From 1ad10dbb8138e0252ace66f829431992fa5be77f Mon Sep 17 00:00:00 2001
From: Omer Katz <omerkatz@chromium.org>
Date: Mon, 21 Mar 2022 10:48:14 +0100
Subject: [PATCH] heap: add DCHECKs to SemiSpace::EnsureCurrentCapacity
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adding some DCHECKs to document invariants and correctness properties
(e.g. pages with live objects aren't freed).

Bug: v8:12612
Change-Id: I543e4846c791320f3965561ae9d0b54739f5df03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3507993
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79542}
---
 src/heap/new-spaces.cc | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/heap/new-spaces.cc b/src/heap/new-spaces.cc
index 685e631f23..25fccd3f7c 100644
--- a/src/heap/new-spaces.cc
+++ b/src/heap/new-spaces.cc
@@ -39,6 +39,8 @@ bool SemiSpace::EnsureCurrentCapacity() {
   if (IsCommitted()) {
     const int expected_pages =
         static_cast<int>(target_capacity_ / Page::kPageSize);
+    // `target_capacity_` is a multiple of `Page::kPageSize`.
+    DCHECK_EQ(target_capacity_, expected_pages * Page::kPageSize);
     MemoryChunk* current_page = first_page();
     int actual_pages = 0;
 
@@ -49,9 +51,19 @@ bool SemiSpace::EnsureCurrentCapacity() {
       current_page = current_page->list_node().next();
     }
 
+    DCHECK_LE(actual_pages, expected_pages);
+
     // Free all overallocated pages which are behind current_page.
     while (current_page) {
+      DCHECK_EQ(actual_pages, expected_pages);
       MemoryChunk* next_current = current_page->list_node().next();
+      // Promoted pages contain live objects and should not be discarded.
+      DCHECK(!current_page->IsFlagSet(Page::PAGE_NEW_NEW_PROMOTION));
+      // `current_page_` contains the current allocation area. Thus, we should
+      // never free the `current_page_`. Furthermore, live objects generally
+      // reside before the current allocation area, so `current_page_` also
+      // serves as a guard against freeing pages with live objects on them.
+      DCHECK_NE(current_page, current_page_);
       AccountUncommitted(Page::kPageSize);
       DecrementCommittedPhysicalMemory(current_page->CommittedPhysicalMemory());
       memory_chunk_list_.Remove(current_page);
@@ -83,6 +95,7 @@ bool SemiSpace::EnsureCurrentCapacity() {
                                    static_cast<int>(current_page->area_size()),
                                    ClearRecordedSlots::kNo);
     }
+    DCHECK_EQ(expected_pages, actual_pages);
   }
   return true;
 }