Commit eded24d7 authored by ishell@chromium.org's avatar ishell@chromium.org Committed by V8 LUCI CQ

[ext-code-space] Fix StackFrame::ComputeType() broken by recent CL

It's not allowed to call CodeLookupResult::ToCodeT() from the middle
of GC.

Bug: v8:13100, v8:11880
Change-Id: Idd53794a9f881d01dbf0c372fbb698dbd8fecf94
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3785009Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81932}
parent 6925bc09
......@@ -620,6 +620,31 @@ void StackFrame::SetReturnAddressLocationResolver(
return_address_location_resolver_ = resolver;
}
namespace {
template <typename CodeOrCodeT>
inline StackFrame::Type ComputeBuiltinFrameType(CodeOrCodeT code) {
if (code.is_interpreter_trampoline_builtin() ||
// Frames for baseline entry trampolines on the stack are still
// interpreted frames.
code.is_baseline_trampoline_builtin()) {
return StackFrame::INTERPRETED;
}
if (code.is_baseline_leave_frame_builtin()) {
return StackFrame::BASELINE;
}
if (code.is_turbofanned()) {
// TODO(bmeurer): We treat frames for BUILTIN Code objects as
// OptimizedFrame for now (all the builtins with JavaScript
// linkage are actually generated with TurboFan currently, so
// this is sound).
return StackFrame::TURBOFAN;
}
return StackFrame::BUILTIN;
}
} // namespace
StackFrame::Type StackFrame::ComputeType(const StackFrameIteratorBase* iterator,
State* state) {
#if V8_ENABLE_WEBASSEMBLY
......@@ -681,24 +706,13 @@ StackFrame::Type StackFrame::ComputeType(const StackFrameIteratorBase* iterator,
switch (lookup_result.kind()) {
case CodeKind::BUILTIN: {
if (StackFrame::IsTypeMarker(marker)) break;
CodeT code_obj = lookup_result.ToCodeT();
if (code_obj.is_interpreter_trampoline_builtin() ||
// Frames for baseline entry trampolines on the stack are still
// interpreted frames.
code_obj.is_baseline_trampoline_builtin()) {
return INTERPRETED;
}
if (code_obj.is_baseline_leave_frame_builtin()) {
return BASELINE;
}
if (code_obj.is_turbofanned()) {
// TODO(bmeurer): We treat frames for BUILTIN Code objects as
// OptimizedFrame for now (all the builtins with JavaScript
// linkage are actually generated with TurboFan currently, so
// this is sound).
return TURBOFAN;
// We can't use lookup_result.ToCodeT() because we might in the
// middle of GC.
if (lookup_result.IsCodeDataContainer()) {
return ComputeBuiltinFrameType(
CodeT::cast(lookup_result.code_data_container()));
}
return BUILTIN;
return ComputeBuiltinFrameType(lookup_result.code());
}
case CodeKind::BASELINE:
return BASELINE;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment