AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

[web snapshot] Add verification mode

Browse Source 
We should verify the consistency of the objects we produced after deserializing successfully.

Bug: v8:11525
Change-Id: Ieec1aa7112ab6eda0c61a1a9ab78e86ad8352942
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3813061
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82272}
This commit is contained in:
jameslahm 2022-08-06 15:56:26 +08:00 committed by V8 LUCI CQ
parent b9e7db851d
commit df251e4496
18 changed files with 75 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
src/web-snapshot/web-snapshot.cc
View File

@ -2218,6 +2218,47 @@ bool WebSnapshotDeserializer::Deserialize(
return true;
}
#ifdef VERIFY_HEAP
void WebSnapshotDeserializer::VerifyObjects() {
for (int i = 0; i < strings_.length(); i++) {
String::cast(strings_.get(i)).StringVerify(isolate_);
}
for (int i = 0; i < symbols_.length(); i++) {
Symbol::cast(symbols_.get(i)).SymbolVerify(isolate_);
}
for (int i = 0; i < builtin_objects_.length(); i++) {
builtin_objects_.get(i).ObjectVerify(isolate_);
}
for (int i = 0; i < maps_.length(); i++) {
Map::cast(maps_.get(i)).MapVerify(isolate_);
}
for (int i = 0; i < contexts_.length(); i++) {
Context::cast(contexts_.get(i)).ContextVerify(isolate_);
}
for (int i = 0; i < functions_.length(); i++) {
JSFunction::cast(functions_.get(i)).JSFunctionVerify(isolate_);
}
for (int i = 0; i < arrays_.length(); i++) {
JSArray::cast(arrays_.get(i)).JSArrayVerify(isolate_);
}
for (int i = 0; i < array_buffers_.length(); i++) {
JSArrayBuffer::cast(array_buffers_.get(i)).JSArrayBufferVerify(isolate_);
}
for (int i = 0; i < typed_arrays_.length(); i++) {
JSTypedArray::cast(typed_arrays_.get(i)).JSTypedArrayVerify(isolate_);
}
for (int i = 0; i < data_views_.length(); i++) {
JSDataView::cast(data_views_.get(i)).JSDataViewVerify(isolate_);
}
for (int i = 0; i < objects_.length(); i++) {
JSObject::cast(objects_.get(i)).JSObjectVerify(isolate_);
}
for (int i = 0; i < classes_.length(); i++) {
JSFunction::cast(classes_.get(i)).JSFunctionVerify(isolate_);
}
}
#endif
bool WebSnapshotDeserializer::DeserializeSnapshot(bool skip_exports) {
CollectBuiltinObjects();
@ -2246,6 +2287,13 @@ bool WebSnapshotDeserializer::DeserializeSnapshot(bool skip_exports) {
DeserializeExports(skip_exports);
DCHECK_EQ(0, deferred_references_->Length());
#ifdef VERIFY_HEAP
// Verify the objects we produced during deserializing snapshot.
if (FLAG_verify_heap && !has_error()) {
VerifyObjects();
}
#endif
return !has_error();
}
@ -2302,7 +2350,6 @@ bool WebSnapshotDeserializer::DeserializeScript() {
}
}
// TODO(v8:11525): Add verification mode; verify the objects we just produced.
return !has_error();
}
@ -3604,6 +3651,11 @@ void WebSnapshotDeserializer::DeserializeExports(bool skip_exports) {
// No deferred references should occur at this point, since all objects
// have been deserialized.
Object export_value = std::get<0>(ReadValue());
#ifdef VERIFY_HEAP
if (FLAG_verify_heap) {
export_value.ObjectVerify(isolate_);
}
#endif
USE(export_name);
USE(export_value);
}
@ -3630,6 +3682,11 @@ void WebSnapshotDeserializer::DeserializeExports(bool skip_exports) {
// No deferred references should occur at this point, since all objects have
// been deserialized.
Object export_value = std::get<0>(ReadValue());
#ifdef VERIFY_HEAP
if (FLAG_verify_heap) {
export_value.ObjectVerify(isolate_);
}
#endif
if (export_name->length() == 0 && i == 0) {
// Hack: treat the first empty-string-named export value as a return value

1
src/web-snapshot/web-snapshot.h
View File

@ -551,6 +551,7 @@ class V8_EXPORT WebSnapshotDeserializer
void ProcessDeferredReferences();
// Not virtual, on purpose (because it doesn't need to be).
void Throw(const char* message);
void VerifyObjects();
Handle<FixedArray> strings_handle_;
FixedArray strings_;

2
test/mjsunit/web-snapshot/web-snapshot-array-buffer.js
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax --harmony-rab-gsab
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax --harmony-rab-gsab --verify-heap
'use strict';

2
test/mjsunit/web-snapshot/web-snapshot-array.js
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax --verify-heap
'use strict';

2
test/mjsunit/web-snapshot/web-snapshot-base.js
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax --verify-heap
'use strict';

2
test/mjsunit/web-snapshot/web-snapshot-builtin.js
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax --verify-heap
'use strict';

2
test/mjsunit/web-snapshot/web-snapshot-circular-reference.js
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax --verify-heap
'use strict';

2
test/mjsunit/web-snapshot/web-snapshot-class.js
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax --verify-heap
'use strict';

2
test/mjsunit/web-snapshot/web-snapshot-data-view.js
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax --harmony-rab-gsab
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax --harmony-rab-gsab --verify-heap
'use strict';

2
test/mjsunit/web-snapshot/web-snapshot-externals.js
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --experimental-web-snapshots --allow-natives-syntax
// Flags: --experimental-web-snapshots --allow-natives-syntax --verify-heap
const external_1 = {external: 1};
const external_2 = {external: 2};

2
test/mjsunit/web-snapshot/web-snapshot-function-context.js
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax --verify-heap
'use strict';

2
test/mjsunit/web-snapshot/web-snapshot-function.js
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax --verify-heap
'use strict';

2
test/mjsunit/web-snapshot/web-snapshot-holey-array.js
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax --verify-heap
'use strict';

2
test/mjsunit/web-snapshot/web-snapshot-object.js
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax --verify-heap
'use strict';

2
test/mjsunit/web-snapshot/web-snapshot-prototype.js
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax --verify-heap
'use strict';

2
test/mjsunit/web-snapshot/web-snapshot-sparse-array.js
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax --verify-heap
'use strict';

2
test/mjsunit/web-snapshot/web-snapshot-symbol.js
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax --verify-heap
'use strict';

2
test/mjsunit/web-snapshot/web-snapshot-typed-array.js
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax --harmony-rab-gsab
// Flags: --experimental-d8-web-snapshot-api --allow-natives-syntax --harmony-rab-gsab --verify-heap
'use strict';