1 // Copyright 2011 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are
4 // met:
5 //
6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided
11 // with the distribution.
12 // * Neither the name of Google Inc. nor the names of its
13 // contributors may be used to endorse or promote products derived
14 // from this software without specific prior written permission.
15 //
16 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
18 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
19 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
20 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
26 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27
28 #include <utility>
29
30 #include "src/v8.h"
31
32 #include "src/global-handles.h"
33 #include "src/snapshot.h"
34 #include "test/cctest/cctest.h"
35
36 using namespace v8::internal;
37
38
GetIsolateFrom(LocalContext * context)39 static Isolate* GetIsolateFrom(LocalContext* context) {
40 return reinterpret_cast<Isolate*>((*context)->GetIsolate());
41 }
42
43
AllocateJSWeakSet(Isolate * isolate)44 static Handle<JSWeakSet> AllocateJSWeakSet(Isolate* isolate) {
45 Factory* factory = isolate->factory();
46 Handle<Map> map = factory->NewMap(JS_WEAK_SET_TYPE, JSWeakSet::kSize);
47 Handle<JSObject> weakset_obj = factory->NewJSObjectFromMap(map);
48 Handle<JSWeakSet> weakset(JSWeakSet::cast(*weakset_obj));
49 // Do not leak handles for the hash table, it would make entries strong.
50 {
51 HandleScope scope(isolate);
52 Handle<ObjectHashTable> table = ObjectHashTable::New(isolate, 1);
53 weakset->set_table(*table);
54 }
55 return weakset;
56 }
57
PutIntoWeakSet(Handle<JSWeakSet> weakset,Handle<JSObject> key,Handle<Object> value)58 static void PutIntoWeakSet(Handle<JSWeakSet> weakset,
59 Handle<JSObject> key,
60 Handle<Object> value) {
61 Handle<ObjectHashTable> table = ObjectHashTable::Put(
62 Handle<ObjectHashTable>(ObjectHashTable::cast(weakset->table())),
63 Handle<JSObject>(JSObject::cast(*key)),
64 value);
65 weakset->set_table(*table);
66 }
67
68 static int NumberOfWeakCalls = 0;
WeakPointerCallback(const v8::WeakCallbackData<v8::Value,void> & data)69 static void WeakPointerCallback(
70 const v8::WeakCallbackData<v8::Value, void>& data) {
71 std::pair<v8::Persistent<v8::Value>*, int>* p =
72 reinterpret_cast<std::pair<v8::Persistent<v8::Value>*, int>*>(
73 data.GetParameter());
74 DCHECK_EQ(1234, p->second);
75 NumberOfWeakCalls++;
76 p->first->Reset();
77 }
78
79
TEST(WeakSet_Weakness)80 TEST(WeakSet_Weakness) {
81 FLAG_incremental_marking = false;
82 LocalContext context;
83 Isolate* isolate = GetIsolateFrom(&context);
84 Factory* factory = isolate->factory();
85 Heap* heap = isolate->heap();
86 HandleScope scope(isolate);
87 Handle<JSWeakSet> weakset = AllocateJSWeakSet(isolate);
88 GlobalHandles* global_handles = isolate->global_handles();
89
90 // Keep global reference to the key.
91 Handle<Object> key;
92 {
93 HandleScope scope(isolate);
94 Handle<Map> map = factory->NewMap(JS_OBJECT_TYPE, JSObject::kHeaderSize);
95 Handle<JSObject> object = factory->NewJSObjectFromMap(map);
96 key = global_handles->Create(*object);
97 }
98 CHECK(!global_handles->IsWeak(key.location()));
99
100 // Put entry into weak set.
101 {
102 HandleScope scope(isolate);
103 PutIntoWeakSet(weakset,
104 Handle<JSObject>(JSObject::cast(*key)),
105 Handle<Smi>(Smi::FromInt(23), isolate));
106 }
107 CHECK_EQ(1, ObjectHashTable::cast(weakset->table())->NumberOfElements());
108
109 // Force a full GC.
110 heap->CollectAllGarbage(false);
111 CHECK_EQ(0, NumberOfWeakCalls);
112 CHECK_EQ(1, ObjectHashTable::cast(weakset->table())->NumberOfElements());
113 CHECK_EQ(
114 0, ObjectHashTable::cast(weakset->table())->NumberOfDeletedElements());
115
116 // Make the global reference to the key weak.
117 {
118 HandleScope scope(isolate);
119 std::pair<Handle<Object>*, int> handle_and_id(&key, 1234);
120 GlobalHandles::MakeWeak(key.location(),
121 reinterpret_cast<void*>(&handle_and_id),
122 &WeakPointerCallback);
123 }
124 CHECK(global_handles->IsWeak(key.location()));
125
126 // Force a full GC.
127 // Perform two consecutive GCs because the first one will only clear
128 // weak references whereas the second one will also clear weak sets.
129 heap->CollectAllGarbage(false);
130 CHECK_EQ(1, NumberOfWeakCalls);
131 CHECK_EQ(1, ObjectHashTable::cast(weakset->table())->NumberOfElements());
132 CHECK_EQ(
133 0, ObjectHashTable::cast(weakset->table())->NumberOfDeletedElements());
134 heap->CollectAllGarbage(false);
135 CHECK_EQ(1, NumberOfWeakCalls);
136 CHECK_EQ(0, ObjectHashTable::cast(weakset->table())->NumberOfElements());
137 CHECK_EQ(
138 1, ObjectHashTable::cast(weakset->table())->NumberOfDeletedElements());
139 }
140
141
TEST(WeakSet_Shrinking)142 TEST(WeakSet_Shrinking) {
143 LocalContext context;
144 Isolate* isolate = GetIsolateFrom(&context);
145 Factory* factory = isolate->factory();
146 Heap* heap = isolate->heap();
147 HandleScope scope(isolate);
148 Handle<JSWeakSet> weakset = AllocateJSWeakSet(isolate);
149
150 // Check initial capacity.
151 CHECK_EQ(32, ObjectHashTable::cast(weakset->table())->Capacity());
152
153 // Fill up weak set to trigger capacity change.
154 {
155 HandleScope scope(isolate);
156 Handle<Map> map = factory->NewMap(JS_OBJECT_TYPE, JSObject::kHeaderSize);
157 for (int i = 0; i < 32; i++) {
158 Handle<JSObject> object = factory->NewJSObjectFromMap(map);
159 PutIntoWeakSet(weakset, object, Handle<Smi>(Smi::FromInt(i), isolate));
160 }
161 }
162
163 // Check increased capacity.
164 CHECK_EQ(128, ObjectHashTable::cast(weakset->table())->Capacity());
165
166 // Force a full GC.
167 CHECK_EQ(32, ObjectHashTable::cast(weakset->table())->NumberOfElements());
168 CHECK_EQ(
169 0, ObjectHashTable::cast(weakset->table())->NumberOfDeletedElements());
170 heap->CollectAllGarbage(false);
171 CHECK_EQ(0, ObjectHashTable::cast(weakset->table())->NumberOfElements());
172 CHECK_EQ(
173 32, ObjectHashTable::cast(weakset->table())->NumberOfDeletedElements());
174
175 // Check shrunk capacity.
176 CHECK_EQ(32, ObjectHashTable::cast(weakset->table())->Capacity());
177 }
178
179
180 // Test that weak set values on an evacuation candidate which are not reachable
181 // by other paths are correctly recorded in the slots buffer.
TEST(WeakSet_Regress2060a)182 TEST(WeakSet_Regress2060a) {
183 if (i::FLAG_never_compact) return;
184 FLAG_always_compact = true;
185 LocalContext context;
186 Isolate* isolate = GetIsolateFrom(&context);
187 Factory* factory = isolate->factory();
188 Heap* heap = isolate->heap();
189 HandleScope scope(isolate);
190 Handle<JSFunction> function = factory->NewFunction(
191 factory->function_string());
192 Handle<JSObject> key = factory->NewJSObject(function);
193 Handle<JSWeakSet> weakset = AllocateJSWeakSet(isolate);
194
195 // Start second old-space page so that values land on evacuation candidate.
196 Page* first_page = heap->old_pointer_space()->anchor()->next_page();
197 factory->NewFixedArray(900 * KB / kPointerSize, TENURED);
198
199 // Fill up weak set with values on an evacuation candidate.
200 {
201 HandleScope scope(isolate);
202 for (int i = 0; i < 32; i++) {
203 Handle<JSObject> object = factory->NewJSObject(function, TENURED);
204 CHECK(!heap->InNewSpace(object->address()));
205 CHECK(!first_page->Contains(object->address()));
206 PutIntoWeakSet(weakset, key, object);
207 }
208 }
209
210 // Force compacting garbage collection.
211 CHECK(FLAG_always_compact);
212 heap->CollectAllGarbage(Heap::kNoGCFlags);
213 }
214
215
216 // Test that weak set keys on an evacuation candidate which are reachable by
217 // other strong paths are correctly recorded in the slots buffer.
TEST(WeakSet_Regress2060b)218 TEST(WeakSet_Regress2060b) {
219 if (i::FLAG_never_compact) return;
220 FLAG_always_compact = true;
221 #ifdef VERIFY_HEAP
222 FLAG_verify_heap = true;
223 #endif
224
225 LocalContext context;
226 Isolate* isolate = GetIsolateFrom(&context);
227 Factory* factory = isolate->factory();
228 Heap* heap = isolate->heap();
229 HandleScope scope(isolate);
230 Handle<JSFunction> function = factory->NewFunction(
231 factory->function_string());
232
233 // Start second old-space page so that keys land on evacuation candidate.
234 Page* first_page = heap->old_pointer_space()->anchor()->next_page();
235 factory->NewFixedArray(900 * KB / kPointerSize, TENURED);
236
237 // Fill up weak set with keys on an evacuation candidate.
238 Handle<JSObject> keys[32];
239 for (int i = 0; i < 32; i++) {
240 keys[i] = factory->NewJSObject(function, TENURED);
241 CHECK(!heap->InNewSpace(keys[i]->address()));
242 CHECK(!first_page->Contains(keys[i]->address()));
243 }
244 Handle<JSWeakSet> weakset = AllocateJSWeakSet(isolate);
245 for (int i = 0; i < 32; i++) {
246 PutIntoWeakSet(weakset,
247 keys[i],
248 Handle<Smi>(Smi::FromInt(i), isolate));
249 }
250
251 // Force compacting garbage collection. The subsequent collections are used
252 // to verify that key references were actually updated.
253 CHECK(FLAG_always_compact);
254 heap->CollectAllGarbage(Heap::kNoGCFlags);
255 heap->CollectAllGarbage(Heap::kNoGCFlags);
256 heap->CollectAllGarbage(Heap::kNoGCFlags);
257 }
258