0d8ec36b36
This fixes a crash when using --trace-ic on Arm64 debug. For a given return address, the assembler's `target_address_from_return_address()` method will displace it to give you the call-site address. However, this is fragile because it needs to decode the instruction stream to distinguish between different call sequences. So it triggered an assertion on Arm64 because we now use BL for builtin to buitin calls. We only use this when tracing IC states to detect if the caller is a deoptimized function. But to do this it doesn't matter if the address we have is the return or the call-site address. So we can just remove the need for the fragile Assembler method. As a drive-by, also remove `return_address_from_call_start()` which was doing the opposite and was unused. Change-Id: I5988d17eadd1652ed85d662e62bc4c579665dd31 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1594566 Commit-Queue: Pierre Langlois <pierre.langlois@arm.com> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#61337}
63 lines
1.4 KiB
JavaScript
63 lines
1.4 KiB
JavaScript
// Copyright 2019 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --trace-ic --logfile=test/mjsunit/tools/trace-ic-test.log
|
|
// Flags: --allow-natives-syntax
|
|
|
|
// The idea behind this test is to make sure we do not crash when using the
|
|
// --trace-ic flag.
|
|
|
|
|
|
(function testLoadIC() {
|
|
function loadIC(obj) {
|
|
return obj.field;
|
|
}
|
|
|
|
%EnsureFeedbackVectorForFunction(loadIC);
|
|
|
|
var obj = {field: 'hello'};
|
|
loadIC(obj);
|
|
loadIC(obj);
|
|
loadIC(obj);
|
|
})();
|
|
|
|
(function testStoreIC() {
|
|
function storeIC(obj, value) {
|
|
return obj.field = value;
|
|
}
|
|
|
|
%EnsureFeedbackVectorForFunction(storeIC);
|
|
|
|
var obj = {field: 'hello'};
|
|
storeIC(obj, 'world');
|
|
storeIC(obj, 'world');
|
|
storeIC(obj, 'world');
|
|
})();
|
|
|
|
(function testKeyedLoadIC() {
|
|
function keyedLoadIC(obj, field) {
|
|
return obj[field];
|
|
}
|
|
|
|
%EnsureFeedbackVectorForFunction(keyedLoadIC);
|
|
|
|
var obj = {field: 'hello'};
|
|
keyedLoadIC(obj, 'field');
|
|
keyedLoadIC(obj, 'field');
|
|
keyedLoadIC(obj, 'field');
|
|
})();
|
|
|
|
(function testKeyedStoreIC() {
|
|
function keyedStoreIC(obj, field, value) {
|
|
return obj[field] = value;
|
|
}
|
|
|
|
%EnsureFeedbackVectorForFunction(keyedStoreIC);
|
|
|
|
var obj = {field: 'hello'};
|
|
keyedStoreIC(obj, 'field', 'world');
|
|
keyedStoreIC(obj, 'field', 'world');
|
|
keyedStoreIC(obj, 'field', 'world');
|
|
})();
|