Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1310)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/virtual-frame.cc

Issue 47006: Fix flaw in VirtualFrame::SetElementAt handling multiple copies of elements. (Closed) Base URL: http://v8.googlecode.com/svn/branches/bleeding_edge/
Patch Set: '' Created 11 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/virtual-frame.cc
===================================================================
--- src/virtual-frame.cc (revision 1576)
+++ src/virtual-frame.cc (working copy)
@@ -387,25 +387,33 @@
FrameElement::RegisterElement(value->reg(),
FrameElement::NOT_SYNCED);
} else {
- for (int i = 0; i < elements_.length(); i++) {
- FrameElement element = elements_[i];
- if (element.is_register() && element.reg().is(value->reg())) {
- if (i < frame_index) {
- // The register backing store is lower in the frame than its
- // copy.
- elements_[frame_index] = CopyElementAt(i);
- } else {
- // There was an early bailout for the case of setting a
- // register element to itself.
- ASSERT(i != frame_index);
- element.clear_sync();
- elements_[frame_index] = element;
- elements_[i] = CopyElementAt(frame_index);
- }
- // Exit the loop once the appropriate copy is inserted.
+ int i = 0;
+ for (; i < elements_.length(); i++) {
+ if (elements_[i].is_register() && elements_[i].reg().is(value->reg())) {
break;
}
}
+ ASSERT(i < elements_.length());
+
+ if (i < frame_index) {
+ // The register backing store is lower in the frame than its copy.
+ elements_[frame_index] = CopyElementAt(i);
+ } else {
+ // There was an early bailout for the case of setting a
+ // register element to itself.
+ ASSERT(i != frame_index);
+ elements_[frame_index] = elements_[i];
+ elements_[i] = CopyElementAt(frame_index);
+ if (elements_[frame_index].is_synced()) {
+ elements_[i].set_sync();
+ }
+ elements_[frame_index].clear_sync();
+ for (int j = i + 1; j < elements_.length(); j++) {
+ if (elements_[j].is_copy() && elements_[j].index() == i) {
+ elements_[j].set_index(frame_index);
+ }
+ }
+ }
}
} else {
ASSERT(value->is_constant());
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698