AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

[ext-code-space] Fix verification of code object slots

Browse Source 
... which could contain a smi value during CodeDataContainer setup.

Bug: v8:11880
Change-Id: Ibc67818411e9b824843bc5a20d249335c88d5f57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264291
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77758}
This commit is contained in:
Igor Sheludko 2021-11-08 11:26:59 +01:00 committed by V8 LUCI CQ
parent 32af9c0477
commit e6da2eeb72
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/heap/heap.cc
View File

@ -6848,6 +6848,7 @@ void VerifyPointersVisitor::VisitCodePointer(HeapObject host,
CHECK(V8_EXTERNAL_CODE_SPACE_BOOL);
Object maybe_code = slot.load(code_cage_base());
HeapObject code;
// The slot might contain smi during CodeDataContainer creation.
if (maybe_code.GetHeapObject(&code)) {
VerifyCodeObjectImpl(code);
} else {

10
src/heap/mark-compact.cc
View File

@ -240,6 +240,7 @@ class FullMarkingVerifier : public MarkingVerifier {
CHECK(V8_EXTERNAL_CODE_SPACE_BOOL);
Object maybe_code = slot.load(code_cage_base());
HeapObject code;
// The slot might contain smi during CodeDataContainer creation, so skip it.
if (maybe_code.GetHeapObject(&code)) {
VerifyHeapObjectImpl(code);
}
@ -419,6 +420,7 @@ class FullEvacuationVerifier : public EvacuationVerifier {
CHECK(V8_EXTERNAL_CODE_SPACE_BOOL);
Object maybe_code = slot.load(code_cage_base());
HeapObject code;
// The slot might contain smi during CodeDataContainer creation, so skip it.
if (maybe_code.GetHeapObject(&code)) {
VerifyHeapObjectImpl(code);
}
@ -4554,8 +4556,12 @@ class YoungGenerationEvacuationVerifier : public EvacuationVerifier {
}
void VerifyCodePointer(CodeObjectSlot slot) override {
CHECK(V8_EXTERNAL_CODE_SPACE_BOOL);
Code code = Code::unchecked_cast(slot.load(code_cage_base()));
VerifyHeapObjectImpl(code);
Object maybe_code = slot.load(code_cage_base());
HeapObject code;
// The slot might contain smi during CodeDataContainer creation, so skip it.
if (maybe_code.GetHeapObject(&code)) {
VerifyHeapObjectImpl(code);
}
}
void VisitCodeTarget(Code host, RelocInfo* rinfo) override {
Code target = Code::GetCodeFromTargetAddress(rinfo->target_address());