Reviewers: Michael Starzinger,
Message:
Hi Michael, here is the CL that checks each location where we SET an
AllocationSite into a Memento. I'll be sure perf impact isn't too severe
before
checking in. The CL relies on the other fixes you are looking at today from
me,
thx again!
--Michael
Description:
Every place where AllocationMemento is initialized with an
AllocationSite is now checked to be sure a valid Site goes in.
This is temporary code to diagnose chromium bug 284577.
BUG=
Please review this at https://codereview.chromium.org/23622029/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files (+26, -0 lines):
M src/heap.cc
M src/hydrogen.cc
Index: src/heap.cc
diff --git a/src/heap.cc b/src/heap.cc
index
24e4039422cc8ae010b17c9f700f32061d2cd204..108cfb373e71674f0a976e49d981a959e1be6051
100644
--- a/src/heap.cc
+++ b/src/heap.cc
@@ -4310,6 +4310,10 @@ MaybeObject* Heap::AllocateWithAllocationSite(Map*
map, AllocationSpace space,
AllocationMemento* alloc_memento = reinterpret_cast<AllocationMemento*>(
reinterpret_cast<Address>(result) + map->instance_size());
alloc_memento->set_map_no_write_barrier(allocation_memento_map());
+
+ // TODO(mvstanton): To diagnose bug 284577, some extra checks
+ CHECK(allocation_site->map() == allocation_site_map());
+
alloc_memento->set_allocation_site(*allocation_site, SKIP_WRITE_BARRIER);
return result;
}
@@ -5053,6 +5057,10 @@ MaybeObject* Heap::CopyJSObjectWithAllocationSite(
AllocationMemento* alloc_memento;
if (maybe_alloc_memento->To(&alloc_memento)) {
alloc_memento->set_map_no_write_barrier(allocation_memento_map());
+
+ // TODO(mvstanton): To diagnose bug 284577, some extra checks
+ CHECK(site->map() == allocation_site_map());
+
alloc_memento->set_allocation_site(site, SKIP_WRITE_BARRIER);
}
}
@@ -5075,6 +5083,10 @@ MaybeObject* Heap::CopyJSObjectWithAllocationSite(
AllocationMemento* alloc_memento =
reinterpret_cast<AllocationMemento*>(
reinterpret_cast<Address>(clone) + object_size);
alloc_memento->set_map_no_write_barrier(allocation_memento_map());
+
+ // TODO(mvstanton): To diagnose bug 284577, some extra checks
+ CHECK(site->map() == allocation_site_map());
+
alloc_memento->set_allocation_site(site, SKIP_WRITE_BARRIER);
}
Index: src/hydrogen.cc
diff --git a/src/hydrogen.cc b/src/hydrogen.cc
index
7b623b50877d80d371dd2d2dad35d9e9faa38fe9..da25cdf4b855349a1cb641e48ba3975ec76d8826
100644
--- a/src/hydrogen.cc
+++ b/src/hydrogen.cc
@@ -1831,6 +1831,20 @@ HValue*
HGraphBuilder::BuildCreateAllocationMemento(HValue* previous_object,
Handle<Map> alloc_memento_map(
isolate()->heap()->allocation_memento_map());
AddStoreMapConstant(alloc_memento, alloc_memento_map);
+
+ // TODO(mvstanton): the code below is turned on to diagnose chromium bug
+ // 284577.
+ Handle<Map> alloc_site_map(isolate()->heap()->allocation_site_map());
+ IfBuilder builder(this);
+ // Read the map
+ HValue* map_field = Add<HLoadNamedField>(alloc_site,
+ HObjectAccess::ForMap());
+ HValue* alloc_site_map_value = Add<HConstant>(alloc_site_map);
+ builder.IfNot<HCompareObjectEqAndBranch>(map_field,
alloc_site_map_value);
+ builder.Then();
+ AddInstruction(new(zone()) HDebugBreak());
+ builder.End();
+
HObjectAccess access = HObjectAccess::ForAllocationMementoSite();
Add<HStoreNamedField>(alloc_memento, access, alloc_site);
return alloc_memento;
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
