Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(737)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 228483005: Bugfix: A TransitionArray can disappear during copy. (Closed)

Created:
6 years, 8 months ago by mvstanton
Modified:
6 years, 8 months ago
Reviewers:
Toon Verwaest
CC:
v8-dev
Visibility:
Public.

Description

Bugfix: A TransitionArray can disappear during copy. During handlification of TransitionArray code, an error was introduced in TransitionArray::CopyInsert because after creating a copy of a TransitionArray, it may be that the array disappears during GC because it is modified during the marking of the owning map. R=verwaest@chromium.org Committed: https://code.google.com/p/v8/source/detail?r=20654

Patch Set 1 #

Patch Set 2 : Patch One. #

Patch Set 3 : Missing line. #

Total comments: 4

Patch Set 4 : Nit fixin. #

Patch Set 5 : REBASE. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+47 lines, -43 lines) Patch
M src/objects.h View 1 2 3 4 1 chunk +0 lines, -4 lines 0 comments Download
M src/objects.cc View 1 2 3 4 6 chunks +7 lines, -20 lines 0 comments Download
M src/transitions.h View 1 2 3 1 chunk +7 lines, -5 lines 0 comments Download
M src/transitions.cc View 1 2 3 4 4 chunks +33 lines, -14 lines 0 comments Download

Messages

Total messages: 4 (0 generated)
mvstanton
Hi Toon, here is the issue we discussed yesterday, have an enjoyable look, thx, --Michael
6 years, 8 months ago (2014-04-10 08:40:14 UTC) #1
Toon Verwaest
lgtm with just 2 nits https://codereview.chromium.org/228483005/diff/40001/src/objects.cc File src/objects.cc (right): https://codereview.chromium.org/228483005/diff/40001/src/objects.cc#newcode2504 src/objects.cc:2504: return TransitionArray::AddTransition(map, key, target, ...
6 years, 8 months ago (2014-04-10 11:49:27 UTC) #2
mvstanton
Committed patchset #5 manually as r20654 (presubmit successful).
6 years, 8 months ago (2014-04-10 13:07:01 UTC) #3
mvstanton
6 years, 8 months ago (2014-04-10 13:10:45 UTC) #4
Message was sent while issue was closed. 
thx much!
--Michael

https://codereview.chromium.org/228483005/diff/40001/src/objects.cc
File src/objects.cc (right):

https://codereview.chromium.org/228483005/diff/40001/src/objects.cc#newcode2504
src/objects.cc:2504: return TransitionArray::AddTransition(map, key, target,
flag);
On 2014/04/10 11:49:28, Toon Verwaest wrote:
> I presume there's no point anymore to having this wrapper on Map?

Yep, bye-bye silly wabbit.

https://codereview.chromium.org/228483005/diff/40001/src/transitions.cc
File src/transitions.cc (right):

https://codereview.chromium.org/228483005/diff/40001/src/transitions.cc#newco...
src/transitions.cc:117: Handle<TransitionArray> TransitionArray::AddTransition(
On 2014/04/10 11:49:28, Toon Verwaest wrote:
> I actually prefer CopyInsert since that's what it does; it doesn't modify the
> map yet.

Done.

Powered by Google App Engine
This is Rietveld 408576698