Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/type-info.cc

Issue 1026343004: Prevent leaks of cross context maps in the Oracle. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/v8.h" 5 #include "src/v8.h"
6 6
7 #include "src/ast.h" 7 #include "src/ast.h"
8 #include "src/code-stubs.h" 8 #include "src/code-stubs.h"
9 #include "src/compiler.h" 9 #include "src/compiler.h"
10 #include "src/ic/ic.h" 10 #include "src/ic/ic.h"
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after
47 } 47 }
48 return Handle<Object>::cast(isolate()->factory()->undefined_value()); 48 return Handle<Object>::cast(isolate()->factory()->undefined_value());
49 } 49 }
50 50
51 51
52 Handle<Object> TypeFeedbackOracle::GetInfo(FeedbackVectorSlot slot) { 52 Handle<Object> TypeFeedbackOracle::GetInfo(FeedbackVectorSlot slot) {
53 DCHECK(slot.ToInt() >= 0 && slot.ToInt() < feedback_vector_->length()); 53 DCHECK(slot.ToInt() >= 0 && slot.ToInt() < feedback_vector_->length());
54 Object* obj = feedback_vector_->Get(slot); 54 Object* obj = feedback_vector_->Get(slot);
55 if (!obj->IsJSFunction() || 55 if (!obj->IsJSFunction() ||
56 !CanRetainOtherContext(JSFunction::cast(obj), *native_context_)) { 56 !CanRetainOtherContext(JSFunction::cast(obj), *native_context_)) {
57 DCHECK(!obj->IsMap());
57 return Handle<Object>(obj, isolate()); 58 return Handle<Object>(obj, isolate());
58 } 59 }
59 return Handle<Object>::cast(isolate()->factory()->undefined_value()); 60 return Handle<Object>::cast(isolate()->factory()->undefined_value());
60 } 61 }
61 62
62 63
63 Handle<Object> TypeFeedbackOracle::GetInfo(FeedbackVectorICSlot slot) { 64 Handle<Object> TypeFeedbackOracle::GetInfo(FeedbackVectorICSlot slot) {
64 DCHECK(slot.ToInt() >= 0 && slot.ToInt() < feedback_vector_->length()); 65 DCHECK(slot.ToInt() >= 0 && slot.ToInt() < feedback_vector_->length());
65 Handle<Object> undefined = 66 Handle<Object> undefined =
66 Handle<Object>::cast(isolate()->factory()->undefined_value()); 67 Handle<Object>::cast(isolate()->factory()->undefined_value());
67 Object* obj = feedback_vector_->Get(slot); 68 Object* obj = feedback_vector_->Get(slot);
68 69
69 // Vector-based ICs do not embed direct pointers to maps, functions. 70 // Vector-based ICs do not embed direct pointers to maps, functions.
70 // Instead a WeakCell is always used. 71 // Instead a WeakCell is always used.
71 if (obj->IsWeakCell()) { 72 if (obj->IsWeakCell()) {
72 WeakCell* cell = WeakCell::cast(obj); 73 WeakCell* cell = WeakCell::cast(obj);
73 if (cell->cleared()) return undefined; 74 if (cell->cleared()) return undefined;
74 obj = cell->value(); 75 obj = cell->value();
75 } 76 }
76 77
77 if (!obj->IsJSFunction() || 78 if ((obj->IsJSFunction() &&
78 !CanRetainOtherContext(JSFunction::cast(obj), *native_context_)) { 79 !CanRetainOtherContext(JSFunction::cast(obj), *native_context_)) ||
80 obj->IsAllocationSite() || obj->IsSymbol()) {
79 return Handle<Object>(obj, isolate()); 81 return Handle<Object>(obj, isolate());
80 } 82 }
83
81 return undefined; 84 return undefined;
82 } 85 }
83 86
84 87
85 bool TypeFeedbackOracle::LoadIsUninitialized(TypeFeedbackId id) { 88 bool TypeFeedbackOracle::LoadIsUninitialized(TypeFeedbackId id) {
86 Handle<Object> maybe_code = GetInfo(id); 89 Handle<Object> maybe_code = GetInfo(id);
87 if (maybe_code->IsCode()) { 90 if (maybe_code->IsCode()) {
88 Handle<Code> code = Handle<Code>::cast(maybe_code); 91 Handle<Code> code = Handle<Code>::cast(maybe_code);
89 return code->is_inline_cache_stub() && code->ic_state() == UNINITIALIZED; 92 return code->is_inline_cache_stub() && code->ic_state() == UNINITIALIZED;
90 } 93 }
(...skipping 475 matching lines...) Expand 10 before | Expand all | Expand 10 after
566 UnseededNumberDictionary::kNotFound); 569 UnseededNumberDictionary::kNotFound);
567 // Dictionary has been allocated with sufficient size for all elements. 570 // Dictionary has been allocated with sufficient size for all elements.
568 DisallowHeapAllocation no_need_to_resize_dictionary; 571 DisallowHeapAllocation no_need_to_resize_dictionary;
569 HandleScope scope(isolate()); 572 HandleScope scope(isolate());
570 USE(UnseededNumberDictionary::AtNumberPut( 573 USE(UnseededNumberDictionary::AtNumberPut(
571 dictionary_, IdToKey(ast_id), handle(target, isolate()))); 574 dictionary_, IdToKey(ast_id), handle(target, isolate())));
572 } 575 }
573 576
574 577
575 } } // namespace v8::internal 578 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698