From 5ff508a82299f20a0d9828cf73072a4f4772fab8 Mon Sep 17 00:00:00 2001
From: mlippautz <mlippautz@chromium.org>
Date: Tue, 28 Jun 2016 05:51:25 -0700
Subject: [PATCH] Add crash instrumentation for crbug.com/621147

BUG=chromium:621147
LOG=N
R=ishell@chromium.org,cbruni@chromium.org

Review-Url: https://codereview.chromium.org/2100313002
Cr-Commit-Position: refs/heads/master@{#37328}
---
 src/ic/ic.cc | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/src/ic/ic.cc b/src/ic/ic.cc
index 162e282d6a3..53dbe694eb3 100644
--- a/src/ic/ic.cc
+++ b/src/ic/ic.cc
@@ -2535,6 +2535,27 @@ MaybeHandle<Object> BinaryOpIC::Transition(
     Handle<Object> right) {
   BinaryOpICState state(isolate(), extra_ic_state());
 
+#ifdef V8_TARGET_ARCH_X64
+  // Crash instrumentation for crbug.com/621147.
+  uintptr_t left_raw = reinterpret_cast<uintptr_t>(*left);
+  uintptr_t hole_raw =
+      reinterpret_cast<uintptr_t>(isolate()->heap()->the_hole_value());
+  if ((hole_raw & ((1ull << 32) - 1)) == (left_raw & ((1ull << 32) - 1))) {
+    Code* c = GetCode();
+    Code::Kind kind = c->kind();
+    int instruction_size = c->instruction_size() + 2 * sizeof(Address);
+    byte* instructions = static_cast<byte*>(alloca(instruction_size));
+    Address* start = reinterpret_cast<Address*>(instructions);
+    start[0] = fp();
+    start[1] = pc();
+    for (int i = 2 * sizeof(Address); i < instruction_size; i++) {
+      instructions[i] = c->instruction_start()[i];
+    }
+    isolate()->PushStackTraceAndDie(0xBAAAAAAD, instructions, fp(),
+                                    static_cast<unsigned int>(kind));
+  }
+#endif  // V8_TARGET_ARCH_X64
+
   // Compute the actual result using the builtin for the binary operation.
   Handle<Object> result;
   switch (state.op()) {