Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(85)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: test/cctest/test-heap.cc

Issue 475463003: Fix pointer iteration for maps. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Add regression test Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « src/heap/store-buffer.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 4457 matching lines...) Expand 10 before | Expand all | Expand 10 after
4468 marking->Abort(); 4468 marking->Abort();
4469 marking->Start(); 4469 marking->Start();
4470 CHECK(marking->IsMarking()); 4470 CHECK(marking->IsMarking());
4471 4471
4472 // Now everything is set up for crashing in JSObject::MigrateFastToFast() 4472 // Now everything is set up for crashing in JSObject::MigrateFastToFast()
4473 // when it calls heap->AdjustLiveBytes(...). 4473 // when it calls heap->AdjustLiveBytes(...).
4474 JSObject::MigrateToMap(o, map2); 4474 JSObject::MigrateToMap(o, map2);
4475 } 4475 }
4476 4476
4477 4477
4478 TEST(RegressStoreBufferMapUpdate) {
4479 CcTest::InitializeVM();
4480 v8::HandleScope scope(CcTest::isolate());
4481 Isolate* isolate = CcTest::i_isolate();
4482 Factory* factory = isolate->factory();
4483 Heap* heap = isolate->heap();
4484
4485 // This test checks that we do not treat instance size field of the map
4486 // as a heap pointer (when processing store buffer).
4487
4488 Handle<Map> map1 = Map::Create(isolate->object_function(), 1);
4489
4490 // Allocate a throw-away object.
4491 factory->NewFixedArray(1, NOT_TENURED);
4492
4493 // Allocate an object that will be moved by the GC (because the throw-away
4494 // object will die).
4495 Handle<FixedArray> obj_to_move = factory->NewFixedArray(1, NOT_TENURED);
4496
4497 // Record the address before the GC.
4498 Object* obj_to_move_address = *obj_to_move;
4499
4500 // Smash the pointer to the moving object into the instance size field of
4501 // the map.
Hannes Payer (out of office) 2014/08/14 07:27:32 Can you just add a bit more of information why we
Jarin 2014/08/14 07:37:32 Done. Better?
4502 *(reinterpret_cast<Object**>(map1->address() + Map::kInstanceSizeOffset)) =
4503 obj_to_move_address;
4504
4505 // Make sure we scan the map's page on scavenge.
4506 Page* page = Page::FromAddress(map1->address());
4507 page->set_scan_on_scavenge(true);
4508
4509 heap->CollectGarbage(NEW_SPACE);
4510
4511 // Check the object has really moved.
4512 CHECK(*obj_to_move != obj_to_move_address);
4513
4514 // Now check that we have not updated the instance size field of the map.
4515 CHECK_EQ(obj_to_move_address,
4516 *(reinterpret_cast<Object**>(map1->address() +
4517 Map::kInstanceSizeOffset)));
4518 }
4519
4520
4478 #ifdef DEBUG 4521 #ifdef DEBUG
4479 TEST(PathTracer) { 4522 TEST(PathTracer) {
4480 CcTest::InitializeVM(); 4523 CcTest::InitializeVM();
4481 v8::HandleScope scope(CcTest::isolate()); 4524 v8::HandleScope scope(CcTest::isolate());
4482 4525
4483 v8::Local<v8::Value> result = CompileRun("'abc'"); 4526 v8::Local<v8::Value> result = CompileRun("'abc'");
4484 Handle<Object> o = v8::Utils::OpenHandle(*result); 4527 Handle<Object> o = v8::Utils::OpenHandle(*result);
4485 CcTest::i_isolate()->heap()->TracePathToObject(*o); 4528 CcTest::i_isolate()->heap()->TracePathToObject(*o);
4486 } 4529 }
4487 #endif // DEBUG 4530 #endif // DEBUG
OLDNEW
« no previous file with comments | « src/heap/store-buffer.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698