Line data Source code
1 : // Copyright 2014 the V8 project authors. All rights reserved.
2 : // Redistribution and use in source and binary forms, with or without
3 : // modification, are permitted provided that the following conditions are
4 : // met:
5 : //
6 : // * Redistributions of source code must retain the above copyright
7 : // notice, this list of conditions and the following disclaimer.
8 : // * Redistributions in binary form must reproduce the above
9 : // copyright notice, this list of conditions and the following
10 : // disclaimer in the documentation and/or other materials provided
11 : // with the distribution.
12 : // * Neither the name of Google Inc. nor the names of its
13 : // contributors may be used to endorse or promote products derived
14 : // from this software without specific prior written permission.
15 : //
16 : // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17 : // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
18 : // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
19 : // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
20 : // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21 : // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22 : // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23 : // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24 : // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25 : // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
26 : // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 :
28 : #include "src/heap/factory.h"
29 : #include "src/heap/heap-inl.h"
30 : #include "src/isolate.h"
31 : #include "src/objects-inl.h"
32 : #include "test/cctest/cctest.h"
33 :
34 : namespace v8 {
35 : namespace internal {
36 :
37 15 : static void SetUpNewSpaceWithPoisonedMementoAtTop() {
38 : Isolate* isolate = CcTest::i_isolate();
39 : Heap* heap = isolate->heap();
40 : NewSpace* new_space = heap->new_space();
41 :
42 : // Make sure we can allocate some objects without causing a GC later.
43 15 : CcTest::CollectAllGarbage();
44 :
45 : // Allocate a string, the GC may suspect a memento behind the string.
46 : Handle<SeqOneByteString> string =
47 30 : isolate->factory()->NewRawOneByteString(12).ToHandleChecked();
48 15 : CHECK(!string->is_null());
49 :
50 : // Create an allocation memento behind the string with a garbage allocation
51 : // site pointer.
52 : AllocationMemento memento = AllocationMemento::unchecked_cast(
53 15 : Object(new_space->top() + kHeapObjectTag));
54 : memento->set_map_after_allocation(
55 : ReadOnlyRoots(heap).allocation_memento_map(), SKIP_WRITE_BARRIER);
56 : memento->set_allocation_site(
57 : AllocationSite::unchecked_cast(Object(kHeapObjectTag)),
58 : SKIP_WRITE_BARRIER);
59 15 : }
60 :
61 :
62 26644 : TEST(Regress340063) {
63 5 : CcTest::InitializeVM();
64 5 : if (!i::FLAG_allocation_site_pretenuring) return;
65 10 : v8::HandleScope scope(CcTest::isolate());
66 :
67 5 : SetUpNewSpaceWithPoisonedMementoAtTop();
68 :
69 : // Call GC to see if we can handle a poisonous memento right after the
70 : // current new space top pointer.
71 5 : CcTest::PreciseCollectAllGarbage();
72 : }
73 :
74 :
75 26644 : TEST(Regress470390) {
76 5 : CcTest::InitializeVM();
77 5 : if (!i::FLAG_allocation_site_pretenuring) return;
78 10 : v8::HandleScope scope(CcTest::isolate());
79 :
80 5 : SetUpNewSpaceWithPoisonedMementoAtTop();
81 :
82 : // Set the new space limit to be equal to the top.
83 : Address top = CcTest::i_isolate()->heap()->new_space()->top();
84 5 : *(CcTest::i_isolate()->heap()->new_space()->allocation_limit_address()) = top;
85 :
86 : // Call GC to see if we can handle a poisonous memento right after the
87 : // current new space top pointer.
88 5 : CcTest::PreciseCollectAllGarbage();
89 : }
90 :
91 :
92 26644 : TEST(BadMementoAfterTopForceScavenge) {
93 5 : CcTest::InitializeVM();
94 5 : if (!i::FLAG_allocation_site_pretenuring) return;
95 10 : v8::HandleScope scope(CcTest::isolate());
96 :
97 5 : SetUpNewSpaceWithPoisonedMementoAtTop();
98 :
99 : // Force GC to test the poisoned memento handling
100 5 : CcTest::CollectGarbage(i::NEW_SPACE);
101 : }
102 :
103 : } // namespace internal
104 79917 : } // namespace v8
|
