[deoptimizer] Do not pass arguments markers to the debugger.

This fixes a bug introduced by r28826 (Unify decoding of deoptimization translations, https://codereview.chromium.org/1136223004), where we started leaking arguments marker sentinel to the debugger, which would then cause crashes. This change replaces the sentinel with the undefined value in the debugger-inspectable frame. BUG=chromium:514362 LOG=n R=yangguo@chromium.org Review URL: https://codereview.chromium.org/1263333002 Cr-Commit-Position: refs/heads/master@{#29971}

[deoptimizer] Do not pass arguments markers to the debugger.
This fixes a bug introduced by r28826 (Unify decoding of deoptimization translations, https://codereview.chromium.org/1136223004), where we started leaking arguments marker sentinel to the debugger, which would then cause crashes. This change replaces the sentinel with the undefined value in the debugger-inspectable frame. BUG=chromium:514362 LOG=n R=yangguo@chromium.org Review URL: https://codereview.chromium.org/1263333002 Cr-Commit-Position: refs/heads/master@{#29971}
f8dcbf46 · jarin · Commit bot · 6ab1f70e · f8dcbf46 · f8dcbf46
Commit f8dcbf46 authored Aug 03, 2015 by jarin Committed by Commit bot Aug 03, 2015
Show whitespace changes
Inline Side-by-side

Showing with 53 additions and 2 deletions

deoptimizer.cc src/deoptimizer.cc +12 -2

debug-materialized.js test/mjsunit/debug-materialized.js +41 -0

No files found.
--- a/src/deoptimizer.cc
+++ b/src/deoptimizer.cc
@@ -2266,7 +2266,12 @@ DeoptimizedFrameInfo::DeoptimizedFrameInfo(Deoptimizer* deoptimizer,
  source_position_ = code->SourcePosition(pc);
  for (int i = 0; i < expression_count_; i++) {
-    SetExpression(i, output_frame->GetExpression(i));
+    Object* value = output_frame->GetExpression(i);
+    // Replace materialization markers with the undefined value.
+    if (value == deoptimizer->isolate()->heap()->arguments_marker()) {
+      value = deoptimizer->isolate()->heap()->undefined_value();
+    }
+    SetExpression(i, value);
  }
  if (has_arguments_adaptor) {
@@ -2277,7 +2282,12 @@ DeoptimizedFrameInfo::DeoptimizedFrameInfo(Deoptimizer* deoptimizer,
  parameters_count_ = output_frame->ComputeParametersCount();
  parameters_ = new Object* [parameters_count_];
  for (int i = 0; i < parameters_count_; i++) {
-    SetParameter(i, output_frame->GetParameter(i));
+    Object* value = output_frame->GetParameter(i);
+    // Replace materialization markers with the undefined value.
+    if (value == deoptimizer->isolate()->heap()->arguments_marker()) {
+      value = deoptimizer->isolate()->heap()->undefined_value();
+    }
+    SetParameter(i, value);
  }
 }

--- a/test/mjsunit/debug-materialized.js
+++ b/test/mjsunit/debug-materialized.js
+// Copyright 2015 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+// Flags: --allow-natives-syntax --expose-debug-as debug
+function dbg(x) {
+  debugger;
+}
+function foo() {
+  arguments[0];
+  dbg();
+}
+function bar() {
+  var t = { a : 1 };
+  dbg();
+  return t.a;
+}
+foo(1);
+foo(1);
+bar(1);
+bar(1);
+%OptimizeFunctionOnNextCall(foo);
+%OptimizeFunctionOnNextCall(bar);
+var Debug = debug.Debug;
+Debug.setListener(function(event, exec_state, event_data, data) {
+  if (event != Debug.DebugEvent.Break) return;
+  for (var i = 0; i < exec_state.frameCount(); i++) {
+    var f = exec_state.frame(i);
+    for (var j = 0; j < f.localCount(); j++) {
+      print("'" + f.localName(j) + "' = " + f.localValue(j).value());
+    }
+  }
+});
+foo(1);
+bar(1);