Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(203)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/runtime.cc

Issue 10332271: Fix prepareElementsForSort crash bug=117879. This is a back (Closed) Base URL: http://v8.googlecode.com/svn/branches/3.9/
Patch Set: Created 8 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « src/runtime.h ('k') | src/version.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 9911 matching lines...) Expand 10 before | Expand all | Expand 10 after
9922 int result = SeededNumberDictionary::cast(elements)->NumberOfElements(); 9922 int result = SeededNumberDictionary::cast(elements)->NumberOfElements();
9923 return Smi::FromInt(result); 9923 return Smi::FromInt(result);
9924 } else if (object->IsJSArray()) { 9924 } else if (object->IsJSArray()) {
9925 return JSArray::cast(object)->length(); 9925 return JSArray::cast(object)->length();
9926 } else { 9926 } else {
9927 return Smi::FromInt(FixedArray::cast(elements)->length()); 9927 return Smi::FromInt(FixedArray::cast(elements)->length());
9928 } 9928 }
9929 } 9929 }
9930 9930
9931 9931
9932 RUNTIME_FUNCTION(MaybeObject*, Runtime_SwapElements) {
9933 HandleScope handle_scope(isolate);
9934
9935 ASSERT_EQ(3, args.length());
9936
9937 CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0);
9938 Handle<Object> key1 = args.at<Object>(1);
9939 Handle<Object> key2 = args.at<Object>(2);
9940
9941 uint32_t index1, index2;
9942 if (!key1->ToArrayIndex(&index1)
9943 || !key2->ToArrayIndex(&index2)) {
9944 return isolate->ThrowIllegalOperation();
9945 }
9946
9947 Handle<JSObject> jsobject = Handle<JSObject>::cast(object);
9948 Handle<Object> tmp1 = Object::GetElement(jsobject, index1);
9949 RETURN_IF_EMPTY_HANDLE(isolate, tmp1);
9950 Handle<Object> tmp2 = Object::GetElement(jsobject, index2);
9951 RETURN_IF_EMPTY_HANDLE(isolate, tmp2);
9952
9953 RETURN_IF_EMPTY_HANDLE(
9954 isolate, JSObject::SetElement(jsobject, index1, tmp2, NONE, kStrictMode));
9955 RETURN_IF_EMPTY_HANDLE(
9956 isolate, JSObject::SetElement(jsobject, index2, tmp1, NONE, kStrictMode));
9957
9958 return isolate->heap()->undefined_value();
9959 }
9960
9961
9962 // Returns an array that tells you where in the [0, length) interval an array 9932 // Returns an array that tells you where in the [0, length) interval an array
9963 // might have elements. Can either return keys (positive integers) or 9933 // might have elements. Can either return keys (positive integers) or
9964 // intervals (pair of a negative integer (-start-1) followed by a 9934 // intervals (pair of a negative integer (-start-1) followed by a
9965 // positive (length)) or undefined values. 9935 // positive (length)) or undefined values.
9966 // Intervals can span over some keys that are not in the object. 9936 // Intervals can span over some keys that are not in the object.
9967 RUNTIME_FUNCTION(MaybeObject*, Runtime_GetArrayKeys) { 9937 RUNTIME_FUNCTION(MaybeObject*, Runtime_GetArrayKeys) {
9968 ASSERT(args.length() == 2); 9938 ASSERT(args.length() == 2);
9969 HandleScope scope(isolate); 9939 HandleScope scope(isolate);
9970 CONVERT_ARG_HANDLE_CHECKED(JSObject, array, 0); 9940 CONVERT_ARG_HANDLE_CHECKED(JSObject, array, 0);
9971 CONVERT_NUMBER_CHECKED(uint32_t, length, Uint32, args[1]); 9941 CONVERT_NUMBER_CHECKED(uint32_t, length, Uint32, args[1]);
(...skipping 3380 matching lines...) Expand 10 before | Expand all | Expand 10 after
13352 // Handle last resort GC and make sure to allow future allocations 13322 // Handle last resort GC and make sure to allow future allocations
13353 // to grow the heap without causing GCs (if possible). 13323 // to grow the heap without causing GCs (if possible).
13354 isolate->counters()->gc_last_resort_from_js()->Increment(); 13324 isolate->counters()->gc_last_resort_from_js()->Increment();
13355 isolate->heap()->CollectAllGarbage(Heap::kNoGCFlags, 13325 isolate->heap()->CollectAllGarbage(Heap::kNoGCFlags,
13356 "Runtime::PerformGC"); 13326 "Runtime::PerformGC");
13357 } 13327 }
13358 } 13328 }
13359 13329
13360 13330
13361 } } // namespace v8::internal 13331 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « src/runtime.h ('k') | src/version.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698