src/stub-cache-ia32.cc - Issue 6526: - Fixed Issue 3201: Embedded Google Calendar crashes the renderer...

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/stub-cache-ia32.cc

Issue 6526: - Fixed Issue 3201: Embedded Google Calendar crashes the renderer... (Closed) Base URL: http://v8.googlecode.com/svn/branches/bleeding_edge/

Patch Set: Created 12 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/stub-cache-ia32.cc

===================================================================

--- src/stub-cache-ia32.cc (revision 454)

+++ src/stub-cache-ia32.cc (working copy)

@@ -406,6 +406,7 @@

void StubCompiler::GenerateStoreField(MacroAssembler* masm,

+ Builtins::Name storage_extend,

JSObject* object,

int index,

Map* transition,

@@ -431,23 +432,23 @@

// checks.

ASSERT(object->IsJSGlobalObject() || !object->IsAccessCheckNeeded());

+ // Perform map transition for the receiver if necessary.

+ if ((transition != NULL) && (object->map()->unused_property_fields() == 0)) {

+ // The properties must be extended before we can store the value.

+ // We jump to a runtime call that extends the propeties array.

+ __ mov(Operand(ecx), Immediate(Handle<Map>(transition)));

+ Handle<Code> ic(Builtins::builtin(storage_extend));

+ __ jmp(ic, RelocInfo::CODE_TARGET);

+ return;

+ }

// Get the properties array (optimistically).

__ mov(scratch, FieldOperand(receiver_reg, JSObject::kPropertiesOffset));

- // Perform map transition for the receiver if necessary.

if (transition != NULL) {

- if (object->map()->unused_property_fields() == 0) {

- // The properties must be extended before we can store the value.

- // We jump to a runtime call that extends the propeties array.

- __ mov(Operand(ecx), Immediate(Handle<Map>(transition)));

- Handle<Code> ic(Builtins::builtin(Builtins::StoreIC_ExtendStorage));

- __ jmp(ic, RelocInfo::CODE_TARGET);

- } else {

- // Update the map of the object; no write barrier updating is

- // needed because the map is never in new space.

- __ mov(FieldOperand(receiver_reg, HeapObject::kMapOffset),

- Immediate(Handle<Map>(transition)));

- }

+ // Update the map of the object; no write barrier updating is

+ // needed because the map is never in new space.

+ __ mov(FieldOperand(receiver_reg, HeapObject::kMapOffset),

+ Immediate(Handle<Map>(transition)));

}

// Write to the properties array.

@@ -737,7 +738,13 @@

__ mov(ebx, Operand(esp, 1 * kPointerSize));

// Generate store field code. Trashes the name register.

- GenerateStoreField(masm(), object, index, transition, ebx, ecx, edx, &miss);

+ GenerateStoreField(masm(),

+ Builtins::StoreIC_ExtendStorage,

+ object,

+ index,

+ transition,

+ ebx, ecx, edx,

+ &miss);

// Handle store cache miss.

__ bind(&miss);

@@ -887,7 +894,13 @@

__ mov(ebx, Operand(esp, 2 * kPointerSize));