| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/v8.h" | 5 #include "src/v8.h" |
| 6 | 6 |
| 7 #if V8_TARGET_ARCH_IA32 | 7 #if V8_TARGET_ARCH_IA32 |
| 8 | 8 |
| 9 #include "src/codegen.h" | 9 #include "src/codegen.h" |
| 10 #include "src/heap/heap.h" | 10 #include "src/heap/heap.h" |
| (...skipping 702 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 713 __ lea(edi, Operand(ebx, times_2, FixedArray::kHeaderSize)); | 713 __ lea(edi, Operand(ebx, times_2, FixedArray::kHeaderSize)); |
| 714 __ Allocate(edi, eax, esi, no_reg, &gc_required, TAG_OBJECT); | 714 __ Allocate(edi, eax, esi, no_reg, &gc_required, TAG_OBJECT); |
| 715 | 715 |
| 716 // eax: destination FixedArray | 716 // eax: destination FixedArray |
| 717 // ebx: number of elements | 717 // ebx: number of elements |
| 718 __ mov(FieldOperand(eax, HeapObject::kMapOffset), | 718 __ mov(FieldOperand(eax, HeapObject::kMapOffset), |
| 719 Immediate(masm->isolate()->factory()->fixed_array_map())); | 719 Immediate(masm->isolate()->factory()->fixed_array_map())); |
| 720 __ mov(FieldOperand(eax, FixedArray::kLengthOffset), ebx); | 720 __ mov(FieldOperand(eax, FixedArray::kLengthOffset), ebx); |
| 721 __ mov(edi, FieldOperand(edx, JSObject::kElementsOffset)); | 721 __ mov(edi, FieldOperand(edx, JSObject::kElementsOffset)); |
| 722 | 722 |
| 723 // Allocating heap numbers in the loop below can fail and cause a jump to |
| 724 // gc_required. We can't leave a partly initialized FixedArray behind, |
| 725 // so pessimistically fill it with holes now. |
| 726 Label initialization_loop, initialization_loop_entry; |
| 727 __ jmp(&initialization_loop_entry, Label::kNear); |
| 728 __ bind(&initialization_loop); |
| 729 __ mov(FieldOperand(eax, ebx, times_2, FixedArray::kHeaderSize), |
| 730 masm->isolate()->factory()->the_hole_value()); |
| 731 __ bind(&initialization_loop_entry); |
| 732 __ sub(ebx, Immediate(Smi::FromInt(1))); |
| 733 __ j(not_sign, &initialization_loop); |
| 734 |
| 735 __ mov(ebx, FieldOperand(edi, FixedDoubleArray::kLengthOffset)); |
| 723 __ jmp(&entry); | 736 __ jmp(&entry); |
| 724 | 737 |
| 725 // ebx: target map | 738 // ebx: target map |
| 726 // edx: receiver | 739 // edx: receiver |
| 727 // Set transitioned map. | 740 // Set transitioned map. |
| 728 __ bind(&only_change_map); | 741 __ bind(&only_change_map); |
| 729 __ mov(FieldOperand(edx, HeapObject::kMapOffset), ebx); | 742 __ mov(FieldOperand(edx, HeapObject::kMapOffset), ebx); |
| 730 __ RecordWriteField(edx, | 743 __ RecordWriteField(edx, |
| 731 HeapObject::kMapOffset, | 744 HeapObject::kMapOffset, |
| 732 ebx, | 745 ebx, |
| (...skipping 291 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1024 Code* stub = GetCodeAgeStub(isolate, age, parity); | 1037 Code* stub = GetCodeAgeStub(isolate, age, parity); |
| 1025 CodePatcher patcher(sequence, young_length); | 1038 CodePatcher patcher(sequence, young_length); |
| 1026 patcher.masm()->call(stub->instruction_start(), RelocInfo::NONE32); | 1039 patcher.masm()->call(stub->instruction_start(), RelocInfo::NONE32); |
| 1027 } | 1040 } |
| 1028 } | 1041 } |
| 1029 | 1042 |
| 1030 | 1043 |
| 1031 } } // namespace v8::internal | 1044 } } // namespace v8::internal |
| 1032 | 1045 |
| 1033 #endif // V8_TARGET_ARCH_IA32 | 1046 #endif // V8_TARGET_ARCH_IA32 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 636313003:
Fix uninitialized FixedArray potentially being left behind by ElementsTransitionGenerator::Generate… (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge