Comment #1 on issue 3636 by [email protected]: V8 crashes with global
interceptors
https://code.google.com/p/v8/issues/detail?id=3636
With the current 3.29 branch head (3.29.88.8, modified test program source
attached), the program doesn't crash but goes into a tight infinite loop
here:
RUNTIME_FUNCTION(StorePropertyWithInterceptor) {
HandleScope scope(isolate);
DCHECK(args.length() == 3);
StoreIC ic(IC::NO_EXTRA_FRAME, isolate);
Handle<JSObject> receiver = args.at<JSObject>(0);
Handle<Name> name = args.at<Name>(1);
Handle<Object> value = args.at<Object>(2);
#ifdef DEBUG
PrototypeIterator iter(isolate, receiver,
PrototypeIterator::START_AT_RECEIVER);
bool found = false;
while (!iter.IsAtEnd(PrototypeIterator::END_AT_NON_HIDDEN)) {
Handle<Object> current = PrototypeIterator::GetCurrent(iter);
if (current->IsJSObject() &&
Handle<JSObject>::cast(current)->HasNamedInterceptor()) {
found = true;
break;
}
}
DCHECK(found);
#endif
Handle<Object> result;
ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
isolate, result,
JSObject::SetProperty(receiver, name, value, ic.strict_mode()));
return *result;
}
Attachments:
V8Test2.cpp 1.4 KB
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
