Commit 5fc6ac50 authored by Dan Elphick's avatar Dan Elphick Committed by Commit Bot

[snapshot] CHECK RO_SPACE strings are internalized

Bug: chromium:911416
Change-Id: I04d3faa5ee042c99a400294e2a6dbed99c8d7020
Reviewed-on: https://chromium-review.googlesource.com/c/1366616
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58126}
parent 5bd58639
...@@ -28,6 +28,7 @@ void ReadOnlySerializer::SerializeObject(HeapObject* obj, HowToCode how_to_code, ...@@ -28,6 +28,7 @@ void ReadOnlySerializer::SerializeObject(HeapObject* obj, HowToCode how_to_code,
WhereToPoint where_to_point, WhereToPoint where_to_point,
int skip) { int skip) {
CHECK(isolate()->heap()->read_only_space()->Contains(obj)); CHECK(isolate()->heap()->read_only_space()->Contains(obj));
CHECK_IMPLIES(obj->IsString(), obj->IsInternalizedString());
if (SerializeHotObject(obj, how_to_code, where_to_point, skip)) return; if (SerializeHotObject(obj, how_to_code, where_to_point, skip)) return;
if (IsRootAndHasBeenSerialized(obj) && if (IsRootAndHasBeenSerialized(obj) &&
......
...@@ -782,6 +782,42 @@ UNINITIALIZED_TEST(CustomSnapshotDataBlob1) { ...@@ -782,6 +782,42 @@ UNINITIALIZED_TEST(CustomSnapshotDataBlob1) {
FreeCurrentEmbeddedBlob(); FreeCurrentEmbeddedBlob();
} }
UNINITIALIZED_TEST(CustomSnapshotDataBlobStringNotInternalized) {
DisableAlwaysOpt();
const char* source1 =
R"javascript(
// String would be internalized if it came from a literal so create "A"
// via a function call.
var global = String.fromCharCode(65);
function f() { return global; }
)javascript";
v8::StartupData data1 = CreateSnapshotDataBlob(source1);
v8::Isolate::CreateParams params1;
params1.snapshot_blob = &data1;
params1.array_buffer_allocator = CcTest::array_buffer_allocator();
// Test-appropriate equivalent of v8::Isolate::New.
v8::Isolate* isolate1 = TestSerializer::NewIsolate(params1);
{
v8::Isolate::Scope i_scope(isolate1);
v8::HandleScope h_scope(isolate1);
v8::Local<v8::Context> context = v8::Context::New(isolate1);
v8::Context::Scope c_scope(context);
v8::Local<v8::Value> result = CompileRun("f()").As<v8::Value>();
CHECK(result->IsString());
i::String str = *v8::Utils::OpenHandle(*result.As<v8::String>());
CHECK_EQ(std::string(str->ToCString().get()), "A");
CHECK(!str.IsInternalizedString());
CHECK(
!reinterpret_cast<i::Isolate*>(isolate1)->heap()->InReadOnlySpace(str));
}
isolate1->Dispose();
delete[] data1.data; // We can dispose of the snapshot blob now.
FreeCurrentEmbeddedBlob();
}
UNINITIALIZED_TEST(SnapshotChecksum) { UNINITIALIZED_TEST(SnapshotChecksum) {
DisableAlwaysOpt(); DisableAlwaysOpt();
const char* source1 = "function f() { return 42; }"; const char* source1 = "function f() { return 42; }";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment