Commit a77daae9 authored by danno@chromium.org's avatar danno@chromium.org

Add additional flags to control array abuse tracing

R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/12211095

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13632 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
parent 3b08a1f8
......@@ -504,7 +504,8 @@ static void TraceTopFrame() {
}
void CheckArrayAbuse(JSObject* obj, const char* op, uint32_t key) {
void CheckArrayAbuse(JSObject* obj, const char* op, uint32_t key,
bool allow_appending) {
Object* raw_length = NULL;
const char* elements_type = "array";
if (obj->IsJSArray()) {
......@@ -519,7 +520,9 @@ void CheckArrayAbuse(JSObject* obj, const char* op, uint32_t key) {
double n = raw_length->Number();
if (FastI2D(FastD2UI(n)) == n) {
int32_t int32_length = DoubleToInt32(n);
if (key >= static_cast<uint32_t>(int32_length)) {
uint32_t compare_length = static_cast<uint32_t>(int32_length);
if (allow_appending) compare_length++;
if (key >= compare_length) {
PrintF("[OOB %s %s (%s length = %d, element accessed = %d) in ",
elements_type, op, elements_type,
static_cast<int>(int32_length),
......@@ -628,8 +631,14 @@ class ElementsAccessorBase : public ElementsAccessor {
backing_store = holder->elements();
}
if (FLAG_trace_array_abuse) {
CheckArrayAbuse(holder, "element read", key);
if (!IsExternalArrayElementsKind(ElementsTraits::Kind) &&
FLAG_trace_js_array_abuse) {
CheckArrayAbuse(holder, "elements read", key);
}
if (IsExternalArrayElementsKind(ElementsTraits::Kind) &&
FLAG_trace_external_array_abuse) {
CheckArrayAbuse(holder, "external elements read", key);
}
return ElementsAccessorSubclass::GetImpl(
......
......@@ -197,7 +197,8 @@ class ElementsAccessor {
DISALLOW_COPY_AND_ASSIGN(ElementsAccessor);
};
void CheckArrayAbuse(JSObject* obj, const char* op, uint32_t key);
void CheckArrayAbuse(JSObject* obj, const char* op, uint32_t key,
bool allow_appending = false);
} } // namespace v8::internal
......
......@@ -363,7 +363,14 @@ DEFINE_bool(cache_prototype_transitions, true, "cache prototype transitions")
// debug.cc
DEFINE_bool(trace_debug_json, false, "trace debugging JSON request/response")
DEFINE_bool(trace_array_abuse, false, "trace out-of-bounds array accesses")
DEFINE_bool(trace_js_array_abuse, false,
"trace out-of-bounds accesses to JS arrays")
DEFINE_bool(trace_external_array_abuse, false,
"trace out-of-bounds-accesses to external arrays")
DEFINE_bool(trace_array_abuse, false,
"trace out-of-bounds accesses to all arrays")
DEFINE_implication(trace_array_abuse, trace_js_array_abuse)
DEFINE_implication(trace_array_abuse, trace_external_array_abuse)
DEFINE_bool(debugger_auto_break, true,
"automatically set the debug break flag when debugger commands are "
"in the queue")
......
......@@ -10405,9 +10405,14 @@ MaybeObject* JSObject::SetElementWithoutInterceptor(uint32_t index,
HasDictionaryArgumentsElements() ||
(attr & (DONT_DELETE | DONT_ENUM | READ_ONLY)) == 0);
Isolate* isolate = GetIsolate();
if (FLAG_trace_array_abuse) {
if (IsExternalArrayElementsKind(GetElementsKind())) {
CheckArrayAbuse(this, "external elements write", index);
if (FLAG_trace_external_array_abuse &&
IsExternalArrayElementsKind(GetElementsKind())) {
CheckArrayAbuse(this, "external elements write", index);
}
if (FLAG_trace_js_array_abuse &&
!IsExternalArrayElementsKind(GetElementsKind())) {
if (IsJSArray()) {
CheckArrayAbuse(this, "elements write", index, true);
}
}
switch (GetElementsKind()) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment