AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
9ffb482926
v8/test/cctest/heap/test-unmapper.cc
Etienne Pierre-doray df591efbe3 [test]: Fix platform lifetime in EagerUnmappingInCollectAllAvailableGarbage. 
Currently MockPlatformForUnmapper has shorter lifetime than the isolate that
uses it. This leads to use-after-free races in concurrent tasks that fetch
the mock platform just before it is freed.

This CL ensures that MockPlatformForUnmapper is valid throughout the whole
lifetime of the isolate

Change-Id: I94a658bf7eb70d924a19522dab09744f21782972
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502809
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70826}
2020-10-28 09:12:05 +00:00

76 lines
2.2 KiB
C++
Raw Blame History

// Copyright 2018 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <vector>
#include "src/heap/heap.h"
#include "src/heap/memory-allocator.h"
#include "src/init/v8.h"
#include "test/cctest/cctest.h"
#include "test/cctest/heap/heap-utils.h"
using v8::IdleTask;
using v8::Task;
using v8::Isolate;
namespace v8 {
namespace internal {
namespace heap {
class MockPlatformForUnmapper : public TestPlatform {
public:
MockPlatformForUnmapper()
: task_(nullptr), old_platform_(i::V8::GetCurrentPlatform()) {
// Now that it's completely constructed, make this the current platform.
i::V8::SetPlatformForTesting(this);
}
~MockPlatformForUnmapper() override {
delete task_;
i::V8::SetPlatformForTesting(old_platform_);
for (auto& task : worker_tasks_) {
old_platform_->CallOnWorkerThread(std::move(task));
}
worker_tasks_.clear();
}
void CallOnWorkerThread(std::unique_ptr<Task> task) override {
worker_tasks_.push_back(std::move(task));
}
bool IdleTasksEnabled(v8::Isolate* isolate) override { return false; }
int NumberOfWorkerThreads() override {
return old_platform_->NumberOfWorkerThreads();
}
private:
Task* task_;
std::vector<std::unique_ptr<Task>> worker_tasks_;
v8::Platform* old_platform_;
};
UNINITIALIZED_TEST(EagerUnmappingInCollectAllAvailableGarbage) {
FLAG_stress_concurrent_allocation = false; // For SimulateFullSpace.
MockPlatformForUnmapper platform;
v8::Isolate::CreateParams create_params;
create_params.array_buffer_allocator = CcTest::array_buffer_allocator();
v8::Isolate* isolate = v8::Isolate::New(create_params);
{
v8::HandleScope handle_scope(isolate);
v8::Local<v8::Context> context = CcTest::NewContext(isolate);
v8::Context::Scope context_scope(context);
Isolate* i_isolate = reinterpret_cast<i::Isolate*>(isolate);
Heap* heap = i_isolate->heap();
i::heap::SimulateFullSpace(heap->old_space());
CcTest::CollectAllAvailableGarbage(i_isolate);
CHECK_EQ(0, heap->memory_allocator()->unmapper()->NumberOfChunks());
}
isolate->Dispose();
}
} // namespace heap
} // namespace internal
} // namespace v8
Reference in New Issue View Git Blame Copy Permalink