AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
50d725f1e5
v8/test/cctest/heap
History
Michael Lippautz fc49e77f26 api,heap: Avoid dropping global handles when stack state is overridden 
This CL only affects non-production code. In non-production code, test
runners may invoke tasks (base::RunLoop()) with an interesting stack.
V8 assumes that it can clear certain data structures when running from
a non-nested task due to not having any interesting stack on top.
During testing this can lead to UAF on stack as data structures are
prematurely cleared.

With cppgc this failure can be fixed as the information on whether
test runners invoke tasks with a non-trivial stack is actually
present.

Example failure: https://logs.chromium.org/logs/chromium/buildbucket/cr-buildbucket.appspot.com/8847453411432681120/+/steps/webkit_unit_tests__with_patch__on_Ubuntu-18.04/0/logs/Flaky_failure:_WebSocketStreamTest.ConnectWithFailedHandshake__status_CRASH_SUCCESS_/0

Change-Id: Ib9f6fb2d8a1aa43d0b973afeb2d0a740c769e784
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891574
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74539}
2021-05-12 19:20:23 +00:00
..
heap-tester.h Reland "Reland "[deoptimizer] Change deopt entries into builtins"" 2020-10-21 06:01:38 +00:00
heap-utils.cc [heap] Fix failed tests when enabling single generation 2021-04-21 07:33:51 +00:00
heap-utils.h [heap, infra] Remove --local-heaps and --concurrent-allocation flags 2021-02-01 11:01:26 +00:00
test-alloc.cc [cleanup] Remove atomic kRelaxed accessors in favour for non-atomic ones 2021-03-08 10:57:19 +00:00
test-array-buffer-tracker.cc [heap] Make creation of NewSpace and NewLargeObjectSpace optional 2021-05-04 06:47:54 +00:00
test-compaction.cc [heap] Add flag to crash when evacuation aborts 2021-03-01 12:56:02 +00:00
test-concurrent-allocation.cc [heap] Fix failed tests when enabling single generation 2021-04-21 07:33:51 +00:00
test-concurrent-marking.cc [heap] Fix failed tests when enabling single generation 2021-04-21 07:33:51 +00:00
test-embedder-tracing.cc api,heap: Avoid dropping global handles when stack state is overridden 2021-05-12 19:20:23 +00:00
test-external-string-tracker.cc [heap] Make creation of NewSpace and NewLargeObjectSpace optional 2021-05-04 06:47:54 +00:00
test-heap.cc [runtime] TryFastArrayFill can throw exception 2021-05-11 11:12:59 +00:00
test-incremental-marking.cc [test]: Fix platform lifetime in IncrementalMarkingUsingTasks. 2020-11-27 06:58:21 +00:00
test-invalidated-slots.cc [heap] Fix failed tests when enabling single generation 2021-04-21 07:33:51 +00:00
test-iterators.cc [test] Fix or skip CHECKs in tests for TPH 2021-05-03 09:05:08 +00:00
test-lab.cc [torque] Use generated instance types, part 1 2019-10-28 18:30:31 +00:00
test-mark-compact.cc [heap] Fix failed tests when enabling single generation 2021-04-21 07:33:51 +00:00
test-memory-measurement.cc [cleanup] Remove stale TODOs 2021-04-23 13:36:32 +00:00
test-page-promotion.cc [test] Tests should only invoke NewSpace::Grow in safepoint 2020-09-24 16:14:10 +00:00
test-shared-heap.cc [heap] Support simple shared GCs without any clients 2021-05-11 20:04:04 +00:00
test-spaces.cc [ptr-cage] Factor CodeRange out of MemoryAllocator and share along with ptr cage 2021-04-28 19:17:00 +00:00
test-unmapper.cc [test]: Fix platform lifetime in EagerUnmappingInCollectAllAvailableGarbage. 2020-10-28 09:12:05 +00:00
test-weak-references.cc Prevent memory chunk access for TPH 2021-05-06 12:29:32 +00:00
test-write-barrier.cc [heap] Fix failed tests when enabling single generation 2021-04-21 07:33:51 +00:00