v8/test/cctest
Anna Henningsen 3176bfd447 [heap-profiler] Fix crash when a snapshot deleted while taking one
Fix a crash/hang that occurred when deleting a snapshot during the
GC that is part of taking another one.

Specifically, when deleting the only other snapshot in such
a situation, the `v8::HeapSnapshot::Delete()` method sees that there
is only one (complete) snapshot at that point, and decides that it is
okay to perform “delete all snapshots” instead of just deleting
the requested one. That resets the internal string lookup table
of the heap profiler, but the new snapshot that is currently in
progress still holds references to the old string lookup table,
leading to a use-after-free segfault or infinite loop.

Fix this by guarding against resetting the string table while
another heap snapshot is being taken, and add a test that would
crash before this fix.

This can be triggered in Node.js by repeatedly calling
`v8.getHeapSnapshot()`, which provides heap snapshots as weakly
held host objects.

Change-Id: If9ac3728bf79114000982f1e7bb05e8034299e3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2464823
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70445}
2020-10-12 12:21:18 +00:00
..
compiler [tests] Run TestReturnMultipleValuesLargeFrame just once 2020-10-07 14:55:30 +00:00
heap [heap] Handle partially initialized objects in NativeContextInferrer 2020-10-09 12:43:42 +00:00
interpreter [cleanup] Clean up SYNCHRONIZED_ACCESSORS macro naming and its uses 2020-10-05 11:01:22 +00:00
libplatform tracing: Update proto library build rule and roll Perfetto 2020-10-07 12:49:09 +00:00
libsampler [cpu-profiler] Only record SIGPROF-based samples for samplers that request samples 2019-02-13 09:29:38 +00:00
parsing Fix tests to work with single generation heap 2020-07-07 09:30:57 +00:00
torque [CSA] Tnodify CodeAssembler::Parameter 2020-10-01 16:07:03 +00:00
wasm [wasm-simd][scalar-lowering] Enable more lowering tests 2020-10-09 22:00:55 +00:00
assembler-helper-arm.cc Rename legacy code kinds 2020-09-30 15:39:23 +00:00
assembler-helper-arm.h Move handles-related files to src/handles 2019-05-23 06:00:15 +00:00
BUILD.gn Revert "[wasm] Share export wrappers across modules" 2020-10-06 18:53:03 +00:00
cctest.cc Rename legacy code kinds 2020-09-30 15:39:23 +00:00
cctest.h [cpu-profiler] Ensure sampled thread has Isolate lock under Windows 2020-09-16 16:17:39 +00:00
cctest.status Reland "[regexp] Protect against reentrant RegExpStack use" 2020-10-12 10:40:58 +00:00
collector.h Move remaining files in src/ 2019-05-24 18:24:36 +00:00
DEPS Reland "[tracing] Roll perfetto @ 28b633cd" 2019-09-06 13:42:02 +00:00
disasm-regex-helper.cc [turbofan] Improve load poisoning tests. 2019-07-02 17:55:04 +00:00
disasm-regex-helper.h [turbofan] Improve load poisoning tests. 2019-07-02 17:55:04 +00:00
expression-type-collector-macros.h
gay-fixed.cc Move remaining files in src/ 2019-05-24 18:24:36 +00:00
gay-fixed.h Move utility code to src/utils 2019-05-23 14:13:34 +00:00
gay-precision.cc Move remaining files in src/ 2019-05-24 18:24:36 +00:00
gay-precision.h Move utility code to src/utils 2019-05-23 14:13:34 +00:00
gay-shortest.cc Move remaining files in src/ 2019-05-24 18:24:36 +00:00
gay-shortest.h Move utility code to src/utils 2019-05-23 14:13:34 +00:00
manually-externalized-buffer.h [api] Deprecate [Shared]ArrayBuffer::Externalize/GetContents and constructors 2019-10-29 22:01:54 +00:00
OWNERS Add myself as an owner for debug-helper and v8windbg 2020-09-21 15:19:27 +00:00
print-extension.cc
print-extension.h
profiler-extension.cc
profiler-extension.h
scope-test-helper.h [parser] Various Scope and Context speedups 2019-01-28 13:06:03 +00:00
setup-isolate-for-tests.cc
setup-isolate-for-tests.h Move initialization code into src/init 2019-05-16 12:36:15 +00:00
test-access-checks.cc
test-accessor-assembler.cc [CSA] Tnodify CodeAssembler::Parameter 2020-10-01 16:07:03 +00:00
test-accessors.cc [properties] Fix SetLazyDataProperty for indices 2020-10-09 12:09:02 +00:00
test-allocation.cc [zone-compr] Initial support for zone pointer compression 2020-07-24 08:27:21 +00:00
test-api-accessors.cc [Respect] Rename lists 2020-06-22 15:15:31 +00:00
test-api-array-buffer.cc [arraybuffer][test] Test creating a BackingStore with nullptr 2020-07-27 14:04:40 +00:00
test-api-icu.cc Correct typo of Chinese locale zn_CN to zh_CN 2020-04-21 08:05:43 +00:00
test-api-interceptors.cc [api][cleanup] Use Template::Set with const char* name 2020-09-09 15:39:36 +00:00
test-api-stack-traces.cc [api][cleanup] Use Template::Set with const char* name 2020-09-09 15:39:36 +00:00
test-api-typed-array.cc [api] Deprecate [Shared]ArrayBuffer::Externalize/GetContents and constructors 2019-10-29 22:01:54 +00:00
test-api-wasm.cc [wasm-simd] Add use counter for SIMD opcodes 2020-05-08 19:14:00 +00:00
test-api.cc Reland "[regexp] Protect against reentrant RegExpStack use" 2020-10-12 10:40:58 +00:00
test-api.h [test-api] Extract arraybufs and typed arrays 2019-06-17 15:27:01 +00:00
test-array-list.cc Move more relevant files to src/objects 2019-05-23 08:52:30 +00:00
test-assembler-arm64.cc Rename legacy code kinds 2020-09-30 15:39:23 +00:00
test-assembler-arm.cc Rename legacy code kinds 2020-09-30 15:39:23 +00:00
test-assembler-ia32.cc Rename legacy code kinds 2020-09-30 15:39:23 +00:00
test-assembler-mips64.cc Rename legacy code kinds 2020-09-30 15:39:23 +00:00
test-assembler-mips.cc Rename legacy code kinds 2020-09-30 15:39:23 +00:00
test-assembler-ppc.cc Rename legacy code kinds 2020-09-30 15:39:23 +00:00
test-assembler-s390.cc Rename legacy code kinds 2020-09-30 15:39:23 +00:00
test-assembler-x64.cc Rename legacy code kinds 2020-09-30 15:39:23 +00:00
test-atomicops.cc Move remaining files in src/ 2019-05-24 18:24:36 +00:00
test-backing-store.cc Reland x6 [arraybuffer] Rearchitect backing store ownership 2019-09-09 13:07:42 +00:00
test-bignum-dtoa.cc [cleanup] Remove V8_2PART_UINT64_C macro 2020-07-20 11:52:17 +00:00
test-bignum.cc [cleanup] Remove V8_2PART_UINT64_C macro 2020-07-20 11:52:17 +00:00
test-bit-vector.cc Move remaining files in src/ 2019-05-24 18:24:36 +00:00
test-circular-queue.cc Reland "[d8] Remove maximum workers limitation" 2019-07-30 07:56:17 +00:00
test-code-layout.cc Rename legacy code kinds 2020-09-30 15:39:23 +00:00
test-code-pages.cc [nci] Replace CompilationTarget with a new Code::Kind value 2020-08-05 12:27:22 +00:00
test-code-stub-assembler.cc [cleanup] Remove unused context parameters 2020-10-05 15:02:31 +00:00
test-compiler.cc [heap] Skip some tests with --stress-concurrent-allocation 2020-09-03 18:27:56 +00:00
test-concurrent-descriptor-array.cc [cleanup] Several small clean-ups in our concurrent tests 2020-10-12 10:42:04 +00:00
test-concurrent-prototype.cc [cleanup] Several small clean-ups in our concurrent tests 2020-10-12 10:42:04 +00:00
test-concurrent-script-context-table.cc [cleanup] Several small clean-ups in our concurrent tests 2020-10-12 10:42:04 +00:00
test-concurrent-transition-array.cc [cleanup] Several small clean-ups in our concurrent tests 2020-10-12 10:42:04 +00:00
test-constantpool.cc [ptr-compr][ppc] Implement pointer compression 2020-05-06 19:06:32 +00:00
test-conversions.cc [cleanup] Remove V8_2PART_UINT64_C macro 2020-07-20 11:52:17 +00:00
test-cpu-profiler.cc Make the StartProfilingAfterOsr profiler test more robust 2020-10-08 13:20:01 +00:00
test-date.cc Move remaining files in src/ 2019-05-24 18:24:36 +00:00
test-debug-helper.cc [v8windbg] Display js function only for js frame 2020-09-21 07:50:14 +00:00
test-debug.cc [debug] Restore StepNext on correct frame for RestoreDebug 2020-09-28 09:23:25 +00:00
test-decls.cc [api] Create v8::String::NewFromLiteral that returns Local<String> 2020-03-09 12:02:07 +00:00
test-deoptimization.cc [js-function] Remove deprecated predicates 2020-08-11 11:53:00 +00:00
test-dictionary.cc Disable --stress-concurrent-allocation for tests that change free lists 2020-09-03 11:15:39 +00:00
test-disasm-arm64.cc [arm64] Use B instruction key for return address signing 2020-06-16 11:02:59 +00:00
test-disasm-arm.cc Reland "[wasm-simd][arm] Use vmov to move all ones to register" 2020-08-11 19:47:06 +00:00
test-disasm-ia32.cc Rename legacy code kinds 2020-09-30 15:39:23 +00:00
test-disasm-mips64.cc Move remaining files in src/ 2019-05-24 18:24:36 +00:00
test-disasm-mips.cc Move remaining files in src/ 2019-05-24 18:24:36 +00:00
test-disasm-ppc.cc Move remaining files in src/ 2019-05-24 18:24:36 +00:00
test-disasm-s390.cc Move remaining files in src/ 2019-05-24 18:24:36 +00:00
test-disasm-x64.cc [x64] Refactor pinsrb family of instructions 2020-10-07 23:25:30 +00:00
test-diy-fp.cc [cleanup] Remove V8_2PART_UINT64_C macro 2020-07-20 11:52:17 +00:00
test-double.cc [cleanup] Remove V8_2PART_UINT64_C macro 2020-07-20 11:52:17 +00:00
test-dtoa.cc [cleanup] Remove V8_2PART_UINT64_C macro 2020-07-20 11:52:17 +00:00
test-elements-kind.cc [compiler][cleanup] Move Make(String|Name) helper methods to cctest.h 2020-05-26 15:26:28 +00:00
test-factory.cc [nci] Replace CompilationTarget with a new Code::Kind value 2020-08-05 12:27:22 +00:00
test-fast-dtoa.cc [cleanup] Remove V8_2PART_UINT64_C macro 2020-07-20 11:52:17 +00:00
test-feedback-vector.cc [Turbofan] Allow CallIC to be polymorphic for same SharedFunctionInfos 2020-02-29 09:09:42 +00:00
test-feedback-vector.h [compiler] Make is_compiled_scope take an explicit Isolate 2020-07-06 15:49:55 +00:00
test-field-type-tracking.cc [cleanup] Clean up SYNCHRONIZED_ACCESSORS macro naming and its uses 2020-10-05 11:01:22 +00:00
test-fixed-dtoa.cc Move remaining files in src/ 2019-05-24 18:24:36 +00:00
test-flags.cc [wasm] Remove the --wasm-interpret-all flag 2020-04-28 08:14:52 +00:00
test-func-name-inference.cc [api] Create v8::String::NewFromLiteral that returns Local<String> 2020-03-09 12:02:07 +00:00
test-fuzz-arm64.cc Move architecture dependent files 2019-05-28 14:02:15 +00:00
test-global-handles.cc Fix tests to work with single generation heap 2020-07-07 09:30:57 +00:00
test-global-object.cc Move remaining files in src/ 2019-05-24 18:24:36 +00:00
test-hashcode.cc [ptr-compr] Pass Isolate to JSObject::NormalizeProperties() 2019-06-11 11:11:10 +00:00
test-hashmap.cc [cleanup] Replace function typedefs by using declarations 2019-05-28 08:35:08 +00:00
test-heap-profiler.cc [heap-profiler] Fix crash when a snapshot deleted while taking one 2020-10-12 12:21:18 +00:00
test-icache.cc [wasm][mac] Support w^x codespaces for Apple Silicon 2020-09-09 20:57:52 +00:00
test-identity-map.cc Reland^4 "[serializer] Allocate during deserialization" 2020-10-07 08:15:50 +00:00
test-inobject-slack-tracking.cc Use consistent capitalization rules for instance types 2019-10-09 17:44:42 +00:00
test-inspector.cc Implement protocol::Binary to/from base64 conversion 2020-04-30 08:46:05 +00:00
test-intl.cc [lookup] Refactor LookupIterator "property or element" creation 2020-01-09 18:39:11 +00:00
test-javascript-arm64.cc Move remaining files in src/ 2019-05-24 18:24:36 +00:00
test-js-arm64-variables.cc Move remaining files in src/ 2019-05-24 18:24:36 +00:00
test-js-weak-refs.cc Revert "[heap] Convert WeakObjects to heap::base::Worklist" 2020-10-06 14:21:55 +00:00
test-liveedit.cc Add quotes around unexpected token SyntaxError 2019-06-11 06:11:58 +00:00
test-local-handles.cc [test] Only update FLAG_local_heaps if disabled 2020-09-24 12:18:17 +00:00
test-lockers.cc Replace base::make_unique by std::make_unique 2019-09-10 11:21:51 +00:00
test-log-stack-tracer.cc [cleanup] Remove unused TickSample class from the public API 2019-08-22 07:27:35 +00:00
test-log.cc [test] Do not reset log flags 2020-09-21 16:39:32 +00:00
test-macro-assembler-arm64.cc Rename legacy code kinds 2020-09-30 15:39:23 +00:00
test-macro-assembler-arm.cc Rename legacy code kinds 2020-09-30 15:39:23 +00:00
test-macro-assembler-mips64.cc Rename legacy code kinds 2020-09-30 15:39:23 +00:00
test-macro-assembler-mips.cc Rename legacy code kinds 2020-09-30 15:39:23 +00:00
test-macro-assembler-x64.cc Rename legacy code kinds 2020-09-30 15:39:23 +00:00
test-managed.cc Move more relevant files to src/objects 2019-05-23 08:52:30 +00:00
test-mementos.cc Move more relevant files to src/objects 2019-05-23 08:52:30 +00:00
test-modules.cc [top-level-await] Implement v8::Module::IsGraphAsync() 2020-10-07 17:34:30 +00:00
test-object.cc [cleanup] Clean up SYNCHRONIZED_ACCESSORS macro naming and its uses 2020-10-05 11:01:22 +00:00
test-orderedhashtable.cc [offthread] Deisolatify dictionaries 2020-03-03 20:08:54 +00:00
test-parsing.cc [zone] Cleanup zone allocations in src/ast and tests 2020-07-10 13:48:20 +00:00
test-persistent-handles.cc [cleanup] Several small clean-ups in our concurrent tests 2020-10-12 10:42:04 +00:00
test-platform.cc [api][cleanup] Use Template::Set with const char* name 2020-09-09 15:39:36 +00:00
test-pointer-auth-arm64.cc [arm64] Add support for pointer authentication instructions 2019-07-24 17:00:26 +00:00
test-poison-disasm-arm64.cc [arm64] Intentionally corrupt the upper half of decompressed SMIs 2019-11-19 12:14:12 +00:00
test-poison-disasm-arm.cc [cctest][turboprop] Disable DisasmPoisonMonomorphicLoadFloat64 for arm 2020-07-30 10:41:36 +00:00
test-profile-generator.cc [cpu-profiler] Remove ProfileStackTrace 2020-10-03 13:10:17 +00:00
test-random-number-generator.cc Move remaining files in src/ 2019-05-24 18:24:36 +00:00
test-regexp.cc [turbofan] Make OSR and stack slots compatible 2020-10-05 17:41:02 +00:00
test-representation.cc Move relevant files to src/objects 2019-05-20 08:57:47 +00:00
test-roots.cc [heap] Use BasicMemoryChunk::FromHeapObject more 2020-06-17 14:05:48 +00:00
test-sampler-api.cc [api][cleanup] Use Template::Set with const char* name 2020-09-09 15:39:36 +00:00
test-serialize.cc Reland^4 "[serializer] Allocate during deserialization" 2020-10-07 08:15:50 +00:00
test-smi-lexicographic-compare.cc [cleanup] Eliminate non-const reference parameters 2019-09-10 09:31:07 +00:00
test-stack-unwinding-win64.cc Unwind V8 frames correctly on Windows ARM64 2019-07-31 06:24:45 +00:00
test-strings.cc Disable --stress-concurrent-allocation for tests that change free lists 2020-09-03 11:15:39 +00:00
test-strtod.cc Move remaining files in src/ 2019-05-24 18:24:36 +00:00
test-symbols.cc Move utility code to src/utils 2019-05-23 14:13:34 +00:00
test-sync-primitives-arm64.cc Rename legacy code kinds 2020-09-30 15:39:23 +00:00
test-sync-primitives-arm.cc Reland "[d8] Remove maximum workers limitation" 2019-07-30 07:56:17 +00:00
test-thread-termination.cc [weakrefs] Call Isolate::ClearKeptObjects() as part of microtask checkpoint 2020-02-19 02:25:34 +00:00
test-threads.cc Replace base::make_unique by std::make_unique 2019-09-10 11:21:51 +00:00
test-trace-event.cc Replace base::make_unique by std::make_unique 2019-09-10 11:21:51 +00:00
test-traced-value.cc [tracing] Improve tracing signals for compilation/optimization. 2019-03-25 14:49:08 +00:00
test-transitions.cc [ptr-compr] Isolatify Map::MigrateToMap() and friends 2019-07-03 08:08:05 +00:00
test-transitions.h [compiler] Test transition from Uninitialized to kFullTransitionArray 2020-07-28 13:03:31 +00:00
test-typedarrays.cc [api] Deprecate [Shared]ArrayBuffer::Externalize/GetContents and constructors 2019-10-29 22:01:54 +00:00
test-types.cc [turbofan] Normalize types for Oddball constants 2020-03-12 14:28:52 +00:00
test-unboxed-doubles.cc [cleanup] Clean up SYNCHRONIZED_ACCESSORS macro naming and its uses 2020-10-05 11:01:22 +00:00
test-unscopables-hidden-prototype.cc Move remaining files in src/ 2019-05-24 18:24:36 +00:00
test-unwinder-code-pages.cc [unwinder] Clean up existing tests 2020-09-01 09:46:29 +00:00
test-usecounters.cc [atomics] Remove the deprecated Atomics.wake 2020-08-10 23:02:17 +00:00
test-utils-arm64.cc [arm64][cleanup] Remove CPURegister::Is and CPURegister::is 2019-11-14 12:58:09 +00:00
test-utils-arm64.h Move architecture dependent files 2019-05-28 14:02:15 +00:00
test-utils.cc [cleanup] Split out bit-field.h and bounds.h from utils/utils.h 2019-11-15 13:00:08 +00:00
test-v8windbg.cc [tools] Add v8windbg, a WinDbg extension for V8 2020-02-18 19:16:18 +00:00
test-version.cc Move remaining files in src/ 2019-05-24 18:24:36 +00:00
test-weakmaps.cc Disable --stress-concurrent-allocation for tests that change free lists 2020-09-03 11:15:39 +00:00
test-weaksets.cc Disable --stress-concurrent-allocation for tests that change free lists 2020-09-03 11:15:39 +00:00
testcfg.py Reland "Preparing v8 to use with python3 /test" 2019-03-20 09:56:06 +00:00
trace-extension.cc [api] Create v8::String::NewFromLiteral that returns Local<String> 2020-03-09 12:02:07 +00:00
trace-extension.h [cleanup] Remove unused TickSample class from the public API 2019-08-22 07:27:35 +00:00
unicode-helpers.cc Move string-related files to src/strings 2019-05-21 07:17:48 +00:00
unicode-helpers.h Move string-related files to src/strings 2019-05-21 07:17:48 +00:00