src/heap/heap.cc - Issue 2886223002: [heap] Expand verification of layout changes to non-JSObject objects.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/heap/heap.cc

Issue 2886223002: [heap] Expand verification of layout changes to non-JSObject objects. (Closed)

Patch Set: Created 3 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/heap/heap.cc

diff --git a/src/heap/heap.cc b/src/heap/heap.cc

index d359d3654af40969d09bd890dbb79099549621d3..d2d0ca2d2f0cf736502b5aac3474f7ae2b5a5658 100644

--- a/src/heap/heap.cc

+++ b/src/heap/heap.cc

@@ -4293,14 +4293,47 @@ void Heap::NotifyObjectLayoutChange(HeapObject* object,

}

#ifdef VERIFY_HEAP

+// Helper class for collecting slot addresses.

+class SlotCollectingVisitor final : public ObjectVisitor {

+ public:

+ void VisitPointers(HeapObject* host, Object** start, Object** end) override {

+ for (Object** p = start; p < end; p++) {

+ slots_.push_back(p);

+ }

+ int number_of_slots() { return static_cast<int>(slots_.size()); }

+ Object** slot(int i) { return slots_[i]; }

+ private:

+ std::vector<Object**> slots_;

+};

void Heap::VerifyObjectLayoutChange(HeapObject* object, Map* new_map) {

// Check that Heap::NotifyObjectLayout was called for object transitions

// that are not safe for concurrent marking.

// If you see this check triggering for a freshly allocated object,

// use object->set_map_after_allocation() to initialize its map.

if (pending_layout_change_object_ == nullptr) {

- DCHECK(!object->IsJSObject() ||

- !object->map()->TransitionRequiresSynchronizationWithGC(new_map));

+ if (object->IsJSObject()) {

+ DCHECK(!object->map()->TransitionRequiresSynchronizationWithGC(new_map));

+ } else {

+ // Check that the set of slots before and after the transition match.

+ SlotCollectingVisitor old_visitor;

+ object->IterateFast(&old_visitor);

+ MapWord old_map_word = object->map_word();

+ // Temporarily set the new map to iterate new slots.

+ object->set_map_word(MapWord::FromMap(new_map));

+ SlotCollectingVisitor new_visitor;

+ object->IterateFast(&new_visitor);

+ // Restore the old map.

+ object->set_map_word(old_map_word);

+ DCHECK_EQ(new_visitor.number_of_slots(), old_visitor.number_of_slots());

+ for (int i = 0; i < new_visitor.number_of_slots(); i++) {

+ DCHECK_EQ(new_visitor.slot(i), old_visitor.slot(i));

+ }

} else {

DCHECK_EQ(pending_layout_change_object_, object);

pending_layout_change_object_ = nullptr;

« no previous file with comments | « src/heap/heap.h ('k') | src/heap/incremental-marking.cc » ('j') | no next file with comments »