Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(82)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/runtime.cc

Issue 7289011: Fix a bug in Object.defineProperty. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Created 9 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « src/handles.cc ('k') | test/mjsunit/regress/regress-1513.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2011 the V8 project authors. All rights reserved. 1 // Copyright 2011 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 3900 matching lines...) Expand 10 before | Expand all | Expand 10 after
3911 // Normalize the elements to enable attributes on the property. 3911 // Normalize the elements to enable attributes on the property.
3912 if (js_object->IsJSGlobalProxy()) { 3912 if (js_object->IsJSGlobalProxy()) {
3913 // We do not need to do access checks here since these has already 3913 // We do not need to do access checks here since these has already
3914 // been performed by the call to GetOwnProperty. 3914 // been performed by the call to GetOwnProperty.
3915 Handle<Object> proto(js_object->GetPrototype()); 3915 Handle<Object> proto(js_object->GetPrototype());
3916 // If proxy is detached, ignore the assignment. Alternatively, 3916 // If proxy is detached, ignore the assignment. Alternatively,
3917 // we could throw an exception. 3917 // we could throw an exception.
3918 if (proto->IsNull()) return *obj_value; 3918 if (proto->IsNull()) return *obj_value;
3919 js_object = Handle<JSObject>::cast(proto); 3919 js_object = Handle<JSObject>::cast(proto);
3920 } 3920 }
3921 NormalizeElements(js_object); 3921 Handle<NumberDictionary> dictionary = NormalizeElements(js_object);
3922 Handle<NumberDictionary> dictionary(js_object->element_dictionary());
3923 // Make sure that we never go back to fast case. 3922 // Make sure that we never go back to fast case.
3924 dictionary->set_requires_slow_elements(); 3923 dictionary->set_requires_slow_elements();
3925 PropertyDetails details = PropertyDetails(attr, NORMAL); 3924 PropertyDetails details = PropertyDetails(attr, NORMAL);
3926 Handle<NumberDictionary> extended_dictionary = 3925 Handle<NumberDictionary> extended_dictionary =
3927 NumberDictionarySet(dictionary, index, obj_value, details); 3926 NumberDictionarySet(dictionary, index, obj_value, details);
3928 if (*extended_dictionary != *dictionary) { 3927 if (*extended_dictionary != *dictionary) {
3929 js_object->set_elements(*extended_dictionary); 3928 js_object->set_elements(*extended_dictionary);
3930 } 3929 }
3931 return *obj_value; 3930 return *obj_value;
3932 } 3931 }
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after
3975 // Special case for elements if any of the flags are true. 3974 // Special case for elements if any of the flags are true.
3976 // If elements are in fast case we always implicitly assume that: 3975 // If elements are in fast case we always implicitly assume that:
3977 // DONT_DELETE: false, DONT_ENUM: false, READ_ONLY: false. 3976 // DONT_DELETE: false, DONT_ENUM: false, READ_ONLY: false.
3978 static MaybeObject* NormalizeObjectSetElement(Isolate* isolate, 3977 static MaybeObject* NormalizeObjectSetElement(Isolate* isolate,
3979 Handle<JSObject> js_object, 3978 Handle<JSObject> js_object,
3980 uint32_t index, 3979 uint32_t index,
3981 Handle<Object> value, 3980 Handle<Object> value,
3982 PropertyAttributes attr) { 3981 PropertyAttributes attr) {
3983 // Normalize the elements to enable attributes on the property. 3982 // Normalize the elements to enable attributes on the property.
3984 NormalizeElements(js_object); 3983 NormalizeElements(js_object);
3985 Handle<NumberDictionary> dictionary(js_object->element_dictionary()); 3984 Handle<NumberDictionary> dictionary(js_object->element_dictionary());
Karl Klose 2011/06/30 11:08:41 Please change this call too.
Kevin Millikin (Chromium) 2011/06/30 11:09:25 Good eye!
3986 // Make sure that we never go back to fast case. 3985 // Make sure that we never go back to fast case.
3987 dictionary->set_requires_slow_elements(); 3986 dictionary->set_requires_slow_elements();
3988 PropertyDetails details = PropertyDetails(attr, NORMAL); 3987 PropertyDetails details = PropertyDetails(attr, NORMAL);
3989 Handle<NumberDictionary> extended_dictionary = 3988 Handle<NumberDictionary> extended_dictionary =
3990 NumberDictionarySet(dictionary, index, value, details); 3989 NumberDictionarySet(dictionary, index, value, details);
3991 if (*extended_dictionary != *dictionary) { 3990 if (*extended_dictionary != *dictionary) {
3992 js_object->set_elements(*extended_dictionary); 3991 js_object->set_elements(*extended_dictionary);
3993 } 3992 }
3994 return *value; 3993 return *value;
3995 } 3994 }
(...skipping 8553 matching lines...) Expand 10 before | Expand all | Expand 10 after
12549 } else { 12548 } else {
12550 // Handle last resort GC and make sure to allow future allocations 12549 // Handle last resort GC and make sure to allow future allocations
12551 // to grow the heap without causing GCs (if possible). 12550 // to grow the heap without causing GCs (if possible).
12552 isolate->counters()->gc_last_resort_from_js()->Increment(); 12551 isolate->counters()->gc_last_resort_from_js()->Increment();
12553 isolate->heap()->CollectAllGarbage(false); 12552 isolate->heap()->CollectAllGarbage(false);
12554 } 12553 }
12555 } 12554 }
12556 12555
12557 12556
12558 } } // namespace v8::internal 12557 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « src/handles.cc ('k') | test/mjsunit/regress/regress-1513.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698