Revision: 21523
Author: [email protected]
Date: Tue May 27 13:05:11 2014 UTC
Log: Fix PathTracer.
When tracing, we abuse the map for marking, thereby mutating it.
FixedTypedArrayBase::size() uses the object's map, which causes crash.
[email protected]
Review URL: https://codereview.chromium.org/300753002
http://code.google.com/p/v8/source/detail?r=21523
Modified:
/branches/bleeding_edge/src/objects-inl.h
/branches/bleeding_edge/src/objects.h
/branches/bleeding_edge/test/cctest/test-heap.cc
=======================================
--- /branches/bleeding_edge/src/objects-inl.h Tue May 27 12:21:40 2014 UTC
+++ /branches/bleeding_edge/src/objects-inl.h Tue May 27 13:05:11 2014 UTC
@@ -3673,10 +3673,9 @@
}
-int FixedTypedArrayBase::DataSize() {
- InstanceType instance_type = map()->instance_type();
+int FixedTypedArrayBase::DataSize(InstanceType type) {
int element_size;
- switch (instance_type) {
+ switch (type) {
#define TYPED_ARRAY_CASE(Type, type, TYPE, ctype,
size) \
case
FIXED_##TYPE##_ARRAY_TYPE: \
element_size =
size; \
@@ -3690,11 +3689,21 @@
}
return length() * element_size;
}
+
+
+int FixedTypedArrayBase::DataSize() {
+ return DataSize(map()->instance_type());
+}
int FixedTypedArrayBase::size() {
return OBJECT_POINTER_ALIGN(kDataOffset + DataSize());
}
+
+
+int FixedTypedArrayBase::TypedArraySize(InstanceType type) {
+ return OBJECT_POINTER_ALIGN(kDataOffset + DataSize(type));
+}
uint8_t Uint8ArrayTraits::defaultValue() { return 0; }
@@ -3918,7 +3927,7 @@
int instance_size = map->instance_size();
if (instance_size != kVariableSizeSentinel) return instance_size;
// Only inline the most frequent cases.
- int instance_type = static_cast<int>(map->instance_type());
+ InstanceType instance_type = map->instance_type();
if (instance_type == FIXED_ARRAY_TYPE) {
return FixedArray::BodyDescriptor::SizeOf(map, this);
}
@@ -3951,7 +3960,8 @@
}
if (instance_type >= FIRST_FIXED_TYPED_ARRAY_TYPE &&
instance_type <= LAST_FIXED_TYPED_ARRAY_TYPE) {
- return reinterpret_cast<FixedTypedArrayBase*>(this)->size();
+ return reinterpret_cast<FixedTypedArrayBase*>(
+ this)->TypedArraySize(instance_type);
}
ASSERT(instance_type == CODE_TYPE);
return reinterpret_cast<Code*>(this)->CodeSize();
=======================================
--- /branches/bleeding_edge/src/objects.h Tue May 27 12:21:40 2014 UTC
+++ /branches/bleeding_edge/src/objects.h Tue May 27 13:05:11 2014 UTC
@@ -5077,12 +5077,16 @@
inline int size();
+ inline int TypedArraySize(InstanceType type);
+
// Use with care: returns raw pointer into heap.
inline void* DataPtr();
inline int DataSize();
private:
+ inline int DataSize(InstanceType type);
+
DISALLOW_IMPLICIT_CONSTRUCTORS(FixedTypedArrayBase);
};
=======================================
--- /branches/bleeding_edge/test/cctest/test-heap.cc Tue May 27 08:41:12
2014 UTC
+++ /branches/bleeding_edge/test/cctest/test-heap.cc Tue May 27 13:05:11
2014 UTC
@@ -4262,3 +4262,15 @@
CHECK(page->WasSwept() ||
Marking::IsBlack(Marking::MarkBitFrom(o->elements())));
}
+
+
+#ifdef DEBUG
+TEST(PathTracer) {
+ CcTest::InitializeVM();
+ v8::HandleScope scope(CcTest::isolate());
+
+ v8::Local<v8::Value> result = CompileRun("'abc'");
+ Handle<Object> o = v8::Utils::OpenHandle(*result);
+ CcTest::i_isolate()->heap()->TracePathToObject(*o);
+}
+#endif // DEBUG
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
