From: mstarzinger@chromium.org <mstarzinger@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Tue, 19 Mar 2013 16:48:45 +0000 (+0000)
Subject: Add more instrumentation for Code::CopyFrom crasher.
X-Git-Tag: upstream/4.7.83~14812
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=c5c5d35967ebc4ceb0a11bbc1fd86557973add92;p=platform%2Fupstream%2Fv8.git

Add more instrumentation for Code::CopyFrom crasher.

R=jkummerow@chromium.org
BUG=chromium:196330

Review URL: https://codereview.chromium.org/12937004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13991 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---

diff --git a/src/heap.cc b/src/heap.cc
index d65a033..3cf23d0 100644
--- a/src/heap.cc
+++ b/src/heap.cc
@@ -3805,6 +3805,8 @@ MaybeObject* Heap::CreateCode(const CodeDesc& desc,
   }
   // Allow self references to created code object by patching the handle to
   // point to the newly allocated Code object.
+  CHECK(code->IsCode());
+  CHECK(code->relocation_info()->IsByteArray());
   if (!self_reference.is_null()) {
     *(self_reference.location()) = code;
   }
@@ -3813,6 +3815,8 @@ MaybeObject* Heap::CreateCode(const CodeDesc& desc,
   // that are dereferenced during the copy to point directly to the actual heap
   // objects. These pointers can include references to the code object itself,
   // through the self_reference parameter.
+  CHECK(code->IsCode());
+  CHECK(code->relocation_info()->IsByteArray());
   code->CopyFrom(desc);
 
 #ifdef VERIFY_HEAP
diff --git a/src/objects.cc b/src/objects.cc
index 9b7e0a7..00d00d5 100644
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -8813,10 +8813,15 @@ void Code::CopyFrom(const CodeDesc& desc) {
   ASSERT(Marking::Color(this) == Marking::WHITE_OBJECT);
 
   // copy code
+  CHECK(IsCode());
+  CHECK(relocation_info()->IsByteArray());
+  CHECK(reinterpret_cast<intptr_t>(instruction_start()) ==
+        reinterpret_cast<intptr_t>(this) + Code::kHeaderSize - kHeapObjectTag);
   memmove(instruction_start(), desc.buffer, desc.instr_size);
 
   // copy reloc info
   // TODO(mstarzinger): Remove once we found the bug.
+  CHECK(IsCode());
   CHECK(relocation_info()->IsByteArray());
   memmove(relocation_start(),
           desc.buffer + desc.buffer_size - desc.reloc_size,