Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(113)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/ic/ic.cc

Issue 1334673003: Add instrumentation to track down a crasher (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: save receiver and push it before crashing Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/full-codegen/x64/full-codegen-x64.cc ('k') | src/objects.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/ic/ic.h" 5 #include "src/ic/ic.h"
6 6
7 #include "src/accessors.h" 7 #include "src/accessors.h"
8 #include "src/api.h" 8 #include "src/api.h"
9 #include "src/arguments.h" 9 #include "src/arguments.h"
10 #include "src/base/bits.h" 10 #include "src/base/bits.h"
(...skipping 2359 matching lines...) Expand 10 before | Expand all | Expand 10 after
2370 Handle<TypeFeedbackVector> vector = args.at<TypeFeedbackVector>(3); 2370 Handle<TypeFeedbackVector> vector = args.at<TypeFeedbackVector>(3);
2371 FeedbackVectorICSlot vector_slot = vector->ToICSlot(slot->value()); 2371 FeedbackVectorICSlot vector_slot = vector->ToICSlot(slot->value());
2372 // A monomorphic or polymorphic KeyedLoadIC with a string key can call the 2372 // A monomorphic or polymorphic KeyedLoadIC with a string key can call the
2373 // LoadIC miss handler if the handler misses. Since the vector Nexus is 2373 // LoadIC miss handler if the handler misses. Since the vector Nexus is
2374 // set up outside the IC, handle that here. 2374 // set up outside the IC, handle that here.
2375 if (vector->GetKind(vector_slot) == Code::LOAD_IC) { 2375 if (vector->GetKind(vector_slot) == Code::LOAD_IC) {
2376 LoadICNexus nexus(vector, vector_slot); 2376 LoadICNexus nexus(vector, vector_slot);
2377 LoadIC ic(IC::NO_EXTRA_FRAME, isolate, &nexus); 2377 LoadIC ic(IC::NO_EXTRA_FRAME, isolate, &nexus);
2378 ic.UpdateState(receiver, key); 2378 ic.UpdateState(receiver, key);
2379 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result, ic.Load(receiver, key)); 2379 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result, ic.Load(receiver, key));
2380
2381 // Sanity check: The loaded value must be a JS-exposed kind of object,
2382 // not something internal (like a Map, or FixedArray). Check this here
2383 // to chase after a rare but recurring crash bug.
2384 // TODO(jkummerow): Remove this when it has generated a few crash reports.
2385 if (!result->IsSmi()) {
2386 InstanceType type =
2387 Handle<HeapObject>::cast(result)->map()->instance_type();
2388 CHECK(type <= LAST_PRIMITIVE_TYPE || type >= FIRST_JS_RECEIVER_TYPE);
2389 }
2390
2380 } else { 2391 } else {
2381 DCHECK(vector->GetKind(vector_slot) == Code::KEYED_LOAD_IC); 2392 DCHECK(vector->GetKind(vector_slot) == Code::KEYED_LOAD_IC);
2382 KeyedLoadICNexus nexus(vector, vector_slot); 2393 KeyedLoadICNexus nexus(vector, vector_slot);
2383 KeyedLoadIC ic(IC::NO_EXTRA_FRAME, isolate, &nexus); 2394 KeyedLoadIC ic(IC::NO_EXTRA_FRAME, isolate, &nexus);
2384 ic.UpdateState(receiver, key); 2395 ic.UpdateState(receiver, key);
2385 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result, ic.Load(receiver, key)); 2396 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result, ic.Load(receiver, key));
2386 } 2397 }
2387 return *result; 2398 return *result;
2388 } 2399 }
2389 2400
(...skipping 721 matching lines...) Expand 10 before | Expand all | Expand 10 after
3111 Handle<TypeFeedbackVector> vector = args.at<TypeFeedbackVector>(3); 3122 Handle<TypeFeedbackVector> vector = args.at<TypeFeedbackVector>(3);
3112 FeedbackVectorICSlot vector_slot = vector->ToICSlot(slot->value()); 3123 FeedbackVectorICSlot vector_slot = vector->ToICSlot(slot->value());
3113 // A monomorphic or polymorphic KeyedLoadIC with a string key can call the 3124 // A monomorphic or polymorphic KeyedLoadIC with a string key can call the
3114 // LoadIC miss handler if the handler misses. Since the vector Nexus is 3125 // LoadIC miss handler if the handler misses. Since the vector Nexus is
3115 // set up outside the IC, handle that here. 3126 // set up outside the IC, handle that here.
3116 if (vector->GetKind(vector_slot) == Code::LOAD_IC) { 3127 if (vector->GetKind(vector_slot) == Code::LOAD_IC) {
3117 LoadICNexus nexus(vector, vector_slot); 3128 LoadICNexus nexus(vector, vector_slot);
3118 LoadIC ic(IC::EXTRA_CALL_FRAME, isolate, &nexus); 3129 LoadIC ic(IC::EXTRA_CALL_FRAME, isolate, &nexus);
3119 ic.UpdateState(receiver, key); 3130 ic.UpdateState(receiver, key);
3120 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result, ic.Load(receiver, key)); 3131 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result, ic.Load(receiver, key));
3132
3133 // Sanity check: The loaded value must be a JS-exposed kind of object,
3134 // not something internal (like a Map, or FixedArray). Check this here
3135 // to chase after a rare but recurring crash bug.
3136 // TODO(jkummerow): Remove this when it has generated a few crash reports.
3137 if (!result->IsSmi()) {
3138 InstanceType type =
3139 Handle<HeapObject>::cast(result)->map()->instance_type();
3140 CHECK(type <= LAST_PRIMITIVE_TYPE || type >= FIRST_JS_RECEIVER_TYPE);
3141 }
3142
3121 } else { 3143 } else {
3122 DCHECK(vector->GetKind(vector_slot) == Code::KEYED_LOAD_IC); 3144 DCHECK(vector->GetKind(vector_slot) == Code::KEYED_LOAD_IC);
3123 KeyedLoadICNexus nexus(vector, vector_slot); 3145 KeyedLoadICNexus nexus(vector, vector_slot);
3124 KeyedLoadIC ic(IC::EXTRA_CALL_FRAME, isolate, &nexus); 3146 KeyedLoadIC ic(IC::EXTRA_CALL_FRAME, isolate, &nexus);
3125 ic.UpdateState(receiver, key); 3147 ic.UpdateState(receiver, key);
3126 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result, ic.Load(receiver, key)); 3148 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result, ic.Load(receiver, key));
3127 } 3149 }
3128 3150
3129 return *result; 3151 return *result;
3130 } 3152 }
3131 } // namespace internal 3153 } // namespace internal
3132 } // namespace v8 3154 } // namespace v8
OLDNEW
« no previous file with comments | « src/full-codegen/x64/full-codegen-x64.cc ('k') | src/objects.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698