On 2012/11/22 12:31:52, Yang wrote:
On 2012/11/20 17:30:42, Vyacheslav Egorov (Google) wrote:
> sorry for the review delay, was travelling.
>
> https://codereview.chromium.org/11377158/diff/11001/src/heap.cc
> File src/heap.cc (right):
>
>
https://codereview.chromium.org/11377158/diff/11001/src/heap.cc#newcode7459
> src/heap.cc:7459: if (!getter_fun->shared()->native()) continue;
> I don't think this can guard you well enough. Here is an idea: I steal a
> function that is known to be native and that has a very predictable
behavior
> e.g. Array.prototype.pop and then I install my own getter on .length
because
pop
> is known to access it. This way I can track when pop is called
(JavaScript
is
> fun).
>
> What about using function IDs (that Crankshaft uses for optimization) to
detect
> this case safely? You'll need to introduce %SetFunctionId thingy though
or
> something...
On 2012/11/20 17:30:42, Vyacheslav Egorov (Google) wrote:
> sorry for the review delay, was travelling.
>
> https://codereview.chromium.org/11377158/diff/11001/src/heap.cc
> File src/heap.cc (right):
>
>
https://codereview.chromium.org/11377158/diff/11001/src/heap.cc#newcode7459
> src/heap.cc:7459: if (!getter_fun->shared()->native()) continue;
> I don't think this can guard you well enough. Here is an idea: I steal a
> function that is known to be native and that has a very predictable
behavior
> e.g. Array.prototype.pop and then I install my own getter on .length
because
pop
> is known to access it. This way I can track when pop is called
(JavaScript
is
> fun).
>
> What about using function IDs (that Crankshaft uses for optimization) to
detect
> this case safely? You'll need to introduce %SetFunctionId thingy though
or
> something...
Please take yet another look...
- I use a IsBuiltin() check instead of native() to see whether the oneshot
getter is the expected one.
- I changed FormatRawStackTrace to use %_CallFunction instead of
Array.prototype.{push,join} so that you can't observe it being called
lazily
by
overriding Array.prototype.{push,join}
- I changed FormatRawStackTrace so that the toString method of the error
object
is not called lazily, but at the time when the error object is created, so
that
the formatting the stack trace is not observable because of stringifying
the
error.
This has been a while...
Switched to hidden properties to mark one shot getters. Please take another
look.
https://codereview.chromium.org/11377158/
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
