Chromium Code Reviews Chromium Code Reviews
Issue 7929001:
Initialize pre-allocated fields of JSObject with undefined. (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge| OLD | NEW |
|---|---|
| 1 // Copyright 2011 the V8 project authors. All rights reserved. | 1 // Copyright 2011 the V8 project authors. All rights reserved. |
| 2 // Redistribution and use in source and binary forms, with or without | 2 // Redistribution and use in source and binary forms, with or without |
| 3 // modification, are permitted provided that the following conditions are | 3 // modification, are permitted provided that the following conditions are |
| 4 // met: | 4 // met: |
| 5 // | 5 // |
| 6 // * Redistributions of source code must retain the above copyright | 6 // * Redistributions of source code must retain the above copyright |
| 7 // notice, this list of conditions and the following disclaimer. | 7 // notice, this list of conditions and the following disclaimer. |
| 8 // * Redistributions in binary form must reproduce the above | 8 // * Redistributions in binary form must reproduce the above |
| 9 // copyright notice, this list of conditions and the following | 9 // copyright notice, this list of conditions and the following |
| 10 // disclaimer in the documentation and/or other materials provided | 10 // disclaimer in the documentation and/or other materials provided |
| (...skipping 3321 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3332 Map* map) { | 3332 Map* map) { |
| 3333 obj->set_properties(properties); | 3333 obj->set_properties(properties); |
| 3334 obj->initialize_elements(); | 3334 obj->initialize_elements(); |
| 3335 // TODO(1240798): Initialize the object's body using valid initial values | 3335 // TODO(1240798): Initialize the object's body using valid initial values |
| 3336 // according to the object's initial map. For example, if the map's | 3336 // according to the object's initial map. For example, if the map's |
| 3337 // instance type is JS_ARRAY_TYPE, the length field should be initialized | 3337 // instance type is JS_ARRAY_TYPE, the length field should be initialized |
| 3338 // to a number (eg, Smi::FromInt(0)) and the elements initialized to a | 3338 // to a number (eg, Smi::FromInt(0)) and the elements initialized to a |
| 3339 // fixed array (eg, Heap::empty_fixed_array()). Currently, the object | 3339 // fixed array (eg, Heap::empty_fixed_array()). Currently, the object |
| 3340 // verification code has to cope with (temporarily) invalid objects. See | 3340 // verification code has to cope with (temporarily) invalid objects. See |
| 3341 // for example, JSArray::JSArrayVerify). | 3341 // for example, JSArray::JSArrayVerify). |
| 3342 Object* filler; | 3342 |
| 3343 // We cannot always fill with one_pointer_filler_map because objects | 3343 // We cannot always fill with one_pointer_filler_map because objects |
| 3344 // created from API functions expect their internal fields to be initialized | 3344 // created from API functions expect their internal fields to be initialized |
| 3345 // with undefined_value. | 3345 // with undefined_value. |
| 3346 // Pre-allocated fields need to be initialized with undefined_value as well | |
| 3347 // so that object accesses before the constructor completes (e.g. in the | |
| 3348 // debugger) will not cause a crash. | |
| 3346 if (map->constructor()->IsJSFunction() && | 3349 if (map->constructor()->IsJSFunction() && |
| 3347 JSFunction::cast(map->constructor())->shared()-> | 3350 JSFunction::cast(map->constructor())->shared()-> |
| 3348 IsInobjectSlackTrackingInProgress()) { | 3351 IsInobjectSlackTrackingInProgress()) { |
| 3349 // We might want to shrink the object later. | 3352 // We might want to shrink the object later. |
| 3350 ASSERT(obj->GetInternalFieldCount() == 0); | 3353 ASSERT(obj->GetInternalFieldCount() == 0); |
| 3351 filler = Heap::one_pointer_filler_map(); | 3354 obj->InitializeBody(map, |
| 3355 Heap::undefined_value(), | |
| 3356 Heap::one_pointer_filler_map()); | |
| 3352 } else { | 3357 } else { |
| 3353 filler = Heap::undefined_value(); | 3358 obj->InitializeBody(map, Heap::undefined_value(), Heap::undefined_value()); |
|
Vyacheslav Egorov (Chromium)
2011/09/16 15:33:05
Can be moved outside of the if to avoid code dupli
| |
| 3354 } | 3359 } |
| 3355 obj->InitializeBody(map->instance_size(), filler); | |
| 3356 } | 3360 } |
| 3357 | 3361 |
| 3358 | 3362 |
| 3359 MaybeObject* Heap::AllocateJSObjectFromMap(Map* map, PretenureFlag pretenure) { | 3363 MaybeObject* Heap::AllocateJSObjectFromMap(Map* map, PretenureFlag pretenure) { |
| 3360 // JSFunctions should be allocated using AllocateFunction to be | 3364 // JSFunctions should be allocated using AllocateFunction to be |
| 3361 // properly initialized. | 3365 // properly initialized. |
| 3362 ASSERT(map->instance_type() != JS_FUNCTION_TYPE); | 3366 ASSERT(map->instance_type() != JS_FUNCTION_TYPE); |
| 3363 | 3367 |
| 3364 // Both types of global objects should be allocated using | 3368 // Both types of global objects should be allocated using |
| 3365 // AllocateGlobalObject to be properly initialized. | 3369 // AllocateGlobalObject to be properly initialized. |
| (...skipping 2923 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 6289 } | 6293 } |
| 6290 | 6294 |
| 6291 | 6295 |
| 6292 void ExternalStringTable::TearDown() { | 6296 void ExternalStringTable::TearDown() { |
| 6293 new_space_strings_.Free(); | 6297 new_space_strings_.Free(); |
| 6294 old_space_strings_.Free(); | 6298 old_space_strings_.Free(); |
| 6295 } | 6299 } |
| 6296 | 6300 |
| 6297 | 6301 |
| 6298 } } // namespace v8::internal | 6302 } } // namespace v8::internal |
| OLD | NEW |
