test/cctest/test-heap.cc - Issue 424693006: Regression test for chromium:388880 added.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: test/cctest/test-heap.cc

Issue 424693006: Regression test for chromium:388880 added. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge

Patch Set: Comments addressed Created 6 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: test/cctest/test-heap.cc

diff --git a/test/cctest/test-heap.cc b/test/cctest/test-heap.cc

index 1461532d2846bfa7f166f26d76fac002f3a96adc..0c79e6535e0a1bce5fe6fa09ec2c930b79a14e66 100644

--- a/test/cctest/test-heap.cc

+++ b/test/cctest/test-heap.cc

@@ -4441,6 +4441,58 @@ TEST(PromotionQueue) {

}

+TEST(Regress388880) {

+ i::FLAG_expose_gc = true;

+ CcTest::InitializeVM();

+ v8::HandleScope scope(CcTest::isolate());

+ Isolate* isolate = CcTest::i_isolate();

+ Factory* factory = isolate->factory();

+ Heap* heap = isolate->heap();

+ Handle<Map> map1 = Map::Create(isolate->object_function(), 1);

+ Handle<Map> map2 =

+ Map::CopyWithField(map1, factory->NewStringFromStaticAscii("foo"),

+ HeapType::Any(isolate), NONE, Representation::Tagged(),

+ OMIT_TRANSITION).ToHandleChecked();

+ int desired_offset = Page::kPageSize - map1->instance_size();

+ // Allocate fixed array in old pointer space so, that object allocated

+ // afterwards would end at the end of the page.

+ {

+ SimulateFullSpace(heap->old_pointer_space());

+ int padding_size = desired_offset - Page::kObjectStartOffset;

+ int padding_array_length =

+ (padding_size - FixedArray::kHeaderSize) / kPointerSize;

+ Handle<FixedArray> temp2 =

+ factory->NewFixedArray(padding_array_length, TENURED);

+ Page* page = Page::FromAddress(temp2->address());

+ CHECK_EQ(Page::kObjectStartOffset, page->Offset(temp2->address()));

+ }

+ Handle<JSObject> o = factory->NewJSObjectFromMap(map1, TENURED, false);

+ o->set_properties(*factory->empty_fixed_array());

+ // Ensure that the object allocated where we need it.

+ Page* page = Page::FromAddress(o->address());

+ CHECK_EQ(desired_offset, page->Offset(o->address()));

+ // Now we have an object right at the end of the page.

+ // Enable incremental marking to trigger actions in Heap::AdjustLiveBytes()

+ // that would cause crash.

+ IncrementalMarking* marking = CcTest::heap()->incremental_marking();

+ marking->Abort();

+ marking->Start();

+ CHECK(marking->IsMarking());

+ // Now everything is set up for crashing in JSObject::MigrateFastToFast()

+ // when it calls heap->AdjustLiveBytes(...).

+ JSObject::MigrateToMap(o, map2);

#ifdef DEBUG

TEST(PathTracer) {

CcTest::InitializeVM();

« no previous file with comments | « no previous file | no next file » | no next file with comments »