[turbofan] Add inlining guards to Runtime_NewArguments.

This adds debug code that makes sure that the runtime functions that
materialize arguments objects, {Runtime_New[Sloppy|Strict]Arguments},
are not being called from within an inlined scope. They would produce
wrong results and we should avoid producing code that does this.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1343763002

Cr-Commit-Position: refs/heads/master@{#30761}

diff --git a/src/frames.cc b/src/frames.cc
index 0b3534e..2ddb420 100644 (file)
--- a/src/frames.cc
+++ b/src/frames.cc
@@ -727,6 +727,13 @@ bool JavaScriptFrame::IsConstructor() const {
 }
 
 
+bool JavaScriptFrame::HasInlinedFrames() {
+  List<JSFunction*> functions(1);
+  GetFunctions(&functions);
+  return functions.length() > 1;
+}
+
+
 Object* JavaScriptFrame::GetOriginalConstructor() const {
   Address fp = caller_fp();
   if (has_adapted_arguments()) {

diff --git a/src/frames.h b/src/frames.h
index 5711f39..d6bfd7a 100644 (file)
--- a/src/frames.h
+++ b/src/frames.h
@@ -576,6 +576,10 @@ class JavaScriptFrame: public StandardFrame {
   // Check if this frame is a constructor frame invoked through 'new'.
   bool IsConstructor() const;
 
+  // Determines whether this frame includes inlined activations. To get details
+  // about the inlined frames use {GetFunctions} and {Summarize}.
+  bool HasInlinedFrames();
+
   // Returns the original constructor function that was used in the constructor
   // call to this frame. Note that this is only valid on constructor frames.
   Object* GetOriginalConstructor() const;

diff --git a/src/runtime/runtime-scopes.cc b/src/runtime/runtime-scopes.cc
index 1aa6611..cf0429f 100644 (file)
--- a/src/runtime/runtime-scopes.cc
+++ b/src/runtime/runtime-scopes.cc
@@ -542,6 +542,12 @@ RUNTIME_FUNCTION(Runtime_NewSloppyArguments) {
   CONVERT_ARG_HANDLE_CHECKED(JSFunction, callee, 0);
   Object** parameters = reinterpret_cast<Object**>(args[1]);
   CONVERT_SMI_ARG_CHECKED(argument_count, 2);
+#ifdef DEBUG
+  // This runtime function does not materialize the correct arguments when the
+  // caller has been inlined, better make sure we are not hitting that case.
+  JavaScriptFrameIterator it(isolate);
+  DCHECK(!it.frame()->HasInlinedFrames());
+#endif  // DEBUG
   return *NewSloppyArguments(isolate, callee, parameters, argument_count);
 }
 
@@ -552,6 +558,12 @@ RUNTIME_FUNCTION(Runtime_NewStrictArguments) {
   CONVERT_ARG_HANDLE_CHECKED(JSFunction, callee, 0)
   Object** parameters = reinterpret_cast<Object**>(args[1]);
   CONVERT_SMI_ARG_CHECKED(argument_count, 2);
+#ifdef DEBUG
+  // This runtime function does not materialize the correct arguments when the
+  // caller has been inlined, better make sure we are not hitting that case.
+  JavaScriptFrameIterator it(isolate);
+  DCHECK(!it.frame()->HasInlinedFrames());
+#endif  // DEBUG
   return *NewStrictArguments(isolate, callee, parameters, argument_count);
 }