Correctly handlify two frame {Summarize} methods

{JavaScriptFrame::GetParameters} allocates a new {FixedArray}, hence all object references need to be handified to survive that allocation. R=mstarzinger@chromium.org Bug: chromium:1000635 Change-Id: I76df5ac109bdb6999fe897bdafaf2175344ecca4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1787429Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#63583}

Correctly handlify two frame {Summarize} methods
{JavaScriptFrame::GetParameters} allocates a new {FixedArray}, hence all object references need to be handified to survive that allocation. R=mstarzinger@chromium.org Bug: chromium:1000635 Change-Id: I76df5ac109bdb6999fe897bdafaf2175344ecca4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1787429Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#63583}
fba03abc · Clemens Hammacher · Commit Bot · 470e6857 · fba03abc · fba03abc
Commit fba03abc authored Sep 05, 2019 by Clemens Hammacher Committed by Commit Bot Sep 05, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 21 additions and 5 deletions

frames.cc src/execution/frames.cc +6 -5

regress-1000635.js test/mjsunit/regress/regress-1000635.js +15 -0

No files found.
--- a/src/execution/frames.cc
+++ b/src/execution/frames.cc
@@ -1147,11 +1147,11 @@ void JavaScriptFrame::Summarize(std::vector<FrameSummary>* functions) const {
  DCHECK(functions->empty());
  Code code = LookupCode();
  int offset = static_cast<int>(pc() - code.InstructionStart());
-  AbstractCode abstract_code = AbstractCode::cast(code);
+  Handle<AbstractCode> abstract_code(AbstractCode::cast(code), isolate());
  Handle<FixedArray> params = GetParameters();
  FrameSummary::JavaScriptFrameSummary summary(
-      isolate(), receiver(), function(), abstract_code, offset, IsConstructor(),
-      *params);
+      isolate(), receiver(), function(), *abstract_code, offset,
+      IsConstructor(), *params);
  functions->push_back(summary);
 }

@@ -1824,10 +1824,11 @@ void InterpretedFrame::WriteInterpreterRegister(int register_index,

 void InterpretedFrame::Summarize(std::vector<FrameSummary>* functions) const {
  DCHECK(functions->empty());
-  AbstractCode abstract_code = AbstractCode::cast(GetBytecodeArray());
+  Handle<AbstractCode> abstract_code(AbstractCode::cast(GetBytecodeArray()),
+                                     isolate());
  Handle<FixedArray> params = GetParameters();
  FrameSummary::JavaScriptFrameSummary summary(
-      isolate(), receiver(), function(), abstract_code, GetBytecodeOffset(),
+      isolate(), receiver(), function(), *abstract_code, GetBytecodeOffset(),
      IsConstructor(), *params);
  functions->push_back(summary);
 }

--- a/test/mjsunit/regress/regress-1000635.js
+++ b/test/mjsunit/regress/regress-1000635.js
+// Copyright 2019 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --stress-compaction --detailed-error-stack-trace --gc-interval=1
+
+function add(a, b) {
+  throw new Error();
+}
+for (let i = 0; i < 100; ++i) {
+  try {
+    add(1, 2);
+  } catch (e) {
+  }
+}