src/factory.cc - Issue 2534613002: [ic] Use validity cells to protect keyed element stores against object's prototype chain modificati…

Side by Side Diff: src/factory.cc

Issue 2534613002: [ic] Use validity cells to protect keyed element stores against object's prototype chain modificati… (Closed)

Patch Set: The fix Created 4 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2014 the V8 project authors. All rights reserved.	1 // Copyright 2014 the V8 project authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "src/factory.h"	5 #include "src/factory.h"

6	6

7 #include "src/accessors.h"	7 #include "src/accessors.h"

8 #include "src/allocation-site-scopes.h"	8 #include "src/allocation-site-scopes.h"

9 #include "src/ast/ast.h"	9 #include "src/ast/ast.h"

10 #include "src/base/bits.h"	10 #include "src/base/bits.h"

(...skipping 85 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
96 Handle<PrototypeInfo> Factory::NewPrototypeInfo() {	96 Handle<PrototypeInfo> Factory::NewPrototypeInfo() {

97 Handle<PrototypeInfo> result =	97 Handle<PrototypeInfo> result =

98 Handle<PrototypeInfo>::cast(NewStruct(PROTOTYPE_INFO_TYPE));	98 Handle<PrototypeInfo>::cast(NewStruct(PROTOTYPE_INFO_TYPE));

99 result->set_prototype_users(WeakFixedArray::Empty());	99 result->set_prototype_users(WeakFixedArray::Empty());

100 result->set_registry_slot(PrototypeInfo::UNREGISTERED);	100 result->set_registry_slot(PrototypeInfo::UNREGISTERED);

101 result->set_validity_cell(Smi::kZero);	101 result->set_validity_cell(Smi::kZero);

102 result->set_bit_field(0);	102 result->set_bit_field(0);

103 return result;	103 return result;

104 }	104 }

105	105

	106 Handle<Tuple2> Factory::NewTuple2(Handle<Object> value1,

	107 Handle<Object> value2) {

	108 Handle<Tuple2> result = Handle<Tuple2>::cast(NewStruct(TUPLE2_TYPE));

	109 result->set_value1(*value1);

	110 result->set_value2(*value2);

	111 return result;

	112 }

	113

106 Handle<Tuple3> Factory::NewTuple3(Handle<Object> value1, Handle<Object> value2,	114 Handle<Tuple3> Factory::NewTuple3(Handle<Object> value1, Handle<Object> value2,

107 Handle<Object> value3) {	115 Handle<Object> value3) {

108 Handle<Tuple3> result = Handle<Tuple3>::cast(NewStruct(TUPLE3_TYPE));	116 Handle<Tuple3> result = Handle<Tuple3>::cast(NewStruct(TUPLE3_TYPE));

109 result->set_value1(*value1);	117 result->set_value1(*value1);

110 result->set_value2(*value2);	118 result->set_value2(*value2);

111 result->set_value3(*value3);	119 result->set_value3(*value3);

112 return result;	120 return result;

113 }	121 }

114	122

115 Handle<ContextExtension> Factory::NewContextExtension(	123 Handle<ContextExtension> Factory::NewContextExtension(

(...skipping 2619 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
2735 Handle<JSFixedArrayIterator>::cast(NewJSObjectFromMap(map));	2743 Handle<JSFixedArrayIterator>::cast(NewJSObjectFromMap(map));

2736 iterator->set_initial_next(*next);	2744 iterator->set_initial_next(*next);

2737 iterator->set_array(*array);	2745 iterator->set_array(*array);

2738 iterator->set_index(0);	2746 iterator->set_index(0);

2739 iterator->InObjectPropertyAtPut(JSFixedArrayIterator::kNextIndex, *next);	2747 iterator->InObjectPropertyAtPut(JSFixedArrayIterator::kNextIndex, *next);

2740 return iterator;	2748 return iterator;

2741 }	2749 }

2742	2750

2743 } // namespace internal	2751 } // namespace internal

2744 } // namespace v8	2752 } // namespace v8

OLD	NEW

« no previous file with comments | « src/factory.h ('k') | src/ic/accessor-assembler.cc » ('j') | src/ic/accessor-assembler.cc » ('J')