src/ic/ic.cc - Issue 2100313002: Add crash instrumentation for crbug.com/621147

Side by Side Diff: src/ic/ic.cc

Issue 2100313002: Add crash instrumentation for crbug.com/621147 (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master

Patch Set: Add pc and fp to the strack trace Created 4 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2012 the V8 project authors. All rights reserved.	1 // Copyright 2012 the V8 project authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "src/ic/ic.h"	5 #include "src/ic/ic.h"

6	6

7 #include "src/accessors.h"	7 #include "src/accessors.h"

8 #include "src/api-arguments-inl.h"	8 #include "src/api-arguments-inl.h"

9 #include "src/api.h"	9 #include "src/api.h"

10 #include "src/arguments.h"	10 #include "src/arguments.h"

(...skipping 2517 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
2528 isolate,	2528 isolate,

2529 Runtime::SetObjectProperty(isolate, object, key, value, language_mode));	2529 Runtime::SetObjectProperty(isolate, object, key, value, language_mode));

2530 }	2530 }

2531	2531

2532	2532

2533 MaybeHandle<Object> BinaryOpIC::Transition(	2533 MaybeHandle<Object> BinaryOpIC::Transition(

2534 Handle<AllocationSite> allocation_site, Handle<Object> left,	2534 Handle<AllocationSite> allocation_site, Handle<Object> left,

2535 Handle<Object> right) {	2535 Handle<Object> right) {

2536 BinaryOpICState state(isolate(), extra_ic_state());	2536 BinaryOpICState state(isolate(), extra_ic_state());

2537	2537

	2538 #ifdef V8_TARGET_ARCH_X64

	2539 // Crash instrumentation for crbug.com/621147.

	2540 if (left->IsHeapObject()) {

	2541 Heap* heap = isolate()->heap();

	2542 uintptr_t left_raw = HeapObject::cast(*left)->map_word().ToRawValue();
	Igor Sheludko 2016/06/28 07:07:20 If left is a broken pointer it will already crash If left is a broken pointer it will already crash in attempt to load a map. We should compare the lower part of the left value with the hole value. Michael Lippautz 2016/06/28 08:39:33 Oops, thought that it was the map. Reading the val Show quoted text On 2016/06/28 07:07:20, Igor Sheludko wrote: > If left is a broken pointer it will already crash in attempt to load a map. We > should compare the lower part of the left value with the hole value. Oops, thought that it was the map. Reading the values now.
	2543 uintptr_t hole_raw = heap->the_hole_map()->map_word().ToRawValue();

	2544 if ((hole_raw & ((1ul << 32) - 1)) == (left_raw & ((1ul << 32) - 1))) {

	2545 if (!heap->map_space()->ContainsSlow(

	2546 HeapObject::cast(*left)->address())) {

	2547 Code* c = GetCode();

	2548 Code::Kind kind = c->kind();

	2549 USE(kind);

	2550 int instruction_size = c->instruction_size();

	2551 byte* instructions = static_cast<byte*>(alloca(instruction_size));

	2552 for (int i = 0; i < instruction_size; i++) {

	2553 instructions[i] = c->instruction_start()[i];

	2554 }

	2555 isolate()->PushStackTraceAndDie(0xBAAAAAAD, pc(), fp(), 0u);

	2556 }

	2557 }

	2558 }

	2559 #endif // V8_TARGET_ARCH_X64

	2560

2538 // Compute the actual result using the builtin for the binary operation.	2561 // Compute the actual result using the builtin for the binary operation.

2539 Handle<Object> result;	2562 Handle<Object> result;

2540 switch (state.op()) {	2563 switch (state.op()) {

2541 default:	2564 default:

2542 UNREACHABLE();	2565 UNREACHABLE();

2543 case Token::ADD:	2566 case Token::ADD:

2544 ASSIGN_RETURN_ON_EXCEPTION(isolate(), result,	2567 ASSIGN_RETURN_ON_EXCEPTION(isolate(), result,

2545 Object::Add(isolate(), left, right), Object);	2568 Object::Add(isolate(), left, right), Object);

2546 break;	2569 break;

2547 case Token::SUB:	2570 case Token::SUB:

(...skipping 445 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
2993 DCHECK_EQ(FeedbackVectorSlotKind::KEYED_LOAD_IC,	3016 DCHECK_EQ(FeedbackVectorSlotKind::KEYED_LOAD_IC,

2994 vector->GetKind(vector_slot));	3017 vector->GetKind(vector_slot));

2995 KeyedLoadICNexus nexus(vector, vector_slot);	3018 KeyedLoadICNexus nexus(vector, vector_slot);

2996 KeyedLoadIC ic(IC::EXTRA_CALL_FRAME, isolate, &nexus);	3019 KeyedLoadIC ic(IC::EXTRA_CALL_FRAME, isolate, &nexus);

2997 ic.UpdateState(receiver, key);	3020 ic.UpdateState(receiver, key);

2998 RETURN_RESULT_OR_FAILURE(isolate, ic.Load(receiver, key));	3021 RETURN_RESULT_OR_FAILURE(isolate, ic.Load(receiver, key));

2999 }	3022 }

3000 }	3023 }

3001 } // namespace internal	3024 } // namespace internal

3002 } // namespace v8	3025 } // namespace v8

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »