Revision: 13194
Author: [email protected]
Date: Tue Dec 11 06:55:23 2012
Log: Avoid object layout changes during GC.
[email protected]
BUG=
Review URL: https://chromiumcodereview.appspot.com/11530011
http://code.google.com/p/v8/source/detail?r=13194
Modified:
/branches/bleeding_edge/src/heap.cc
/branches/bleeding_edge/src/messages.js
/branches/bleeding_edge/src/runtime.cc
/branches/bleeding_edge/src/runtime.h
=======================================
--- /branches/bleeding_edge/src/heap.cc Tue Dec 11 02:14:01 2012
+++ /branches/bleeding_edge/src/heap.cc Tue Dec 11 06:55:23 2012
@@ -7223,7 +7223,7 @@
// If formatting the stack trace causes a GC, this method will be
// recursively called. In that case, skip the recursive call, since
// the loop modifies the list while iterating over it.
- if (nested_) return;
+ if (nested_ || isolate->has_pending_exception()) return;
nested_ = true;
HandleScope scope(isolate);
Handle<String> stack_key = isolate->factory()->stack_symbol();
@@ -7249,14 +7249,20 @@
JSFunction* getter_fun = JSFunction::cast(getter_obj);
String* key = isolate->heap()->hidden_stack_trace_symbol();
if (key != getter_fun->GetHiddenProperty(key)) continue;
+ budget--;
bool has_exception = false;
Execution::Call(Handle<Object>(getter_fun, isolate),
Handle<Object>(object, isolate),
0,
NULL,
&has_exception);
- ASSERT(!has_exception);
- budget--;
+ if (has_exception) {
+ // Hit an exception (most likely a stack overflow).
+ // Wrap up this pass and retry after another GC.
+ isolate->clear_pending_exception();
+ list_[write_index++] = object;
+ budget = 0;
+ }
}
list_.Rewind(write_index);
list_.Trim();
=======================================
--- /branches/bleeding_edge/src/messages.js Tue Dec 11 02:14:01 2012
+++ /branches/bleeding_edge/src/messages.js Tue Dec 11 06:55:23 2012
@@ -1088,9 +1088,9 @@
if (stackTraceLimit < 0 || stackTraceLimit > 10000) {
stackTraceLimit = 10000;
}
- var raw_stack = %CollectStackTrace(obj,
- cons_opt ? cons_opt :
captureStackTrace,
- stackTraceLimit);
+ var stack = %CollectStackTrace(obj,
+ cons_opt ? cons_opt : captureStackTrace,
+ stackTraceLimit);
// Don't be lazy if the error stack formatting is custom (observable).
if (IS_FUNCTION($Error.prepareStackTrace)) {
@@ -1098,7 +1098,7 @@
// Use default error formatting for the case that custom formatting
throws.
$Error.prepareStackTrace = null;
var array = [];
- %MoveArrayContents(GetStackFrames(raw_stack), array);
+ %MoveArrayContents(GetStackFrames(stack), array);
obj.stack = custom_stacktrace_fun(obj, array);
$Error.prepareStackTrace = custom_stacktrace_fun;
return;
@@ -1108,10 +1108,14 @@
// Note that 'obj' and 'this' maybe different when called on objects that
// have the error object on its prototype chain. The getter replaces
itself
// with a data property as soon as the stack trace has been formatted.
+ // The getter must not change the object layout as it may be called
after GC.
var getter = function() {
- var value = FormatStackTrace(error_string, GetStackFrames(raw_stack));
- %DefineOrRedefineDataProperty(obj, 'stack', value, NONE);
- return value;
+ if (IS_STRING(stack)) return stack;
+ // Stack is still a raw array awaiting to be formatted.
+ stack = FormatStackTrace(error_string, GetStackFrames(stack));
+ // Release context value.
+ error_string = void 0;
+ return stack;
};
%MarkOneShotGetter(getter);
@@ -1263,18 +1267,21 @@
// a data property.
var error_string = boilerplate.name + ": " + boilerplate.message;
+ // The getter must not change the object layout as it may be called
after GC.
function getter() {
var holder = this;
while (!IS_ERROR(holder)) {
holder = %GetPrototype(holder);
if (holder == null) return MakeSyntaxError('illegal_access', []);
}
- var raw_stack = %GetOverflowedRawStackTrace(holder);
- var result = IS_ARRAY(raw_stack)
- ? FormatStackTrace(error_string,
GetStackFrames(raw_stack))
- : void 0;
- %DefineOrRedefineDataProperty(holder, 'stack', result, NONE);
- return result;
+ var stack = %GetOverflowedStackTrace(holder);
+ if (IS_STRING(stack)) return stack;
+ if (IS_ARRAY(stack)) {
+ var result = FormatStackTrace(error_string, GetStackFrames(stack));
+ %SetOverflowedStackTrace(holder, result);
+ return result;
+ }
+ return void 0;
}
%MarkOneShotGetter(getter);
@@ -1282,6 +1289,8 @@
// the receiver is the same as holder, this accessor pair is replaced.
function setter(v) {
%DefineOrRedefineDataProperty(this, 'stack', v, NONE);
+ // Release the stack trace that is stored as hidden property, if
exists.
+ %SetOverflowedStackTrace(this, void 0);
}
%DefineOrRedefineAccessorProperty(
=======================================
--- /branches/bleeding_edge/src/runtime.cc Tue Dec 11 02:14:01 2012
+++ /branches/bleeding_edge/src/runtime.cc Tue Dec 11 06:55:23 2012
@@ -13109,17 +13109,36 @@
}
-// Retrieve the raw stack trace collected on stack overflow and delete
-// it since it is used only once to avoid keeping it alive.
-RUNTIME_FUNCTION(MaybeObject*, Runtime_GetOverflowedRawStackTrace) {
+// Retrieve the stack trace. This could be the raw stack trace collected
+// on stack overflow or the already formatted stack trace string.
+RUNTIME_FUNCTION(MaybeObject*, Runtime_GetOverflowedStackTrace) {
+ HandleScope scope(isolate);
ASSERT_EQ(args.length(), 1);
CONVERT_ARG_CHECKED(JSObject, error_object, 0);
String* key = isolate->heap()->hidden_stack_trace_symbol();
Object* result = error_object->GetHiddenProperty(key);
- RUNTIME_ASSERT(result->IsJSArray() || result->IsUndefined());
- error_object->DeleteHiddenProperty(key);
+ RUNTIME_ASSERT(result->IsJSArray() ||
+ result->IsString() ||
+ result->IsUndefined());
return result;
}
+
+
+// Set or clear the stack trace attached to an stack overflow error object.
+RUNTIME_FUNCTION(MaybeObject*, Runtime_SetOverflowedStackTrace) {
+ HandleScope scope(isolate);
+ ASSERT_EQ(args.length(), 2);
+ CONVERT_ARG_HANDLE_CHECKED(JSObject, error_object, 0);
+ CONVERT_ARG_HANDLE_CHECKED(HeapObject, value, 1);
+ Handle<String> key = isolate->factory()->hidden_stack_trace_symbol();
+ if (value->IsUndefined()) {
+ error_object->DeleteHiddenProperty(*key);
+ } else {
+ RUNTIME_ASSERT(value->IsString());
+ JSObject::SetHiddenProperty(error_object, key, value);
+ }
+ return *error_object;
+}
// Returns V8 version as a string.
=======================================
--- /branches/bleeding_edge/src/runtime.h Tue Dec 11 02:14:01 2012
+++ /branches/bleeding_edge/src/runtime.h Tue Dec 11 06:55:23 2012
@@ -237,7 +237,8 @@
F(GetScript, 1, 1) \
F(CollectStackTrace, 3, 1) \
F(MarkOneShotGetter, 1, 1) \
- F(GetOverflowedRawStackTrace, 1, 1) \
+ F(GetOverflowedStackTrace, 1, 1) \
+ F(SetOverflowedStackTrace, 2, 1) \
F(GetV8Version, 0, 1) \
\
F(ClassOf, 1, 1) \
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
