Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(502)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/deoptimizer.cc

Issue 2320673002: [deoptimizer] Clear context before NotifyDeoptimized. (Closed)
Patch Set: Addressed comments. Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | src/runtime/runtime-compiler.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/deoptimizer.cc
diff --git a/src/deoptimizer.cc b/src/deoptimizer.cc
index a460603871e805ad95e7e3b0e1aa51340bc28ac5..1d55279884bdf452ca0fa3d6245728598f85ff72 100644
--- a/src/deoptimizer.cc
+++ b/src/deoptimizer.cc
@@ -964,10 +964,6 @@ void Deoptimizer::DoComputeJSFrame(TranslatedFrame* translated_frame,
}
value = reinterpret_cast<intptr_t>(context);
output_frame->SetContext(value);
- if (is_topmost) {
- Register context_reg = JavaScriptFrame::context_register();
- output_frame->SetRegister(context_reg.code(), value);
- }
WriteValueToOutput(context, context_input_index, frame_index, output_offset,
"context ");
if (context == isolate_->heap()->arguments_marker()) {
@@ -1033,6 +1029,15 @@ void Deoptimizer::DoComputeJSFrame(TranslatedFrame* translated_frame,
: FullCodeGenerator::BailoutStateField::decode(pc_and_state);
output_frame->SetState(Smi::FromInt(static_cast<int>(state)));
+ // Clear the context register. The context might be a de-materialized object
+ // and will be materialized by {Runtime_NotifyDeoptimized}. For additional
+ // safety we use Smi(0) instead of the potential {arguments_marker} here.
+ if (is_topmost) {
+ intptr_t context_value = reinterpret_cast<intptr_t>(Smi::FromInt(0));
+ Register context_reg = JavaScriptFrame::context_register();
+ output_frame->SetRegister(context_reg.code(), context_value);
+ }
+
// Set the continuation for the topmost frame.
if (is_topmost) {
Builtins* builtins = isolate_->builtins();
@@ -1191,10 +1196,6 @@ void Deoptimizer::DoComputeInterpretedFrame(TranslatedFrame* translated_frame,
Object* context = context_pos->GetRawValue();
value = reinterpret_cast<intptr_t>(context);
output_frame->SetContext(value);
- if (is_topmost) {
- Register context_reg = InterpretedFrame::context_register();
- output_frame->SetRegister(context_reg.code(), value);
- }
WriteValueToOutput(context, context_input_index, frame_index, output_offset,
"context ");
if (context == isolate_->heap()->arguments_marker()) {
@@ -1288,6 +1289,15 @@ void Deoptimizer::DoComputeInterpretedFrame(TranslatedFrame* translated_frame,
}
}
+ // Clear the context register. The context might be a de-materialized object
+ // and will be materialized by {Runtime_NotifyDeoptimized}. For additional
+ // safety we use Smi(0) instead of the potential {arguments_marker} here.
+ if (is_topmost) {
+ intptr_t context_value = reinterpret_cast<intptr_t>(Smi::FromInt(0));
+ Register context_reg = JavaScriptFrame::context_register();
+ output_frame->SetRegister(context_reg.code(), context_value);
+ }
+
// Set the continuation for the topmost frame.
if (is_topmost) {
Code* continuation = builtins->builtin(Builtins::kNotifyDeoptimized);
@@ -1591,10 +1601,6 @@ void Deoptimizer::DoComputeConstructStubFrame(TranslatedFrame* translated_frame,
output_offset -= kPointerSize;
value = output_[frame_index - 1]->GetContext();
output_frame->SetFrameSlot(output_offset, value);
- if (is_topmost) {
- Register context_reg = JavaScriptFrame::context_register();
- output_frame->SetRegister(context_reg.code(), value);
- }
DebugPrintOutputSlot(value, frame_index, output_offset, "context\n");
// The allocation site.
@@ -1650,6 +1656,15 @@ void Deoptimizer::DoComputeConstructStubFrame(TranslatedFrame* translated_frame,
}
}
+ // Clear the context register. The context might be a de-materialized object
+ // and will be materialized by {Runtime_NotifyDeoptimized}. For additional
+ // safety we use Smi(0) instead of the potential {arguments_marker} here.
+ if (is_topmost) {
+ intptr_t context_value = reinterpret_cast<intptr_t>(Smi::FromInt(0));
+ Register context_reg = JavaScriptFrame::context_register();
+ output_frame->SetRegister(context_reg.code(), context_value);
+ }
+
// Set the continuation for the topmost frame.
if (is_topmost) {
Builtins* builtins = isolate_->builtins();
@@ -1776,10 +1791,6 @@ void Deoptimizer::DoComputeAccessorStubFrame(TranslatedFrame* translated_frame,
output_offset -= kPointerSize;
value = output_[frame_index - 1]->GetContext();
output_frame->SetFrameSlot(output_offset, value);
- if (is_topmost) {
- Register context_reg = JavaScriptFrame::context_register();
- output_frame->SetRegister(context_reg.code(), value);
- }
DebugPrintOutputSlot(value, frame_index, output_offset, "context\n");
// Skip receiver.
@@ -1829,6 +1840,15 @@ void Deoptimizer::DoComputeAccessorStubFrame(TranslatedFrame* translated_frame,
}
}
+ // Clear the context register. The context might be a de-materialized object
+ // and will be materialized by {Runtime_NotifyDeoptimized}. For additional
+ // safety we use Smi(0) instead of the potential {arguments_marker} here.
+ if (is_topmost) {
+ intptr_t context_value = reinterpret_cast<intptr_t>(Smi::FromInt(0));
+ Register context_reg = JavaScriptFrame::context_register();
+ output_frame->SetRegister(context_reg.code(), context_value);
+ }
+
// Set the continuation for the topmost frame.
if (is_topmost) {
Builtins* builtins = isolate_->builtins();
« no previous file with comments | « no previous file | src/runtime/runtime-compiler.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698