Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(91)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: test/cctest/test-unboxed-doubles.cc

Issue 765473004: Fast-to-slow migration should wipe out in-object space if it exists in the object after migration. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Addressed comments Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/objects-inl.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 the V8 project authors. All rights reserved. 1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <stdlib.h> 5 #include <stdlib.h>
6 #include <utility> 6 #include <utility>
7 7
8 #include "src/v8.h" 8 #include "src/v8.h"
9 9
10 #include "src/compilation-cache.h" 10 #include "src/compilation-cache.h"
(...skipping 585 matching lines...) Expand 10 before | Expand all | Expand 10 after
596 isolate, kPropsCount, descriptors, kSmiValueSize); 596 isolate, kPropsCount, descriptors, kSmiValueSize);
597 CHECK(!layout_descriptor->IsSlowLayout()); 597 CHECK(!layout_descriptor->IsSlowLayout());
598 598
599 layout_descriptor = TestLayoutDescriptorAppendIfFastOrUseFull( 599 layout_descriptor = TestLayoutDescriptorAppendIfFastOrUseFull(
600 isolate, kPropsCount, descriptors, kSmiValueSize + 1); 600 isolate, kPropsCount, descriptors, kSmiValueSize + 1);
601 CHECK(layout_descriptor->IsSlowLayout()); 601 CHECK(layout_descriptor->IsSlowLayout());
602 } 602 }
603 } 603 }
604 604
605 605
606 TEST(Regress436816) {
607 CcTest::InitializeVM();
608 Isolate* isolate = CcTest::i_isolate();
609 Factory* factory = isolate->factory();
610 v8::HandleScope scope(CcTest::isolate());
611
612 const int kPropsCount = kSmiValueSize * 3;
613 PropertyKind props[kPropsCount];
614 for (int i = 0; i < kPropsCount; i++) {
615 props[i] = PROP_DOUBLE;
616 }
617 Handle<DescriptorArray> descriptors =
618 CreateDescriptorArray(isolate, props, kPropsCount);
619
620 Handle<Map> map = Map::Create(isolate, kPropsCount);
621 Handle<LayoutDescriptor> layout_descriptor =
622 LayoutDescriptor::New(map, descriptors, kPropsCount);
623 map->InitializeDescriptors(*descriptors, *layout_descriptor);
624
625 Handle<JSObject> object = factory->NewJSObjectFromMap(map, TENURED);
626
627 Address fake_address = reinterpret_cast<Address>(~kHeapObjectTagMask);
628 HeapObject* fake_object = HeapObject::FromAddress(fake_address);
629 CHECK(fake_object->IsHeapObject());
630
631 double boom_value = bit_cast<double>(fake_object);
632 for (int i = 0; i < kPropsCount; i++) {
633 FieldIndex index = FieldIndex::ForDescriptor(*map, i);
634 CHECK(map->IsUnboxedDoubleField(index));
635 object->RawFastDoublePropertyAtPut(index, boom_value);
636 }
637 CHECK(object->HasFastProperties());
638 CHECK(!object->map()->HasFastPointerLayout());
639
640 Handle<Map> normalized_map =
641 Map::Normalize(map, KEEP_INOBJECT_PROPERTIES, "testing");
642 JSObject::MigrateToMap(object, normalized_map);
643 CHECK(!object->HasFastProperties());
644 CHECK(object->map()->HasFastPointerLayout());
645
646 // Trigger GCs and heap verification.
647 CcTest::heap()->CollectAllGarbage(i::Heap::kNoGCFlags);
648 }
649
650
606 TEST(StoreBufferScanOnScavenge) { 651 TEST(StoreBufferScanOnScavenge) {
607 CcTest::InitializeVM(); 652 CcTest::InitializeVM();
608 Isolate* isolate = CcTest::i_isolate(); 653 Isolate* isolate = CcTest::i_isolate();
609 Factory* factory = isolate->factory(); 654 Factory* factory = isolate->factory();
610 v8::HandleScope scope(CcTest::isolate()); 655 v8::HandleScope scope(CcTest::isolate());
611 656
612 CompileRun( 657 CompileRun(
613 "function A() {" 658 "function A() {"
614 " this.x = 42.5;" 659 " this.x = 42.5;"
615 " this.o = {};" 660 " this.o = {};"
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after
660 MemoryChunk* chunk = MemoryChunk::FromAddress(obj->address()); 705 MemoryChunk* chunk = MemoryChunk::FromAddress(obj->address());
661 chunk->set_scan_on_scavenge(true); 706 chunk->set_scan_on_scavenge(true);
662 707
663 // Trigger GCs and force evacuation. Should not crash there. 708 // Trigger GCs and force evacuation. Should not crash there.
664 CcTest::heap()->CollectAllGarbage(i::Heap::kNoGCFlags); 709 CcTest::heap()->CollectAllGarbage(i::Heap::kNoGCFlags);
665 710
666 CHECK_EQ(boom_value, GetDoubleFieldValue(*obj, field_index)); 711 CHECK_EQ(boom_value, GetDoubleFieldValue(*obj, field_index));
667 } 712 }
668 713
669 #endif 714 #endif
OLDNEW
« no previous file with comments | « src/objects-inl.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698