Revision: 12000
Author: [email protected]
Date: Fri Jul 6 03:02:15 2012
Log: Also in ClearNonLiveTransitions we have to check if there still
is a transition array before we access it.
This should never happen in the long run, but will happen when maps still
have a back-pointer while the forward pointer (the transition) was
overwritten.
Review URL: https://chromiumcodereview.appspot.com/10704109
http://code.google.com/p/v8/source/detail?r=12000
Modified:
/branches/bleeding_edge/src/objects-inl.h
/branches/bleeding_edge/src/objects.cc
=======================================
--- /branches/bleeding_edge/src/objects-inl.h Thu Jul 5 06:54:20 2012
+++ /branches/bleeding_edge/src/objects-inl.h Fri Jul 6 03:02:15 2012
@@ -1997,7 +1997,7 @@
TransitionArray* DescriptorArray::transitions() {
- if (!this->MayContainTransitions()) return NULL;
+ ASSERT(MayContainTransitions());
Object* array = get(kTransitionsIndex);
return TransitionArray::cast(array);
}
=======================================
--- /branches/bleeding_edge/src/objects.cc Thu Jul 5 06:54:20 2012
+++ /branches/bleeding_edge/src/objects.cc Fri Jul 6 03:02:15 2012
@@ -7366,11 +7366,12 @@
// because it cannot be called from outside the GC and we already have
methods
// depending on the transitions layout in the GC anyways.
void Map::ClearNonLiveTransitions(Heap* heap) {
- TransitionArray* t = transitions();
// If there are no transitions to be cleared, return.
// TODO(verwaest) Should be an assert, otherwise back pointers are not
// properly cleared.
- if (t == NULL) return;
+ if (!HasTransitionArray()) return;
+
+ TransitionArray* t = transitions();
int transition_index = 0;
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
