From b28f403cfa603b09bc3199b07334215104b509c1 Mon Sep 17 00:00:00 2001 From: "fschneider@chromium.org" Date: Wed, 9 May 2012 12:49:56 +0000 Subject: [PATCH] Force checking of result on all functions in elements.h that return MaybeObject*. Add two missing failure checks found by this. Review URL: https://chromiumcodereview.appspot.com/10356071 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11530 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/elements.h | 57 ++++++++++++++++++++++++++------------------------ src/objects.cc | 11 +++++++--- 2 files changed, 38 insertions(+), 30 deletions(-) diff --git a/src/elements.h b/src/elements.h index 51d402d341..55d6fa56f0 100644 --- a/src/elements.h +++ b/src/elements.h @@ -60,18 +60,19 @@ class ElementsAccessor { // can optionally pass in the backing store to use for the check, which must // be compatible with the ElementsKind of the ElementsAccessor. If // backing_store is NULL, the holder->elements() is used as the backing store. - virtual MaybeObject* Get(Object* receiver, - JSObject* holder, - uint32_t key, - FixedArrayBase* backing_store = NULL) = 0; + MUST_USE_RESULT virtual MaybeObject* Get( + Object* receiver, + JSObject* holder, + uint32_t key, + FixedArrayBase* backing_store = NULL) = 0; // Modifies the length data property as specified for JSArrays and resizes the // underlying backing store accordingly. The method honors the semantics of // changing array sizes as defined in EcmaScript 5.1 15.4.5.2, i.e. array that // have non-deletable elements can only be shrunk to the size of highest // element that is non-deletable. - virtual MaybeObject* SetLength(JSArray* holder, - Object* new_length) = 0; + MUST_USE_RESULT virtual MaybeObject* SetLength(JSArray* holder, + Object* new_length) = 0; // Modifies both the length and capacity of a JSArray, resizing the underlying // backing store as necessary. This method does NOT honor the semantics of @@ -79,14 +80,14 @@ class ElementsAccessor { // elements. This method should only be called for array expansion OR by // runtime JavaScript code that use InternalArrays and don't care about // EcmaScript 5.1 semantics. - virtual MaybeObject* SetCapacityAndLength(JSArray* array, - int capacity, - int length) = 0; + MUST_USE_RESULT virtual MaybeObject* SetCapacityAndLength(JSArray* array, + int capacity, + int length) = 0; // Deletes an element in an object, returning a new elements backing store. - virtual MaybeObject* Delete(JSObject* holder, - uint32_t key, - JSReceiver::DeleteMode mode) = 0; + MUST_USE_RESULT virtual MaybeObject* Delete(JSObject* holder, + uint32_t key, + JSReceiver::DeleteMode mode) = 0; // If kCopyToEnd is specified as the copy_size to CopyElements, it copies all // of elements from source after source_start to the destination array. @@ -101,26 +102,28 @@ class ElementsAccessor { // the source JSObject or JSArray in source_holder. If the holder's backing // store is available, it can be passed in source and source_holder is // ignored. - virtual MaybeObject* CopyElements(JSObject* source_holder, - uint32_t source_start, - FixedArrayBase* destination, - ElementsKind destination_kind, - uint32_t destination_start, - int copy_size, - FixedArrayBase* source = NULL) = 0; + MUST_USE_RESULT virtual MaybeObject* CopyElements( + JSObject* source_holder, + uint32_t source_start, + FixedArrayBase* destination, + ElementsKind destination_kind, + uint32_t destination_start, + int copy_size, + FixedArrayBase* source = NULL) = 0; - MaybeObject* CopyElements(JSObject* from_holder, - FixedArrayBase* to, - ElementsKind to_kind, - FixedArrayBase* from = NULL) { + MUST_USE_RESULT MaybeObject* CopyElements(JSObject* from_holder, + FixedArrayBase* to, + ElementsKind to_kind, + FixedArrayBase* from = NULL) { return CopyElements(from_holder, 0, to, to_kind, 0, kCopyToEndAndInitializeToHole, from); } - virtual MaybeObject* AddElementsToFixedArray(Object* receiver, - JSObject* holder, - FixedArray* to, - FixedArrayBase* from = NULL) = 0; + MUST_USE_RESULT virtual MaybeObject* AddElementsToFixedArray( + Object* receiver, + JSObject* holder, + FixedArray* to, + FixedArrayBase* from = NULL) = 0; // Returns a shared ElementsAccessor for the specified ElementsKind. static ElementsAccessor* ForKind(ElementsKind elements_kind) { diff --git a/src/objects.cc b/src/objects.cc index cde43f9f23..5649a56464 100644 --- a/src/objects.cc +++ b/src/objects.cc @@ -8621,8 +8621,10 @@ MaybeObject* JSObject::SetFastElementsCapacityAndLength( ElementsKind to_kind = (elements_kind == FAST_SMI_ONLY_ELEMENTS) ? FAST_SMI_ONLY_ELEMENTS : FAST_ELEMENTS; - // int copy_size = Min(old_elements_raw->length(), new_elements->length()); - accessor->CopyElements(this, new_elements, to_kind); + { MaybeObject* maybe_obj = + accessor->CopyElements(this, new_elements, to_kind); + if (maybe_obj->IsFailure()) return maybe_obj; + } if (elements_kind != NON_STRICT_ARGUMENTS_ELEMENTS) { set_map_and_elements(new_map, new_elements); } else { @@ -8666,7 +8668,10 @@ MaybeObject* JSObject::SetFastDoubleElementsCapacityAndLength( FixedArrayBase* old_elements = elements(); ElementsKind elements_kind = GetElementsKind(); ElementsAccessor* accessor = ElementsAccessor::ForKind(elements_kind); - accessor->CopyElements(this, elems, FAST_DOUBLE_ELEMENTS); + { MaybeObject* maybe_obj = + accessor->CopyElements(this, elems, FAST_DOUBLE_ELEMENTS); + if (maybe_obj->IsFailure()) return maybe_obj; + } if (elements_kind != NON_STRICT_ARGUMENTS_ELEMENTS) { set_map_and_elements(new_map, elems); } else {