[v8-dev] Fix GC bug with missing handle. Bug=133618 (issue 10559083)

erik . corry Wed, 20 Jun 2012 06:33:23 -0700

Reviewers: Yang,

Description:
Fix GC bug with missing handle. Bug=133618


Please review this at https://chromiumcodereview.appspot.com/10559083/

SVN Base: http://v8.googlecode.com/svn/branches/bleeding_edge/

Affected files:
  M     src/arm/lithium-codegen-arm.cc
  M     src/ia32/lithium-codegen-ia32.cc
  M     src/mips/lithium-codegen-mips.cc
  M     src/x64/lithium-codegen-x64.cc


Index: src/arm/lithium-codegen-arm.cc
===================================================================
--- src/arm/lithium-codegen-arm.cc      (revision 11873)
+++ src/arm/lithium-codegen-arm.cc      (working copy)
@@ -2597,15 +2597,15 @@
   } else {
     // Negative lookup.
     // Check prototypes.
-    HeapObject* current = HeapObject::cast((*type)->prototype());
+    Handle<HeapObject> current(HeapObject::cast((*type)->prototype()));
     Heap* heap = type->GetHeap();
-    while (current != heap->null_value()) {
-      Handle<HeapObject> link(current);
-      __ LoadHeapObject(result, link);
+    while (*current != heap->null_value()) {
+      __ LoadHeapObject(result, current);
       __ ldr(result, FieldMemOperand(result, HeapObject::kMapOffset));
-      __ cmp(result, Operand(Handle<Map>(JSObject::cast(current)->map())));
+      __ cmp(result, Operand(Handle<Map>(current->map())));
       DeoptimizeIf(ne, env);
-      current = HeapObject::cast(current->map()->prototype());
+      current =

+Handle<HeapObject>(HeapObject::cast(current->map()->prototype()));

     }
     __ LoadRoot(result, Heap::kUndefinedValueRootIndex);
   }
Index: src/ia32/lithium-codegen-ia32.cc
===================================================================
--- src/ia32/lithium-codegen-ia32.cc    (revision 11873)
+++ src/ia32/lithium-codegen-ia32.cc    (working copy)
@@ -2327,15 +2327,15 @@
   } else {
     // Negative lookup.
     // Check prototypes.
-    HeapObject* current = HeapObject::cast((*type)->prototype());
+    Handle<HeapObject> current(HeapObject::cast((*type)->prototype()));
     Heap* heap = type->GetHeap();
-    while (current != heap->null_value()) {
-      Handle<HeapObject> link(current);
-      __ LoadHeapObject(result, link);
+    while (*current != heap->null_value()) {
+      __ LoadHeapObject(result, current);
       __ cmp(FieldOperand(result, HeapObject::kMapOffset),
-                          Handle<Map>(JSObject::cast(current)->map()));
+                          Handle<Map>(current->map()));
       DeoptimizeIf(not_equal, env);
-      current = HeapObject::cast(current->map()->prototype());
+      current =

+Handle<HeapObject>(HeapObject::cast(current->map()->prototype()));

     }
     __ mov(result, factory()->undefined_value());
   }
Index: src/mips/lithium-codegen-mips.cc
===================================================================
--- src/mips/lithium-codegen-mips.cc    (revision 11873)
+++ src/mips/lithium-codegen-mips.cc    (working copy)
@@ -2341,15 +2341,14 @@
   } else {
     // Negative lookup.
     // Check prototypes.
-    HeapObject* current = HeapObject::cast((*type)->prototype());
+    Handle<HeapObject> current(HeapObject::cast((*type)->prototype()));
     Heap* heap = type->GetHeap();
-    while (current != heap->null_value()) {
-      Handle<HeapObject> link(current);
-      __ LoadHeapObject(result, link);
+    while (*current != heap->null_value()) {
+      __ LoadHeapObject(result, current);
       __ lw(result, FieldMemOperand(result, HeapObject::kMapOffset));
-      DeoptimizeIf(ne, env,
-          result, Operand(Handle<Map>(JSObject::cast(current)->map())));
-      current = HeapObject::cast(current->map()->prototype());
+      DeoptimizeIf(ne, env, result, Operand(Handle<Map>(current->map())));
+      current =

+Handle<HeapObject>(HeapObject::cast(current->map()->prototype()));

     }
     __ LoadRoot(result, Heap::kUndefinedValueRootIndex);
   }
Index: src/x64/lithium-codegen-x64.cc
===================================================================
--- src/x64/lithium-codegen-x64.cc      (revision 11873)
+++ src/x64/lithium-codegen-x64.cc      (working copy)
@@ -2221,15 +2221,15 @@
   } else {
     // Negative lookup.
     // Check prototypes.
-    HeapObject* current = HeapObject::cast((*type)->prototype());
+    Handle<HeapObject> current(HeapObject::cast((*type)->prototype()));
     Heap* heap = type->GetHeap();
-    while (current != heap->null_value()) {
-      Handle<HeapObject> link(current);
-      __ LoadHeapObject(result, link);
+    while (*current != heap->null_value()) {
+      __ LoadHeapObject(result, current);
       __ Cmp(FieldOperand(result, HeapObject::kMapOffset),
-                          Handle<Map>(JSObject::cast(current)->map()));
+                          Handle<Map>(current->map()));
       DeoptimizeIf(not_equal, env);
-      current = HeapObject::cast(current->map()->prototype());
+      current =

+Handle<HeapObject>(HeapObject::cast(current->map()->prototype()));

     }
     __ LoadRoot(result, Heap::kUndefinedValueRootIndex);
   }


--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

[v8-dev] Fix GC bug with missing handle. Bug=133618 (issue 10559083)

Reply via email to