src/elements.cc - Issue 12220040: Add --trace-array-abuse to help find OOB accesses.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/elements.cc

Issue 12220040: Add --trace-array-abuse to help find OOB accesses. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge

Patch Set: Remove changed test Created 7 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/elements.cc

diff --git a/src/elements.cc b/src/elements.cc

index 5b454e5964ae2caf873f30adc7ddc83b1f6f08c8..6459279dea56753cbbdfa194678d77c0cb6b11ea 100644

--- a/src/elements.cc

+++ b/src/elements.cc

@@ -30,7 +30,7 @@

#include "objects.h"

#include "elements.h"

#include "utils.h"

+#include "v8conversions.h"

// Each concrete ElementsAccessor can handle exactly one ElementsKind,

// several abstract ElementsAccessor classes are used to allow sharing

@@ -483,6 +483,63 @@ static void CopyDictionaryToDoubleElements(FixedArrayBase* from_base,

}

+static void TraceTopFrame() {

+ StackFrameIterator it;

+ if (it.done()) {

+ PrintF("unknown location (no JavaScript frames present)");

+ return;

+ }

+ StackFrame* raw_frame = it.frame();

+ if (raw_frame->is_internal()) {

+ Isolate* isolate = Isolate::Current();

+ Code* apply_builtin = isolate->builtins()->builtin(

+ Builtins::kFunctionApply);

+ if (raw_frame->unchecked_code() == apply_builtin) {

+ PrintF("apply from ");

+ it.Advance();

+ raw_frame = it.frame();

+ }

+ JavaScriptFrame::PrintTop(stdout, false, true);

+void CheckArrayAbuse(JSObject* obj, const char* op, uint32_t key) {

+ Object* raw_length = NULL;

+ const char* elements_type = "array";

+ if (obj->IsJSArray()) {

+ JSArray* array = JSArray::cast(obj);

+ raw_length = array->length();

+ } else {

+ raw_length = Smi::FromInt(obj->elements()->length());

+ elements_type = "object";

+ }

+ if (raw_length->IsNumber()) {

+ double n = raw_length->Number();

+ if (FastI2D(FastD2UI(n)) == n) {

+ int32_t int32_length = DoubleToInt32(n);

+ if (key >= static_cast<uint32_t>(int32_length)) {

+ PrintF("[OOB %s %s (%s length = %d, element accessed = %d) in ",

+ elements_type, op, elements_type,

+ static_cast<int>(int32_length),

+ static_cast<int>(key));

+ TraceTopFrame();

+ PrintF("]\n");

+ }

+ } else {

+ PrintF("[%s elements length not integer value in ", elements_type);

+ TraceTopFrame();

+ PrintF("]\n");

+ }

+ } else {

+ PrintF("[%s elements length not a number in ", elements_type);

+ TraceTopFrame();

+ PrintF("]\n");

+ }

// Base class for element handler implementations. Contains the

// the common logic for objects with different ElementsKinds.

// Subclasses must specialize method for which the element

@@ -570,6 +627,11 @@ class ElementsAccessorBase : public ElementsAccessor {

if (backing_store == NULL) {

backing_store = holder->elements();

}

+ if (FLAG_trace_array_abuse) {

+ CheckArrayAbuse(holder, "element read", key);

+ }

return ElementsAccessorSubclass::GetImpl(

receiver, holder, key, backing_store);

}

« no previous file with comments | « src/elements.h ('k') | src/flag-definitions.h » ('j') | no next file with comments »