AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

Undo allocation of half-formed array during elements transition

Browse Source 
R=vegorov@chromium.org
BUG=none
TEST=no asserts in debug tests with smi-only-array on

Review URL: http://codereview.chromium.org/9015023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10320 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This commit is contained in:
danno@chromium.org 2012-01-03 09:39:34 +00:00
parent b75beff3fc
commit 79f18cae93
3 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/arm/builtins-arm.cc
View File

@ -1,4 +1,4 @@
// Copyright 2011 the V8 project authors. All rights reserved.
// Copyright 2012 the V8 project authors. All rights reserved.
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
@ -316,7 +316,8 @@ static void AllocateJSArray(MacroAssembler* masm,
static void ArrayNativeCode(MacroAssembler* masm,
Label* call_generic_code) {
Counters* counters = masm->isolate()->counters();
Label argc_one_or_more, argc_two_or_more, not_empty_array, empty_array;
Label argc_one_or_more, argc_two_or_more, not_empty_array, empty_array,
has_non_smi_element;
// Check for array construction with zero arguments or one.
__ cmp(r0, Operand(0, RelocInfo::NONE));
@ -415,7 +416,7 @@ static void ArrayNativeCode(MacroAssembler* masm,
__ bind(&loop);
__ ldr(r2, MemOperand(r7, kPointerSize, PostIndex));
if (FLAG_smi_only_arrays) {
__ JumpIfNotSmi(r2, call_generic_code);
__ JumpIfNotSmi(r2, &has_non_smi_element);
}
__ str(r2, MemOperand(r5, -kPointerSize, PreIndex));
__ bind(&entry);
@ -431,6 +432,10 @@ static void ArrayNativeCode(MacroAssembler* masm,
__ add(sp, sp, Operand(kPointerSize));
__ mov(r0, r3);
__ Jump(lr);
__ bind(&has_non_smi_element);
__ UndoAllocationInNewSpace(r3, r4);
__ b(call_generic_code);
}

3
src/ia32/builtins-ia32.cc
View File

@ -1,4 +1,4 @@
// Copyright 2011 the V8 project authors. All rights reserved.
// Copyright 2012 the V8 project authors. All rights reserved.
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
@ -1297,6 +1297,7 @@ static void ArrayNativeCode(MacroAssembler* masm,
__ bind(&has_non_smi_element);
// Throw away the array that's only been partially constructed.
__ pop(eax);
__ UndoAllocationInNewSpace(eax);
// Restore argc and constructor before running the generic code.
__ bind(&prepare_generic_code_call);

11
src/x64/builtins-x64.cc
View File

@ -1,4 +1,4 @@
// Copyright 2011 the V8 project authors. All rights reserved.
// Copyright 2012 the V8 project authors. All rights reserved.
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
@ -1199,7 +1199,8 @@ static void AllocateJSArray(MacroAssembler* masm,
// a construct call and a normal call.
static void ArrayNativeCode(MacroAssembler* masm,
Label *call_generic_code) {
Label argc_one_or_more, argc_two_or_more, empty_array, not_empty_array;
Label argc_one_or_more, argc_two_or_more, empty_array, not_empty_array,
has_non_smi_element;
// Check for array construction with zero arguments.
__ testq(rax, rax);
@ -1306,7 +1307,7 @@ static void ArrayNativeCode(MacroAssembler* masm,
__ bind(&loop);
__ movq(kScratchRegister, Operand(r9, rcx, times_pointer_size, 0));
if (FLAG_smi_only_arrays) {
__ JumpIfNotSmi(kScratchRegister, call_generic_code);
__ JumpIfNotSmi(kScratchRegister, &has_non_smi_element);
}
__ movq(Operand(rdx, 0), kScratchRegister);
__ addq(rdx, Immediate(kPointerSize));
@ -1324,6 +1325,10 @@ static void ArrayNativeCode(MacroAssembler* masm,
__ push(rcx);
__ movq(rax, rbx);
__ ret(0);
__ bind(&has_non_smi_element);
__ UndoAllocationInNewSpace(rbx);
__ jmp(call_generic_code);
}