test/cctest/test-heap.cc - Issue 475463003: Fix pointer iteration for maps.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: test/cctest/test-heap.cc

Issue 475463003: Fix pointer iteration for maps. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge

Patch Set: Add regression test Created 6 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: test/cctest/test-heap.cc

diff --git a/test/cctest/test-heap.cc b/test/cctest/test-heap.cc

index ab000dc6a6ee28f1ebc78b491db3a630074e9b18..4a84e0f82b950c17e8e6bc9ee15c57a3fedf1963 100644

--- a/test/cctest/test-heap.cc

+++ b/test/cctest/test-heap.cc

@@ -4475,6 +4475,49 @@ TEST(Regress388880) {

}

+TEST(RegressStoreBufferMapUpdate) {

+ CcTest::InitializeVM();

+ v8::HandleScope scope(CcTest::isolate());

+ Isolate* isolate = CcTest::i_isolate();

+ Factory* factory = isolate->factory();

+ Heap* heap = isolate->heap();

+ // This test checks that we do not treat instance size field of the map

+ // as a heap pointer (when processing store buffer).

+ Handle<Map> map1 = Map::Create(isolate->object_function(), 1);

+ // Allocate a throw-away object.

+ factory->NewFixedArray(1, NOT_TENURED);

+ // Allocate an object that will be moved by the GC (because the throw-away

+ // object will die).

+ Handle<FixedArray> obj_to_move = factory->NewFixedArray(1, NOT_TENURED);

+ // Record the address before the GC.

+ Object* obj_to_move_address = *obj_to_move;

+ // Smash the pointer to the moving object into the instance size field of

+ // the map.

Hannes Payer (out of office) 2014/08/14 07:27:32 Can you just add a bit more of information why we

Jarin 2014/08/14 07:37:32 Done. Better?

+ *(reinterpret_cast<Object**>(map1->address() + Map::kInstanceSizeOffset)) =

+ obj_to_move_address;

+ // Make sure we scan the map's page on scavenge.

+ Page* page = Page::FromAddress(map1->address());

+ page->set_scan_on_scavenge(true);

+ heap->CollectGarbage(NEW_SPACE);

+ // Check the object has really moved.

+ CHECK(*obj_to_move != obj_to_move_address);

+ // Now check that we have not updated the instance size field of the map.

+ CHECK_EQ(obj_to_move_address,

+ *(reinterpret_cast<Object**>(map1->address() +

+ Map::kInstanceSizeOffset)));

#ifdef DEBUG

TEST(PathTracer) {

CcTest::InitializeVM();

« no previous file with comments | « src/heap/store-buffer.cc ('k') | no next file » | no next file with comments »