Comment #7 on issue 2120 by [email protected]: Enable --verify-heap in
release mode
http://code.google.com/p/v8/issues/detail?id=2120
Hi, I didn't find a good open bug, but I made a little cctest that shows
one of the call stacks that results from a verification. There are actually
many different checks done at different times, but many of them will be
from under:
v8::internal::Heap::Verify()
Here is the test you could add to test-heap.cc (don't check it in):
TEST(VerifyHeapStompMapPointer) {
// Ensure that we get a compacting collection so that objects are promoted
// from new space.
FLAG_gc_global = true;
FLAG_always_compact = true;
#ifdef VERIFY_HEAP
FLAG_verify_heap = true;
#endif
HEAP->ConfigureHeap(2*256*KB, 8*MB, 8*MB);
InitializeVM();
v8::HandleScope scope;
// Allocate an object
int array_size =
(Page::kMaxNonCodeHeapObjectSize - FixedArray::kHeaderSize) /
(kPointerSize * 4);
Object* obj = HEAP->AllocateFixedArray(array_size)->ToObjectChecked();
Handle<FixedArray> array(FixedArray::cast(obj));
Address addr = reinterpret_cast<Address>(*array);
// Lets damage the object
int *beefLocation = reinterpret_cast<int *>(addr);
*beefLocation = 0xdeadbeef;
// Call the m-c collector, allow heap verification to run
HEAP->CollectGarbage(OLD_POINTER_SPACE);
// We should crash with a call stack that indicates heap verification
// caught the bad map
}
Then, run under the debugger like:
$ gdb --args ./cctest test-heap/VerifyHeapStompMapPointer
Here was the call stack:
(gdb) bt
#0 v8::internal::HeapObject::map_word () at :1191
#1 v8::internal::Object::IsHeapObject () at :1139
#2 0x0057d542 in v8::internal::VerifyPointersVisitor::VisitPointers
(this=0xbffff728, start=<value temporarily unavailable, due to
optimizations>) at objects-inl.h:751
#3 0x001c8cf2 in v8::internal::HandleScopeImplementer::IterateThis
(this=0x1559e90, v=0xbffff728) at ../src/api.cc:6512
#4 0x002c2595 in v8::internal::Heap::IterateStrongRoots (this=0x1abec08,
v=0xbffff728, mode=<value temporarily unavailable, due to optimizations>)
at ../src/heap.cc:5785
#5 0x002ad82a in v8::internal::Heap::IterateRoots () at :5743
#6 0x002ad82a in v8::internal::Heap::Verify (this=0x1abec08)
at ../src/heap.cc:751
#7 0x002ad3d6 in v8::internal::Heap::GarbageCollectionPrologue
(this=0x1abec08) at ../src/heap.cc:411
#8 0x002af540 in v8::internal::Heap::CollectGarbage (this=0x1abec08,
space=v8::internal::OLD_POINTER_SPACE,
collector=v8::internal::MARK_COMPACTOR, collector_reason=0xa8fc6e "GC in
old space requested") at ../src/heap.cc:620
#9 0x00107272 in v8::internal::Isolate::Current () at :440
#10 0x00107272 in TestVerifyHeapStompMapPointer () at heap-inl.h:751
#11 0x0000256d in main (argc=2, argv=<value temporarily unavailable, due to
optimizations>) at ../test/cctest/cctest.cc:96
Maybe in future we could add a set of tests to verify the different kinds
of things we check for. I hope that helps!
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
