| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Redistribution and use in source and binary forms, with or without | 2 // Redistribution and use in source and binary forms, with or without |
| 3 // modification, are permitted provided that the following conditions are | 3 // modification, are permitted provided that the following conditions are |
| 4 // met: | 4 // met: |
| 5 // | 5 // |
| 6 // * Redistributions of source code must retain the above copyright | 6 // * Redistributions of source code must retain the above copyright |
| 7 // notice, this list of conditions and the following disclaimer. | 7 // notice, this list of conditions and the following disclaimer. |
| 8 // * Redistributions in binary form must reproduce the above | 8 // * Redistributions in binary form must reproduce the above |
| 9 // copyright notice, this list of conditions and the following | 9 // copyright notice, this list of conditions and the following |
| 10 // disclaimer in the documentation and/or other materials provided | 10 // disclaimer in the documentation and/or other materials provided |
| (...skipping 4358 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4369 strict_mode); | 4369 strict_mode); |
| 4370 } | 4370 } |
| 4371 | 4371 |
| 4372 | 4372 |
| 4373 RUNTIME_FUNCTION(MaybeObject*, Runtime_TransitionElementsSmiToDouble) { | 4373 RUNTIME_FUNCTION(MaybeObject*, Runtime_TransitionElementsSmiToDouble) { |
| 4374 NoHandleAllocation ha; | 4374 NoHandleAllocation ha; |
| 4375 RUNTIME_ASSERT(args.length() == 1); | 4375 RUNTIME_ASSERT(args.length() == 1); |
| 4376 Handle<Object> object = args.at<Object>(0); | 4376 Handle<Object> object = args.at<Object>(0); |
| 4377 if (object->IsJSObject()) { | 4377 if (object->IsJSObject()) { |
| 4378 Handle<JSObject> js_object(Handle<JSObject>::cast(object)); | 4378 Handle<JSObject> js_object(Handle<JSObject>::cast(object)); |
| 4379 ASSERT(!js_object->map()->is_observed()); |
| 4379 ElementsKind new_kind = js_object->HasFastHoleyElements() | 4380 ElementsKind new_kind = js_object->HasFastHoleyElements() |
| 4380 ? FAST_HOLEY_DOUBLE_ELEMENTS | 4381 ? FAST_HOLEY_DOUBLE_ELEMENTS |
| 4381 : FAST_DOUBLE_ELEMENTS; | 4382 : FAST_DOUBLE_ELEMENTS; |
| 4382 return TransitionElements(object, new_kind, isolate); | 4383 return TransitionElements(object, new_kind, isolate); |
| 4383 } else { | 4384 } else { |
| 4384 return *object; | 4385 return *object; |
| 4385 } | 4386 } |
| 4386 } | 4387 } |
| 4387 | 4388 |
| 4388 | 4389 |
| 4389 RUNTIME_FUNCTION(MaybeObject*, Runtime_TransitionElementsDoubleToObject) { | 4390 RUNTIME_FUNCTION(MaybeObject*, Runtime_TransitionElementsDoubleToObject) { |
| 4390 NoHandleAllocation ha; | 4391 NoHandleAllocation ha; |
| 4391 RUNTIME_ASSERT(args.length() == 1); | 4392 RUNTIME_ASSERT(args.length() == 1); |
| 4392 Handle<Object> object = args.at<Object>(0); | 4393 Handle<Object> object = args.at<Object>(0); |
| 4393 if (object->IsJSObject()) { | 4394 if (object->IsJSObject()) { |
| 4394 Handle<JSObject> js_object(Handle<JSObject>::cast(object)); | 4395 Handle<JSObject> js_object(Handle<JSObject>::cast(object)); |
| 4396 ASSERT(!js_object->map()->is_observed()); |
| 4395 ElementsKind new_kind = js_object->HasFastHoleyElements() | 4397 ElementsKind new_kind = js_object->HasFastHoleyElements() |
| 4396 ? FAST_HOLEY_ELEMENTS | 4398 ? FAST_HOLEY_ELEMENTS |
| 4397 : FAST_ELEMENTS; | 4399 : FAST_ELEMENTS; |
| 4398 return TransitionElements(object, new_kind, isolate); | 4400 return TransitionElements(object, new_kind, isolate); |
| 4399 } else { | 4401 } else { |
| 4400 return *object; | 4402 return *object; |
| 4401 } | 4403 } |
| 4402 } | 4404 } |
| 4403 | 4405 |
| 4404 | 4406 |
| (...skipping 9075 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 13480 RUNTIME_FUNCTION(MaybeObject*, Runtime_SetIsObserved) { | 13482 RUNTIME_FUNCTION(MaybeObject*, Runtime_SetIsObserved) { |
| 13481 ASSERT(args.length() == 2); | 13483 ASSERT(args.length() == 2); |
| 13482 CONVERT_ARG_CHECKED(JSReceiver, obj, 0); | 13484 CONVERT_ARG_CHECKED(JSReceiver, obj, 0); |
| 13483 CONVERT_BOOLEAN_ARG_CHECKED(is_observed, 1); | 13485 CONVERT_BOOLEAN_ARG_CHECKED(is_observed, 1); |
| 13484 if (obj->IsJSGlobalProxy()) { | 13486 if (obj->IsJSGlobalProxy()) { |
| 13485 Object* proto = obj->GetPrototype(); | 13487 Object* proto = obj->GetPrototype(); |
| 13486 if (obj->IsNull()) return isolate->heap()->undefined_value(); | 13488 if (obj->IsNull()) return isolate->heap()->undefined_value(); |
| 13487 ASSERT(proto->IsJSGlobalObject()); | 13489 ASSERT(proto->IsJSGlobalObject()); |
| 13488 obj = JSReceiver::cast(proto); | 13490 obj = JSReceiver::cast(proto); |
| 13489 } | 13491 } |
| 13492 ASSERT(!(obj->map()->is_observed() && obj->IsJSObject() && |
| 13493 JSObject::cast(obj)->HasFastElements())); |
| 13490 if (obj->map()->is_observed() != is_observed) { | 13494 if (obj->map()->is_observed() != is_observed) { |
| 13495 if (is_observed && obj->IsJSObject() && |
| 13496 !JSObject::cast(obj)->HasExternalArrayElements()) { |
| 13497 // Go to dictionary mode, so that we don't skip map checks. |
| 13498 MaybeObject* maybe = JSObject::cast(obj)->NormalizeElements(); |
| 13499 if (maybe->IsFailure()) return maybe; |
| 13500 ASSERT(!JSObject::cast(obj)->HasFastElements()); |
| 13501 } |
| 13491 MaybeObject* maybe = obj->map()->Copy(); | 13502 MaybeObject* maybe = obj->map()->Copy(); |
| 13492 Map* map; | 13503 Map* map; |
| 13493 if (!maybe->To(&map)) return maybe; | 13504 if (!maybe->To(&map)) return maybe; |
| 13494 map->set_is_observed(is_observed); | 13505 map->set_is_observed(is_observed); |
| 13495 obj->set_map(map); | 13506 obj->set_map(map); |
| 13496 if (is_observed && obj->IsJSObject() && | |
| 13497 !JSObject::cast(obj)->HasExternalArrayElements()) { | |
| 13498 // Go to dictionary mode, so that we don't skip map checks. | |
| 13499 maybe = JSObject::cast(obj)->NormalizeElements(); | |
| 13500 if (maybe->IsFailure()) return maybe; | |
| 13501 ASSERT(!JSObject::cast(obj)->HasFastElements()); | |
| 13502 } | |
| 13503 } | 13507 } |
| 13504 return isolate->heap()->undefined_value(); | 13508 return isolate->heap()->undefined_value(); |
| 13505 } | 13509 } |
| 13506 | 13510 |
| 13507 | 13511 |
| 13508 RUNTIME_FUNCTION(MaybeObject*, Runtime_SetObserverDeliveryPending) { | 13512 RUNTIME_FUNCTION(MaybeObject*, Runtime_SetObserverDeliveryPending) { |
| 13509 ASSERT(args.length() == 0); | 13513 ASSERT(args.length() == 0); |
| 13510 isolate->set_observer_delivery_pending(true); | 13514 isolate->set_observer_delivery_pending(true); |
| 13511 return isolate->heap()->undefined_value(); | 13515 return isolate->heap()->undefined_value(); |
| 13512 } | 13516 } |
| (...skipping 118 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 13631 // Handle last resort GC and make sure to allow future allocations | 13635 // Handle last resort GC and make sure to allow future allocations |
| 13632 // to grow the heap without causing GCs (if possible). | 13636 // to grow the heap without causing GCs (if possible). |
| 13633 isolate->counters()->gc_last_resort_from_js()->Increment(); | 13637 isolate->counters()->gc_last_resort_from_js()->Increment(); |
| 13634 isolate->heap()->CollectAllGarbage(Heap::kNoGCFlags, | 13638 isolate->heap()->CollectAllGarbage(Heap::kNoGCFlags, |
| 13635 "Runtime::PerformGC"); | 13639 "Runtime::PerformGC"); |
| 13636 } | 13640 } |
| 13637 } | 13641 } |
| 13638 | 13642 |
| 13639 | 13643 |
| 13640 } } // namespace v8::internal | 13644 } } // namespace v8::internal |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11566027:
Object.oberve: assertions to narrow down flaky crashes with array length mutation. (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge