AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

Also in ClearNonLiveTransitions we have to check if there still is a transition array before we access it.

Browse Source 
This should never happen in the long run, but will happen when maps still have a back-pointer while the forward pointer (the transition) was overwritten.

Review URL: https://chromiumcodereview.appspot.com/10704109

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12000 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This commit is contained in:
verwaest@chromium.org 2012-07-06 10:02:15 +00:00
parent a2cfa9d3df
commit 6139bafd28
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/objects-inl.h
View File

@ -1997,7 +1997,7 @@ int DescriptorArray::SearchWithCache(String* name) {
TransitionArray* DescriptorArray::transitions() {
if (!this->MayContainTransitions()) return NULL;
ASSERT(MayContainTransitions());
Object* array = get(kTransitionsIndex);
return TransitionArray::cast(array);
}

5
src/objects.cc
View File

@ -7366,11 +7366,12 @@ static bool ClearNonLiveTransition(Heap* heap,
// because it cannot be called from outside the GC and we already have methods
// depending on the transitions layout in the GC anyways.
void Map::ClearNonLiveTransitions(Heap* heap) {
TransitionArray* t = transitions();
// If there are no transitions to be cleared, return.
// TODO(verwaest) Should be an assert, otherwise back pointers are not
// properly cleared.
if (t == NULL) return;
if (!HasTransitionArray()) return;
TransitionArray* t = transitions();
int transition_index = 0;