src/runtime/runtime-literals.cc - Issue 2126613002: making heap verification more aggressive

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/runtime/runtime-literals.cc

Issue 2126613002: making heap verification more aggressive (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master

Patch Set: adding additional validation Created 4 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/runtime/runtime-literals.cc

diff --git a/src/runtime/runtime-literals.cc b/src/runtime/runtime-literals.cc

index 9c43b40dbe32428fb3c7aad2cb0b4a6a324ffcbe..599e2910ebbdf8496b2379ca443258d0269a0a88 100644

--- a/src/runtime/runtime-literals.cc

+++ b/src/runtime/runtime-literals.cc

@@ -114,30 +114,13 @@ MUST_USE_RESULT static MaybeHandle<Object> CreateObjectLiteralBoilerplate(

static MaybeHandle<Object> CreateArrayLiteralBoilerplate(

Isolate* isolate, Handle<LiteralsArray> literals,

Handle<FixedArray> elements) {

- // Create the JSArray.

- Handle<JSFunction> constructor = isolate->array_function();

- PretenureFlag pretenure_flag =

- isolate->heap()->InNewSpace(*literals) ? NOT_TENURED : TENURED;

- Handle<JSArray> object = Handle<JSArray>::cast(

- isolate->factory()->NewJSObject(constructor, pretenure_flag));

ElementsKind constant_elements_kind =

static_cast<ElementsKind>(Smi::cast(elements->get(0))->value());

+ DCHECK(IsFastElementsKind(constant_elements_kind));

Handle<FixedArrayBase> constant_elements_values(

FixedArrayBase::cast(elements->get(1)));

- {

- DisallowHeapAllocation no_gc;

- DCHECK(IsFastElementsKind(constant_elements_kind));

- Context* native_context = isolate->context()->native_context();

- Object* map =

- native_context->get(Context::ArrayMapIndex(constant_elements_kind));

- object->set_map(Map::cast(map));

- }

Handle<FixedArrayBase> copied_elements_values;

if (IsFastDoubleElementsKind(constant_elements_kind)) {

copied_elements_values = isolate->factory()->CopyFixedDoubleArray(

Handle<FixedDoubleArray>::cast(constant_elements_values));

@@ -176,9 +159,12 @@ static MaybeHandle<Object> CreateArrayLiteralBoilerplate(

});

}

- object->set_elements(*copied_elements_values);

- object->set_length(Smi::FromInt(copied_elements_values->length()));

+ // Create the JSArray.

+ PretenureFlag pretenure_flag =

+ isolate->heap()->InNewSpace(*literals) ? NOT_TENURED : TENURED;

+ Handle<JSArray> object = isolate->factory()->NewJSArrayWithElements(

+ copied_elements_values, constant_elements_kind,

+ copied_elements_values->length(), pretenure_flag);

JSObject::ValidateElements(object);

return object;

}

« no previous file with comments | « src/objects-inl.h ('k') | src/runtime/runtime-regexp.cc » ('j') | no next file with comments »