Tests that the GC doesn't mistake non-pointer constant pool entries as pointers.

Adds a test for ConstantPoolArray to ensure that the GC
doesn't mistake non-pointer entries as pointers and try
to modify them during scavenge operations.

Also adds asserts to ConstantPoolArray::set(int, *Object) to
ensure we don't add new-space pointers in constant pool
array.

R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/396803009

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22608 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

diff --git a/src/objects-inl.h b/src/objects-inl.h
index b26a857e1920fa691b2eceb244fd0272da285f58..39c4ba4db50a8c7b34f7f23e55303d64a45e8794 100644 (file)
--- a/src/objects-inl.h
+++ b/src/objects-inl.h
@@ -2539,6 +2539,7 @@ void ConstantPoolArray::set(int index, Address value) {
 
 void ConstantPoolArray::set(int index, Object* value) {
   ASSERT(map() == GetHeap()->constant_pool_array_map());
+  ASSERT(!GetHeap()->InNewSpace(value));
   ASSERT(get_type(index) == HEAP_PTR);
   WRITE_FIELD(this, OffsetOfElementAt(index), value);
   WRITE_BARRIER(GetHeap(), this, OffsetOfElementAt(index), value);
@@ -2583,6 +2584,7 @@ void ConstantPoolArray::set_at_offset(int offset, Address value) {
 
 void ConstantPoolArray::set_at_offset(int offset, Object* value) {
   ASSERT(map() == GetHeap()->constant_pool_array_map());
+  ASSERT(!GetHeap()->InNewSpace(value));
   ASSERT(offset_is_type(offset, HEAP_PTR));
   WRITE_FIELD(this, offset, value);
   WRITE_BARRIER(GetHeap(), this, offset, value);

diff --git a/test/cctest/test-constantpool.cc b/test/cctest/test-constantpool.cc
index 67767a2f0ead7b68f1b29f1f1dd0562ed53fd970..879c5833c9c65a1abf0bc68d6d2f3f01e6b85505 100644 (file)
--- a/test/cctest/test-constantpool.cc
+++ b/test/cctest/test-constantpool.cc
@@ -242,3 +242,40 @@ TEST(ConstantPoolIteratorExtended) {
   int expected_int32_indexs[] = { 1, 2, 3, 4 };
   CheckIterator(array, ConstantPoolArray::INT32, expected_int32_indexs, 4);
 }
+
+
+TEST(ConstantPoolPreciseGC) {
+  LocalContext context;
+  Isolate* isolate = CcTest::i_isolate();
+  Heap* heap = isolate->heap();
+  Factory* factory = isolate->factory();
+  v8::HandleScope scope(context->GetIsolate());
+
+  ConstantPoolArray::NumberOfEntries small(1, 0, 0, 1);
+  Handle<ConstantPoolArray> array = factory->NewConstantPoolArray(small);
+
+  // Check that the store buffer knows which entries are pointers and which are
+  // not.  To do this, make non-pointer entries which look like new space
+  // pointers but are actually invalid and ensure the GC doesn't try to move
+  // them.
+  Handle<HeapObject> object = factory->NewHeapNumber(4.0);
+  Object* raw_ptr = *object;
+  // If interpreted as a pointer, this should be right inside the heap number
+  // which will cause a crash when trying to lookup the 'map' pointer.
+  intptr_t invalid_ptr = reinterpret_cast<intptr_t>(raw_ptr) + kInt32Size;
+  int32_t invalid_ptr_int32 = static_cast<int32_t>(invalid_ptr);
+  int64_t invalid_ptr_int64 = static_cast<int64_t>(invalid_ptr);
+  array->set(0, invalid_ptr_int64);
+  array->set(1, invalid_ptr_int32);
+
+  // Ensure we perform a scan on scavenge for the constant pool's page.
+  MemoryChunk::FromAddress(array->address())->set_scan_on_scavenge(true);
+  heap->CollectGarbage(NEW_SPACE);
+
+  // Check the object was moved by GC.
+  CHECK_NE(*object, raw_ptr);
+
+  // Check the non-pointer entries weren't changed.
+  CHECK_EQ(invalid_ptr_int64, array->get_int64_entry(0));
+  CHECK_EQ(invalid_ptr_int32, array->get_int32_entry(1));
+}