[heap] Add a regression test for v8:8617

This also adjusts debug printing of descriptor arrays and adds a check to the code serializer. Bug: v8:8617 Tbr: mlippautz@chromium.org Change-Id: Ic04f01abf9f7ed5a310b9e51a22c04fda108f563 Reviewed-on: https://chromium-review.googlesource.com/c/1387501 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#58438}

[heap] Add a regression test for v8:8617
This also adjusts debug printing of descriptor arrays and adds a check to the code serializer. Bug: v8:8617 Tbr: mlippautz@chromium.org Change-Id: Ic04f01abf9f7ed5a310b9e51a22c04fda108f563 Reviewed-on: https://chromium-review.googlesource.com/c/1387501 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#58438}
6c740734 · Ulan Degenbaev · Commit Bot · 2a72b8ac · 6c740734 · 6c740734
Commit 6c740734 authored Dec 21, 2018 by Ulan Degenbaev Committed by Commit Bot Dec 21, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 46 additions and 0 deletions

objects-printer.cc src/objects-printer.cc +4 -0

test-heap.cc test/cctest/heap/test-heap.cc +42 -0

No files found.
--- a/src/objects-printer.cc
+++ b/src/objects-printer.cc
@@ -850,6 +850,10 @@ void DescriptorArray::DescriptorArrayPrint(std::ostream& os) {
  }
  os << "\n - nof slack descriptors: " << number_of_slack_descriptors();
  os << "\n - nof descriptors: " << number_of_descriptors();
+  int16_t raw_marked = raw_number_of_marked_descriptors();
+  os << "\n - raw marked descriptors: mc epoch "
+     << NumberOfMarkedDescriptors::Epoch::decode(raw_marked) << ", marked "
+     << NumberOfMarkedDescriptors::Marked::decode(raw_marked);
  PrintDescriptors(os);
 }


--- a/test/cctest/heap/test-heap.cc
+++ b/test/cctest/heap/test-heap.cc
@@ -6461,6 +6461,48 @@ TEST(Regress8014) {
  CHECK_LE(heap->ms_count(), ms_count + 10);
 }

+TEST(Regress8617) {
+  ManualGCScope manual_gc_scope;
+  FLAG_manual_evacuation_candidates_selection = true;
+  LocalContext env;
+  Isolate* isolate = CcTest::i_isolate();
+  Heap* heap = isolate->heap();
+  HandleScope scope(isolate);
+  heap::SimulateFullSpace(heap->old_space());
+  // Step 1. Create a function and ensure that it is in the old space.
+  Handle<Object> foo =
+      v8::Utils::OpenHandle(*CompileRun("function foo() { return 42; };"
+                                        "foo;"));
+  if (heap->InNewSpace(*foo)) {
+    CcTest::CollectGarbage(NEW_SPACE);
+    CcTest::CollectGarbage(NEW_SPACE);
+  }
+  // Step 2. Create an object with a reference to foo in the descriptor array.
+  CompileRun(
+      "var obj = {};"
+      "obj.method = foo;"
+      "obj;");
+  // Step 3. Make sure that foo moves during Mark-Compact.
+  Page* ec_page = Page::FromAddress(HeapObject::cast(*foo)->address());
+  heap::ForceEvacuationCandidate(ec_page);
+  // Step 4. Start incremental marking.
+  heap::SimulateIncrementalMarking(heap, false);
+  CHECK(ec_page->IsEvacuationCandidate());
+  // Step 5. Install a new descriptor array on the map of the object.
+  // This runs the marking barrier for the descriptor array.
+  // In the bad case it sets the number of marked descriptors but does not
+  // change the color of the descriptor array.
+  CompileRun("obj.bar = 10;");
+  // Step 6. Promote the descriptor array to old space. During promotion
+  // the Scavenger will not record the slot of foo in the descriptor array.
+  CcTest::CollectGarbage(NEW_SPACE);
+  CcTest::CollectGarbage(NEW_SPACE);
+  // Step 7. Complete the Mark-Compact.
+  CcTest::CollectAllGarbage();
+  // Step 8. Use the descriptor for foo, which contains a stale pointer.
+  CompileRun("obj.method()");
+}
+
 }  // namespace heap
 }  // namespace internal
 }  // namespace v8