Version 3.14.0
Fixed missing slot recording during clearing of CallICs. (Chromium issue 144230)
Fixed LBoundsCheck on x64 to handle (stack slot + constant) correctly. (Chromium issue 150729)
Fixed minus zero test. (Issue 2133)
Fixed setting array length to zero for slow elements. (Chromium issue 146910)
Fixed lost arguments dropping in HLeaveInlined. (Chromium issue 150545)
Fixed casting error for receiver of interceptors. (Chromium issue 149912)
Fixed lost arguments dropping in HLeaveInlined. (Chromium issue 150545)
Fixed casting error for receiver of interceptors. (Chromium issue 149912)
Throw a more descriptive exception when blocking 'eval' via CSP. (Chromium issue 140191)
Fixed debugger's eval when close to stack overflow. (issue 2318)
Added checks to live edit. (issue 2297)
Switched on code compaction on incremental GCs.
Fixed caching of optimized code for OSR. (issue 2326)
Not mask exception thrown by toString in String::UtfValue etc. (issue 2317)
Fixed API check for length of external arrays. (Chromium issue 148896)
Ensure correct enumeration indices in the dict (Chromium issue 148376)
Correctly initialize regexp global cache. (Chromium issue 148378)
Fixed arguments object materialization during deopt. (issue 2261)
Introduced new API to expose external string resource regardless of encoding.
Fixed CHECK failure in LCodeGen::DoWrapReceiver when --deopt-every-n-times flag is present (Chromium issue 148389)
Fixed edge case of extension with NULL as source string. (Chromium issue 144649)
Fixed array index dehoisting. (Chromium issue 141395)
Performance and stability improvements on all platforms.
git-svn-id: http://v8.googlecode.com/svn/trunk@12566 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
diff --git a/test/cctest/test-heap.cc b/test/cctest/test-heap.cc
index 4b76563..d6285db 100644
--- a/test/cctest/test-heap.cc
+++ b/test/cctest/test-heap.cc
@@ -4,10 +4,12 @@
#include "v8.h"
+#include "compilation-cache.h"
#include "execution.h"
#include "factory.h"
#include "macro-assembler.h"
#include "global-handles.h"
+#include "stub-cache.h"
#include "cctest.h"
using namespace v8::internal;
@@ -1244,7 +1246,9 @@
for (HeapObject* obj = iterator.next();
obj != NULL;
obj = iterator.next()) {
- size_of_objects_2 += obj->Size();
+ if (!obj->IsFreeSpace()) {
+ size_of_objects_2 += obj->Size();
+ }
}
// Delta must be within 5% of the larger result.
// TODO(gc): Tighten this up by distinguishing between byte
@@ -1273,7 +1277,6 @@
// that the scavenger does not undo the filling.
v8::HandleScope scope;
AlwaysAllocateScope always_allocate;
- LinearAllocationScope allocate_linearly;
intptr_t available = new_space->EffectiveCapacity() - new_space->Size();
intptr_t number_of_fillers = (available / FixedArray::SizeFor(32)) - 1;
for (intptr_t i = 0; i < number_of_fillers; i++) {
@@ -1928,8 +1931,13 @@
HEAP->CollectAllGarbage(Heap::kNoGCFlags, "triggered by test 2");
CHECK_GE(number_of_test_pages + 1, old_pointer_space->CountTotalPages() * 2);
- // Triggering a last-resort GC should cause all pages to be released
- // to the OS so that other processes can seize the memory.
+ // Triggering a last-resort GC should cause all pages to be released to the
+ // OS so that other processes can seize the memory. If we get a failure here
+ // where there are 2 pages left instead of 1, then we should increase the
+ // size of the first page a little in SizeOfFirstPage in spaces.cc. The
+ // first page should be small in order to reduce memory used when the VM
+ // boots, but if the 20 small arrays don't fit on the first page then that's
+ // an indication that it is too small.
HEAP->CollectAllAvailableGarbage("triggered really hard");
CHECK_EQ(1, old_pointer_space->CountTotalPages());
}
@@ -2238,3 +2246,62 @@
delete resource;
}
+
+
+TEST(Regression144230) {
+ InitializeVM();
+ v8::HandleScope scope;
+
+ // First make sure that the uninitialized CallIC stub is on a single page
+ // that will later be selected as an evacuation candidate.
+ {
+ v8::HandleScope inner_scope;
+ AlwaysAllocateScope always_allocate;
+ SimulateFullSpace(HEAP->code_space());
+ ISOLATE->stub_cache()->ComputeCallInitialize(9, RelocInfo::CODE_TARGET);
+ }
+
+ // Second compile a CallIC and execute it once so that it gets patched to
+ // the pre-monomorphic stub. These code objects are on yet another page.
+ {
+ v8::HandleScope inner_scope;
+ AlwaysAllocateScope always_allocate;
+ SimulateFullSpace(HEAP->code_space());
+ CompileRun("var o = { f:function(a,b,c,d,e,f,g,h,i) {}};"
+ "function call() { o.f(1,2,3,4,5,6,7,8,9); };"
+ "call();");
+ }
+
+ // Third we fill up the last page of the code space so that it does not get
+ // chosen as an evacuation candidate.
+ {
+ v8::HandleScope inner_scope;
+ AlwaysAllocateScope always_allocate;
+ CompileRun("for (var i = 0; i < 2000; i++) {"
+ " eval('function f' + i + '() { return ' + i +'; };' +"
+ " 'f' + i + '();');"
+ "}");
+ }
+ HEAP->CollectAllGarbage(Heap::kNoGCFlags);
+
+ // Fourth is the tricky part. Make sure the code containing the CallIC is
+ // visited first without clearing the IC. The shared function info is then
+ // visited later, causing the CallIC to be cleared.
+ Handle<String> name = FACTORY->LookupAsciiSymbol("call");
+ Handle<GlobalObject> global(ISOLATE->context()->global_object());
+ MaybeObject* maybe_call = global->GetProperty(*name);
+ JSFunction* call = JSFunction::cast(maybe_call->ToObjectChecked());
+ USE(global->SetProperty(*name, Smi::FromInt(0), NONE, kNonStrictMode));
+ ISOLATE->compilation_cache()->Clear();
+ call->shared()->set_ic_age(HEAP->global_ic_age() + 1);
+ Handle<Object> call_code(call->code());
+ Handle<Object> call_function(call);
+
+ // Now we are ready to mess up the heap.
+ HEAP->CollectAllGarbage(Heap::kReduceMemoryFootprintMask);
+
+ // Either heap verification caught the problem already or we go kaboom once
+ // the CallIC is executed the next time.
+ USE(global->SetProperty(*name, *call_function, NONE, kNonStrictMode));
+ CompileRun("call();");
+}