Chromium Code Reviews Chromium Code Reviews
Issue 6280013:
Fix a bug in delete for lookup slots. (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge| OLD | NEW |
|---|---|
| 1 // Copyright 2010 the V8 project authors. All rights reserved. | 1 // Copyright 2010 the V8 project authors. All rights reserved. |
| 2 // Redistribution and use in source and binary forms, with or without | 2 // Redistribution and use in source and binary forms, with or without |
| 3 // modification, are permitted provided that the following conditions are | 3 // modification, are permitted provided that the following conditions are |
| 4 // met: | 4 // met: |
| 5 // | 5 // |
| 6 // * Redistributions of source code must retain the above copyright | 6 // * Redistributions of source code must retain the above copyright |
| 7 // notice, this list of conditions and the following disclaimer. | 7 // notice, this list of conditions and the following disclaimer. |
| 8 // * Redistributions in binary form must reproduce the above | 8 // * Redistributions in binary form must reproduce the above |
| 9 // copyright notice, this list of conditions and the following | 9 // copyright notice, this list of conditions and the following |
| 10 // disclaimer in the documentation and/or other materials provided | 10 // disclaimer in the documentation and/or other materials provided |
| (...skipping 7031 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 7042 } | 7042 } |
| 7043 | 7043 |
| 7044 | 7044 |
| 7045 static MaybeObject* Runtime_PushCatchContext(Arguments args) { | 7045 static MaybeObject* Runtime_PushCatchContext(Arguments args) { |
| 7046 NoHandleAllocation ha; | 7046 NoHandleAllocation ha; |
| 7047 ASSERT(args.length() == 1); | 7047 ASSERT(args.length() == 1); |
| 7048 return PushContextHelper(args[0], true); | 7048 return PushContextHelper(args[0], true); |
| 7049 } | 7049 } |
| 7050 | 7050 |
| 7051 | 7051 |
| 7052 static MaybeObject* Runtime_LookupContext(Arguments args) { | 7052 static MaybeObject* Runtime_DeleteContextSlot(Arguments args) { |
| 7053 HandleScope scope; | 7053 HandleScope scope; |
| 7054 ASSERT(args.length() == 2); | 7054 ASSERT(args.length() == 2); |
| 7055 | 7055 |
| 7056 CONVERT_ARG_CHECKED(Context, context, 0); | 7056 CONVERT_ARG_CHECKED(Context, context, 0); |
| 7057 CONVERT_ARG_CHECKED(String, name, 1); | 7057 CONVERT_ARG_CHECKED(String, name, 1); |
| 7058 | 7058 |
| 7059 int index; | 7059 int index; |
| 7060 PropertyAttributes attributes; | 7060 PropertyAttributes attributes; |
| 7061 ContextLookupFlags flags = FOLLOW_CHAINS; | 7061 ContextLookupFlags flags = FOLLOW_CHAINS; |
| 7062 Handle<Object> holder = | 7062 Handle<Object> holder = context->Lookup(name, flags, &index, &attributes); |
| 7063 context->Lookup(name, flags, &index, &attributes); | |
| 7064 | 7063 |
| 7065 if (index < 0 && !holder.is_null()) { | 7064 // If the slot was not found the result is true. |
| 7066 ASSERT(holder->IsJSObject()); | 7065 if (holder.is_null()) { |
| 7067 return *holder; | 7066 return Heap::true_value(); |
| 7068 } | 7067 } |
| 7069 | 7068 |
| 7070 // No intermediate context found. Use global object by default. | 7069 // If the slot was found in a context, it should be DONT_DELETE. |
|
Mads Ager (chromium)
2011/01/24 13:15:19
Can we assert that this is always the case or is t
| |
| 7071 return Top::context()->global(); | 7070 if (holder->IsContext()) { |
| 7071 return Heap::false_value(); | |
| 7072 } | |
| 7073 | |
| 7074 // The slot was found in a JSObject, either a context extension object, | |
| 7075 // the global object, or an arguments object. Try to delete it | |
| 7076 // (respecting DONT_DELETE). For consistency with V8's usual behavior, | |
| 7077 // which allows deleting all parameters in functions that mention | |
| 7078 // 'arguments', we do this even for the case of slots found on an | |
| 7079 // arguments object. The slot was found on an arguments object if the | |
| 7080 // index is non-negative. | |
| 7081 Handle<JSObject> object = Handle<JSObject>::cast(holder); | |
| 7082 if (index >= 0) { | |
| 7083 return object->DeleteElement(index, JSObject::NORMAL_DELETION); | |
| 7084 } else { | |
| 7085 return object->DeleteProperty(*name, JSObject::NORMAL_DELETION); | |
| 7086 } | |
| 7072 } | 7087 } |
| 7073 | 7088 |
| 7074 | 7089 |
| 7075 // A mechanism to return a pair of Object pointers in registers (if possible). | 7090 // A mechanism to return a pair of Object pointers in registers (if possible). |
| 7076 // How this is achieved is calling convention-dependent. | 7091 // How this is achieved is calling convention-dependent. |
| 7077 // All currently supported x86 compiles uses calling conventions that are cdecl | 7092 // All currently supported x86 compiles uses calling conventions that are cdecl |
| 7078 // variants where a 64-bit value is returned in two 32-bit registers | 7093 // variants where a 64-bit value is returned in two 32-bit registers |
| 7079 // (edx:eax on ia32, r1:r0 on ARM). | 7094 // (edx:eax on ia32, r1:r0 on ARM). |
| 7080 // In AMD-64 calling convention a struct of two pointers is returned in rdx:rax. | 7095 // In AMD-64 calling convention a struct of two pointers is returned in rdx:rax. |
| 7081 // In Win64 calling convention, a struct of two pointers is returned in memory, | 7096 // In Win64 calling convention, a struct of two pointers is returned in memory, |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 7134 | 7149 |
| 7135 if (!args[0]->IsContext() || !args[1]->IsString()) { | 7150 if (!args[0]->IsContext() || !args[1]->IsString()) { |
| 7136 return MakePair(Top::ThrowIllegalOperation(), NULL); | 7151 return MakePair(Top::ThrowIllegalOperation(), NULL); |
| 7137 } | 7152 } |
| 7138 Handle<Context> context = args.at<Context>(0); | 7153 Handle<Context> context = args.at<Context>(0); |
| 7139 Handle<String> name = args.at<String>(1); | 7154 Handle<String> name = args.at<String>(1); |
| 7140 | 7155 |
| 7141 int index; | 7156 int index; |
| 7142 PropertyAttributes attributes; | 7157 PropertyAttributes attributes; |
| 7143 ContextLookupFlags flags = FOLLOW_CHAINS; | 7158 ContextLookupFlags flags = FOLLOW_CHAINS; |
| 7144 Handle<Object> holder = | 7159 Handle<Object> holder = context->Lookup(name, flags, &index, &attributes); |
| 7145 context->Lookup(name, flags, &index, &attributes); | |
| 7146 | 7160 |
| 7147 // If the index is non-negative, the slot has been found in a local | 7161 // If the index is non-negative, the slot has been found in a local |
| 7148 // variable or a parameter. Read it from the context object or the | 7162 // variable or a parameter. Read it from the context object or the |
| 7149 // arguments object. | 7163 // arguments object. |
| 7150 if (index >= 0) { | 7164 if (index >= 0) { |
| 7151 // If the "property" we were looking for is a local variable or an | 7165 // If the "property" we were looking for is a local variable or an |
| 7152 // argument in a context, the receiver is the global object; see | 7166 // argument in a context, the receiver is the global object; see |
| 7153 // ECMA-262, 3rd., 10.1.6 and 10.2.3. | 7167 // ECMA-262, 3rd., 10.1.6 and 10.2.3. |
| 7154 JSObject* receiver = Top::context()->global()->global_receiver(); | 7168 JSObject* receiver = Top::context()->global()->global_receiver(); |
| 7155 MaybeObject* value = (holder->IsContext()) | 7169 MaybeObject* value = (holder->IsContext()) |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 7202 HandleScope scope; | 7216 HandleScope scope; |
| 7203 ASSERT(args.length() == 3); | 7217 ASSERT(args.length() == 3); |
| 7204 | 7218 |
| 7205 Handle<Object> value(args[0]); | 7219 Handle<Object> value(args[0]); |
| 7206 CONVERT_ARG_CHECKED(Context, context, 1); | 7220 CONVERT_ARG_CHECKED(Context, context, 1); |
| 7207 CONVERT_ARG_CHECKED(String, name, 2); | 7221 CONVERT_ARG_CHECKED(String, name, 2); |
| 7208 | 7222 |
| 7209 int index; | 7223 int index; |
| 7210 PropertyAttributes attributes; | 7224 PropertyAttributes attributes; |
| 7211 ContextLookupFlags flags = FOLLOW_CHAINS; | 7225 ContextLookupFlags flags = FOLLOW_CHAINS; |
| 7212 Handle<Object> holder = | 7226 Handle<Object> holder = context->Lookup(name, flags, &index, &attributes); |
| 7213 context->Lookup(name, flags, &index, &attributes); | |
| 7214 | 7227 |
| 7215 if (index >= 0) { | 7228 if (index >= 0) { |
| 7216 if (holder->IsContext()) { | 7229 if (holder->IsContext()) { |
| 7217 // Ignore if read_only variable. | 7230 // Ignore if read_only variable. |
| 7218 if ((attributes & READ_ONLY) == 0) { | 7231 if ((attributes & READ_ONLY) == 0) { |
| 7219 Handle<Context>::cast(holder)->set(index, *value); | 7232 Handle<Context>::cast(holder)->set(index, *value); |
| 7220 } | 7233 } |
| 7221 } else { | 7234 } else { |
| 7222 ASSERT((attributes & READ_ONLY) == 0); | 7235 ASSERT((attributes & READ_ONLY) == 0); |
| 7223 Handle<JSObject>::cast(holder)->SetElement(index, *value)-> | 7236 Handle<JSObject>::cast(holder)->SetElement(index, *value)-> |
| (...skipping 3643 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 10867 } else { | 10880 } else { |
| 10868 // Handle last resort GC and make sure to allow future allocations | 10881 // Handle last resort GC and make sure to allow future allocations |
| 10869 // to grow the heap without causing GCs (if possible). | 10882 // to grow the heap without causing GCs (if possible). |
| 10870 Counters::gc_last_resort_from_js.Increment(); | 10883 Counters::gc_last_resort_from_js.Increment(); |
| 10871 Heap::CollectAllGarbage(false); | 10884 Heap::CollectAllGarbage(false); |
| 10872 } | 10885 } |
| 10873 } | 10886 } |
| 10874 | 10887 |
| 10875 | 10888 |
| 10876 } } // namespace v8::internal | 10889 } } // namespace v8::internal |
| OLD | NEW |
