Skip to content

V
V8
Commit 58fbcfac authored by jochen's avatar jochen Committed by Commit bot
Browse files
Options

Add CHECKs when updating pointers from the slots and store buffers 

We want to verify that we always overwrite heap objects with heap
objects, and non-heap objects with non-heap objects

BUG=chromium:452095
R=hpayer@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1035763002

Cr-Commit-Position: refs/heads/master@{#27479}
parent 1caa6179
Hide whitespace changes
Inline Side-by-side
Showing with 16 additions and 0 deletions
src/heap/heap-inl.h
View file @ 58fbcfac
......@@ -547,6 +547,8 @@ void Heap::ScavengeObject(HeapObject** p, HeapObject* object) {
if (first_word.IsForwardingAddress()) {
HeapObject* dest = first_word.ToForwardingAddress();
DCHECK(object->GetIsolate()->heap()->InFromSpace(*p));
// TODO(jochen): Remove again after fixing http://crbug.com/452095
CHECK((*p)->IsHeapObject() && dest->IsHeapObject());
*p = dest;
return;
}
......
src/heap/heap.cc
View file @ 58fbcfac
......@@ -2412,6 +2412,8 @@ void Heap::ScavengeObjectSlow(HeapObject** p, HeapObject* object) {
MapWord first_word = object->map_word();
SLOW_DCHECK(!first_word.IsForwardingAddress());
Map* map = first_word.ToMap();
// TODO(jochen): Remove again after fixing http://crbug.com/452095
CHECK((*p)->IsHeapObject() == object->IsHeapObject());
map->GetHeap()->DoScavengeObject(map, p, object);
}
......
src/heap/mark-compact.cc
View file @ 58fbcfac
......@@ -2884,6 +2884,8 @@ class PointersUpdatingVisitor : public ObjectVisitor {
// Avoid unnecessary changes that might unnecessary flush the instruction
// cache.
if (target != old_target) {
// TODO(jochen): Remove again after fixing http://crbug.com/452095
CHECK(target->IsHeapObject() == old_target->IsHeapObject());
rinfo->set_target_object(target);
}
}
......@@ -2894,6 +2896,8 @@ class PointersUpdatingVisitor : public ObjectVisitor {
Object* old_target = target;
VisitPointer(&target);
if (target != old_target) {
// TODO(jochen): Remove again after fixing http://crbug.com/452095
CHECK(target->IsHeapObject() == old_target->IsHeapObject());
rinfo->set_target_address(Code::cast(target)->instruction_start());
}
}
......@@ -2904,6 +2908,8 @@ class PointersUpdatingVisitor : public ObjectVisitor {
DCHECK(stub != NULL);
VisitPointer(&stub);
if (stub != rinfo->code_age_stub()) {
// TODO(jochen): Remove again after fixing http://crbug.com/452095
CHECK(stub->IsHeapObject() == rinfo->code_age_stub()->IsHeapObject());
rinfo->set_code_age_stub(Code::cast(stub));
}
}
......@@ -2915,6 +2921,9 @@ class PointersUpdatingVisitor : public ObjectVisitor {
rinfo->IsPatchedDebugBreakSlotSequence()));
Object* target = Code::GetCodeFromTargetAddress(rinfo->call_address());
VisitPointer(&target);
// TODO(jochen): Remove again after fixing http://crbug.com/452095
CHECK(target->IsCode() &&
HAS_SMI_TAG(Code::cast(target)->instruction_start()));
rinfo->set_call_address(Code::cast(target)->instruction_start());
}
......@@ -3059,6 +3068,9 @@ static void UpdatePointer(HeapObject** address, HeapObject* object) {
object->GetHeap()->lo_space()->FindPage(
reinterpret_cast<Address>(address)) != NULL);
if (map_word.IsForwardingAddress()) {
// TODO(jochen): Remove again after fixing http://crbug.com/452095
CHECK((*address)->IsHeapObject() ==
map_word.ToForwardingAddress()->IsHeapObject());
// Update the corresponding slot.
*address = map_word.ToForwardingAddress();
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment