From d0e77b290922fb4f2978d4635e7269447b593e71 Mon Sep 17 00:00:00 2001 From: mstarzinger Date: Wed, 16 Sep 2015 04:32:54 -0700 Subject: [PATCH] [turbofan] Add inlining guards to Runtime_NewArguments. This adds debug code that makes sure that the runtime functions that materialize arguments objects, {Runtime_New[Sloppy|Strict]Arguments}, are not being called from within an inlined scope. They would produce wrong results and we should avoid producing code that does this. R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/1343763002 Cr-Commit-Position: refs/heads/master@{#30761} --- src/frames.cc | 7 +++++++ src/frames.h | 4 ++++ src/runtime/runtime-scopes.cc | 12 ++++++++++++ 3 files changed, 23 insertions(+) diff --git a/src/frames.cc b/src/frames.cc index 0b3534e..2ddb420 100644 --- a/src/frames.cc +++ b/src/frames.cc @@ -727,6 +727,13 @@ bool JavaScriptFrame::IsConstructor() const { } +bool JavaScriptFrame::HasInlinedFrames() { + List functions(1); + GetFunctions(&functions); + return functions.length() > 1; +} + + Object* JavaScriptFrame::GetOriginalConstructor() const { Address fp = caller_fp(); if (has_adapted_arguments()) { diff --git a/src/frames.h b/src/frames.h index 5711f39..d6bfd7a 100644 --- a/src/frames.h +++ b/src/frames.h @@ -576,6 +576,10 @@ class JavaScriptFrame: public StandardFrame { // Check if this frame is a constructor frame invoked through 'new'. bool IsConstructor() const; + // Determines whether this frame includes inlined activations. To get details + // about the inlined frames use {GetFunctions} and {Summarize}. + bool HasInlinedFrames(); + // Returns the original constructor function that was used in the constructor // call to this frame. Note that this is only valid on constructor frames. Object* GetOriginalConstructor() const; diff --git a/src/runtime/runtime-scopes.cc b/src/runtime/runtime-scopes.cc index 1aa6611..cf0429f 100644 --- a/src/runtime/runtime-scopes.cc +++ b/src/runtime/runtime-scopes.cc @@ -542,6 +542,12 @@ RUNTIME_FUNCTION(Runtime_NewSloppyArguments) { CONVERT_ARG_HANDLE_CHECKED(JSFunction, callee, 0); Object** parameters = reinterpret_cast(args[1]); CONVERT_SMI_ARG_CHECKED(argument_count, 2); +#ifdef DEBUG + // This runtime function does not materialize the correct arguments when the + // caller has been inlined, better make sure we are not hitting that case. + JavaScriptFrameIterator it(isolate); + DCHECK(!it.frame()->HasInlinedFrames()); +#endif // DEBUG return *NewSloppyArguments(isolate, callee, parameters, argument_count); } @@ -552,6 +558,12 @@ RUNTIME_FUNCTION(Runtime_NewStrictArguments) { CONVERT_ARG_HANDLE_CHECKED(JSFunction, callee, 0) Object** parameters = reinterpret_cast(args[1]); CONVERT_SMI_ARG_CHECKED(argument_count, 2); +#ifdef DEBUG + // This runtime function does not materialize the correct arguments when the + // caller has been inlined, better make sure we are not hitting that case. + JavaScriptFrameIterator it(isolate); + DCHECK(!it.frame()->HasInlinedFrames()); +#endif // DEBUG return *NewStrictArguments(isolate, callee, parameters, argument_count); } -- 2.7.4