| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/heap/heap.h" | 5 #include "src/heap/heap.h" |
| 6 | 6 |
| 7 #include "src/accessors.h" | 7 #include "src/accessors.h" |
| 8 #include "src/api.h" | 8 #include "src/api.h" |
| 9 #include "src/base/bits.h" | 9 #include "src/base/bits.h" |
| 10 #include "src/base/once.h" | 10 #include "src/base/once.h" |
| (...skipping 3414 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3425 Map* map) { | 3425 Map* map) { |
| 3426 obj->set_properties(properties); | 3426 obj->set_properties(properties); |
| 3427 obj->initialize_elements(); | 3427 obj->initialize_elements(); |
| 3428 // TODO(1240798): Initialize the object's body using valid initial values | 3428 // TODO(1240798): Initialize the object's body using valid initial values |
| 3429 // according to the object's initial map. For example, if the map's | 3429 // according to the object's initial map. For example, if the map's |
| 3430 // instance type is JS_ARRAY_TYPE, the length field should be initialized | 3430 // instance type is JS_ARRAY_TYPE, the length field should be initialized |
| 3431 // to a number (e.g. Smi::FromInt(0)) and the elements initialized to a | 3431 // to a number (e.g. Smi::FromInt(0)) and the elements initialized to a |
| 3432 // fixed array (e.g. Heap::empty_fixed_array()). Currently, the object | 3432 // fixed array (e.g. Heap::empty_fixed_array()). Currently, the object |
| 3433 // verification code has to cope with (temporarily) invalid objects. See | 3433 // verification code has to cope with (temporarily) invalid objects. See |
| 3434 // for example, JSArray::JSArrayVerify). | 3434 // for example, JSArray::JSArrayVerify). |
| 3435 InitializeJSObjectBody(obj, map, JSObject::kHeaderSize); |
| 3436 } |
| 3437 |
| 3438 |
| 3439 void Heap::InitializeJSObjectBody(JSObject* obj, Map* map, int start_offset) { |
| 3440 if (start_offset == map->instance_size()) return; |
| 3441 DCHECK_LT(start_offset, map->instance_size()); |
| 3442 |
| 3435 Object* filler; | 3443 Object* filler; |
| 3436 // We cannot always fill with one_pointer_filler_map because objects | 3444 // We cannot always fill with one_pointer_filler_map because objects |
| 3437 // created from API functions expect their internal fields to be initialized | 3445 // created from API functions expect their internal fields to be initialized |
| 3438 // with undefined_value. | 3446 // with undefined_value. |
| 3439 // Pre-allocated fields need to be initialized with undefined_value as well | 3447 // Pre-allocated fields need to be initialized with undefined_value as well |
| 3440 // so that object accesses before the constructor completes (e.g. in the | 3448 // so that object accesses before the constructor completes (e.g. in the |
| 3441 // debugger) will not cause a crash. | 3449 // debugger) will not cause a crash. |
| 3442 Object* constructor = map->GetConstructor(); | 3450 Object* constructor = map->GetConstructor(); |
| 3443 if (constructor->IsJSFunction() && | 3451 if (constructor->IsJSFunction() && |
| 3444 JSFunction::cast(constructor)->IsInobjectSlackTrackingInProgress()) { | 3452 JSFunction::cast(constructor)->IsInobjectSlackTrackingInProgress()) { |
| 3445 // We might want to shrink the object later. | 3453 // We might want to shrink the object later. |
| 3446 DCHECK_EQ(0, obj->GetInternalFieldCount()); | 3454 DCHECK_EQ(0, obj->GetInternalFieldCount()); |
| 3447 filler = Heap::one_pointer_filler_map(); | 3455 filler = Heap::one_pointer_filler_map(); |
| 3448 } else { | 3456 } else { |
| 3449 filler = Heap::undefined_value(); | 3457 filler = Heap::undefined_value(); |
| 3450 } | 3458 } |
| 3451 obj->InitializeBody(map, Heap::undefined_value(), filler); | 3459 obj->InitializeBody(map, start_offset, Heap::undefined_value(), filler); |
| 3452 } | 3460 } |
| 3453 | 3461 |
| 3454 | 3462 |
| 3455 AllocationResult Heap::AllocateJSObjectFromMap( | 3463 AllocationResult Heap::AllocateJSObjectFromMap( |
| 3456 Map* map, PretenureFlag pretenure, AllocationSite* allocation_site) { | 3464 Map* map, PretenureFlag pretenure, AllocationSite* allocation_site) { |
| 3457 // JSFunctions should be allocated using AllocateFunction to be | 3465 // JSFunctions should be allocated using AllocateFunction to be |
| 3458 // properly initialized. | 3466 // properly initialized. |
| 3459 DCHECK(map->instance_type() != JS_FUNCTION_TYPE); | 3467 DCHECK(map->instance_type() != JS_FUNCTION_TYPE); |
| 3460 | 3468 |
| 3461 // Both types of global objects should be allocated using | 3469 // Both types of global objects should be allocated using |
| (...skipping 2700 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 6162 } | 6170 } |
| 6163 | 6171 |
| 6164 | 6172 |
| 6165 // static | 6173 // static |
| 6166 int Heap::GetStaticVisitorIdForMap(Map* map) { | 6174 int Heap::GetStaticVisitorIdForMap(Map* map) { |
| 6167 return StaticVisitorBase::GetVisitorId(map); | 6175 return StaticVisitorBase::GetVisitorId(map); |
| 6168 } | 6176 } |
| 6169 | 6177 |
| 6170 } // namespace internal | 6178 } // namespace internal |
| 6171 } // namespace v8 | 6179 } // namespace v8 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1481493003:
Fix JSFunction's in-object properties initialization. (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master