Status: Accepted
Owner: [email protected]
CC: [email protected], [email protected]
Labels: Type-Bug Priority-Medium
New issue 2907 by [email protected]: Object.observe access checks
cause allocation while in DisallowHeapAllocation scope
http://code.google.com/p/v8/issues/detail?id=2907
The failure was flushed out by more rigorous tests of the
AllowHeapAllocation::IsAllowed predicate in on of the allocation
choke-points. See https://codereview.chromium.org/24302009/ for the CL
introducing the check.
The following Object.observe unit tests are affected and have been disabled
in the cctest.status file:
- test-object-observe/NamedAccessCheck: SKIP
- test-object-observe/DisallowAllForAccessKeys: SKIP
- test-object-observe/AccessCheckDisallowApiModifications: SKIP
One instance of this failure looks like this:
=== cctest/test-object-observe/AccessCheckDisallowApiModifications ===
#
# Fatal error in ../src/heap-inl.h, line 213
# CHECK(AllowHeapAllocation::IsAllowed()) failed
#
==== C stack trace ===============================
1: V8_Fatal
2: v8::internal::Heap::AllocateRaw(int, v8::internal::AllocationSpace,
v8::internal::AllocationSpace)
3: v8::internal::Heap::AllocateRawOneByteString(int,
v8::internal::PretenureFlag)
4:
v8::internal::Heap::AllocateStringFromOneByte(v8::internal::Vector<unsigned
char const>, v8::internal::PretenureFlag)
5: v8::internal::Heap::AllocateStringFromOneByte(v8::internal::Vector<char
const>, v8::internal::PretenureFlag)
6: v8::internal::Heap::AllocateStringFromUtf8(v8::internal::Vector<char
const>, v8::internal::PretenureFlag)
7: v8::internal::Factory::NewStringFromUtf8(v8::internal::Vector<char
const>, v8::internal::PretenureFlag)
8: ??
9: ??
10: v8::String::NewFromUtf8(v8::Isolate*, char const*,
v8::String::NewStringType, int)
11: v8::String::New(char const*, int)
12: ??
13: v8::internal::Isolate::MayNamedAccess(v8::internal::JSObject*,
v8::internal::Object*, v8::AccessType)
14: ??
15: v8::internal::Runtime_IsAccessAllowedForObserver(int,
v8::internal::Object**, v8::internal::Isolate*)
16: ??
17: ??
18: ??
19: ??
20: ??
21: ??
22: ??
23: ??
24: ??
25: v8::internal::Execution::Call(v8::internal::Isolate*,
v8::internal::Handle<v8::internal::Object>,
v8::internal::Handle<v8::internal::Object>, int,
v8::internal::Handle<v8::internal::Object>*, bool*, bool)
26:
v8::internal::JSObject::EnqueueChangeRecord(v8::internal::Handle<v8::internal::JSObject>,
char const*, v8::internal::Handle<v8::internal::Name>,
v8::internal::Handle<v8::internal::Object>)
27: v8::internal::JSObject::SetElement(unsigned int, v8::internal::Object*,
PropertyAttributes, v8::internal::StrictModeFlag, bool,
v8::internal::SetPropertyMode)
28:
v8::internal::JSObject::SetElement(v8::internal::Handle<v8::internal::JSObject>,
unsigned int, v8::internal::Handle<v8::internal::Object>,
PropertyAttributes, v8::internal::StrictModeFlag,
v8::internal::SetPropertyMode)
29: v8::Object::Set(unsigned int, v8::Handle<v8::Value>)
30: ??
31: CcTest::Run()
32: main
33: __libc_start_main
Command:
/usr/local/google/home/mstarzinger/Development/v8.git/out/ia32.debug/cctest
test-object-observe/AccessCheckDisallowApiModifications --nobreak-on-abort
--nodead-code-elimination --nofold-constants --enable-slow-asserts
--debug-code --verify-heap
--testing_serialization_file=/usr/local/google/home/mstarzinger/Development/v8.git/out/.serdes/serdes_AccessCheckDisallowApiModifications
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
