Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(47)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/runtime/runtime-literals.cc

Issue 1037273002: Ensure object literal element boilerplates aren't modified. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Added comment and REBASE. Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/mips/full-codegen-mips.cc ('k') | src/x64/full-codegen-x64.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 the V8 project authors. All rights reserved. 1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/v8.h" 5 #include "src/v8.h"
6 6
7 #include "src/allocation-site-scopes.h" 7 #include "src/allocation-site-scopes.h"
8 #include "src/arguments.h" 8 #include "src/arguments.h"
9 #include "src/ast.h" 9 #include "src/ast.h"
10 #include "src/parser.h" 10 #include "src/parser.h"
(...skipping 219 matching lines...) Expand 10 before | Expand all | Expand 10 after
230 230
231 RUNTIME_FUNCTION(Runtime_CreateObjectLiteral) { 231 RUNTIME_FUNCTION(Runtime_CreateObjectLiteral) {
232 HandleScope scope(isolate); 232 HandleScope scope(isolate);
233 DCHECK(args.length() == 4); 233 DCHECK(args.length() == 4);
234 CONVERT_ARG_HANDLE_CHECKED(FixedArray, literals, 0); 234 CONVERT_ARG_HANDLE_CHECKED(FixedArray, literals, 0);
235 CONVERT_SMI_ARG_CHECKED(literals_index, 1); 235 CONVERT_SMI_ARG_CHECKED(literals_index, 1);
236 CONVERT_ARG_HANDLE_CHECKED(FixedArray, constant_properties, 2); 236 CONVERT_ARG_HANDLE_CHECKED(FixedArray, constant_properties, 2);
237 CONVERT_SMI_ARG_CHECKED(flags, 3); 237 CONVERT_SMI_ARG_CHECKED(flags, 3);
238 bool should_have_fast_elements = (flags & ObjectLiteral::kFastElements) != 0; 238 bool should_have_fast_elements = (flags & ObjectLiteral::kFastElements) != 0;
239 bool has_function_literal = (flags & ObjectLiteral::kHasFunction) != 0; 239 bool has_function_literal = (flags & ObjectLiteral::kHasFunction) != 0;
240 bool enable_mementos = (flags & ObjectLiteral::kDisableMementos) == 0;
240 241
241 RUNTIME_ASSERT(literals_index >= 0 && literals_index < literals->length()); 242 RUNTIME_ASSERT(literals_index >= 0 && literals_index < literals->length());
242 243
243 // Check if boilerplate exists. If not, create it first. 244 // Check if boilerplate exists. If not, create it first.
244 Handle<Object> literal_site(literals->get(literals_index), isolate); 245 Handle<Object> literal_site(literals->get(literals_index), isolate);
245 Handle<AllocationSite> site; 246 Handle<AllocationSite> site;
246 Handle<JSObject> boilerplate; 247 Handle<JSObject> boilerplate;
247 if (*literal_site == isolate->heap()->undefined_value()) { 248 if (*literal_site == isolate->heap()->undefined_value()) {
248 Handle<Object> raw_boilerplate; 249 Handle<Object> raw_boilerplate;
249 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( 250 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
(...skipping 10 matching lines...) Expand all
260 creation_context.ExitScope(site, boilerplate); 261 creation_context.ExitScope(site, boilerplate);
261 262
262 // Update the functions literal and return the boilerplate. 263 // Update the functions literal and return the boilerplate.
263 literals->set(literals_index, *site); 264 literals->set(literals_index, *site);
264 } else { 265 } else {
265 site = Handle<AllocationSite>::cast(literal_site); 266 site = Handle<AllocationSite>::cast(literal_site);
266 boilerplate = 267 boilerplate =
267 Handle<JSObject>(JSObject::cast(site->transition_info()), isolate); 268 Handle<JSObject>(JSObject::cast(site->transition_info()), isolate);
268 } 269 }
269 270
270 AllocationSiteUsageContext usage_context(isolate, site, true); 271 AllocationSiteUsageContext usage_context(isolate, site, enable_mementos);
271 usage_context.EnterNewScope(); 272 usage_context.EnterNewScope();
272 MaybeHandle<Object> maybe_copy = 273 MaybeHandle<Object> maybe_copy =
273 JSObject::DeepCopy(boilerplate, &usage_context); 274 JSObject::DeepCopy(boilerplate, &usage_context);
274 usage_context.ExitScope(site, boilerplate); 275 usage_context.ExitScope(site, boilerplate);
275 Handle<Object> copy; 276 Handle<Object> copy;
276 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, copy, maybe_copy); 277 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, copy, maybe_copy);
277 return *copy; 278 return *copy;
278 } 279 }
279 280
280 281
(...skipping 137 matching lines...) Expand 10 before | Expand all | Expand 10 after
418 JSObject::TransitionElementsKind(boilerplate_object, transitioned_kind); 419 JSObject::TransitionElementsKind(boilerplate_object, transitioned_kind);
419 } 420 }
420 } 421 }
421 FixedArray* object_array = FixedArray::cast(object->elements()); 422 FixedArray* object_array = FixedArray::cast(object->elements());
422 object_array->set(store_index, *value); 423 object_array->set(store_index, *value);
423 } 424 }
424 return *object; 425 return *object;
425 } 426 }
426 } 427 }
427 } // namespace v8::internal 428 } // namespace v8::internal
OLDNEW
« no previous file with comments | « src/mips/full-codegen-mips.cc ('k') | src/x64/full-codegen-x64.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698