Reviewers: Jakob,
Description:
Add additional flags to control array abuse tracing
[email protected]
Please review this at https://codereview.chromium.org/12211095/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files:
src/elements.h
M src/elements.cc
src/flag-definitions.h
src/objects.cc
Index: src/elements.cc
diff --git a/src/elements.cc b/src/elements.cc
index
6459279dea56753cbbdfa194678d77c0cb6b11ea..34f302d422b69b80eed229ad94a2cfd84b260780
100644
--- a/src/elements.cc
+++ b/src/elements.cc
@@ -504,7 +504,8 @@ static void TraceTopFrame() {
}
-void CheckArrayAbuse(JSObject* obj, const char* op, uint32_t key) {
+void CheckArrayAbuse(JSObject* obj, const char* op, uint32_t key,
+ bool allow_list_append_growth) {
Object* raw_length = NULL;
const char* elements_type = "array";
if (obj->IsJSArray()) {
@@ -519,7 +520,9 @@ void CheckArrayAbuse(JSObject* obj, const char* op,
uint32_t key) {
double n = raw_length->Number();
if (FastI2D(FastD2UI(n)) == n) {
int32_t int32_length = DoubleToInt32(n);
- if (key >= static_cast<uint32_t>(int32_length)) {
+ uint32_t compare_length = static_cast<uint32_t>(int32_length);
+ if (allow_list_append_growth) compare_length++;
+ if (key >= compare_length) {
PrintF("[OOB %s %s (%s length = %d, element accessed = %d) in ",
elements_type, op, elements_type,
static_cast<int>(int32_length),
@@ -628,8 +631,14 @@ class ElementsAccessorBase : public ElementsAccessor {
backing_store = holder->elements();
}
- if (FLAG_trace_array_abuse) {
- CheckArrayAbuse(holder, "element read", key);
+ if (FLAG_trace_js_array_abuse &&
+ !IsExternalArrayElementsKind(ElementsTraits::Kind)) {
+ CheckArrayAbuse(holder, "elements read", key);
+ }
+
+ if (FLAG_trace_external_array_abuse &&
+ IsExternalArrayElementsKind(ElementsTraits::Kind)) {
+ CheckArrayAbuse(holder, "external elements read", key);
}
return ElementsAccessorSubclass::GetImpl(
Index: src/elements.h
diff --git a/src/elements.h b/src/elements.h
index
167fb91197b024453e711cf7687f5d5a09e0d48a..b3240083f932f587904e7b6ebb417f26333a0314
100644
--- a/src/elements.h
+++ b/src/elements.h
@@ -197,7 +197,8 @@ class ElementsAccessor {
DISALLOW_COPY_AND_ASSIGN(ElementsAccessor);
};
-void CheckArrayAbuse(JSObject* obj, const char* op, uint32_t key);
+void CheckArrayAbuse(JSObject* obj, const char* op, uint32_t key,
+ bool allow_list_append_growth = false);
} } // namespace v8::internal
Index: src/flag-definitions.h
diff --git a/src/flag-definitions.h b/src/flag-definitions.h
index
747e7c1f3c131d041785b876ca5587e86565f7ed..c83d4e29f7558905d260e2002ae0d92b87a0e25d
100644
--- a/src/flag-definitions.h
+++ b/src/flag-definitions.h
@@ -363,7 +363,14 @@ DEFINE_bool(cache_prototype_transitions, true, "cache
prototype transitions")
// debug.cc
DEFINE_bool(trace_debug_json, false, "trace debugging JSON
request/response")
-DEFINE_bool(trace_array_abuse, false, "trace out-of-bounds array accesses")
+DEFINE_bool(trace_js_array_abuse, false,
+ "trace out-of-bounds accesses to JS arrays")
+DEFINE_bool(trace_external_array_abuse, false,
+ "trace out-of-bounds-accesses to external arrays")
+DEFINE_bool(trace_array_abuse, false,
+ "trace out-of-bounds accesses to all arrays")
+DEFINE_implication(trace_array_abuse, trace_js_array_abuse)
+DEFINE_implication(trace_array_abuse, trace_external_array_abuse)
DEFINE_bool(debugger_auto_break, true,
"automatically set the debug break flag when debugger commands
are "
"in the queue")
Index: src/objects.cc
diff --git a/src/objects.cc b/src/objects.cc
index
b3a5658ca03181502734054f0a640d4a75a854e6..50988d95f134f67e922c4d31990706ff7538d37d
100644
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -10405,9 +10405,14 @@ MaybeObject*
JSObject::SetElementWithoutInterceptor(uint32_t index,
HasDictionaryArgumentsElements() ||
(attr & (DONT_DELETE | DONT_ENUM | READ_ONLY)) == 0);
Isolate* isolate = GetIsolate();
- if (FLAG_trace_array_abuse) {
- if (IsExternalArrayElementsKind(GetElementsKind())) {
- CheckArrayAbuse(this, "external elements write", index);
+ if (FLAG_trace_external_array_abuse &&
+ IsExternalArrayElementsKind(GetElementsKind())) {
+ CheckArrayAbuse(this, "external elements write", index);
+ }
+ if (FLAG_trace_js_array_abuse &&
+ !IsExternalArrayElementsKind(GetElementsKind())) {
+ if (IsJSArray()) {
+ CheckArrayAbuse(this, "elements write", index, true);
}
}
switch (GetElementsKind()) {
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
