Author: [email protected]
Date: Wed Mar 25 07:07:52 2009
New Revision: 1612
Modified:
branches/bleeding_edge/src/frames-inl.h
Log:
Add another check in profiler's stack iterator to ensure stability.
I made a test run of benchmarks and found another weak point. After
fixing it, benchmarks are able to run for a 100 times in a row
successfully in both builds.
Review URL: http://codereview.chromium.org/53050
Modified: branches/bleeding_edge/src/frames-inl.h
==============================================================================
--- branches/bleeding_edge/src/frames-inl.h (original)
+++ branches/bleeding_edge/src/frames-inl.h Wed Mar 25 07:07:52 2009
@@ -171,7 +171,13 @@
inline bool JavaScriptFrame::is_at_function() const {
Object* result = function_slot_object();
+ // Verify that frame points at correct JS function object.
+ // We are verifying that function object address and
+ // the underlying map object address are valid, and that
+ // function is really a function.
return Heap::Contains(reinterpret_cast<Address>(result)) &&
+ result->IsHeapObject() &&
+ Heap::Contains(HeapObject::cast(result)->map()) &&
result->IsJSFunction();
}
--~--~---------~--~----~------------~-------~--~----~
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
-~----------~----~----~----~------~----~------~--~---
