Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/full-codegen/x64/full-codegen-x64.cc

Issue 1334673003: Add instrumentation to track down a crasher (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: save receiver and push it before crashing Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | src/ic/ic.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #if V8_TARGET_ARCH_X64 5 #if V8_TARGET_ARCH_X64
6 6
7 #include "src/code-factory.h" 7 #include "src/code-factory.h"
8 #include "src/code-stubs.h" 8 #include "src/code-stubs.h"
9 #include "src/codegen.h" 9 #include "src/codegen.h"
10 #include "src/compiler.h" 10 #include "src/compiler.h"
(...skipping 2225 matching lines...) Expand 10 before | Expand all | Expand 10 after
2236 done ? Heap::kTrueValueRootIndex : Heap::kFalseValueRootIndex); 2236 done ? Heap::kTrueValueRootIndex : Heap::kFalseValueRootIndex);
2237 STATIC_ASSERT(JSIteratorResult::kSize == 5 * kPointerSize); 2237 STATIC_ASSERT(JSIteratorResult::kSize == 5 * kPointerSize);
2238 } 2238 }
2239 2239
2240 2240
2241 void FullCodeGenerator::EmitNamedPropertyLoad(Property* prop) { 2241 void FullCodeGenerator::EmitNamedPropertyLoad(Property* prop) {
2242 SetExpressionPosition(prop); 2242 SetExpressionPosition(prop);
2243 Literal* key = prop->key()->AsLiteral(); 2243 Literal* key = prop->key()->AsLiteral();
2244 DCHECK(!prop->IsSuperAccess()); 2244 DCHECK(!prop->IsSuperAccess());
2245 2245
2246 // See comment below.
2247 if (FeedbackVector()->GetIndex(prop->PropertyFeedbackSlot()) == 6) {
2248 __ Push(LoadDescriptor::ReceiverRegister());
2249 }
2250
2246 __ Move(LoadDescriptor::NameRegister(), key->value()); 2251 __ Move(LoadDescriptor::NameRegister(), key->value());
2247 __ Move(LoadDescriptor::SlotRegister(), 2252 __ Move(LoadDescriptor::SlotRegister(),
2248 SmiFromSlot(prop->PropertyFeedbackSlot())); 2253 SmiFromSlot(prop->PropertyFeedbackSlot()));
2249 CallLoadIC(NOT_INSIDE_TYPEOF, language_mode()); 2254 CallLoadIC(NOT_INSIDE_TYPEOF, language_mode());
2255
2256 // Sanity check: The loaded value must be a JS-exposed kind of object,
2257 // not something internal (like a Map, or FixedArray). Check this here
2258 // to chase after a rare but recurring crash bug. It seems to always
2259 // occur for functions beginning with "this.foo.bar()", so be selective
2260 // and only insert the check for the first LoadIC (identified by slot).
2261 // TODO(jkummerow): Remove this when it has generated a few crash reports.
2262 // Don't forget to remove the Push() above as well!
2263 if (FeedbackVector()->GetIndex(prop->PropertyFeedbackSlot()) == 6) {
2264 __ Pop(LoadDescriptor::ReceiverRegister());
2265
2266 Label ok;
2267 __ JumpIfSmi(rax, &ok, Label::kNear);
2268 __ movp(rbx, FieldOperand(rax, HeapObject::kMapOffset));
2269 __ CmpInstanceType(rbx, LAST_PRIMITIVE_TYPE);
2270 __ j(below_equal, &ok, Label::kNear);
2271 __ CmpInstanceType(rbx, FIRST_JS_RECEIVER_TYPE);
2272 __ j(above_equal, &ok, Label::kNear);
2273
2274 __ Push(Smi::FromInt(0xaabbccdd));
2275 __ Push(LoadDescriptor::ReceiverRegister());
2276 __ movp(rbx, FieldOperand(LoadDescriptor::ReceiverRegister(),
2277 HeapObject::kMapOffset));
2278 __ Push(rbx);
2279 __ movp(rbx, FieldOperand(LoadDescriptor::ReceiverRegister(),
2280 JSObject::kPropertiesOffset));
2281 __ Push(rbx);
2282 __ int3();
2283
2284 __ bind(&ok);
2285 }
2250 } 2286 }
2251 2287
2252 2288
2253 void FullCodeGenerator::EmitNamedSuperPropertyLoad(Property* prop) { 2289 void FullCodeGenerator::EmitNamedSuperPropertyLoad(Property* prop) {
2254 // Stack: receiver, home_object 2290 // Stack: receiver, home_object
2255 SetExpressionPosition(prop); 2291 SetExpressionPosition(prop);
2256 Literal* key = prop->key()->AsLiteral(); 2292 Literal* key = prop->key()->AsLiteral();
2257 DCHECK(!key->value()->IsSmi()); 2293 DCHECK(!key->value()->IsSmi());
2258 DCHECK(prop->IsSuperAccess()); 2294 DCHECK(prop->IsSuperAccess());
2259 2295
(...skipping 2988 matching lines...) Expand 10 before | Expand all | Expand 10 after
5248 Assembler::target_address_at(call_target_address, 5284 Assembler::target_address_at(call_target_address,
5249 unoptimized_code)); 5285 unoptimized_code));
5250 return OSR_AFTER_STACK_CHECK; 5286 return OSR_AFTER_STACK_CHECK;
5251 } 5287 }
5252 5288
5253 5289
5254 } // namespace internal 5290 } // namespace internal
5255 } // namespace v8 5291 } // namespace v8
5256 5292
5257 #endif // V8_TARGET_ARCH_X64 5293 #endif // V8_TARGET_ARCH_X64
OLDNEW
« no previous file with comments | « no previous file | src/ic/ic.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698