Remove materialized objects on stack unwind.

src/isolate.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <stdlib.h>
 
 #include <fstream>  // NOLINT(readability/streams)
 #include <sstream>
 
 #include "src/v8.h"
@@ skipping 1025 matching lines @@
 
   // Special handling of termination exceptions, uncatchable by JavaScript code,
   // we unwind the handlers until the top ENTRY handler is found.
   bool catchable_by_js = is_catchable_by_javascript(exception);
 
   // Compute handler and stack unwinding information by performing a full walk
   // over the stack and dispatching according to the frame type.
   for (StackFrameIterator iter(this); !iter.done(); iter.Advance()) {
     StackFrame* frame = iter.frame();
 
+    RemoveMaterializedObjectsOnUnwind(frame);

[Michael Starzinger, 2015/05/04 15:17:03]

As discussed offline: I think the materialized objects should only be discarded
if we didn't find an exception handler. Otherwise the exception handler might
lazy deopt and still need the materialized objects.

+
     // For JSEntryStub frames we always have a handler.
     if (frame->is_entry() || frame->is_entry_construct()) {
       StackHandler* handler = frame->top_handler();
 
       // Restore the next handler.
       thread_local_top()->handler_ = handler->next()->address();
 
       // Gather information from the handler.
       code = frame->LookupCode();
       handler_sp = handler->address() + StackHandlerConstants::kSize;
@@ skipping 54 matching lines @@
   thread_local_top()->pending_handler_offset_ = offset;
   thread_local_top()->pending_handler_fp_ = handler_fp;
   thread_local_top()->pending_handler_sp_ = handler_sp;
 
   // Return and clear pending exception.
   clear_pending_exception();
   return exception;
 }
 
 
+void Isolate::RemoveMaterializedObjectsOnUnwind(StackFrame* frame) {
+  if (frame->is_optimized()) {
+    bool removed = materialized_object_store_->Remove(frame->fp());
+    USE(removed);
+    // If there were any materialized objects, the code should be
+    // marked for deopt.
+    DCHECK(!removed || frame->LookupCode()->marked_for_deoptimization());
+  }
+}
+
+
 Isolate::CatchType Isolate::PredictExceptionCatcher() {
   Address external_handler = thread_local_top()->try_catch_handler_address();
   Address entry_handler = Isolate::handler(thread_local_top());
   if (IsExternalHandlerOnTop(nullptr)) return CAUGHT_BY_EXTERNAL;
 
   // Search for an exception handler by performing a full walk over the stack.
   for (StackFrameIterator iter(this); !iter.done(); iter.Advance()) {
     StackFrame* frame = iter.frame();
 
     // For JSEntryStub frames we update the JS_ENTRY handler.
@@ skipping 1626 matching lines @@
   if (prev_ && prev_->Intercept(flag)) return true;
   // Then check whether this scope intercepts.
   if ((flag & intercept_mask_)) {
     intercepted_flags_ |= flag;
     return true;
   }
   return false;
 }
 
 } }  // namespace v8::internal