change is gc unsafe: please transitively check that all callers of LoadHeapObject can cope with GC (either handlified or don't use raw pointers across gcs).
http://codereview.chromium.org/8111006/diff/15001/src/arm/macro-assembler-arm.cc File src/arm/macro-assembler-arm.cc (right): http://codereview.chromium.org/8111006/diff/15001/src/arm/macro-assembler-arm.cc#newcode1120 src/arm/macro-assembler-arm.cc:1120: LoadHeapObject(r1, Handle<JSFunction>(function)); Some callers of InvokeFunction are not handlified and use raw pointer across invocation of InvokeFunction. see for example CompileStringFromCharCodeCall variable name is used after InvokeFunction is called. http://codereview.chromium.org/8111006/diff/15001/src/arm/stub-cache-arm.cc File src/arm/stub-cache-arm.cc (right): http://codereview.chromium.org/8111006/diff/15001/src/arm/stub-cache-arm.cc#newcode568 src/arm/stub-cache-arm.cc:568: static MaybeObject* GenerateFastApiDirectCall( This function returns MaybeObject* Some callers might not be able to survive GC in LoadHeapObject (cell allocation). Maybe introduce TryLoadHeapObject that tries to allocate cell and returns failure if fails. http://codereview.chromium.org/8111006/diff/15001/src/arm/stub-cache-arm.cc#newcode1192 src/arm/stub-cache-arm.cc:1192: void StubCompiler::GenerateLoadConstant(JSObject* object, some callers of this function are not handlfied and use raw pointers across invocations of GenerateLoadConstant. http://codereview.chromium.org/8111006/diff/15001/src/ia32/macro-assembler-ia32.cc File src/ia32/macro-assembler-ia32.cc (right): http://codereview.chromium.org/8111006/diff/15001/src/ia32/macro-assembler-ia32.cc#newcode2059 src/ia32/macro-assembler-ia32.cc:2059: void MacroAssembler::InvokeFunction(JSFunction* function, probably not gc safe. check all callers. http://codereview.chromium.org/8111006/diff/15001/src/ia32/stub-cache-ia32.cc File src/ia32/stub-cache-ia32.cc (right): http://codereview.chromium.org/8111006/diff/15001/src/ia32/stub-cache-ia32.cc#newcode415 src/ia32/stub-cache-ia32.cc:415: static MaybeObject* GenerateFastApiCall(MacroAssembler* masm, check all callers for gc safeness. http://codereview.chromium.org/8111006/diff/15001/src/ia32/stub-cache-ia32.cc#newcode1109 src/ia32/stub-cache-ia32.cc:1109: void StubCompiler::GenerateLoadConstant(JSObject* object, check all callers for gc safeness. http://codereview.chromium.org/8111006/diff/15001/src/x64/macro-assembler-x64.cc File src/x64/macro-assembler-x64.cc (right): http://codereview.chromium.org/8111006/diff/15001/src/x64/macro-assembler-x64.cc#newcode3099 src/x64/macro-assembler-x64.cc:3099: void MacroAssembler::InvokeFunction(JSFunction* function, check all callers for gc safeness. http://codereview.chromium.org/8111006/diff/15001/src/x64/stub-cache-x64.cc File src/x64/stub-cache-x64.cc (right): http://codereview.chromium.org/8111006/diff/15001/src/x64/stub-cache-x64.cc#newcode406 src/x64/stub-cache-x64.cc:406: static MaybeObject* GenerateFastApiCall(MacroAssembler* masm, check all callers for gc safeness. http://codereview.chromium.org/8111006/diff/15001/src/x64/stub-cache-x64.cc#newcode1084 src/x64/stub-cache-x64.cc:1084: void StubCompiler::GenerateLoadConstant(JSObject* object, check all callers for gc safeness. http://codereview.chromium.org/8111006/ -- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev
