From 4184cb0069466b188f362c7c056973fcd6563677 Mon Sep 17 00:00:00 2001 From: Julien Gilli Date: Wed, 6 Jul 2016 15:20:58 -0700 Subject: [PATCH] deps: backport 22c5e46 from V8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This removes the diagnostic code for the issue described in https://bugs.chromium.org/p/chromium/issues/detail?id=454297. That issue is private, probably due to the fact that it contains information about a security vulnerability. The original issue was fixed in V8 by https://codereview.chromium.org/1286343004, which was integrated into node v4.x with c43172578e3e10c2de84fc2ce0d6a7fb02a440d8, so there's no need for the corresponding diagnostic code anymore. Original commit message: [heap] Remove debugging code of crbug/454297. BUG= Review URL: https://codereview.chromium.org/1420253002 Cr-Commit-Position: refs/heads/master@{#31523} PR-URL: https://github.com/nodejs/node/pull/7584 Reviewed-By: Myles Borins Reviewed-By: Michaƫl Zasso Reviewed-By: Ben Noordhuis Reviewed-By: Ali Ijaz Sheikh --- deps/v8/include/v8-version.h | 2 +- deps/v8/src/heap/mark-compact.cc | 100 ------------------------------- 2 files changed, 1 insertion(+), 101 deletions(-) diff --git a/deps/v8/include/v8-version.h b/deps/v8/include/v8-version.h index 4a4a51238e6c93..f4cdb94b28850f 100644 --- a/deps/v8/include/v8-version.h +++ b/deps/v8/include/v8-version.h @@ -11,7 +11,7 @@ #define V8_MAJOR_VERSION 4 #define V8_MINOR_VERSION 5 #define V8_BUILD_NUMBER 103 -#define V8_PATCH_LEVEL 36 +#define V8_PATCH_LEVEL 37 // Use 1 for candidates and 0 otherwise. // (Boolean macro values are not supported by all preprocessors.) diff --git a/deps/v8/src/heap/mark-compact.cc b/deps/v8/src/heap/mark-compact.cc index 45f5af3f4dcb03..cb08ab4e331f40 100644 --- a/deps/v8/src/heap/mark-compact.cc +++ b/deps/v8/src/heap/mark-compact.cc @@ -2908,16 +2908,6 @@ class PointersUpdatingVisitor : public ObjectVisitor { HeapObject* heap_obj = HeapObject::cast(obj); -// TODO(ishell): remove, once crbug/454297 is caught. -#if V8_TARGET_ARCH_64_BIT -#ifndef V8_OS_AIX // no point checking on AIX as full 64 range is supported - const uintptr_t kBoundary = V8_UINT64_C(1) << 48; - STATIC_ASSERT(kBoundary > 0); - if (reinterpret_cast(heap_obj->address()) >= kBoundary) { - CheckLayoutDescriptorAndDie(heap, slot); - } -#endif -#endif MapWord map_word = heap_obj->map_word(); if (map_word.IsForwardingAddress()) { DCHECK(heap->InFromSpace(heap_obj) || @@ -2935,100 +2925,10 @@ class PointersUpdatingVisitor : public ObjectVisitor { private: inline void UpdatePointer(Object** p) { UpdateSlot(heap_, p); } - static void CheckLayoutDescriptorAndDie(Heap* heap, Object** slot); - Heap* heap_; }; -#if V8_TARGET_ARCH_64_BIT -// TODO(ishell): remove, once crbug/454297 is caught. -void PointersUpdatingVisitor::CheckLayoutDescriptorAndDie(Heap* heap, - Object** slot) { - const int kDataBufferSize = 128; - uintptr_t data[kDataBufferSize] = {0}; - int index = 0; - data[index++] = 0x10aaaaaaaaUL; // begin marker - - data[index++] = reinterpret_cast(slot); - data[index++] = 0x15aaaaaaaaUL; - - Address slot_address = reinterpret_cast
(slot); - - uintptr_t space_owner_id = 0xb001; - if (heap->new_space()->ToSpaceContains(slot_address)) { - space_owner_id = 1; - } else if (heap->new_space()->FromSpaceContains(slot_address)) { - space_owner_id = 2; - } else if (heap->old_space()->ContainsSafe(slot_address)) { - space_owner_id = 3; - } else if (heap->code_space()->ContainsSafe(slot_address)) { - space_owner_id = 4; - } else if (heap->map_space()->ContainsSafe(slot_address)) { - space_owner_id = 5; - } else { - // Lo space or other. - space_owner_id = 6; - } - data[index++] = space_owner_id; - data[index++] = 0x20aaaaaaaaUL; - - // Find map word lying near before the slot address (usually the map word is - // at -3 words from the slot but just in case we look up further. - Object** map_slot = slot; - bool found = false; - const int kMaxDistanceToMap = 64; - for (int i = 0; i < kMaxDistanceToMap; i++, map_slot--) { - Address map_address = reinterpret_cast
(*map_slot); - if (heap->map_space()->ContainsSafe(map_address)) { - found = true; - break; - } - } - data[index++] = found; - data[index++] = 0x30aaaaaaaaUL; - data[index++] = reinterpret_cast(map_slot); - data[index++] = 0x35aaaaaaaaUL; - - if (found) { - Address obj_address = reinterpret_cast
(map_slot); - Address end_of_page = - reinterpret_cast
(Page::FromAddress(obj_address)) + - Page::kPageSize; - Address end_address = - Min(obj_address + kPointerSize * kMaxDistanceToMap, end_of_page); - int size = static_cast(end_address - obj_address); - data[index++] = size / kPointerSize; - data[index++] = 0x40aaaaaaaaUL; - memcpy(&data[index], reinterpret_cast(map_slot), size); - index += size / kPointerSize; - data[index++] = 0x50aaaaaaaaUL; - - HeapObject* object = HeapObject::FromAddress(obj_address); - data[index++] = reinterpret_cast(object); - data[index++] = 0x60aaaaaaaaUL; - - Map* map = object->map(); - data[index++] = reinterpret_cast(map); - data[index++] = 0x70aaaaaaaaUL; - - LayoutDescriptor* layout_descriptor = map->layout_descriptor(); - data[index++] = reinterpret_cast(layout_descriptor); - data[index++] = 0x80aaaaaaaaUL; - - memcpy(&data[index], reinterpret_cast(map->address()), Map::kSize); - index += Map::kSize / kPointerSize; - data[index++] = 0x90aaaaaaaaUL; - } - - data[index++] = 0xeeeeeeeeeeUL; - DCHECK(index < kDataBufferSize); - base::OS::PrintError("Data: %p\n", static_cast(data)); - base::OS::Abort(); -} -#endif - - static void UpdatePointer(HeapObject** address, HeapObject* object) { MapWord map_word = object->map_word(); // The store buffer can still contain stale pointers in dead large objects.