Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/objects.cc

Issue 1522203004: Fix invalid access to layout descriptor in Map::CopyInitialMap() (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 the V8 project authors. All rights reserved. 1 // Copyright 2013 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/objects.h" 5 #include "src/objects.h"
6 6
7 #include <cmath> 7 #include <cmath>
8 #include <iomanip> 8 #include <iomanip>
9 #include <sstream> 9 #include <sstream>
10 10
(...skipping 9018 matching lines...) Expand 10 before | Expand all | Expand 10 after
9029 Handle<Map> result = RawCopy(map, instance_size); 9029 Handle<Map> result = RawCopy(map, instance_size);
9030 9030
9031 // Please note instance_type and instance_size are set when allocated. 9031 // Please note instance_type and instance_size are set when allocated.
9032 result->SetInObjectProperties(in_object_properties); 9032 result->SetInObjectProperties(in_object_properties);
9033 result->set_unused_property_fields(unused_property_fields); 9033 result->set_unused_property_fields(unused_property_fields);
9034 9034
9035 int number_of_own_descriptors = map->NumberOfOwnDescriptors(); 9035 int number_of_own_descriptors = map->NumberOfOwnDescriptors();
9036 if (number_of_own_descriptors > 0) { 9036 if (number_of_own_descriptors > 0) {
9037 // The copy will use the same descriptors array. 9037 // The copy will use the same descriptors array.
9038 result->UpdateDescriptors(map->instance_descriptors(), 9038 result->UpdateDescriptors(map->instance_descriptors(),
9039 map->layout_descriptor()); 9039 map->GetLayoutDescriptor());
9040 result->SetNumberOfOwnDescriptors(number_of_own_descriptors); 9040 result->SetNumberOfOwnDescriptors(number_of_own_descriptors);
9041 9041
9042 DCHECK_EQ(result->NumberOfFields(), 9042 DCHECK_EQ(result->NumberOfFields(),
9043 in_object_properties - unused_property_fields); 9043 in_object_properties - unused_property_fields);
9044 } 9044 }
9045 9045
9046 return result; 9046 return result;
9047 } 9047 }
9048 9048
9049 9049
(...skipping 10268 matching lines...) Expand 10 before | Expand all | Expand 10 after
19318 if (cell->value() != *new_value) { 19318 if (cell->value() != *new_value) {
19319 cell->set_value(*new_value); 19319 cell->set_value(*new_value);
19320 Isolate* isolate = cell->GetIsolate(); 19320 Isolate* isolate = cell->GetIsolate();
19321 cell->dependent_code()->DeoptimizeDependentCodeGroup( 19321 cell->dependent_code()->DeoptimizeDependentCodeGroup(
19322 isolate, DependentCode::kPropertyCellChangedGroup); 19322 isolate, DependentCode::kPropertyCellChangedGroup);
19323 } 19323 }
19324 } 19324 }
19325 19325
19326 } // namespace internal 19326 } // namespace internal
19327 } // namespace v8 19327 } // namespace v8
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698