Skip to content

V
V8
Commit f625ed4e authored by Michael Lippautz's avatar Michael Lippautz Committed by V8 LUCI CQ
Browse files
Options

[handles] Add temporary sanity check 

Check against copying around a TracedReference containing a zap value.

Bug: chromium:1322114
Change-Id: Ie97ecaf18931006516fc70be262829a267d1285c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717323Reviewed-by: 's avatarOmer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81293}
parent b81af94a
Show whitespace changes
Inline Side-by-side
Showing with 17 additions and 3 deletions
src/handles/global-handles.cc
View file @ f625ed4e
......@@ -12,6 +12,7 @@
#include "include/v8-traced-handle.h"
#include "src/api/api-inl.h"
#include "src/base/compiler-specific.h"
#include "src/base/logging.h"
#include "src/base/sanitizer/asan.h"
#include "src/common/globals.h"
#include "src/execution/vm-state-inl.h"
......@@ -330,6 +331,7 @@ class NodeBase {
Object object() const { return Object(object_); }
FullObjectSlot location() { return FullObjectSlot(&object_); }
Handle<Object> handle() { return Handle<Object>(&object_); }
Address raw_object() const { return object_; }
uint8_t index() const { return index_; }
void set_index(uint8_t value) { index_ = value; }
......@@ -1001,11 +1003,13 @@ void GlobalHandles::CopyTracedReference(const Address* const* from,
Address** to) {
DCHECK_NOT_NULL(*from);
DCHECK_NULL(*to);
const TracedNode* node = TracedNode::FromLocation(*from);
const TracedNode* from_node = TracedNode::FromLocation(*from);
// TODO(chromium:1322114): Temporary sanity check.
CHECK_NE(kGlobalHandleZapValue, from_node->raw_object());
GlobalHandles* global_handles =
GlobalHandles::From(const_cast<TracedNode*>(node));
GlobalHandles::From(const_cast<TracedNode*>(from_node));
Handle<Object> o = global_handles->CreateTraced(
node->object(), reinterpret_cast<Address*>(to),
from_node->object(), reinterpret_cast<Address*>(to),
GlobalHandleStoreMode::kAssigningStore);
SetSlotThreadSafe(to, o.location());
TracedNode::Verify(global_handles, from);
......@@ -1060,6 +1064,8 @@ void GlobalHandles::MoveTracedReference(Address** from, Address** to) {
// Move involving a stack slot.
if (!to_node) {
DCHECK(global_handles);
// TODO(chromium:1322114): Temporary sanity check.
CHECK_NE(kGlobalHandleZapValue, from_node->raw_object());
Handle<Object> o = global_handles->CreateTraced(
from_node->object(), reinterpret_cast<Address*>(to),
GlobalHandleStoreMode::kAssigningStore, to_on_stack);
......@@ -1070,6 +1076,8 @@ void GlobalHandles::MoveTracedReference(Address** from, Address** to) {
DCHECK(to_node->markbit());
} else {
DCHECK(to_node->IsInUse());
// TODO(chromium:1322114): Temporary sanity check.
CHECK_NE(kGlobalHandleZapValue, from_node->raw_object());
to_node->CopyObjectReference(*from_node);
if (!to_node->is_on_stack() && !to_node->is_in_young_list() &&
ObjectInYoungGeneration(to_node->object())) {
......@@ -1087,6 +1095,12 @@ void GlobalHandles::MoveTracedReference(Address** from, Address** to) {
SetSlotThreadSafe(from, nullptr);
} else {
// Pure heap move.
DCHECK_IMPLIES(*to, to_node->IsInUse());
// TODO(chromium:1322114): Temporary sanity checks.
CHECK_NE(kGlobalHandleZapValue, from_node->raw_object());
if (*to) {
CHECK_NE(kGlobalHandleZapValue, to_node->raw_object());
}
DestroyTracedReference(*to);
SetSlotThreadSafe(to, *from);
to_node = from_node;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment