollectingVisitor final : public ObjectVisitor {
4298 public:
4299 void VisitPointers(HeapObject* host, Object** start, Object** end) override {
4300 for (Object** p = start; p < end; p++) {
4301 slots_.push_back(p);
4302 }
4303 }
4304
4305 int number_of_slots() { return static_cast<int>(slots_.size()); }
4306
4307 Object** slot(int i) { return slots_[i]; }
4308
4309 private:
4310 std::vector<Object**> slots_;
4311 };
4312
4296 void Heap::VerifyObjectLayoutChange(HeapObject* object, Map* new_map) { 4313 void Heap::VerifyObjectLayoutChange(HeapObject* object, Map* new_map) {
4297 // Check that Heap::NotifyObjectLayout was called for object transitions 4314 // Check that Heap::NotifyObjectLayout was called for object transitions
4298 // that are not safe for concurrent marking. 4315 // that are not safe for concurrent marking.
4299 // If you see this check triggering for a freshly allocated object, 4316 // If you see this check triggering for a freshly allocated object,
4300 // use object->set_map_after_allocation() to initialize its map. 4317 // use object->set_map_after_allocation() to initialize its map.
4301 if (pending_layout_change_object_ == nullptr) { 4318 if (pending_layout_change_object_ == nullptr) {
4302 DCHECK(!object->IsJSObject() || 4319 if (object->IsJSObject()) {
4303 !object->map()->TransitionRequiresSynchronizationWithGC(new_map)); 4320 DCHECK(!object->map()->TransitionRequiresSynchronizationWithGC(new_map));
4321 } else {
4322 // Check that the set of slots before and after the transition match.
4323 SlotCollectingVisitor old_visitor;
4324 object->IterateFast(&old_visitor);
4325 MapWord old_map_word = object->map_word();
4326 // Temporarily set the new map to iterate new slots.
4327 object->set_map_word(MapWord::FromMap(new_map));
4328 SlotCollectingVisitor new_visitor;
4329 object->IterateFast(&new_visitor);
4330 // Restore the old map.
4331 object->set_map_word(old_map_word);
4332 DCHECK_EQ(new_visitor.number_of_slots(), old_visitor.number_of_slots());
4333 for (int i = 0; i < new_visitor.number_of_slots(); i++) {
4334 DCHECK_EQ(new_visitor.slot(i), old_visitor.slot(i));
4335 }
4336 }
4304 } else { 4337 } else {
4305 DCHECK_EQ(pending_layout_change_object_, object); 4338 DCHECK_EQ(pending_layout_change_object_, object);
4306 pending_layout_change_object_ = nullptr; 4339 pending_layout_change_object_ = nullptr;
4307 } 4340 }
4308 } 4341 }
4309 #endif 4342 #endif
4310 4343
4311 GCIdleTimeHeapState Heap::ComputeHeapState() { 4344 GCIdleTimeHeapState Heap::ComputeHeapState() {
4312 GCIdleTimeHeapState heap_state; 4345 GCIdleTimeHeapState heap_state;
4313 heap_state.contexts_disposed = contexts_disposed_; 4346 heap_state.contexts_disposed = contexts_disposed_;
(...skipping 2228 matching lines...) Expand 10 before | Expand all | Expand 10 after
6542 case LO_SPACE: 6575 case LO_SPACE:
6543 return "LO_SPACE"; 6576 return "LO_SPACE";
6544 default: 6577 default:
6545 UNREACHABLE(); 6578 UNREACHABLE();
6546 } 6579 }
6547 return NULL; 6580 return NULL;
6548 } 6581 }
6549 6582
6550 } // namespace internal 6583 } // namespace internal
6551 } // namespace v8 6584 } // namespace v8
OLDNEW
« no previous file with comments | « src/heap/heap.h ('k') | src/heap/incremental-marking.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698