Reviewers: Kasper Lund, Description: Add another check in profiler's stack iterator to ensure stability. I made a test run of benchmarks and found another weak point. After fixing it, benchmarks are able to run for a 100 times in a row successfully in both builds.
Please review this at http://codereview.chromium.org/53050 Affected files: M src/frames-inl.h Index: src/frames-inl.h diff --git a/src/frames-inl.h b/src/frames-inl.h index 32820a5811f2c5134f5c0afc730ab79cdb990707..07c8e4ede55c7b9f39845f44aa4d50087cecf649 100644 --- a/src/frames-inl.h +++ b/src/frames-inl.h @@ -171,7 +171,13 @@ inline bool JavaScriptFrame::has_adapted_arguments() const { inline bool JavaScriptFrame::is_at_function() const { Object* result = function_slot_object(); + // Verify that frame points at correct JS function object. + // We are verifying that function object address and + // the underlying map object address are valid, and that + // function is really a function. return Heap::Contains(reinterpret_cast<Address>(result)) && + result->IsHeapObject() && + Heap::Contains(HeapObject::cast(result)->map()) && result->IsJSFunction(); } --~--~---------~--~----~------------~-------~--~----~ v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev -~----------~----~----~----~------~----~------~--~---
