[heap] Add regression test for 791582.

Bug: chromium:791582 Change-Id: Ic2b4289431a4bd7b4b5a37437d25ebccd493497a Reviewed-on: https://chromium-review.googlesource.com/809130Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#49903}

[heap] Add regression test for 791582.
Bug: chromium:791582 Change-Id: Ic2b4289431a4bd7b4b5a37437d25ebccd493497a Reviewed-on: https://chromium-review.googlesource.com/809130Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#49903}
ac5b4223 · Ulan Degenbaev · Commit Bot · 39c0d399 · ac5b4223 · ac5b4223
Commit ac5b4223 authored Dec 06, 2017 by Ulan Degenbaev Committed by Commit Bot Dec 06, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 43 additions and 1 deletion

heap-tester.h test/cctest/heap/heap-tester.h +1 -0

test-spaces.cc test/cctest/heap/test-spaces.cc +42 -1

No files found.
--- a/test/cctest/heap/heap-tester.h
+++ b/test/cctest/heap/heap-tester.h
@@ -41,6 +41,7 @@
  V(Regress670675)                                        \
  V(Regress5831)                                          \
  V(Regress777177)                                        \
+  V(Regress791582)                                        \
  V(Regress779503)                                        \
  V(RegressMissingWriteBarrierInAllocate)                 \
  V(WriteBarriersInCopyJSObject)

--- a/test/cctest/heap/test-spaces.cc
+++ b/test/cctest/heap/test-spaces.cc
@@ -442,7 +442,7 @@ class Observer : public AllocationObserver {
  explicit Observer(intptr_t step_size)
      : AllocationObserver(step_size), count_(0) {}

-  void Step(int bytes_allocated, Address, size_t) override { count_++; }
+  void Step(int bytes_allocated, Address addr, size_t) override { count_++; }

  int count() const { return count_; }

@@ -621,6 +621,47 @@ HEAP_TEST(Regress777177) {
  old_space->RemoveAllocationObserver(&observer);
 }

+HEAP_TEST(Regress791582) {
+  CcTest::InitializeVM();
+  Isolate* isolate = CcTest::i_isolate();
+  Heap* heap = isolate->heap();
+  HandleScope scope(isolate);
+  NewSpace* new_space = heap->new_space();
+  if (new_space->TotalCapacity() < new_space->MaximumCapacity()) {
+    new_space->Grow();
+  }
+
+  int until_page_end = static_cast<int>(new_space->limit() - new_space->top());
+
+  if (until_page_end % kPointerSize != 0) {
+    // The test works if the size of allocation area size is a multiple of
+    // pointer size. This is usually the case unless some allocation observer
+    // is already active (e.g. incremental marking observer).
+    return;
+  }
+
+  Observer observer(128);
+  new_space->AddAllocationObserver(&observer);
+
+  {
+    AllocationResult result =
+        new_space->AllocateRaw(until_page_end, kWordAligned);
+    HeapObject* obj = result.ToObjectChecked();
+    heap->CreateFillerObjectAt(obj->address(), until_page_end,
+                               ClearRecordedSlots::kNo);
+    // Simulate allocation folding moving the top pointer back.
+    *new_space->allocation_top_address() = obj->address();
+  }
+
+  {
+    // This triggers assert in crbug.com/791582
+    AllocationResult result = new_space->AllocateRaw(256, kWordAligned);
+    HeapObject* obj = result.ToObjectChecked();
+    heap->CreateFillerObjectAt(obj->address(), 256, ClearRecordedSlots::kNo);
+  }
+  new_space->RemoveAllocationObserver(&observer);
+}
+
 TEST(ShrinkPageToHighWaterMarkFreeSpaceEnd) {
  FLAG_stress_incremental_marking = false;
  CcTest::InitializeVM();