Reviewers: Benedikt Meurer, mvstanton,
Description:
Added a test which installs a poisonous memento right after the new space
top
pointer.
BUG=
Please review this at https://codereview.chromium.org/152813003/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files (+29, -27 lines):
M test/cctest/cctest.gyp
A + test/cctest/test-mementos.cc
Index: test/cctest/cctest.gyp
diff --git a/test/cctest/cctest.gyp b/test/cctest/cctest.gyp
index
d735c60eec743bf3b6bf77238a8b900cd703853e..996db3eea47322c06ad228443da345f8f153fc9f
100644
--- a/test/cctest/cctest.gyp
+++ b/test/cctest/cctest.gyp
@@ -89,6 +89,7 @@
'test-lockers.cc',
'test-log.cc',
'test-mark-compact.cc',
+ 'test-mementos.cc',
'test-mutex.cc',
'test-object-observe.cc',
'test-parsing.cc',
Index: test/cctest/test-mementos.cc
diff --git a/test/cctest/test-ast.cc b/test/cctest/test-mementos.cc
similarity index 58%
copy from test/cctest/test-ast.cc
copy to test/cctest/test-mementos.cc
index
d6431371aa1b4e1d609c4af18e36bd86552a58a0..e1b14705f7532bc3b1df54d49e478ee759bf361a
100644
--- a/test/cctest/test-ast.cc
+++ b/test/cctest/test-mementos.cc
@@ -1,4 +1,4 @@
-// Copyright 2012 the V8 project authors. All rights reserved.
+// Copyright 2014 the V8 project authors. All rights reserved.
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
@@ -25,36 +25,37 @@
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#include <stdlib.h>
-
-#include "v8.h"
-
-#include "ast.h"
#include "cctest.h"
using namespace v8::internal;
-TEST(List) {
- v8::internal::V8::Initialize(NULL);
- List<AstNode*>* list = new List<AstNode*>(0);
- CHECK_EQ(0, list->length());
+TEST(Regress340063) {
+ CcTest::InitializeVM();
+ if (!i::FLAG_allocation_site_pretenuring) return;
+ v8::HandleScope scope(CcTest::isolate());
Isolate* isolate = CcTest::i_isolate();
- Zone zone(isolate);
- AstNodeFactory<AstNullVisitor> factory(&zone);
- AstNode* node = factory.NewEmptyStatement(RelocInfo::kNoPosition);
- list->Add(node);
- CHECK_EQ(1, list->length());
- CHECK_EQ(node, list->at(0));
- CHECK_EQ(node, list->last());
-
- const int kElements = 100;
- for (int i = 0; i < kElements; i++) {
- list->Add(node);
- }
- CHECK_EQ(1 + kElements, list->length());
-
- list->Clear();
- CHECK_EQ(0, list->length());
- delete list;
+ Heap* heap = isolate->heap();
+ NewSpace* new_space = heap->new_space();
+
+ // Make sure we can allocate some objects without causing a GC later.
+ heap->CollectAllGarbage(Heap::kAbortIncrementalMarkingMask);
+
+ // Allocate a literal, there will be a memento after this literal.
+ CompileRun("var a = [];");
+
+ // Set the top pointer after the allocated literal, right before
+ // the allocated memento.
+ Address top = new_space->top() - AllocationMemento::kSize;
+ new_space->set_top(top);
+
+ // Overwrite the allocation site pointer in the memento with garbage.
+ AllocationMemento* memento =
+ reinterpret_cast<AllocationMemento*>(top + kHeapObjectTag);
+ memento->set_allocation_site(
+ reinterpret_cast<AllocationSite*>(kHeapObjectTag),
SKIP_WRITE_BARRIER);
+
+ // Call GC to see if we can handle a poisonous memento right after the
+ // current new space top pointer.
+ heap->CollectAllGarbage(Heap::kAbortIncrementalMarkingMask);
}
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
