Fix handle unsafety in Deoptimizer::MaterializeNextHeapObject.
R=yangguo@chromium.org Review URL: https://codereview.chromium.org/22327008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16125 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This commit is contained in:
parent
1086e02fef
commit
899e80130e
@ -1675,7 +1675,8 @@ Handle<Object> Deoptimizer::MaterializeNextHeapObject() {
|
|||||||
arguments->set_elements(*array);
|
arguments->set_elements(*array);
|
||||||
materialized_objects_->Add(arguments);
|
materialized_objects_->Add(arguments);
|
||||||
for (int i = 0; i < length; ++i) {
|
for (int i = 0; i < length; ++i) {
|
||||||
array->set(i, *MaterializeNextValue());
|
Handle<Object> value = MaterializeNextValue();
|
||||||
|
array->set(i, *value);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// Dispatch on the instance type of the object to be materialized.
|
// Dispatch on the instance type of the object to be materialized.
|
||||||
@ -1692,10 +1693,13 @@ Handle<Object> Deoptimizer::MaterializeNextHeapObject() {
|
|||||||
Handle<JSObject> object =
|
Handle<JSObject> object =
|
||||||
isolate_->factory()->NewJSObjectFromMap(map, NOT_TENURED, false);
|
isolate_->factory()->NewJSObjectFromMap(map, NOT_TENURED, false);
|
||||||
materialized_objects_->Add(object);
|
materialized_objects_->Add(object);
|
||||||
object->set_properties(FixedArray::cast(*MaterializeNextValue()));
|
Handle<Object> properties = MaterializeNextValue();
|
||||||
object->set_elements(FixedArray::cast(*MaterializeNextValue()));
|
Handle<Object> elements = MaterializeNextValue();
|
||||||
|
object->set_properties(FixedArray::cast(*properties));
|
||||||
|
object->set_elements(FixedArray::cast(*elements));
|
||||||
for (int i = 0; i < length - 3; ++i) {
|
for (int i = 0; i < length - 3; ++i) {
|
||||||
object->FastPropertyAtPut(i, *MaterializeNextValue());
|
Handle<Object> value = MaterializeNextValue();
|
||||||
|
object->FastPropertyAtPut(i, *value);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user