Reviewers: Hannes Payer,
Message:
deterministic repro case for clusterfuzz issue in 507979.
Description:
Add regression test for issue 507979.
Regression test for CL 3eb91e8aec8e628adc1046fca16c5dfd1d129118.
BUG=chromium:507979
Please review this at https://codereview.chromium.org/1255173002/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+25, -0 lines):
M test/cctest/test-heap.cc
Index: test/cctest/test-heap.cc
diff --git a/test/cctest/test-heap.cc b/test/cctest/test-heap.cc
index
f899a27c7fd3ef3a0638cb46c9444d311832606a..87978c0d78f7b602d16b77e90b65432c52499a34
100644
--- a/test/cctest/test-heap.cc
+++ b/test/cctest/test-heap.cc
@@ -5282,6 +5282,31 @@ TEST(Regress357137) {
}
+TEST(Regress507979) {
+ const int kFixedArrayLen = 10;
+ CcTest::InitializeVM();
+ Isolate* isolate = CcTest::i_isolate();
+ Heap* heap = isolate->heap();
+ HandleScope handle_scope(isolate);
+
+ Handle<FixedArray> o1 =
isolate->factory()->NewFixedArray(kFixedArrayLen);
+ Handle<FixedArray> o2 =
isolate->factory()->NewFixedArray(kFixedArrayLen);
+ CHECK(heap->InNewSpace(o1->address()));
+ CHECK(heap->InNewSpace(o2->address()));
+
+ HeapIterator it(heap, i::HeapIterator::kFilterUnreachable);
+
+ // Replace parts of an object placed before a live object with a filler.
This
+ // way the filler object shares the mark bits with the following live
object.
+ o1->Shrink(kFixedArrayLen - 1);
+
+ for (HeapObject* obj = it.next(); obj != NULL; obj = it.next()) {
+ // Let's not optimize the loop away.
+ CHECK(obj->address() != nullptr);
+ }
+}
+
+
TEST(ArrayShiftSweeping) {
i::FLAG_expose_gc = true;
CcTest::InitializeVM();
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
