Line data Source code
1 : // Copyright 2014 the V8 project authors. All rights reserved.
2 : // Redistribution and use in source and binary forms, with or without
3 : // modification, are permitted provided that the following conditions are
4 : // met:
5 : //
6 : // * Redistributions of source code must retain the above copyright
7 : // notice, this list of conditions and the following disclaimer.
8 : // * Redistributions in binary form must reproduce the above
9 : // copyright notice, this list of conditions and the following
10 : // disclaimer in the documentation and/or other materials provided
11 : // with the distribution.
12 : // * Neither the name of Google Inc. nor the names of its
13 : // contributors may be used to endorse or promote products derived
14 : // from this software without specific prior written permission.
15 : //
16 : // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17 : // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
18 : // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
19 : // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
20 : // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21 : // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22 : // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23 : // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24 : // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25 : // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
26 : // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 :
28 : #include "src/factory.h"
29 : #include "src/heap/heap.h"
30 : #include "src/isolate.h"
31 : #include "src/objects-inl.h"
32 : #include "test/cctest/cctest.h"
33 :
34 : namespace v8 {
35 : namespace internal {
36 :
37 18 : static void SetUpNewSpaceWithPoisonedMementoAtTop() {
38 : Isolate* isolate = CcTest::i_isolate();
39 36 : Heap* heap = isolate->heap();
40 : NewSpace* new_space = heap->new_space();
41 :
42 : // Make sure we can allocate some objects without causing a GC later.
43 18 : CcTest::CollectAllGarbage();
44 :
45 : // Allocate a string, the GC may suspect a memento behind the string.
46 : Handle<SeqOneByteString> string =
47 36 : isolate->factory()->NewRawOneByteString(12).ToHandleChecked();
48 18 : CHECK(*string);
49 :
50 : // Create an allocation memento behind the string with a garbage allocation
51 : // site pointer.
52 : AllocationMemento* memento =
53 18 : reinterpret_cast<AllocationMemento*>(new_space->top() + kHeapObjectTag);
54 : memento->set_map_after_allocation(heap->allocation_memento_map(),
55 18 : SKIP_WRITE_BARRIER);
56 : memento->set_allocation_site(
57 18 : reinterpret_cast<AllocationSite*>(kHeapObjectTag), SKIP_WRITE_BARRIER);
58 18 : }
59 :
60 :
61 23724 : TEST(Regress340063) {
62 6 : CcTest::InitializeVM();
63 6 : if (!i::FLAG_allocation_site_pretenuring) return;
64 6 : v8::HandleScope scope(CcTest::isolate());
65 :
66 6 : SetUpNewSpaceWithPoisonedMementoAtTop();
67 :
68 : // Call GC to see if we can handle a poisonous memento right after the
69 : // current new space top pointer.
70 6 : CcTest::CollectAllGarbage(Heap::kAbortIncrementalMarkingMask);
71 : }
72 :
73 :
74 23724 : TEST(Regress470390) {
75 6 : CcTest::InitializeVM();
76 6 : if (!i::FLAG_allocation_site_pretenuring) return;
77 6 : v8::HandleScope scope(CcTest::isolate());
78 :
79 6 : SetUpNewSpaceWithPoisonedMementoAtTop();
80 :
81 : // Set the new space limit to be equal to the top.
82 6 : Address top = CcTest::i_isolate()->heap()->new_space()->top();
83 6 : *(CcTest::i_isolate()->heap()->new_space()->allocation_limit_address()) = top;
84 :
85 : // Call GC to see if we can handle a poisonous memento right after the
86 : // current new space top pointer.
87 6 : CcTest::CollectAllGarbage(Heap::kAbortIncrementalMarkingMask);
88 : }
89 :
90 :
91 23724 : TEST(BadMementoAfterTopForceScavenge) {
92 6 : CcTest::InitializeVM();
93 6 : if (!i::FLAG_allocation_site_pretenuring) return;
94 6 : v8::HandleScope scope(CcTest::isolate());
95 :
96 6 : SetUpNewSpaceWithPoisonedMementoAtTop();
97 :
98 : // Force GC to test the poisoned memento handling
99 6 : CcTest::CollectGarbage(i::NEW_SPACE);
100 : }
101 :
102 : } // namespace internal
103 71154 : } // namespace v8
|
