Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(391)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/factory.cc

Issue 2548813002: Avoid reading uninitialized data in SharedFunctionInfo DCHECK. (Closed)
Patch Set: Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 the V8 project authors. All rights reserved. 1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/factory.h" 5 #include "src/factory.h"
6 6
7 #include "src/accessors.h" 7 #include "src/accessors.h"
8 #include "src/allocation-site-scopes.h" 8 #include "src/allocation-site-scopes.h"
9 #include "src/ast/ast.h" 9 #include "src/ast/ast.h"
10 #include "src/base/bits.h" 10 #include "src/base/bits.h"
(...skipping 2293 matching lines...) Expand 10 before | Expand all | Expand 10 after
2304 Handle<String> name, MaybeHandle<Code> maybe_code, bool is_constructor) { 2304 Handle<String> name, MaybeHandle<Code> maybe_code, bool is_constructor) {
2305 // Function names are assumed to be flat elsewhere. Must flatten before 2305 // Function names are assumed to be flat elsewhere. Must flatten before
2306 // allocating SharedFunctionInfo to avoid GC seeing the uninitialized SFI. 2306 // allocating SharedFunctionInfo to avoid GC seeing the uninitialized SFI.
2307 name = String::Flatten(name, TENURED); 2307 name = String::Flatten(name, TENURED);
2308 2308
2309 Handle<Map> map = shared_function_info_map(); 2309 Handle<Map> map = shared_function_info_map();
2310 Handle<SharedFunctionInfo> share = New<SharedFunctionInfo>(map, OLD_SPACE); 2310 Handle<SharedFunctionInfo> share = New<SharedFunctionInfo>(map, OLD_SPACE);
2311 2311
2312 // Set pointer fields. 2312 // Set pointer fields.
2313 share->set_name(*name); 2313 share->set_name(*name);
2314 share->set_function_data(*undefined_value(), SKIP_WRITE_BARRIER);
2314 Handle<Code> code; 2315 Handle<Code> code;
2315 if (!maybe_code.ToHandle(&code)) { 2316 if (!maybe_code.ToHandle(&code)) {
2316 code = isolate()->builtins()->Illegal(); 2317 code = isolate()->builtins()->Illegal();
2317 } 2318 }
2318 share->set_code(*code); 2319 share->set_code(*code);
2319 share->set_optimized_code_map(*empty_fixed_array()); 2320 share->set_optimized_code_map(*empty_fixed_array());
2320 share->set_scope_info(ScopeInfo::Empty(isolate())); 2321 share->set_scope_info(ScopeInfo::Empty(isolate()));
2321 share->set_outer_scope_info(*the_hole_value()); 2322 share->set_outer_scope_info(*the_hole_value());
2322 Handle<Code> construct_stub = 2323 Handle<Code> construct_stub =
2323 is_constructor ? isolate()->builtins()->JSConstructStubGeneric() 2324 is_constructor ? isolate()->builtins()->JSConstructStubGeneric()
2324 : isolate()->builtins()->ConstructedNonConstructable(); 2325 : isolate()->builtins()->ConstructedNonConstructable();
2325 share->SetConstructStub(*construct_stub); 2326 share->SetConstructStub(*construct_stub);
2326 share->set_instance_class_name(*Object_string()); 2327 share->set_instance_class_name(*Object_string());
2327 share->set_function_data(*undefined_value(), SKIP_WRITE_BARRIER);
2328 share->set_script(*undefined_value(), SKIP_WRITE_BARRIER); 2328 share->set_script(*undefined_value(), SKIP_WRITE_BARRIER);
2329 share->set_debug_info(DebugInfo::uninitialized(), SKIP_WRITE_BARRIER); 2329 share->set_debug_info(DebugInfo::uninitialized(), SKIP_WRITE_BARRIER);
2330 share->set_function_identifier(*undefined_value(), SKIP_WRITE_BARRIER); 2330 share->set_function_identifier(*undefined_value(), SKIP_WRITE_BARRIER);
2331 StaticFeedbackVectorSpec empty_spec; 2331 StaticFeedbackVectorSpec empty_spec;
2332 Handle<TypeFeedbackMetadata> feedback_metadata = 2332 Handle<TypeFeedbackMetadata> feedback_metadata =
2333 TypeFeedbackMetadata::New(isolate(), &empty_spec); 2333 TypeFeedbackMetadata::New(isolate(), &empty_spec);
2334 share->set_feedback_metadata(*feedback_metadata, SKIP_WRITE_BARRIER); 2334 share->set_feedback_metadata(*feedback_metadata, SKIP_WRITE_BARRIER);
2335 share->set_function_literal_id(FunctionLiteral::kIdTypeInvalid); 2335 share->set_function_literal_id(FunctionLiteral::kIdTypeInvalid);
2336 #if TRACE_MAPS 2336 #if TRACE_MAPS
2337 share->set_unique_id(isolate()->GetNextUniqueSharedFunctionInfoId()); 2337 share->set_unique_id(isolate()->GetNextUniqueSharedFunctionInfoId());
(...skipping 405 matching lines...) Expand 10 before | Expand all | Expand 10 after
2743 Handle<JSFixedArrayIterator>::cast(NewJSObjectFromMap(map)); 2743 Handle<JSFixedArrayIterator>::cast(NewJSObjectFromMap(map));
2744 iterator->set_initial_next(*next); 2744 iterator->set_initial_next(*next);
2745 iterator->set_array(*array); 2745 iterator->set_array(*array);
2746 iterator->set_index(0); 2746 iterator->set_index(0);
2747 iterator->InObjectPropertyAtPut(JSFixedArrayIterator::kNextIndex, *next); 2747 iterator->InObjectPropertyAtPut(JSFixedArrayIterator::kNextIndex, *next);
2748 return iterator; 2748 return iterator;
2749 } 2749 }
2750 2750
2751 } // namespace internal 2751 } // namespace internal
2752 } // namespace v8 2752 } // namespace v8
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698