Reviewers: Michael Starzinger,
Description:
Avoid object layout changes during GC.
[email protected]
BUG=
Please review this at https://chromiumcodereview.appspot.com/11530011/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files:
M src/heap.cc
M src/messages.js
M src/runtime.h
M src/runtime.cc
Index: src/heap.cc
diff --git a/src/heap.cc b/src/heap.cc
index
0930666d7cc6d240c12c9fab3e29fd99aa485cef..4cc47d0405a2dac3fad5b79c8fe9a692b46751af
100644
--- a/src/heap.cc
+++ b/src/heap.cc
@@ -7223,7 +7223,7 @@ void
ErrorObjectList::DeferredFormatStackTrace(Isolate* isolate) {
// If formatting the stack trace causes a GC, this method will be
// recursively called. In that case, skip the recursive call, since
// the loop modifies the list while iterating over it.
- if (nested_) return;
+ if (nested_ || isolate->has_pending_exception()) return;
nested_ = true;
HandleScope scope(isolate);
Handle<String> stack_key = isolate->factory()->stack_symbol();
@@ -7249,14 +7249,20 @@ void
ErrorObjectList::DeferredFormatStackTrace(Isolate* isolate) {
JSFunction* getter_fun = JSFunction::cast(getter_obj);
String* key = isolate->heap()->hidden_stack_trace_symbol();
if (key != getter_fun->GetHiddenProperty(key)) continue;
+ budget--;
bool has_exception = false;
Execution::Call(Handle<Object>(getter_fun, isolate),
Handle<Object>(object, isolate),
0,
NULL,
&has_exception);
- ASSERT(!has_exception);
- budget--;
+ if (has_exception) {
+ // Hit an exception (most likely a stack overflow).
+ // Wrap up this pass and retry after another GC.
+ isolate->clear_pending_exception();
+ list_[write_index++] = object;
+ budget = 0;
+ }
}
list_.Rewind(write_index);
list_.Trim();
Index: src/messages.js
diff --git a/src/messages.js b/src/messages.js
index
5fcb3889aa36056c7dbcde9f81422a2cd096b306..2cb778fc13c1fbc7b2e7991acda618f9389430ac
100644
--- a/src/messages.js
+++ b/src/messages.js
@@ -1088,9 +1088,9 @@ function captureStackTrace(obj, cons_opt) {
if (stackTraceLimit < 0 || stackTraceLimit > 10000) {
stackTraceLimit = 10000;
}
- var raw_stack = %CollectStackTrace(obj,
- cons_opt ? cons_opt :
captureStackTrace,
- stackTraceLimit);
+ var stack = %CollectStackTrace(obj,
+ cons_opt ? cons_opt : captureStackTrace,
+ stackTraceLimit);
// Don't be lazy if the error stack formatting is custom (observable).
if (IS_FUNCTION($Error.prepareStackTrace)) {
@@ -1098,7 +1098,7 @@ function captureStackTrace(obj, cons_opt) {
// Use default error formatting for the case that custom formatting
throws.
$Error.prepareStackTrace = null;
var array = [];
- %MoveArrayContents(GetStackFrames(raw_stack), array);
+ %MoveArrayContents(GetStackFrames(stack), array);
obj.stack = custom_stacktrace_fun(obj, array);
$Error.prepareStackTrace = custom_stacktrace_fun;
return;
@@ -1108,10 +1108,14 @@ function captureStackTrace(obj, cons_opt) {
// Note that 'obj' and 'this' maybe different when called on objects that
// have the error object on its prototype chain. The getter replaces
itself
// with a data property as soon as the stack trace has been formatted.
+ // The getter must not change the object layout as it may be called
after GC.
var getter = function() {
- var value = FormatStackTrace(error_string, GetStackFrames(raw_stack));
- %DefineOrRedefineDataProperty(obj, 'stack', value, NONE);
- return value;
+ if (IS_STRING(stack)) return stack;
+ // Stack is still a raw array awaiting to be formatted.
+ stack = FormatStackTrace(error_string, GetStackFrames(stack));
+ // Release context value.
+ error_string = void 0;
+ return stack;
};
%MarkOneShotGetter(getter);
@@ -1263,18 +1267,21 @@ function SetUpStackOverflowBoilerplate() {
// a data property.
var error_string = boilerplate.name + ": " + boilerplate.message;
+ // The getter must not change the object layout as it may be called
after GC.
function getter() {
var holder = this;
while (!IS_ERROR(holder)) {
holder = %GetPrototype(holder);
if (holder == null) return MakeSyntaxError('illegal_access', []);
}
- var raw_stack = %GetOverflowedRawStackTrace(holder);
- var result = IS_ARRAY(raw_stack)
- ? FormatStackTrace(error_string,
GetStackFrames(raw_stack))
- : void 0;
- %DefineOrRedefineDataProperty(holder, 'stack', result, NONE);
- return result;
+ var stack = %GetOverflowedStackTrace(holder);
+ if (IS_STRING(stack)) return stack;
+ if (IS_ARRAY(stack)) {
+ var result = FormatStackTrace(error_string, GetStackFrames(stack));
+ %SetOverflowedStackTrace(holder, result);
+ return result;
+ }
+ return void 0;
}
%MarkOneShotGetter(getter);
@@ -1282,6 +1289,8 @@ function SetUpStackOverflowBoilerplate() {
// the receiver is the same as holder, this accessor pair is replaced.
function setter(v) {
%DefineOrRedefineDataProperty(this, 'stack', v, NONE);
+ // Release the stack trace that is stored as hidden property, if
exists.
+ %SetOverflowedStackTrace(this, void 0);
}
%DefineOrRedefineAccessorProperty(
Index: src/runtime.cc
diff --git a/src/runtime.cc b/src/runtime.cc
index
06a8458549104a088925775540e4a10e38d05c5a..ca6fa967c6e4d2fe0f5262971d3335b0ae9bf5ce
100644
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -13109,19 +13109,36 @@ RUNTIME_FUNCTION(MaybeObject*,
Runtime_MarkOneShotGetter) {
}
-// Retrieve the raw stack trace collected on stack overflow and delete
-// it since it is used only once to avoid keeping it alive.
-RUNTIME_FUNCTION(MaybeObject*, Runtime_GetOverflowedRawStackTrace) {
+// Retrieve the stack trace. This could be the raw stack trace collected
+// on stack overflow or the already formatted stack trace string.
+RUNTIME_FUNCTION(MaybeObject*, Runtime_GetOverflowedStackTrace) {
ASSERT_EQ(args.length(), 1);
CONVERT_ARG_CHECKED(JSObject, error_object, 0);
String* key = isolate->heap()->hidden_stack_trace_symbol();
Object* result = error_object->GetHiddenProperty(key);
- RUNTIME_ASSERT(result->IsJSArray() || result->IsUndefined());
- error_object->DeleteHiddenProperty(key);
+ RUNTIME_ASSERT(result->IsJSArray() ||
+ result->IsString() ||
+ result->IsUndefined());
return result;
}
+// Set or clear the stack trace attached to an stack overflow error object.
+RUNTIME_FUNCTION(MaybeObject*, Runtime_SetOverflowedStackTrace) {
+ ASSERT_EQ(args.length(), 2);
+ CONVERT_ARG_HANDLE_CHECKED(JSObject, error_object, 0);
+ CONVERT_ARG_HANDLE_CHECKED(HeapObject, value, 1);
+ Handle<String> key = isolate->factory()->hidden_stack_trace_symbol();
+ if (value->IsUndefined()) {
+ error_object->DeleteHiddenProperty(*key);
+ } else {
+ RUNTIME_ASSERT(value->IsString());
+ JSObject::SetHiddenProperty(error_object, key, value);
+ }
+ return *error_object;
+}
+
+
// Returns V8 version as a string.
RUNTIME_FUNCTION(MaybeObject*, Runtime_GetV8Version) {
ASSERT_EQ(args.length(), 0);
Index: src/runtime.h
diff --git a/src/runtime.h b/src/runtime.h
index
6633fc67819f6d470626da1a6780132eaad47f74..029a0fd7266f59206e5f94a5dc2da6aa4d5a6a2e
100644
--- a/src/runtime.h
+++ b/src/runtime.h
@@ -237,7 +237,8 @@ namespace internal {
F(GetScript, 1, 1) \
F(CollectStackTrace, 3, 1) \
F(MarkOneShotGetter, 1, 1) \
- F(GetOverflowedRawStackTrace, 1, 1) \
+ F(GetOverflowedStackTrace, 1, 1) \
+ F(SetOverflowedStackTrace, 2, 1) \
F(GetV8Version, 0, 1) \
\
F(ClassOf, 1, 1) \
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
