[v8-dev] Fix GC bug... (issue546068)

Mon, 18 Jan 2010 06:03:00 -0800 

Reviewers: Lasse Reichstein,

Description:
Fix GC bug
The patching of the receiver added in r3616 was not GC-safe and could leave a failure object in place of the receiver if allocation of the wrapper JS object 
failed.

Please review this at http://codereview.chromium.org/546068

SVN Base: http://v8.googlecode.com/svn/branches/bleeding_edge/

Affected files:
  M     src/factory.h
  M     src/factory.cc
  M     src/ic.h
  M     src/ic.cc


Index: src/ic.cc
===================================================================
--- src/ic.cc   (revision 3627)
+++ src/ic.cc   (working copy)
@@ -378,7 +378,7 @@
   return *delegate;
 }

-void CallIC::ReceiverToObject(Object* object) {
+void CallIC::ReceiverToObject(Handle<Object> object) {
   HandleScope scope;
   Handle<Object> receiver(object);

@@ -387,7 +387,7 @@
   StackFrameLocator locator;
   JavaScriptFrame* frame = locator.FindJavaScriptFrame(0);
   int index = frame->ComputeExpressionsCount() - (argc + 1);
-  frame->SetExpression(index, object->ToObject());
+  frame->SetExpression(index, *Factory::ToObject(object));
 }


@@ -401,7 +401,7 @@
   }

   if (object->IsString() || object->IsNumber() || object->IsBoolean()) {
-    ReceiverToObject(*object);
+    ReceiverToObject(object);
   }

   // Check if the name is trivially convertible to an index and get
Index: src/ic.h
===================================================================
--- src/ic.h    (revision 3627)
+++ src/ic.h    (working copy)
@@ -209,7 +209,7 @@
   // Otherwise, it returns the undefined value.
   Object* TryCallAsFunction(Object* object);

-  void ReceiverToObject(Object* object);
+  void ReceiverToObject(Handle<Object> object);

   static void Clear(Address address, Code* target);
   friend class IC;
Index: src/factory.h
===================================================================
--- src/factory.h       (revision 3627)
+++ src/factory.h       (working copy)
@@ -229,6 +229,7 @@

   static Handle<Code> CopyCode(Handle<Code> code);

+  static Handle<Object> ToObject(Handle<Object> object);
   static Handle<Object> ToObject(Handle<Object> object,
                                  Handle<Context> global_context);

Index: src/factory.cc
===================================================================
--- src/factory.cc      (revision 3627)
+++ src/factory.cc      (working copy)
@@ -718,6 +718,11 @@
 }


+Handle<Object> Factory::ToObject(Handle<Object> object) {
+  CALL_HEAP_FUNCTION(object->ToObject(), Object);
+}
+
+
 Handle<Object> Factory::ToObject(Handle<Object> object,
                                  Handle<Context> global_context) {
   CALL_HEAP_FUNCTION(object->ToObject(*global_context), Object);



-- 
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

Reply via email to