Commit ad8f2f6f authored by Jakob Kummerow's avatar Jakob Kummerow Committed by Commit Bot

[test] Object verification should not recurse

When running with --verify-heap, ObjectVerify() is invoked for every
live object anyway, so there is no need for individual FooVerify()
implementations to recursively request verification of their
sub-objects. If they do, (a) it is duplicated work of O(n²) complexity,
and (b) it can cause fuzzer-generated tests to crash because they run
out of stack space when they trigger heap verification with very little
stack space left.

Fixed: chromium:1106426
Change-Id: Ib9bd444806b148fffc23d635f931dfe73fe7e4ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2358746
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69477}
parent 7c9d30f5
......@@ -703,12 +703,10 @@ void JSArgumentsObject::JSArgumentsObjectVerify(Isolate* isolate) {
void JSAsyncFunctionObject::JSAsyncFunctionObjectVerify(Isolate* isolate) {
TorqueGeneratedClassVerifiers::JSAsyncFunctionObjectVerify(*this, isolate);
promise().HeapObjectVerify(isolate);
}
void JSAsyncGeneratorObject::JSAsyncGeneratorObjectVerify(Isolate* isolate) {
TorqueGeneratedClassVerifiers::JSAsyncGeneratorObjectVerify(*this, isolate);
queue().HeapObjectVerify(isolate);
}
void JSDate::JSDateVerify(Isolate* isolate) {
......@@ -1344,7 +1342,6 @@ void AsyncGeneratorRequest::AsyncGeneratorRequestVerify(Isolate* isolate) {
TorqueGeneratedClassVerifiers::AsyncGeneratorRequestVerify(*this, isolate);
CHECK_GE(resume_mode(), JSGeneratorObject::kNext);
CHECK_LE(resume_mode(), JSGeneratorObject::kThrow);
next().ObjectVerify(isolate);
}
void BigIntBase::BigIntBaseVerify(Isolate* isolate) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment