| OLD | NEW |
|---|
| 1 // Copyright 2011 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Redistribution and use in source and binary forms, with or without | 2 // Redistribution and use in source and binary forms, with or without |
| 3 // modification, are permitted provided that the following conditions are | 3 // modification, are permitted provided that the following conditions are |
| 4 // met: | 4 // met: |
| 5 // | 5 // |
| 6 // * Redistributions of source code must retain the above copyright | 6 // * Redistributions of source code must retain the above copyright |
| 7 // notice, this list of conditions and the following disclaimer. | 7 // notice, this list of conditions and the following disclaimer. |
| 8 // * Redistributions in binary form must reproduce the above | 8 // * Redistributions in binary form must reproduce the above |
| 9 // copyright notice, this list of conditions and the following | 9 // copyright notice, this list of conditions and the following |
| 10 // disclaimer in the documentation and/or other materials provided | 10 // disclaimer in the documentation and/or other materials provided |
| 11 // with the distribution. | 11 // with the distribution. |
| (...skipping 8688 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 8700 Execution::Call(hfun, hreceiver, argc, argv, &threw, true); | 8700 Execution::Call(hfun, hreceiver, argc, argv, &threw, true); |
| 8701 | 8701 |
| 8702 if (threw) return Failure::Exception(); | 8702 if (threw) return Failure::Exception(); |
| 8703 return *result; | 8703 return *result; |
| 8704 } | 8704 } |
| 8705 | 8705 |
| 8706 | 8706 |
| 8707 RUNTIME_FUNCTION(MaybeObject*, Runtime_Apply) { | 8707 RUNTIME_FUNCTION(MaybeObject*, Runtime_Apply) { |
| 8708 HandleScope scope(isolate); | 8708 HandleScope scope(isolate); |
| 8709 ASSERT(args.length() == 5); | 8709 ASSERT(args.length() == 5); |
| 8710 CONVERT_CHECKED(JSReceiver, fun, args[0]); | 8710 CONVERT_ARG_CHECKED(JSReceiver, fun, 0); |
| 8711 Object* receiver = args[1]; | 8711 Handle<Object> receiver = args.at<Object>(1); |
| 8712 CONVERT_CHECKED(JSObject, arguments, args[2]); | 8712 CONVERT_ARG_CHECKED(JSObject, arguments, 2); |
| 8713 CONVERT_CHECKED(Smi, shift, args[3]); | 8713 CONVERT_SMI_ARG_CHECKED(offset, 3); |
| 8714 CONVERT_CHECKED(Smi, arity, args[4]); | 8714 CONVERT_SMI_ARG_CHECKED(argc, 4); |
| 8715 | |
| 8716 int offset = shift->value(); | |
| 8717 int argc = arity->value(); | |
| 8718 ASSERT(offset >= 0); | 8715 ASSERT(offset >= 0); |
| 8719 ASSERT(argc >= 0); | 8716 ASSERT(argc >= 0); |
| 8720 | 8717 |
| 8721 // If there are too many arguments, allocate argv via malloc. | 8718 // If there are too many arguments, allocate argv via malloc. |
| 8722 const int argv_small_size = 10; | 8719 const int argv_small_size = 10; |
| 8723 Handle<Object> argv_small_buffer[argv_small_size]; | 8720 Handle<Object> argv_small_buffer[argv_small_size]; |
| 8724 SmartArrayPointer<Handle<Object> > argv_large_buffer; | 8721 SmartArrayPointer<Handle<Object> > argv_large_buffer; |
| 8725 Handle<Object>* argv = argv_small_buffer; | 8722 Handle<Object>* argv = argv_small_buffer; |
| 8726 if (argc > argv_small_size) { | 8723 if (argc > argv_small_size) { |
| 8727 argv = new Handle<Object>[argc]; | 8724 argv = new Handle<Object>[argc]; |
| 8728 if (argv == NULL) return isolate->StackOverflow(); | 8725 if (argv == NULL) return isolate->StackOverflow(); |
| 8729 argv_large_buffer = SmartArrayPointer<Handle<Object> >(argv); | 8726 argv_large_buffer = SmartArrayPointer<Handle<Object> >(argv); |
| 8730 } | 8727 } |
| 8731 | 8728 |
| 8732 for (int i = 0; i < argc; ++i) { | 8729 for (int i = 0; i < argc; ++i) { |
| 8733 MaybeObject* maybe = arguments->GetElement(offset + i); | 8730 argv[i] = Object::GetElement(arguments, offset + i); |
| 8734 Object* object; | |
| 8735 if (!maybe->To<Object>(&object)) return maybe; | |
| 8736 argv[i] = Handle<Object>(object); | |
| 8737 } | 8731 } |
| 8738 | 8732 |
| 8739 bool threw; | 8733 bool threw; |
| 8740 Handle<JSReceiver> hfun(fun); | |
| 8741 Handle<Object> hreceiver(receiver); | |
| 8742 Handle<Object> result = | 8734 Handle<Object> result = |
| 8743 Execution::Call(hfun, hreceiver, argc, argv, &threw, true); | 8735 Execution::Call(fun, receiver, argc, argv, &threw, true); |
| 8744 | 8736 |
| 8745 if (threw) return Failure::Exception(); | 8737 if (threw) return Failure::Exception(); |
| 8746 return *result; | 8738 return *result; |
| 8747 } | 8739 } |
| 8748 | 8740 |
| 8749 | 8741 |
| 8750 RUNTIME_FUNCTION(MaybeObject*, Runtime_GetFunctionDelegate) { | 8742 RUNTIME_FUNCTION(MaybeObject*, Runtime_GetFunctionDelegate) { |
| 8751 HandleScope scope(isolate); | 8743 HandleScope scope(isolate); |
| 8752 ASSERT(args.length() == 1); | 8744 ASSERT(args.length() == 1); |
| 8753 RUNTIME_ASSERT(!args[0]->IsJSFunction()); | 8745 RUNTIME_ASSERT(!args[0]->IsJSFunction()); |
| (...skipping 4815 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 13569 } else { | 13561 } else { |
| 13570 // Handle last resort GC and make sure to allow future allocations | 13562 // Handle last resort GC and make sure to allow future allocations |
| 13571 // to grow the heap without causing GCs (if possible). | 13563 // to grow the heap without causing GCs (if possible). |
| 13572 isolate->counters()->gc_last_resort_from_js()->Increment(); | 13564 isolate->counters()->gc_last_resort_from_js()->Increment(); |
| 13573 isolate->heap()->CollectAllGarbage(Heap::kNoGCFlags); | 13565 isolate->heap()->CollectAllGarbage(Heap::kNoGCFlags); |
| 13574 } | 13566 } |
| 13575 } | 13567 } |
| 13576 | 13568 |
| 13577 | 13569 |
| 13578 } } // namespace v8::internal | 13570 } } // namespace v8::internal |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8952028:
Make Runtime_Apply safer. (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge