[v8-dev] [v8] r16713 committed - Fix heap verifier for partially constructed arrays when allocation fol...

[codesite-noreply]

Revision: 16713
Author:   hpa...@chromium.org
Date:     Fri Sep 13 11:47:54 2013 UTC
Log:      Fix heap verifier for partially constructed arrays when  
allocation folding is off.

BUG=
R=mvstan...@chromium.org

Review URL: https://codereview.chromium.org/23934008
http://code.google.com/p/v8/source/detail?r=16713

Modified:
 /branches/bleeding_edge/src/objects-debug.cc

=======================================
--- /branches/bleeding_edge/src/objects-debug.cc	Wed Sep 11 13:39:11 2013  
UTC
+++ /branches/bleeding_edge/src/objects-debug.cc	Fri Sep 13 11:47:54 2013  
UTC
@@ -330,10 +330,11 @@
     }
   }

-  // TODO(hpayer): deal gracefully with partially constructed JSObjects,  
when
-  // allocation folding is turned off.
-  if (reinterpret_cast<Map*>(elements()) !=
-      GetHeap()->one_pointer_filler_map()) {
+  // If a GC was caused while constructing this object, the elements
+  // pointer may point to a one pointer filler map.
+  if ((FLAG_use_gvn && FLAG_use_allocation_folding) ||
+      (reinterpret_cast<Map*>(elements()) !=
+      GetHeap()->one_pointer_filler_map())) {
     CHECK_EQ((map()->has_fast_smi_or_object_elements() ||
               (elements() == GetHeap()->empty_fixed_array())),
              (elements()->map() == GetHeap()->fixed_array_map() ||
@@ -683,10 +684,11 @@
 void JSArray::JSArrayVerify() {
   JSObjectVerify();
   CHECK(length()->IsNumber() || length()->IsUndefined());
-  // TODO(hpayer): deal gracefully with partially constructed JSObjects,  
when
-  // allocation folding is turned off.
-  if (reinterpret_cast<Map*>(elements()) !=
-      GetHeap()->one_pointer_filler_map()) {
+  // If a GC was caused while constructing this array, the elements
+  // pointer may point to a one pointer filler map.
+  if ((FLAG_use_gvn && FLAG_use_allocation_folding) ||
+      (reinterpret_cast<Map*>(elements()) !=
+      GetHeap()->one_pointer_filler_map())) {
     CHECK(elements()->IsUndefined() ||
           elements()->IsFixedArray() ||
           elements()->IsFixedDoubleArray());

--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
--- 
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.