test/cctest/test-heap.cc - Issue 471433006: Version 3.28.71.5 (merged r23129, r23114)

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: test/cctest/test-heap.cc

Issue 471433006: Version 3.28.71.5 (merged r23129, r23114) (Closed) Base URL: https://v8.googlecode.com/svn/branches/3.28

Patch Set: Created 6 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: test/cctest/test-heap.cc

diff --git a/test/cctest/test-heap.cc b/test/cctest/test-heap.cc

index ab000dc6a6ee28f1ebc78b491db3a630074e9b18..601e9eb715ab36b0cfdf32fffb02d42978cfdc29 100644

--- a/test/cctest/test-heap.cc

+++ b/test/cctest/test-heap.cc

@@ -4475,6 +4475,51 @@ TEST(Regress388880) {

}

+TEST(RegressStoreBufferMapUpdate) {

+ CcTest::InitializeVM();

+ v8::HandleScope scope(CcTest::isolate());

+ Isolate* isolate = CcTest::i_isolate();

+ Factory* factory = isolate->factory();

+ Heap* heap = isolate->heap();

+ // This test checks that we do not treat instance size field of the map

+ // as a heap pointer when processing the store buffer.

+ Handle<Map> map1 = Map::Create(isolate->object_function(), 1);

+ // Allocate a throw-away object.

+ factory->NewFixedArray(1, NOT_TENURED);

+ // Allocate a new-space object that will be moved by the GC (because

+ // the throw-away object will die).

+ Handle<FixedArray> object_to_move = factory->NewFixedArray(1, NOT_TENURED);

+ // Record the address before the GC.

+ Object* object_to_move_address = *object_to_move;

+ // Smash the new space pointer to the moving object into the instance size

+ // field of the map. The idea is to trick the GC into updating this pointer

+ // when the object moves. This would be wrong because instance size should

+ // not be treated as a heap pointer.

+ *(reinterpret_cast<Object**>(map1->address() + Map::kInstanceSizeOffset)) =

+ object_to_move_address;

+ // Make sure we scan the map's page on scavenge.

+ Page* page = Page::FromAddress(map1->address());

+ page->set_scan_on_scavenge(true);

+ heap->CollectGarbage(NEW_SPACE);

+ // Check the object has really moved.

+ CHECK(*object_to_move != object_to_move_address);

+ // Now check that we have not updated the instance size field of the map.

+ CHECK_EQ(object_to_move_address,

+ *(reinterpret_cast<Object**>(map1->address() +

+ Map::kInstanceSizeOffset)));

#ifdef DEBUG

TEST(PathTracer) {

CcTest::InitializeVM();

« no previous file with comments | « src/version.cc ('k') | no next file » | no next file with comments »