[ext-code-space] Fix verification of code object slots

... which could contain a smi value during CodeDataContainer setup. Bug: v8:11880 Change-Id: Ibc67818411e9b824843bc5a20d249335c88d5f57 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264291 Commit-Queue: Igor Sheludko <ishell@chromium.org> Auto-Submit: Igor Sheludko <ishell@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#77758}

[ext-code-space] Fix verification of code object slots
... which could contain a smi value during CodeDataContainer setup. Bug: v8:11880 Change-Id: Ibc67818411e9b824843bc5a20d249335c88d5f57 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264291 Commit-Queue: Igor Sheludko <ishell@chromium.org> Auto-Submit: Igor Sheludko <ishell@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#77758}
e6da2eeb · Igor Sheludko · V8 LUCI CQ · 32af9c04 · e6da2eeb · e6da2eeb
Commit e6da2eeb authored Nov 08, 2021 by Igor Sheludko Committed by V8 LUCI CQ Nov 08, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 2 deletions

heap.cc src/heap/heap.cc +1 -0

mark-compact.cc src/heap/mark-compact.cc +8 -2

No files found.
--- a/src/heap/heap.cc
+++ b/src/heap/heap.cc
@@ -6848,6 +6848,7 @@ void VerifyPointersVisitor::VisitCodePointer(HeapObject host,
  CHECK(V8_EXTERNAL_CODE_SPACE_BOOL);
  Object maybe_code = slot.load(code_cage_base());
  HeapObject code;
+  // The slot might contain smi during CodeDataContainer creation.
  if (maybe_code.GetHeapObject(&code)) {
    VerifyCodeObjectImpl(code);
  } else {

--- a/src/heap/mark-compact.cc
+++ b/src/heap/mark-compact.cc
@@ -240,6 +240,7 @@ class FullMarkingVerifier : public MarkingVerifier {
    CHECK(V8_EXTERNAL_CODE_SPACE_BOOL);
    Object maybe_code = slot.load(code_cage_base());
    HeapObject code;
+    // The slot might contain smi during CodeDataContainer creation, so skip it.
    if (maybe_code.GetHeapObject(&code)) {
      VerifyHeapObjectImpl(code);
    }
@@ -419,6 +420,7 @@ class FullEvacuationVerifier : public EvacuationVerifier {
    CHECK(V8_EXTERNAL_CODE_SPACE_BOOL);
    Object maybe_code = slot.load(code_cage_base());
    HeapObject code;
+    // The slot might contain smi during CodeDataContainer creation, so skip it.
    if (maybe_code.GetHeapObject(&code)) {
      VerifyHeapObjectImpl(code);
    }
@@ -4554,8 +4556,12 @@ class YoungGenerationEvacuationVerifier : public EvacuationVerifier {
  }
  void VerifyCodePointer(CodeObjectSlot slot) override {
    CHECK(V8_EXTERNAL_CODE_SPACE_BOOL);
-    Code code = Code::unchecked_cast(slot.load(code_cage_base()));
-    VerifyHeapObjectImpl(code);
+    Object maybe_code = slot.load(code_cage_base());
+    HeapObject code;
+    // The slot might contain smi during CodeDataContainer creation, so skip it.
+    if (maybe_code.GetHeapObject(&code)) {
+      VerifyHeapObjectImpl(code);
+    }
  }
  void VisitCodeTarget(Code host, RelocInfo* rinfo) override {
    Code target = Code::GetCodeFromTargetAddress(rinfo->target_address());