Handle retry-after-gc failures within LoadIC::Load and StoreIC::Store.
Follow-up for r14321, makes the remaining unsafe calls to runtime functions during ic computation safe. R=verwaest@chromium.org BUG=222301 Review URL: https://chromiumcodereview.appspot.com/13976015 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14347 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This commit is contained in:
ulan@chromium.org
parent
dfdd17fc2a
commit
1938b1de3b
@ -441,6 +441,13 @@ const AccessorDescriptor Accessors::ScriptEvalFromFunctionName = {
|
||||
//
|
||||
|
||||
|
||||
Handle<Object> Accessors::FunctionGetPrototype(Handle<Object> object) {
|
||||
Isolate* isolate = Isolate::Current();
|
||||
CALL_HEAP_FUNCTION(
|
||||
isolate, Accessors::FunctionGetPrototype(*object, 0), Object);
|
||||
}
|
||||
|
||||
|
||||
MaybeObject* Accessors::FunctionGetPrototype(Object* object, void*) {
|
||||
Isolate* isolate = Isolate::Current();
|
||||
JSFunction* function = FindInstanceOf<JSFunction>(isolate, object);
|
||||
|
||||
@ -79,6 +79,8 @@ class Accessors : public AllStatic {
|
||||
// Accessor functions called directly from the runtime system.
|
||||
MUST_USE_RESULT static MaybeObject* FunctionGetPrototype(Object* object,
|
||||
void*);
|
||||
static Handle<Object> FunctionGetPrototype(Handle<Object> object);
|
||||
|
||||
MUST_USE_RESULT static MaybeObject* FunctionSetPrototype(JSObject* object,
|
||||
Object* value,
|
||||
void*);
|
||||
|
||||
22
src/ic.cc
22
src/ic.cc
@ -877,7 +877,7 @@ MaybeObject* LoadIC::Load(State state,
|
||||
if (FLAG_trace_ic) PrintF("[LoadIC : +#prototype /function]\n");
|
||||
#endif
|
||||
}
|
||||
return Accessors::FunctionGetPrototype(*object, 0);
|
||||
return *Accessors::FunctionGetPrototype(object);
|
||||
}
|
||||
}
|
||||
|
||||
@ -887,7 +887,7 @@ MaybeObject* LoadIC::Load(State state,
|
||||
if (kind() == Code::KEYED_LOAD_IC && name->AsArrayIndex(&index)) {
|
||||
// Rewrite to the generic keyed load stub.
|
||||
if (FLAG_use_ic) set_target(*generic_stub());
|
||||
return Runtime::GetElementOrCharAt(isolate(), object, index);
|
||||
return Runtime::GetElementOrCharAtOrFail(isolate(), object, index);
|
||||
}
|
||||
|
||||
// Named lookup in the object.
|
||||
@ -922,7 +922,7 @@ MaybeObject* LoadIC::Load(State state,
|
||||
}
|
||||
|
||||
// Get the property.
|
||||
return object->GetProperty(*object, &lookup, *name, &attr);
|
||||
return Object::GetPropertyOrFail(object, object, &lookup, name, &attr);
|
||||
}
|
||||
|
||||
|
||||
@ -1476,8 +1476,8 @@ MaybeObject* StoreIC::Store(State state,
|
||||
JSReceiver::StoreFromKeyed store_mode) {
|
||||
// Handle proxies.
|
||||
if (object->IsJSProxy()) {
|
||||
return JSProxy::cast(*object)->
|
||||
SetProperty(*name, *value, NONE, strict_mode);
|
||||
return JSReceiver::SetPropertyOrFail(
|
||||
Handle<JSReceiver>::cast(object), name, value, NONE, strict_mode);
|
||||
}
|
||||
|
||||
// If the object is undefined or null it's illegal to try to set any
|
||||
@ -1509,7 +1509,8 @@ MaybeObject* StoreIC::Store(State state,
|
||||
|
||||
// Observed objects are always modified through the runtime.
|
||||
if (FLAG_harmony_observation && receiver->map()->is_observed()) {
|
||||
return receiver->SetProperty(*name, *value, NONE, strict_mode, store_mode);
|
||||
return JSReceiver::SetPropertyOrFail(
|
||||
receiver, name, value, NONE, strict_mode, store_mode);
|
||||
}
|
||||
|
||||
// Use specialized code for setting the length of arrays with fast
|
||||
@ -1524,7 +1525,8 @@ MaybeObject* StoreIC::Store(State state,
|
||||
StoreArrayLengthStub(kind(), strict_mode).GetCode(isolate());
|
||||
set_target(*stub);
|
||||
TRACE_IC("StoreIC", name, state, *stub);
|
||||
return receiver->SetProperty(*name, *value, NONE, strict_mode, store_mode);
|
||||
return JSReceiver::SetPropertyOrFail(
|
||||
receiver, name, value, NONE, strict_mode, store_mode);
|
||||
}
|
||||
|
||||
if (receiver->IsJSGlobalProxy()) {
|
||||
@ -1537,7 +1539,8 @@ MaybeObject* StoreIC::Store(State state,
|
||||
set_target(*stub);
|
||||
TRACE_IC("StoreIC", name, state, *stub);
|
||||
}
|
||||
return receiver->SetProperty(*name, *value, NONE, strict_mode, store_mode);
|
||||
return JSReceiver::SetPropertyOrFail(
|
||||
receiver, name, value, NONE, strict_mode, store_mode);
|
||||
}
|
||||
|
||||
LookupResult lookup(isolate());
|
||||
@ -1553,7 +1556,8 @@ MaybeObject* StoreIC::Store(State state,
|
||||
}
|
||||
|
||||
// Set the property.
|
||||
return receiver->SetProperty(*name, *value, NONE, strict_mode, store_mode);
|
||||
return JSReceiver::SetPropertyOrFail(
|
||||
receiver, name, value, NONE, strict_mode, store_mode);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -745,6 +745,20 @@ Handle<Object> Object::GetProperty(Handle<Object> object,
|
||||
}
|
||||
|
||||
|
||||
MaybeObject* Object::GetPropertyOrFail(Handle<Object> object,
|
||||
Handle<Object> receiver,
|
||||
LookupResult* result,
|
||||
Handle<Name> key,
|
||||
PropertyAttributes* attributes) {
|
||||
Isolate* isolate = object->IsHeapObject()
|
||||
? Handle<HeapObject>::cast(object)->GetIsolate()
|
||||
: Isolate::Current();
|
||||
CALL_HEAP_FUNCTION_PASS_EXCEPTION(
|
||||
isolate,
|
||||
object->GetProperty(*receiver, result, *key, attributes));
|
||||
}
|
||||
|
||||
|
||||
MaybeObject* Object::GetProperty(Object* receiver,
|
||||
LookupResult* result,
|
||||
Name* name,
|
||||
@ -2139,6 +2153,19 @@ Handle<Object> JSReceiver::SetProperty(Handle<JSReceiver> object,
|
||||
}
|
||||
|
||||
|
||||
MaybeObject* JSReceiver::SetPropertyOrFail(
|
||||
Handle<JSReceiver> object,
|
||||
Handle<Name> key,
|
||||
Handle<Object> value,
|
||||
PropertyAttributes attributes,
|
||||
StrictModeFlag strict_mode,
|
||||
JSReceiver::StoreFromKeyed store_mode) {
|
||||
CALL_HEAP_FUNCTION_PASS_EXCEPTION(
|
||||
object->GetIsolate(),
|
||||
object->SetProperty(*key, *value, attributes, strict_mode, store_mode));
|
||||
}
|
||||
|
||||
|
||||
MaybeObject* JSReceiver::SetProperty(Name* name,
|
||||
Object* value,
|
||||
PropertyAttributes attributes,
|
||||
|
||||
@ -1096,6 +1096,13 @@ class Object : public MaybeObject {
|
||||
Handle<Name> key,
|
||||
PropertyAttributes* attributes);
|
||||
|
||||
MUST_USE_RESULT static MaybeObject* GetPropertyOrFail(
|
||||
Handle<Object> object,
|
||||
Handle<Object> receiver,
|
||||
LookupResult* result,
|
||||
Handle<Name> key,
|
||||
PropertyAttributes* attributes);
|
||||
|
||||
MUST_USE_RESULT MaybeObject* GetProperty(Object* receiver,
|
||||
LookupResult* result,
|
||||
Name* key,
|
||||
@ -1569,6 +1576,15 @@ class JSReceiver: public HeapObject {
|
||||
Handle<Object> value,
|
||||
PropertyAttributes attributes,
|
||||
StrictModeFlag strict_mode);
|
||||
|
||||
MUST_USE_RESULT static MaybeObject* SetPropertyOrFail(
|
||||
Handle<JSReceiver> object,
|
||||
Handle<Name> key,
|
||||
Handle<Object> value,
|
||||
PropertyAttributes attributes,
|
||||
StrictModeFlag strict_mode,
|
||||
StoreFromKeyed store_from_keyed = MAY_BE_STORE_FROM_KEYED);
|
||||
|
||||
// Can cause GC.
|
||||
MUST_USE_RESULT MaybeObject* SetProperty(
|
||||
Name* key,
|
||||
|
||||
@ -4041,6 +4041,14 @@ static Handle<Object> GetCharAt(Handle<String> string, uint32_t index) {
|
||||
}
|
||||
|
||||
|
||||
MaybeObject* Runtime::GetElementOrCharAtOrFail(Isolate* isolate,
|
||||
Handle<Object> object,
|
||||
uint32_t index) {
|
||||
CALL_HEAP_FUNCTION_PASS_EXCEPTION(isolate,
|
||||
GetElementOrCharAt(isolate, object, index));
|
||||
}
|
||||
|
||||
|
||||
MaybeObject* Runtime::GetElementOrCharAt(Isolate* isolate,
|
||||
Handle<Object> object,
|
||||
uint32_t index) {
|
||||
|
||||
@ -694,6 +694,11 @@ class Runtime : public AllStatic {
|
||||
Handle<Object> object,
|
||||
uint32_t index);
|
||||
|
||||
MUST_USE_RESULT static MaybeObject* GetElementOrCharAtOrFail(
|
||||
Isolate* isolate,
|
||||
Handle<Object> object,
|
||||
uint32_t index);
|
||||
|
||||
MUST_USE_RESULT static MaybeObject* SetObjectProperty(
|
||||
Isolate* isolate,
|
||||
Handle<Object> object,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user