[v8-dev] [deoptimizer] Fix the frame size calculation for debugger-inspectable frame construction. (issue 1264483008 by jarin@chromium.org)

Mon, 03 Aug 2015 04:33:08 -0700 

Reviewers: Yang,

Message:
Could you take a look, please?

Description:
[deoptimizer] Fix the frame size calculation for debugger-inspectable frame
construction.

The calculation now takes into account the size of the arguments object
if it is present in the optimized frame.

(Yang, many thanks for the awesome repro!)

BUG=chromium:514362
LOG=N
R=yang...@chromium.org

Please review this at https://codereview.chromium.org/1264483008/

Base URL: https://chromium.googlesource.com/v8/v8.git@master

Affected files (+17, -11 lines):
  M src/deoptimizer.cc
  A + test/mjsunit/regress/regress-514362.js


Index: src/deoptimizer.cc
diff --git a/src/deoptimizer.cc b/src/deoptimizer.cc
index d29cb6056347d63f30ef9643a833dd4f90c6cb59..498a467fb3d064f6f7524851826757cc80d0cf76 100644 
--- a/src/deoptimizer.cc
+++ b/src/deoptimizer.cc
@@ -154,8 +154,13 @@ DeoptimizedFrameInfo* Deoptimizer::DebuggerInspectableFrame( 
   // Always use the actual stack slots when calculating the fp to sp
   // delta adding two for the function and context.
   unsigned stack_slots = code->stack_slots();
+  DeoptimizationInputData* data =
+      DeoptimizationInputData::cast(code->deoptimization_data());
+  unsigned arguments_stack_height =
+ data->ArgumentsStackHeight(deoptimization_index)->value() * kPointerSize; 
   unsigned fp_to_sp_delta = (stack_slots * kPointerSize) +
-      StandardFrameConstants::kFixedFrameSizeFromFp;
+                            StandardFrameConstants::kFixedFrameSizeFromFp +
+                            arguments_stack_height;

   Deoptimizer* deoptimizer = new Deoptimizer(isolate,
                                              function,
Index: test/mjsunit/regress/regress-514362.js
diff --git a/test/mjsunit/regress/regress-crbug-487289.js b/test/mjsunit/regress/regress-514362.js 
similarity index 51%
copy from test/mjsunit/regress/regress-crbug-487289.js
copy to test/mjsunit/regress/regress-514362.js
index dbfb4041ca93465fcf579e2af52f6fd9f41d5481..f69cfecebe3893bcab6fecb0227c6e48aaebcb71 100644 
--- a/test/mjsunit/regress/regress-crbug-487289.js
+++ b/test/mjsunit/regress/regress-514362.js
@@ -2,19 +2,20 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

-// Flags: --expose-debug-as debug
+// Flags: --allow-natives-syntax --expose-debug-as debug

-var Debug = debug.Debug;
-var receiver = null;
+function bar(x) { debugger; }
+function foo() { bar(arguments[0]); }
+function wrap() { return foo(1); }
+
+wrap();
+wrap();
+%OptimizeFunctionOnNextCall(wrap);

+var Debug = debug.Debug;
 Debug.setListener(function(event, exec_state, event_data, data) {
   if (event != Debug.DebugEvent.Break) return;
-  receiver = exec_state.frame(0).evaluate('this').value();
+  for (var i = 0; i < exec_state.frameCount(); i++) exec_state.frame(i);
 });

-function f() { debugger; }
-
-var expected = {};
-f.call(expected);
-
-assertEquals(expected, receiver);
+wrap();


--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
--- You received this message because you are subscribed to the Google Groups "v8-dev" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to