Reviewers: Jakob,
Message:
PTAL.
Description:
Also in ClearNonLiveTransitions we have to check if there still is a
transition
array before we access it.
This should never happen in the long run, but will happen when maps still
have a
back-pointer while the forward pointer (the transition) was overwritten.
Please review this at https://chromiumcodereview.appspot.com/10704109/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files:
M src/objects-inl.h
M src/objects.cc
Index: src/objects-inl.h
diff --git a/src/objects-inl.h b/src/objects-inl.h
index
3c34be5119f65c385a07df0544f57f5856f0a58f..af5e68363d9f66e0aea70edcf38a71c862f753f9
100644
--- a/src/objects-inl.h
+++ b/src/objects-inl.h
@@ -1997,7 +1997,7 @@ int DescriptorArray::SearchWithCache(String* name) {
TransitionArray* DescriptorArray::transitions() {
- if (!this->MayContainTransitions()) return NULL;
+ ASSERT(MayContainTransitions());
Object* array = get(kTransitionsIndex);
return TransitionArray::cast(array);
}
Index: src/objects.cc
diff --git a/src/objects.cc b/src/objects.cc
index
03f5e553a4bf65981fc10858d904a1499947224e..d4c3b3741a0472c173b0ccdd11e9f6e51e6f6b10
100644
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -7366,11 +7366,12 @@ static bool ClearNonLiveTransition(Heap* heap,
// because it cannot be called from outside the GC and we already have
methods
// depending on the transitions layout in the GC anyways.
void Map::ClearNonLiveTransitions(Heap* heap) {
- TransitionArray* t = transitions();
// If there are no transitions to be cleared, return.
// TODO(verwaest) Should be an assert, otherwise back pointers are not
// properly cleared.
- if (t == NULL) return;
+ if (!HasTransitionArray()) return;
+
+ TransitionArray* t = transitions();
int transition_index = 0;
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
