[v8-dev] Re: Fire 'stack' getter of error objects after GC. (issue 11377158)

Mon, 10 Dec 2012 06:46:46 -0800 

lgtm





https://codereview.chromium.org/11377158/diff/18002/src/messages.js
File src/messages.js (right):

https://codereview.chromium.org/11377158/diff/18002/src/messages.js#newcode815
src/messages.js:815: var ownName = this.fun.name;
If we ever change property descriptor for our 'name' property on
functions then I would be able to detect GC by placing getter on it.

https://codereview.chromium.org/11377158/diff/18002/src/messages.js#newcode823
src/messages.js:823: this.receiver[ownName] === this.fun)) {
I can detect GC through here by doing:

var obj = {
  foo: function foo() { throw new Error(); };
};

try {
  obj.foo();
} catch (e) {
  delete obj.foo;
  Object.defineProperty(obj, 'foo', {
    get: function () { print('GC!'); }
  });
  ERROR = e;
}

Needs a guard of the same sort as done below in for-in loop.

https://codereview.chromium.org/11377158/diff/18002/src/messages.js#newcode1031
src/messages.js:1031:
one more empty line

https://codereview.chromium.org/11377158/diff/18002/src/messages.js#newcode1040
src/messages.js:1040: %_CallFunction(frames, new CallSite(recv, fun,
pos), ArrayPush)
This code can still be broken (formatting detected) if one installs
setters on "0", "1", ... on Array.prototype or Object.prototype
(ArrayPush calls normal [[Put]]).

If we want to ensure that this code works despite any modifications that
one somebody does to array then most probably we also need to make
frames InternalArray and then convert it to a normal array via elements
transfer before the return.

The same goes for the lines below.

https://codereview.chromium.org/11377158/diff/18002/src/messages.js#newcode1044
src/messages.js:1044:
ditto

https://codereview.chromium.org/11377158/diff/18002/src/messages.js#newcode1065
src/messages.js:1065: function GetTypeName(obj, requireConstructor) {
ditto

https://codereview.chromium.org/11377158/diff/18002/src/messages.js#newcode1079
src/messages.js:1079: function captureStackTrace(obj, cons_opt) {
ditto

https://codereview.chromium.org/11377158/diff/18002/src/messages.js#newcode1091
src/messages.js:1091: obj.stack = $Error.prepareStackTrace(obj,
GetStackFrames(raw_stack));
should we maybe catch an error if it flies from prepareStackTrace and
replace obj.stack with it or some other text to indicate "recursive"
throw?

do we have a test case that checks such re-entrant throw?

https://codereview.chromium.org/11377158/

--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

Reply via email to