[factory] Make sure large code objects actually go to large code space

If the size of a large code object is larger than
kMaxRegularHeapObjectSize, then it should be allocated in the large code
space. Currently if the size is > kMaxRegularHeapObjectSize but <
512000, then it can still be allocated in the normal code space.

Change-Id: I72dbd38803c3d5d414bae85e9e0b15482e50e1c2
Reviewed-on: https://chromium-review.googlesource.com/c/1363137Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58046}

src/heap/heap-inl.h

@@ -202,7 +202,7 @@ AllocationResult Heap::AllocateRaw(int size_in_bytes, AllocationSpace space,
       allocation = old_space_->AllocateRaw(size_in_bytes, alignment);
     }
   } else if (CODE_SPACE == space) {
-    if (size_in_bytes <= code_space()->AreaSize()) {
+    if (size_in_bytes <= code_space()->AreaSize() && !large_object) {
       allocation = code_space_->AllocateRawUnaligned(size_in_bytes);
     } else {
       allocation = code_lo_space_->AllocateRaw(size_in_bytes);
@@ -214,6 +214,7 @@ AllocationResult Heap::AllocateRaw(int size_in_bytes, AllocationSpace space,
     DCHECK(FLAG_young_generation_large_objects);
     allocation = new_lo_space_->AllocateRaw(size_in_bytes);
   } else if (CODE_LO_SPACE == space) {
+    DCHECK(large_object);
     allocation = code_lo_space_->AllocateRaw(size_in_bytes);
   } else if (MAP_SPACE == space) {
     allocation = map_space_->AllocateRawUnaligned(size_in_bytes);

src/objects-debug.cc

@@ -1209,6 +1209,8 @@ void Code::CodeVerify(Isolate* isolate) {
   CHECK_LE(constant_pool_offset(), InstructionSize());
   CHECK(IsAligned(raw_instruction_start(), kCodeAlignment));
   relocation_info()->ObjectVerify(isolate);
+  CHECK(Code::SizeFor(body_size()) <= kMaxRegularHeapObjectSize ||
+        isolate->heap()->InSpace(*this, CODE_LO_SPACE));
   Address last_gc_pc = kNullAddress;
 
   for (RelocIterator it(*this); !it.done(); it.next()) {

test/cctest/BUILD.gn

@@ -180,6 +180,7 @@ v8_source_set("cctest_sources") {
     "test-double.cc",
     "test-dtoa.cc",
     "test-elements-kind.cc",
+    "test-factory.cc",
     "test-fast-dtoa.cc",
     "test-feedback-vector.cc",
     "test-feedback-vector.h",

test/cctest/test-factory.cc

+// Copyright 2018 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "include/v8.h"
+
+#include "src/handles-inl.h"
+#include "src/isolate.h"
+#include "test/cctest/cctest.h"
+
+namespace v8 {
+namespace internal {
+namespace test_factory {
+
+TEST(Factory_NewCode) {
+  LocalContext env;
+  v8::Isolate* isolate = env->GetIsolate();
+  Isolate* i_isolate = reinterpret_cast<Isolate*>(isolate);
+  HandleScope scope(i_isolate);
+
+  // Create a big function that ends up in CODE_LO_SPACE.
+  const int instruction_size = kMaxRegularHeapObjectSize + 1;
+  std::unique_ptr<byte[]> instructions(new byte[instruction_size]);
+
+  CodeDesc desc;
+  desc.buffer = instructions.get();
+  desc.buffer_size = instruction_size;
+  desc.instr_size = instruction_size;
+  desc.reloc_size = 0;
+  desc.constant_pool_size = 0;
+  desc.unwinding_info = nullptr;
+  desc.unwinding_info_size = 0;
+  desc.origin = nullptr;
+  Handle<Object> self_ref;
+  Handle<Code> code =
+      i_isolate->factory()->NewCode(desc, Code::WASM_FUNCTION, self_ref);
+
+  CHECK(i_isolate->heap()->InSpace(*code, CODE_LO_SPACE));
+#if VERIFY_HEAP
+  code->ObjectVerify(i_isolate);
+#endif
+}
+
+}  // namespace test_factory
+}  // namespace internal
+}  // namespace v8