| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/ic/ic.h" | 5 #include "src/ic/ic.h" |
| 6 | 6 |
| 7 #include "src/accessors.h" | 7 #include "src/accessors.h" |
| 8 #include "src/api.h" | 8 #include "src/api.h" |
| 9 #include "src/arguments.h" | 9 #include "src/arguments.h" |
| 10 #include "src/base/bits.h" | 10 #include "src/base/bits.h" |
| (...skipping 2363 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2374 // set up outside the IC, handle that here. | 2374 // set up outside the IC, handle that here. |
| 2375 if (vector->GetKind(vector_slot) == Code::LOAD_IC) { | 2375 if (vector->GetKind(vector_slot) == Code::LOAD_IC) { |
| 2376 LoadICNexus nexus(vector, vector_slot); | 2376 LoadICNexus nexus(vector, vector_slot); |
| 2377 LoadIC ic(IC::NO_EXTRA_FRAME, isolate, &nexus); | 2377 LoadIC ic(IC::NO_EXTRA_FRAME, isolate, &nexus); |
| 2378 ic.UpdateState(receiver, key); | 2378 ic.UpdateState(receiver, key); |
| 2379 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result, ic.Load(receiver, key)); | 2379 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result, ic.Load(receiver, key)); |
| 2380 | 2380 |
| 2381 // Sanity check: The loaded value must be a JS-exposed kind of object, | 2381 // Sanity check: The loaded value must be a JS-exposed kind of object, |
| 2382 // not something internal (like a Map, or FixedArray). Check this here | 2382 // not something internal (like a Map, or FixedArray). Check this here |
| 2383 // to chase after a rare but recurring crash bug. | 2383 // to chase after a rare but recurring crash bug. |
| 2384 // TODO(jkummerow): Remove this when it has generated a few crash reports. | 2384 // TODO(chromium:527994): Remove this when we have a few crash reports. |
| 2385 if (!result->IsSmi()) { | 2385 if (!result->IsSmi()) { |
| 2386 InstanceType type = | 2386 InstanceType type = |
| 2387 Handle<HeapObject>::cast(result)->map()->instance_type(); | 2387 Handle<HeapObject>::cast(result)->map()->instance_type(); |
| 2388 CHECK(type <= LAST_PRIMITIVE_TYPE || type >= FIRST_JS_RECEIVER_TYPE); | 2388 CHECK(type <= LAST_PRIMITIVE_TYPE || type >= FIRST_JS_RECEIVER_TYPE); |
| 2389 } | 2389 } |
| 2390 | 2390 |
| 2391 } else { | 2391 } else { |
| 2392 DCHECK(vector->GetKind(vector_slot) == Code::KEYED_LOAD_IC); | 2392 DCHECK(vector->GetKind(vector_slot) == Code::KEYED_LOAD_IC); |
| 2393 KeyedLoadICNexus nexus(vector, vector_slot); | 2393 KeyedLoadICNexus nexus(vector, vector_slot); |
| 2394 KeyedLoadIC ic(IC::NO_EXTRA_FRAME, isolate, &nexus); | 2394 KeyedLoadIC ic(IC::NO_EXTRA_FRAME, isolate, &nexus); |
| (...skipping 728 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3123 // set up outside the IC, handle that here. | 3123 // set up outside the IC, handle that here. |
| 3124 if (vector->GetKind(vector_slot) == Code::LOAD_IC) { | 3124 if (vector->GetKind(vector_slot) == Code::LOAD_IC) { |
| 3125 LoadICNexus nexus(vector, vector_slot); | 3125 LoadICNexus nexus(vector, vector_slot); |
| 3126 LoadIC ic(IC::EXTRA_CALL_FRAME, isolate, &nexus); | 3126 LoadIC ic(IC::EXTRA_CALL_FRAME, isolate, &nexus); |
| 3127 ic.UpdateState(receiver, key); | 3127 ic.UpdateState(receiver, key); |
| 3128 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result, ic.Load(receiver, key)); | 3128 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result, ic.Load(receiver, key)); |
| 3129 | 3129 |
| 3130 // Sanity check: The loaded value must be a JS-exposed kind of object, | 3130 // Sanity check: The loaded value must be a JS-exposed kind of object, |
| 3131 // not something internal (like a Map, or FixedArray). Check this here | 3131 // not something internal (like a Map, or FixedArray). Check this here |
| 3132 // to chase after a rare but recurring crash bug. | 3132 // to chase after a rare but recurring crash bug. |
| 3133 // TODO(jkummerow): Remove this when it has generated a few crash reports. | 3133 // TODO(chromium:527994): Remove this when we have a few crash reports. |
| 3134 if (!result->IsSmi()) { | 3134 if (!result->IsSmi()) { |
| 3135 InstanceType type = | 3135 InstanceType type = |
| 3136 Handle<HeapObject>::cast(result)->map()->instance_type(); | 3136 Handle<HeapObject>::cast(result)->map()->instance_type(); |
| 3137 CHECK(type <= LAST_PRIMITIVE_TYPE || type >= FIRST_JS_RECEIVER_TYPE); | 3137 CHECK(type <= LAST_PRIMITIVE_TYPE || type >= FIRST_JS_RECEIVER_TYPE); |
| 3138 } | 3138 } |
| 3139 | 3139 |
| 3140 } else { | 3140 } else { |
| 3141 DCHECK(vector->GetKind(vector_slot) == Code::KEYED_LOAD_IC); | 3141 DCHECK(vector->GetKind(vector_slot) == Code::KEYED_LOAD_IC); |
| 3142 KeyedLoadICNexus nexus(vector, vector_slot); | 3142 KeyedLoadICNexus nexus(vector, vector_slot); |
| 3143 KeyedLoadIC ic(IC::EXTRA_CALL_FRAME, isolate, &nexus); | 3143 KeyedLoadIC ic(IC::EXTRA_CALL_FRAME, isolate, &nexus); |
| 3144 ic.UpdateState(receiver, key); | 3144 ic.UpdateState(receiver, key); |
| 3145 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result, ic.Load(receiver, key)); | 3145 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result, ic.Load(receiver, key)); |
| 3146 } | 3146 } |
| 3147 | 3147 |
| 3148 return *result; | 3148 return *result; |
| 3149 } | 3149 } |
| 3150 } // namespace internal | 3150 } // namespace internal |
| 3151 } // namespace v8 | 3151 } // namespace v8 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1348823003:
[hydrogen] Add crash-hunting instrumentation to Hydrogen too (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master