AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

Add AssertNoAllocation to ensure TransitionArray* transitions is safe.

Browse Source 
Review URL: https://chromiumcodereview.appspot.com/12583013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14066 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This commit is contained in:
verwaest@chromium.org 2013-03-25 15:59:08 +00:00
parent 8792cac5cc
commit 2541f2507f
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/objects-inl.h
View File

@ -1490,13 +1490,17 @@ MaybeObject* JSObject::AddFastPropertyUsingMap(Map* map) {
bool JSObject::TryTransitionToField(Handle<JSObject> object, bool JSObject::TryTransitionToField(Handle<JSObject> object,
Handle<Name> key) { Handle<Name> key) {
if (!object->map()->HasTransitionArray()) return false; if (!object->map()->HasTransitionArray()) return false;
TransitionArray* transitions = object->map()->transitions(); Handle<Map> target;
int transition = transitions->Search(*key); {
if (transition == TransitionArray::kNotFound) return false; AssertNoAllocation no_allocation;
PropertyDetails target_details = transitions->GetTargetDetails(transition); TransitionArray* transitions = object->map()->transitions();
if (target_details.type() != FIELD) return false; int transition = transitions->Search(*key);
if (target_details.attributes() != NONE) return false; if (transition == TransitionArray::kNotFound) return false;
Handle<Map> target(transitions->GetTarget(transition)); PropertyDetails target_details = transitions->GetTargetDetails(transition);
if (target_details.type() != FIELD) return false;
if (target_details.attributes() != NONE) return false;
target = Handle<Map>(transitions->GetTarget(transition));
}
JSObject::AddFastPropertyUsingMap(object, target); JSObject::AddFastPropertyUsingMap(object, target);
return true; return true;
} }