src/objects-inl.h - Issue 11566027: Object.oberve: assertions to narrow down flaky crashes with array length mutation.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/objects-inl.h

Issue 11566027: Object.oberve: assertions to narrow down flaky crashes with array length mutation. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge

Patch Set: Addressing comment Created 8 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/objects-inl.h

diff --git a/src/objects-inl.h b/src/objects-inl.h

index d61d3da8c501cb33cc9f84d0bb9d9a9d4ac82159..9e6044aaa9561cb1eba74d0cb6e94388bbf722e7 100644

--- a/src/objects-inl.h

+++ b/src/objects-inl.h

@@ -1416,23 +1416,29 @@ void JSObject::initialize_elements() {

MaybeObject* JSObject::ResetElements() {

- Object* obj;

+ if (map()->is_observed()) {

+ // Maintain invariant that observed elements are always in dictionary mode.

+ SeededNumberDictionary* dictionary;

+ MaybeObject* maybe = SeededNumberDictionary::Allocate(0);

+ if (!maybe->To(&dictionary)) return maybe;

+ if (map() == GetHeap()->non_strict_arguments_elements_map()) {

+ FixedArray::cast(elements())->set(1, dictionary);

+ } else {

+ set_elements(dictionary);

+ }

+ return this;

+ }

ElementsKind elements_kind = GetInitialFastElementsKind();

if (!FLAG_smi_only_arrays) {

elements_kind = FastSmiToObjectElementsKind(elements_kind);

}

- MaybeObject* maybe_obj = GetElementsTransitionMap(GetIsolate(),

- elements_kind);

- if (!maybe_obj->ToObject(&obj)) return maybe_obj;

- set_map(Map::cast(obj));

+ MaybeObject* maybe = GetElementsTransitionMap(GetIsolate(), elements_kind);

+ Map* map;

+ if (!maybe->To(&map)) return maybe;

+ set_map(map);

initialize_elements();

- if (FLAG_harmony_observation && map()->is_observed()) {

- // Maintain invariant that observed elements are always in dictionary mode.

- // For this to work on arrays, we have to make sure to reset length first.

- if (IsJSArray()) JSArray::cast(this)->set_length(Smi::FromInt(0));

- maybe_obj = NormalizeElements();

- if (maybe_obj->IsFailure()) return maybe_obj;

- }

return this;

}

@@ -3362,6 +3368,9 @@ bool Map::owns_descriptors() {

void Map::set_is_observed(bool is_observed) {

+ ASSERT(instance_type() < FIRST_JS_OBJECT_TYPE ||

+ instance_type() > LAST_JS_OBJECT_TYPE ||

+ has_slow_elements_kind() || has_external_array_elements());

set_bit_field3(IsObserved::update(bit_field3(), is_observed));

}

« no previous file with comments | « src/objects-debug.cc ('k') | src/runtime.cc » ('j') | no next file with comments »