v8 version :7.2
I have add some checks in Heap::CollectGarbage,
code snippet:
-----------------------------------------
OptionalTimedHistogramScope histogram_timer_priority_scope(
gc_type_priority_timer, isolate_, mode);
VerifyPointersVisitor no_dirty_regions_visitor0(this); // new added0
code_space_->Verify(isolate(), &no_dirty_regions_visitor0); // new
added1
code_lo_space_->Verify(isolate()); // new added2
next_gc_likely_to_collect_more =
PerformGarbageCollection(collector, gc_callback_flags);
if (collector == MARK_COMPACTOR || collector == SCAVENGER) {
tracer()->RecordGCPhasesHistograms(gc_type_timer);
}
VerifyPointersVisitor no_dirty_regions_visitor1(this); // new
added3
code_space_->Verify(isolate(), &no_dirty_regions_visitor1);// new
added4
code_lo_space_->Verify(isolate());// new added5
-----------------------------------------
with this change, my application may crash at "new added5".
crash reason : the code object's have wrong embeded object.
code object print:
-------------------------
2 0x9f302001: [Code]
3 - map: 0xac100551 <Map>
4 kind = STUB
5 compiler = unknown
6 address = 0x9eebbf80
7
8 Instructions (size = 1272)
9 0x9f302040 0 e30ec5ec movw ip, #58860 ;; object:
ì
10
11 ;; object:
ì
12
13 ;; object:
ì
14
15 0x9f302044 4 e34ac94a movt ip, #43338 ;; wasm
stub call
-------------------------
and what's the most strange thing was we never allocate an large code
object.
why the code_lo_space_'s verify can cause an error ?
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups
"v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/v8-dev/fe4272ae-0480-42aa-8888-2c7a6affa6d4n%40googlegroups.com.
