Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(56)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/runtime.cc

Issue 6271: Fixed unsafe code where a GC could occour after a Handle had been deferenced.... (Closed) Base URL: http://v8.googlecode.com/svn/branches/bleeding_edge/
Patch Set: '' Created 12 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | test/mjsunit/mjsunit.status » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2006-2008 the V8 project authors. All rights reserved. 1 // Copyright 2006-2008 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 4679 matching lines...) Expand 10 before | Expand all | Expand 10 after
4690 count = DebugGetLoadedScripts(NULL, 0); 4690 count = DebugGetLoadedScripts(NULL, 0);
4691 4691
4692 // Allocate an array to hold the result. 4692 // Allocate an array to hold the result.
4693 Handle<FixedArray> instances = Factory::NewFixedArray(count); 4693 Handle<FixedArray> instances = Factory::NewFixedArray(count);
4694 4694
4695 // Fill the script objects. 4695 // Fill the script objects.
4696 count = DebugGetLoadedScripts(*instances, count); 4696 count = DebugGetLoadedScripts(*instances, count);
4697 4697
4698 // Convert the script objects to proper JS objects. 4698 // Convert the script objects to proper JS objects.
4699 for (int i = 0; i < count; i++) { 4699 for (int i = 0; i < count; i++) {
4700 Handle<Script> script(Script::cast(instances->get(i))); 4700 Handle<Script> script = Handle<Script>(Script::cast(instances->get(i)));
4701 instances->set(i, *GetScriptWrapper(script)); 4701 // Get the script wrapper in a local handle before calling GetScriptWrapper,
4702 // because using
4703 // instances->set(i, *GetScriptWr apper(script))
4704 // is unsafe as GetScriptWrapper might call GC and the C++ compiler might
4705 // already have deferenced the instances handle.
4706 Handle<JSValue> wrapper = GetScriptWrapper(script);
4707 instances->set(i, *wrapper);
4702 } 4708 }
4703 4709
4704 // Return result as a JS array. 4710 // Return result as a JS array.
4705 Handle<JSObject> result = Factory::NewJSObject(Top::array_function()); 4711 Handle<JSObject> result = Factory::NewJSObject(Top::array_function());
4706 Handle<JSArray>::cast(result)->SetContent(*instances); 4712 Handle<JSArray>::cast(result)->SetContent(*instances);
4707 return *result; 4713 return *result;
4708 } 4714 }
4709 4715
4710 4716
4711 // Helper function used by Runtime_DebugReferencedBy below. 4717 // Helper function used by Runtime_DebugReferencedBy below.
(...skipping 338 matching lines...) Expand 10 before | Expand all | Expand 10 after
5050 5056
5051 void Runtime::PerformGC(Object* result) { 5057 void Runtime::PerformGC(Object* result) {
5052 Failure* failure = Failure::cast(result); 5058 Failure* failure = Failure::cast(result);
5053 // Try to do a garbage collection; ignore it if it fails. The C 5059 // Try to do a garbage collection; ignore it if it fails. The C
5054 // entry stub will throw an out-of-memory exception in that case. 5060 // entry stub will throw an out-of-memory exception in that case.
5055 Heap::CollectGarbage(failure->requested(), failure->allocation_space()); 5061 Heap::CollectGarbage(failure->requested(), failure->allocation_space());
5056 } 5062 }
5057 5063
5058 5064
5059 } } // namespace v8::internal 5065 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « no previous file | test/mjsunit/mjsunit.status » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698