[v8-dev] Back port r11886: Fix GC bug with missing handle. Bug=133618 (issue 10584030)

erik . corry Wed, 20 Jun 2012 06:42:29 -0700

Reviewers: Yang,

Description:
Back port r11886: Fix GC bug with missing handle. Bug=133618


Please review this at https://chromiumcodereview.appspot.com/10584030/

SVN Base: http://v8.googlecode.com/svn/branches/3.11/

Affected files:
  M     src/arm/lithium-codegen-arm.cc
  M     src/ia32/lithium-codegen-ia32.cc
  M     src/mips/lithium-codegen-mips.cc
  M     src/version.cc
  M     src/x64/lithium-codegen-x64.cc


Index: src/arm/lithium-codegen-arm.cc
===================================================================
--- src/arm/lithium-codegen-arm.cc      (revision 11886)
+++ src/arm/lithium-codegen-arm.cc      (working copy)
@@ -2594,15 +2594,15 @@
   } else {
     // Negative lookup.
     // Check prototypes.
-    HeapObject* current = HeapObject::cast((*type)->prototype());
+    Handle<HeapObject> current(HeapObject::cast((*type)->prototype()));
     Heap* heap = type->GetHeap();
-    while (current != heap->null_value()) {
-      Handle<HeapObject> link(current);
-      __ LoadHeapObject(result, link);
+    while (*current != heap->null_value()) {
+      __ LoadHeapObject(result, current);
       __ ldr(result, FieldMemOperand(result, HeapObject::kMapOffset));
-      __ cmp(result, Operand(Handle<Map>(JSObject::cast(current)->map())));
+      __ cmp(result, Operand(Handle<Map>(current->map())));
       DeoptimizeIf(ne, env);
-      current = HeapObject::cast(current->map()->prototype());
+      current =

+Handle<HeapObject>(HeapObject::cast(current->map()->prototype()));

     }
     __ LoadRoot(result, Heap::kUndefinedValueRootIndex);
   }
Index: src/ia32/lithium-codegen-ia32.cc
===================================================================
--- src/ia32/lithium-codegen-ia32.cc    (revision 11886)
+++ src/ia32/lithium-codegen-ia32.cc    (working copy)
@@ -2325,15 +2325,15 @@
   } else {
     // Negative lookup.
     // Check prototypes.
-    HeapObject* current = HeapObject::cast((*type)->prototype());
+    Handle<HeapObject> current(HeapObject::cast((*type)->prototype()));
     Heap* heap = type->GetHeap();
-    while (current != heap->null_value()) {
-      Handle<HeapObject> link(current);
-      __ LoadHeapObject(result, link);
+    while (*current != heap->null_value()) {
+      __ LoadHeapObject(result, current);
       __ cmp(FieldOperand(result, HeapObject::kMapOffset),
-                          Handle<Map>(JSObject::cast(current)->map()));
+                          Handle<Map>(current->map()));
       DeoptimizeIf(not_equal, env);
-      current = HeapObject::cast(current->map()->prototype());
+      current =

+Handle<HeapObject>(HeapObject::cast(current->map()->prototype()));

     }
     __ mov(result, factory()->undefined_value());
   }
Index: src/mips/lithium-codegen-mips.cc
===================================================================
--- src/mips/lithium-codegen-mips.cc    (revision 11886)
+++ src/mips/lithium-codegen-mips.cc    (working copy)
@@ -2338,15 +2338,14 @@
   } else {
     // Negative lookup.
     // Check prototypes.
-    HeapObject* current = HeapObject::cast((*type)->prototype());
+    Handle<HeapObject> current(HeapObject::cast((*type)->prototype()));
     Heap* heap = type->GetHeap();
-    while (current != heap->null_value()) {
-      Handle<HeapObject> link(current);
-      __ LoadHeapObject(result, link);
+    while (*current != heap->null_value()) {
+      __ LoadHeapObject(result, current);
       __ lw(result, FieldMemOperand(result, HeapObject::kMapOffset));
-      DeoptimizeIf(ne, env,
-          result, Operand(Handle<Map>(JSObject::cast(current)->map())));
-      current = HeapObject::cast(current->map()->prototype());
+      DeoptimizeIf(ne, env, result, Operand(Handle<Map>(current->map())));
+      current =

+Handle<HeapObject>(HeapObject::cast(current->map()->prototype()));

     }
     __ LoadRoot(result, Heap::kUndefinedValueRootIndex);
   }
Index: src/version.cc
===================================================================
--- src/version.cc      (revision 11886)
+++ src/version.cc      (working copy)
@@ -35,7 +35,7 @@
 #define MAJOR_VERSION     3
 #define MINOR_VERSION     11
 #define BUILD_NUMBER      10
-#define PATCH_LEVEL       9
+#define PATCH_LEVEL       10
 // Use 1 for candidates and 0 otherwise.
 // (Boolean macro values are not supported by all preprocessors.)
 #define IS_CANDIDATE_VERSION 0
Index: src/x64/lithium-codegen-x64.cc
===================================================================
--- src/x64/lithium-codegen-x64.cc      (revision 11886)
+++ src/x64/lithium-codegen-x64.cc      (working copy)
@@ -2218,15 +2218,15 @@
   } else {
     // Negative lookup.
     // Check prototypes.
-    HeapObject* current = HeapObject::cast((*type)->prototype());
+    Handle<HeapObject> current(HeapObject::cast((*type)->prototype()));
     Heap* heap = type->GetHeap();
-    while (current != heap->null_value()) {
-      Handle<HeapObject> link(current);
-      __ LoadHeapObject(result, link);
+    while (*current != heap->null_value()) {
+      __ LoadHeapObject(result, current);
       __ Cmp(FieldOperand(result, HeapObject::kMapOffset),
-                          Handle<Map>(JSObject::cast(current)->map()));
+                          Handle<Map>(current->map()));
       DeoptimizeIf(not_equal, env);
-      current = HeapObject::cast(current->map()->prototype());
+      current =

+Handle<HeapObject>(HeapObject::cast(current->map()->prototype()));

     }
     __ LoadRoot(result, Heap::kUndefinedValueRootIndex);
   }


--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

[v8-dev] Back port r11886: Fix GC bug with missing handle. Bug=133618 (issue 10584030)

Reply via email to