https://codereview.chromium.org/228333003/diff/1/src/objects.cc
File src/objects.cc (right):
https://codereview.chromium.org/228333003/diff/1/src/objects.cc#newcode3153
src/objects.cc:3153: static void Insert(Name* key,
Can't call from unhandlified into handlified code!
https://codereview.chromium.org/228333003/diff/1/src/objects.cc#newcode3329
src/objects.cc:3329:
DisallowHeapAllocation?
https://codereview.chromium.org/228333003/diff/1/src/objects.cc#newcode4711
src/objects.cc:4711: object->set_map(*map);
JSObject::SetMapAndElements
https://codereview.chromium.org/228333003/diff/1/src/objects.cc#newcode6793
src/objects.cc:6793: new_descriptors->Append(descriptor);
We cannot GC anymore after this has happened. Otherwise it may be that
the newly appended descriptor isn't properly marked as it is weak until
result->InitializeDescriptors(*new_descriptors);
https://codereview.chromium.org/228333003/diff/1/src/objects.cc#newcode6818
src/objects.cc:6818: Map* walk_map;
DisallowHeapAllocation no_gc from here down.
https://codereview.chromium.org/228333003/diff/1/src/objects.cc#newcode6856
src/objects.cc:6856: MaybeObject*
Map::CopyReplaceDescriptorsFull(DescriptorArray* descriptors,
This name doesn't really make sense.
https://codereview.chromium.org/228333003/diff/1/src/objects.cc#newcode6882
src/objects.cc:6882: Handle<Map>
Map::CopyReplaceDescriptorsFull(Handle<Map> map,
Can we get rid of this version of the method? Kinda ugly to have both
versions; and this name doesn't really make sense.
https://codereview.chromium.org/228333003/diff/1/src/objects.cc#newcode7198
src/objects.cc:7198: new_descriptors->Set(i, descriptor, witness);
In this Set case, the "pointer" will be wrong.
Can we just use CopyUpTo rather than this local copy; and afterwards do
a "set" which guarantees that the "pointer" value is maintained?
https://codereview.chromium.org/228333003/diff/1/src/transitions.cc
File src/transitions.cc (right):
https://codereview.chromium.org/228333003/diff/1/src/transitions.cc#newcode209
src/transitions.cc:209: for (int i = 0; i < number_of_transitions; ++i)
{
Wrong. number_of_transitions can change because of
TransitionArray::AllocateHandle; since it's a weak array.
https://codereview.chromium.org/228333003/
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
