Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(241)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/runtime/runtime-object.cc

Issue 2122173003: [runtime] Specifically handle robust RUNTIME_ASSERTs. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Fix. Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/runtime/runtime-i18n.cc ('k') | src/runtime/runtime-strings.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 the V8 project authors. All rights reserved. 1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/runtime/runtime-utils.h" 5 #include "src/runtime/runtime-utils.h"
6 6
7 #include "src/arguments.h" 7 #include "src/arguments.h"
8 #include "src/bootstrapper.h" 8 #include "src/bootstrapper.h"
9 #include "src/debug/debug.h" 9 #include "src/debug/debug.h"
10 #include "src/isolate-inl.h" 10 #include "src/isolate-inl.h"
(...skipping 252 matching lines...) Expand 10 before | Expand all | Expand 10 after
263 isolate->heap()->exception()); 263 isolate->heap()->exception());
264 return *obj; 264 return *obj;
265 } 265 }
266 266
267 RUNTIME_FUNCTION(Runtime_OptimizeObjectForAddingMultipleProperties) { 267 RUNTIME_FUNCTION(Runtime_OptimizeObjectForAddingMultipleProperties) {
268 HandleScope scope(isolate); 268 HandleScope scope(isolate);
269 DCHECK(args.length() == 2); 269 DCHECK(args.length() == 2);
270 CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0); 270 CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0);
271 CONVERT_SMI_ARG_CHECKED(properties, 1); 271 CONVERT_SMI_ARG_CHECKED(properties, 1);
272 // Conservative upper limit to prevent fuzz tests from going OOM. 272 // Conservative upper limit to prevent fuzz tests from going OOM.
273 RUNTIME_ASSERT(properties <= 100000); 273 if (properties > 100000) return isolate->ThrowIllegalOperation();
274 if (object->HasFastProperties() && !object->IsJSGlobalProxy()) { 274 if (object->HasFastProperties() && !object->IsJSGlobalProxy()) {
275 JSObject::NormalizeProperties(object, KEEP_INOBJECT_PROPERTIES, properties, 275 JSObject::NormalizeProperties(object, KEEP_INOBJECT_PROPERTIES, properties,
276 "OptimizeForAdding"); 276 "OptimizeForAdding");
277 } 277 }
278 return *object; 278 return *object;
279 } 279 }
280 280
281 281
282 namespace { 282 namespace {
283 283
(...skipping 721 matching lines...) Expand 10 before | Expand all | Expand 10 after
1005 isolate, o, key, &success, LookupIterator::OWN); 1005 isolate, o, key, &success, LookupIterator::OWN);
1006 if (!success) return isolate->heap()->exception(); 1006 if (!success) return isolate->heap()->exception();
1007 MAYBE_RETURN( 1007 MAYBE_RETURN(
1008 JSReceiver::CreateDataProperty(&it, value, Object::THROW_ON_ERROR), 1008 JSReceiver::CreateDataProperty(&it, value, Object::THROW_ON_ERROR),
1009 isolate->heap()->exception()); 1009 isolate->heap()->exception());
1010 return *value; 1010 return *value;
1011 } 1011 }
1012 1012
1013 } // namespace internal 1013 } // namespace internal
1014 } // namespace v8 1014 } // namespace v8
OLDNEW
« no previous file with comments | « src/runtime/runtime-i18n.cc ('k') | src/runtime/runtime-strings.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698