1 // Copyright 2011 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are
4 // met:
5 //
6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided
11 // with the distribution.
12 // * Neither the name of Google Inc. nor the names of its
13 // contributors may be used to endorse or promote products derived
14 // from this software without specific prior written permission.
15 //
16 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
18 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
19 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
20 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
26 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27
28 #include <utility>
29
30 #include "src/v8.h"
31
32 #include "src/global-handles.h"
33 #include "src/snapshot.h"
34 #include "test/cctest/cctest.h"
35
36 using namespace v8::internal;
37
38
GetIsolateFrom(LocalContext * context)39 static Isolate* GetIsolateFrom(LocalContext* context) {
40 return reinterpret_cast<Isolate*>((*context)->GetIsolate());
41 }
42
43
AllocateJSWeakMap(Isolate * isolate)44 static Handle<JSWeakMap> AllocateJSWeakMap(Isolate* isolate) {
45 Factory* factory = isolate->factory();
46 Handle<Map> map = factory->NewMap(JS_WEAK_MAP_TYPE, JSWeakMap::kSize);
47 Handle<JSObject> weakmap_obj = factory->NewJSObjectFromMap(map);
48 Handle<JSWeakMap> weakmap(JSWeakMap::cast(*weakmap_obj));
49 // Do not leak handles for the hash table, it would make entries strong.
50 {
51 HandleScope scope(isolate);
52 Handle<ObjectHashTable> table = ObjectHashTable::New(isolate, 1);
53 weakmap->set_table(*table);
54 }
55 return weakmap;
56 }
57
PutIntoWeakMap(Handle<JSWeakMap> weakmap,Handle<JSObject> key,Handle<Object> value)58 static void PutIntoWeakMap(Handle<JSWeakMap> weakmap,
59 Handle<JSObject> key,
60 Handle<Object> value) {
61 Handle<ObjectHashTable> table = ObjectHashTable::Put(
62 Handle<ObjectHashTable>(ObjectHashTable::cast(weakmap->table())),
63 Handle<JSObject>(JSObject::cast(*key)),
64 value);
65 weakmap->set_table(*table);
66 }
67
68 static int NumberOfWeakCalls = 0;
WeakPointerCallback(const v8::WeakCallbackData<v8::Value,void> & data)69 static void WeakPointerCallback(
70 const v8::WeakCallbackData<v8::Value, void>& data) {
71 std::pair<v8::Persistent<v8::Value>*, int>* p =
72 reinterpret_cast<std::pair<v8::Persistent<v8::Value>*, int>*>(
73 data.GetParameter());
74 DCHECK_EQ(1234, p->second);
75 NumberOfWeakCalls++;
76 p->first->Reset();
77 }
78
79
TEST(Weakness)80 TEST(Weakness) {
81 FLAG_incremental_marking = false;
82 LocalContext context;
83 Isolate* isolate = GetIsolateFrom(&context);
84 Factory* factory = isolate->factory();
85 Heap* heap = isolate->heap();
86 HandleScope scope(isolate);
87 Handle<JSWeakMap> weakmap = AllocateJSWeakMap(isolate);
88 GlobalHandles* global_handles = isolate->global_handles();
89
90 // Keep global reference to the key.
91 Handle<Object> key;
92 {
93 HandleScope scope(isolate);
94 Handle<Map> map = factory->NewMap(JS_OBJECT_TYPE, JSObject::kHeaderSize);
95 Handle<JSObject> object = factory->NewJSObjectFromMap(map);
96 key = global_handles->Create(*object);
97 }
98 CHECK(!global_handles->IsWeak(key.location()));
99
100 // Put entry into weak map.
101 {
102 HandleScope scope(isolate);
103 PutIntoWeakMap(weakmap,
104 Handle<JSObject>(JSObject::cast(*key)),
105 Handle<Smi>(Smi::FromInt(23), isolate));
106 }
107 CHECK_EQ(1, ObjectHashTable::cast(weakmap->table())->NumberOfElements());
108
109 // Force a full GC.
110 heap->CollectAllGarbage(false);
111 CHECK_EQ(0, NumberOfWeakCalls);
112 CHECK_EQ(1, ObjectHashTable::cast(weakmap->table())->NumberOfElements());
113 CHECK_EQ(
114 0, ObjectHashTable::cast(weakmap->table())->NumberOfDeletedElements());
115
116 // Make the global reference to the key weak.
117 {
118 HandleScope scope(isolate);
119 std::pair<Handle<Object>*, int> handle_and_id(&key, 1234);
120 GlobalHandles::MakeWeak(key.location(),
121 reinterpret_cast<void*>(&handle_and_id),
122 &WeakPointerCallback);
123 }
124 CHECK(global_handles->IsWeak(key.location()));
125
126 // Force a full GC.
127 // Perform two consecutive GCs because the first one will only clear
128 // weak references whereas the second one will also clear weak maps.
129 heap->CollectAllGarbage(false);
130 CHECK_EQ(1, NumberOfWeakCalls);
131 CHECK_EQ(1, ObjectHashTable::cast(weakmap->table())->NumberOfElements());
132 CHECK_EQ(
133 0, ObjectHashTable::cast(weakmap->table())->NumberOfDeletedElements());
134 heap->CollectAllGarbage(false);
135 CHECK_EQ(1, NumberOfWeakCalls);
136 CHECK_EQ(0, ObjectHashTable::cast(weakmap->table())->NumberOfElements());
137 CHECK_EQ(
138 1, ObjectHashTable::cast(weakmap->table())->NumberOfDeletedElements());
139 }
140
141
TEST(Shrinking)142 TEST(Shrinking) {
143 LocalContext context;
144 Isolate* isolate = GetIsolateFrom(&context);
145 Factory* factory = isolate->factory();
146 Heap* heap = isolate->heap();
147 HandleScope scope(isolate);
148 Handle<JSWeakMap> weakmap = AllocateJSWeakMap(isolate);
149
150 // Check initial capacity.
151 CHECK_EQ(32, ObjectHashTable::cast(weakmap->table())->Capacity());
152
153 // Fill up weak map to trigger capacity change.
154 {
155 HandleScope scope(isolate);
156 Handle<Map> map = factory->NewMap(JS_OBJECT_TYPE, JSObject::kHeaderSize);
157 for (int i = 0; i < 32; i++) {
158 Handle<JSObject> object = factory->NewJSObjectFromMap(map);
159 PutIntoWeakMap(weakmap, object, Handle<Smi>(Smi::FromInt(i), isolate));
160 }
161 }
162
163 // Check increased capacity.
164 CHECK_EQ(128, ObjectHashTable::cast(weakmap->table())->Capacity());
165
166 // Force a full GC.
167 CHECK_EQ(32, ObjectHashTable::cast(weakmap->table())->NumberOfElements());
168 CHECK_EQ(
169 0, ObjectHashTable::cast(weakmap->table())->NumberOfDeletedElements());
170 heap->CollectAllGarbage(false);
171 CHECK_EQ(0, ObjectHashTable::cast(weakmap->table())->NumberOfElements());
172 CHECK_EQ(
173 32, ObjectHashTable::cast(weakmap->table())->NumberOfDeletedElements());
174
175 // Check shrunk capacity.
176 CHECK_EQ(32, ObjectHashTable::cast(weakmap->table())->Capacity());
177 }
178
179
180 // Test that weak map values on an evacuation candidate which are not reachable
181 // by other paths are correctly recorded in the slots buffer.
TEST(Regress2060a)182 TEST(Regress2060a) {
183 if (i::FLAG_never_compact) return;
184 FLAG_always_compact = true;
185 LocalContext context;
186 Isolate* isolate = GetIsolateFrom(&context);
187 Factory* factory = isolate->factory();
188 Heap* heap = isolate->heap();
189 HandleScope scope(isolate);
190 Handle<JSFunction> function = factory->NewFunction(
191 factory->function_string());
192 Handle<JSObject> key = factory->NewJSObject(function);
193 Handle<JSWeakMap> weakmap = AllocateJSWeakMap(isolate);
194
195 // Start second old-space page so that values land on evacuation candidate.
196 Page* first_page = heap->old_pointer_space()->anchor()->next_page();
197 factory->NewFixedArray(900 * KB / kPointerSize, TENURED);
198
199 // Fill up weak map with values on an evacuation candidate.
200 {
201 HandleScope scope(isolate);
202 for (int i = 0; i < 32; i++) {
203 Handle<JSObject> object = factory->NewJSObject(function, TENURED);
204 CHECK(!heap->InNewSpace(object->address()));
205 CHECK(!first_page->Contains(object->address()));
206 PutIntoWeakMap(weakmap, key, object);
207 }
208 }
209
210 // Force compacting garbage collection.
211 CHECK(FLAG_always_compact);
212 heap->CollectAllGarbage(Heap::kNoGCFlags);
213 }
214
215
216 // Test that weak map keys on an evacuation candidate which are reachable by
217 // other strong paths are correctly recorded in the slots buffer.
TEST(Regress2060b)218 TEST(Regress2060b) {
219 if (i::FLAG_never_compact) return;
220 FLAG_always_compact = true;
221 #ifdef VERIFY_HEAP
222 FLAG_verify_heap = true;
223 #endif
224
225 LocalContext context;
226 Isolate* isolate = GetIsolateFrom(&context);
227 Factory* factory = isolate->factory();
228 Heap* heap = isolate->heap();
229 HandleScope scope(isolate);
230 Handle<JSFunction> function = factory->NewFunction(
231 factory->function_string());
232
233 // Start second old-space page so that keys land on evacuation candidate.
234 Page* first_page = heap->old_pointer_space()->anchor()->next_page();
235 factory->NewFixedArray(900 * KB / kPointerSize, TENURED);
236
237 // Fill up weak map with keys on an evacuation candidate.
238 Handle<JSObject> keys[32];
239 for (int i = 0; i < 32; i++) {
240 keys[i] = factory->NewJSObject(function, TENURED);
241 CHECK(!heap->InNewSpace(keys[i]->address()));
242 CHECK(!first_page->Contains(keys[i]->address()));
243 }
244 Handle<JSWeakMap> weakmap = AllocateJSWeakMap(isolate);
245 for (int i = 0; i < 32; i++) {
246 PutIntoWeakMap(weakmap,
247 keys[i],
248 Handle<Smi>(Smi::FromInt(i), isolate));
249 }
250
251 // Force compacting garbage collection. The subsequent collections are used
252 // to verify that key references were actually updated.
253 CHECK(FLAG_always_compact);
254 heap->CollectAllGarbage(Heap::kNoGCFlags);
255 heap->CollectAllGarbage(Heap::kNoGCFlags);
256 heap->CollectAllGarbage(Heap::kNoGCFlags);
257 }
258
259
TEST(Regress399527)260 TEST(Regress399527) {
261 CcTest::InitializeVM();
262 v8::HandleScope scope(CcTest::isolate());
263 Isolate* isolate = CcTest::i_isolate();
264 Heap* heap = isolate->heap();
265 {
266 HandleScope scope(isolate);
267 AllocateJSWeakMap(isolate);
268 SimulateIncrementalMarking(heap);
269 }
270 // The weak map is marked black here but leaving the handle scope will make
271 // the object unreachable. Aborting incremental marking will clear all the
272 // marking bits which makes the weak map garbage.
273 heap->CollectAllGarbage(Heap::kAbortIncrementalMarkingMask);
274 }
275