| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #if V8_TARGET_ARCH_X64 | 5 #if V8_TARGET_ARCH_X64 |
| 6 | 6 |
| 7 #include "src/code-factory.h" | 7 #include "src/code-factory.h" |
| 8 #include "src/code-stubs.h" | 8 #include "src/code-stubs.h" |
| 9 #include "src/codegen.h" | 9 #include "src/codegen.h" |
| 10 #include "src/compiler.h" | 10 #include "src/compiler.h" |
| (...skipping 2239 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2250 __ Move(LoadDescriptor::NameRegister(), key->value()); | 2250 __ Move(LoadDescriptor::NameRegister(), key->value()); |
| 2251 __ Move(LoadDescriptor::SlotRegister(), | 2251 __ Move(LoadDescriptor::SlotRegister(), |
| 2252 SmiFromSlot(prop->PropertyFeedbackSlot())); | 2252 SmiFromSlot(prop->PropertyFeedbackSlot())); |
| 2253 CallLoadIC(NOT_INSIDE_TYPEOF, language_mode()); | 2253 CallLoadIC(NOT_INSIDE_TYPEOF, language_mode()); |
| 2254 | 2254 |
| 2255 // Sanity check: The loaded value must be a JS-exposed kind of object, | 2255 // Sanity check: The loaded value must be a JS-exposed kind of object, |
| 2256 // not something internal (like a Map, or FixedArray). Check this here | 2256 // not something internal (like a Map, or FixedArray). Check this here |
| 2257 // to chase after a rare but recurring crash bug. It seems to always | 2257 // to chase after a rare but recurring crash bug. It seems to always |
| 2258 // occur for functions beginning with "this.foo.bar()", so be selective | 2258 // occur for functions beginning with "this.foo.bar()", so be selective |
| 2259 // and only insert the check for the first LoadIC (identified by slot). | 2259 // and only insert the check for the first LoadIC (identified by slot). |
| 2260 // TODO(jkummerow): Remove this when it has generated a few crash reports. | 2260 // TODO(chromium:527994): Remove this when we have a few crash reports. |
| 2261 // Don't forget to remove the Push() above as well! | 2261 // Don't forget to remove the Push() above as well! |
| 2262 if (FeedbackVector()->GetIndex(prop->PropertyFeedbackSlot()) == 6) { | 2262 if (FeedbackVector()->GetIndex(prop->PropertyFeedbackSlot()) == 6) { |
| 2263 __ Pop(LoadDescriptor::ReceiverRegister()); | 2263 __ Pop(LoadDescriptor::ReceiverRegister()); |
| 2264 | 2264 |
| 2265 Label ok, sound_alarm; | 2265 Label ok, sound_alarm; |
| 2266 __ JumpIfSmi(rax, &ok, Label::kNear); | 2266 __ JumpIfSmi(rax, &ok, Label::kNear); |
| 2267 __ movp(rbx, FieldOperand(rax, HeapObject::kMapOffset)); | 2267 __ movp(rbx, FieldOperand(rax, HeapObject::kMapOffset)); |
| 2268 __ CompareRoot(rbx, Heap::kMetaMapRootIndex); | 2268 __ CompareRoot(rbx, Heap::kMetaMapRootIndex); |
| 2269 __ j(equal, &sound_alarm); | 2269 __ j(equal, &sound_alarm); |
| 2270 __ CompareRoot(rbx, Heap::kFixedArrayMapRootIndex); | 2270 __ CompareRoot(rbx, Heap::kFixedArrayMapRootIndex); |
| (...skipping 2919 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5190 Assembler::target_address_at(call_target_address, | 5190 Assembler::target_address_at(call_target_address, |
| 5191 unoptimized_code)); | 5191 unoptimized_code)); |
| 5192 return OSR_AFTER_STACK_CHECK; | 5192 return OSR_AFTER_STACK_CHECK; |
| 5193 } | 5193 } |
| 5194 | 5194 |
| 5195 | 5195 |
| 5196 } // namespace internal | 5196 } // namespace internal |
| 5197 } // namespace v8 | 5197 } // namespace v8 |
| 5198 | 5198 |
| 5199 #endif // V8_TARGET_ARCH_X64 | 5199 #endif // V8_TARGET_ARCH_X64 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1348823003:
[hydrogen] Add crash-hunting instrumentation to Hydrogen too (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master