Every place where AllocationMemento is initialized with an

AllocationSite is now checked to be sure a valid Site goes in. This is temporary code to diagnose chromium bug 284577. (This is a second attempt, the first attempt ran into the problem of undefined ordering of function calls in Windows and Mac optimized builds, see the fixes in code-stubs-hydrogen.cc). BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/23440035 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16719 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Every place where AllocationMemento is initialized with an
AllocationSite is now checked to be sure a valid Site goes in. This is temporary code to diagnose chromium bug 284577. (This is a second attempt, the first attempt ran into the problem of undefined ordering of function calls in Windows and Mac optimized builds, see the fixes in code-stubs-hydrogen.cc). BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/23440035 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16719 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
516339cb · mvstanton@chromium.org · 31105962 · 516339cb · 516339cb · 516339cb
Commit 516339cb authored Sep 13, 2013 by mvstanton@chromium.org
Show whitespace changes
Inline Side-by-side

Showing with 50 additions and 20 deletions

code-stubs-hydrogen.cc src/code-stubs-hydrogen.cc +25 -20

heap.cc src/heap.cc +12 -0

hydrogen.cc src/hydrogen.cc +13 -0

No files found.
--- a/src/code-stubs-hydrogen.cc
+++ b/src/code-stubs-hydrogen.cc
@@ -357,40 +357,45 @@ HValue* CodeStubGraphBuilder<FastCloneShallowArrayStub>::BuildCodeStub() {

  HObjectAccess access = HObjectAccess::ForAllocationSiteTransitionInfo();
  HInstruction* boilerplate = Add<HLoadNamedField>(allocation_site, access);
+  HValue* push_value;
  if (mode == FastCloneShallowArrayStub::CLONE_ANY_ELEMENTS) {
    HValue* elements = AddLoadElements(boilerplate);

    IfBuilder if_fixed_cow(this);
    if_fixed_cow.If<HCompareMap>(elements, factory->fixed_cow_array_map());
    if_fixed_cow.Then();
-    environment()->Push(BuildCloneShallowArray(boilerplate,
+    push_value = BuildCloneShallowArray(boilerplate,
                                        allocation_site,
                                        alloc_site_mode,
                                        FAST_ELEMENTS,
-                                               0/*copy-on-write*/));
+                                        0/*copy-on-write*/);
+    environment()->Push(push_value);
    if_fixed_cow.Else();

    IfBuilder if_fixed(this);
    if_fixed.If<HCompareMap>(elements, factory->fixed_array_map());
    if_fixed.Then();
-    environment()->Push(BuildCloneShallowArray(boilerplate,
+    push_value = BuildCloneShallowArray(boilerplate,
                                        allocation_site,
                                        alloc_site_mode,
                                        FAST_ELEMENTS,
-                                               length));
+                                        length);
+    environment()->Push(push_value);
    if_fixed.Else();
-    environment()->Push(BuildCloneShallowArray(boilerplate,
+    push_value = BuildCloneShallowArray(boilerplate,
                                        allocation_site,
                                        alloc_site_mode,
                                        FAST_DOUBLE_ELEMENTS,
-                                               length));
+                                        length);
+    environment()->Push(push_value);
  } else {
    ElementsKind elements_kind = casted_stub()->ComputeElementsKind();
-    environment()->Push(BuildCloneShallowArray(boilerplate,
+    push_value = BuildCloneShallowArray(boilerplate,
                                        allocation_site,
                                        alloc_site_mode,
                                        elements_kind,
-                                               length));
+                                        length);
+    environment()->Push(push_value);
  }

  checker.ElseDeopt("Uninitialized boilerplate literals");

--- a/src/heap.cc
+++ b/src/heap.cc
@@ -4310,6 +4310,10 @@ MaybeObject* Heap::AllocateWithAllocationSite(Map* map, AllocationSpace space,
  AllocationMemento* alloc_memento = reinterpret_cast<AllocationMemento*>(
      reinterpret_cast<Address>(result) + map->instance_size());
  alloc_memento->set_map_no_write_barrier(allocation_memento_map());
+
+  // TODO(mvstanton): To diagnose bug 284577, some extra checks
+  CHECK(allocation_site->map() == allocation_site_map());
+
  alloc_memento->set_allocation_site(*allocation_site, SKIP_WRITE_BARRIER);
  return result;
 }
@@ -5053,6 +5057,10 @@ MaybeObject* Heap::CopyJSObjectWithAllocationSite(
      AllocationMemento* alloc_memento;
      if (maybe_alloc_memento->To(&alloc_memento)) {
        alloc_memento->set_map_no_write_barrier(allocation_memento_map());
+
+        // TODO(mvstanton): To diagnose bug 284577, some extra checks
+        CHECK(site->map() == allocation_site_map());
+
        alloc_memento->set_allocation_site(site, SKIP_WRITE_BARRIER);
      }
    }
@@ -5075,6 +5083,10 @@ MaybeObject* Heap::CopyJSObjectWithAllocationSite(
    AllocationMemento* alloc_memento = reinterpret_cast<AllocationMemento*>(
        reinterpret_cast<Address>(clone) + object_size);
    alloc_memento->set_map_no_write_barrier(allocation_memento_map());
+
+    // TODO(mvstanton): To diagnose bug 284577, some extra checks
+    CHECK(site->map() == allocation_site_map());
+
    alloc_memento->set_allocation_site(site, SKIP_WRITE_BARRIER);
  }


--- a/src/hydrogen.cc
+++ b/src/hydrogen.cc
@@ -1831,6 +1831,19 @@ HValue* HGraphBuilder::BuildCreateAllocationMemento(HValue* previous_object,
  Handle<Map> alloc_memento_map(
      isolate()->heap()->allocation_memento_map());
  AddStoreMapConstant(alloc_memento, alloc_memento_map);
+
+  {
+    // TODO(mvstanton): the code below is turned on to diagnose chromium bug
+    // 284577.
+    Handle<Map> alloc_site_map(isolate()->heap()->allocation_site_map());
+    IfBuilder builder(this);
+    builder.If<HCompareMap>(alloc_site, alloc_site_map);
+    builder.Then();
+    builder.Else();
+    Add<HDebugBreak>();
+    builder.End();
+  }
+
  HObjectAccess access = HObjectAccess::ForAllocationMementoSite();
  Add<HStoreNamedField>(alloc_memento, access, alloc_site);
  return alloc_memento;