Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(54)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/runtime.cc

Issue 10413030: Fix prepareElementsForSort crash bug=117879 . This is a back (Closed) Base URL: http://v8.googlecode.com/svn/branches/3.8/
Patch Set: Created 8 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « src/runtime.h ('k') | src/version.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 10249 matching lines...) Expand 10 before | Expand all | Expand 10 after
10260 int result = SeededNumberDictionary::cast(elements)->NumberOfElements(); 10260 int result = SeededNumberDictionary::cast(elements)->NumberOfElements();
10261 return Smi::FromInt(result); 10261 return Smi::FromInt(result);
10262 } else if (object->IsJSArray()) { 10262 } else if (object->IsJSArray()) {
10263 return JSArray::cast(object)->length(); 10263 return JSArray::cast(object)->length();
10264 } else { 10264 } else {
10265 return Smi::FromInt(FixedArray::cast(elements)->length()); 10265 return Smi::FromInt(FixedArray::cast(elements)->length());
10266 } 10266 }
10267 } 10267 }
10268 10268
10269 10269
10270 RUNTIME_FUNCTION(MaybeObject*, Runtime_SwapElements) {
10271 HandleScope handle_scope(isolate);
10272
10273 ASSERT_EQ(3, args.length());
10274
10275 CONVERT_ARG_CHECKED(JSObject, object, 0);
10276 Handle<Object> key1 = args.at<Object>(1);
10277 Handle<Object> key2 = args.at<Object>(2);
10278
10279 uint32_t index1, index2;
10280 if (!key1->ToArrayIndex(&index1)
10281 || !key2->ToArrayIndex(&index2)) {
10282 return isolate->ThrowIllegalOperation();
10283 }
10284
10285 Handle<JSObject> jsobject = Handle<JSObject>::cast(object);
10286 Handle<Object> tmp1 = Object::GetElement(jsobject, index1);
10287 RETURN_IF_EMPTY_HANDLE(isolate, tmp1);
10288 Handle<Object> tmp2 = Object::GetElement(jsobject, index2);
10289 RETURN_IF_EMPTY_HANDLE(isolate, tmp2);
10290
10291 RETURN_IF_EMPTY_HANDLE(
10292 isolate, JSObject::SetElement(jsobject, index1, tmp2, kStrictMode));
10293 RETURN_IF_EMPTY_HANDLE(
10294 isolate, JSObject::SetElement(jsobject, index2, tmp1, kStrictMode));
10295
10296 return isolate->heap()->undefined_value();
10297 }
10298
10299
10300 // Returns an array that tells you where in the [0, length) interval an array 10270 // Returns an array that tells you where in the [0, length) interval an array
10301 // might have elements. Can either return keys (positive integers) or 10271 // might have elements. Can either return keys (positive integers) or
10302 // intervals (pair of a negative integer (-start-1) followed by a 10272 // intervals (pair of a negative integer (-start-1) followed by a
10303 // positive (length)) or undefined values. 10273 // positive (length)) or undefined values.
10304 // Intervals can span over some keys that are not in the object. 10274 // Intervals can span over some keys that are not in the object.
10305 RUNTIME_FUNCTION(MaybeObject*, Runtime_GetArrayKeys) { 10275 RUNTIME_FUNCTION(MaybeObject*, Runtime_GetArrayKeys) {
10306 ASSERT(args.length() == 2); 10276 ASSERT(args.length() == 2);
10307 HandleScope scope(isolate); 10277 HandleScope scope(isolate);
10308 CONVERT_ARG_CHECKED(JSObject, array, 0); 10278 CONVERT_ARG_CHECKED(JSObject, array, 0);
10309 CONVERT_NUMBER_CHECKED(uint32_t, length, Uint32, args[1]); 10279 CONVERT_NUMBER_CHECKED(uint32_t, length, Uint32, args[1]);
(...skipping 3341 matching lines...) Expand 10 before | Expand all | Expand 10 after
13651 // Handle last resort GC and make sure to allow future allocations 13621 // Handle last resort GC and make sure to allow future allocations
13652 // to grow the heap without causing GCs (if possible). 13622 // to grow the heap without causing GCs (if possible).
13653 isolate->counters()->gc_last_resort_from_js()->Increment(); 13623 isolate->counters()->gc_last_resort_from_js()->Increment();
13654 isolate->heap()->CollectAllGarbage(Heap::kNoGCFlags, 13624 isolate->heap()->CollectAllGarbage(Heap::kNoGCFlags,
13655 "Runtime::PerformGC"); 13625 "Runtime::PerformGC");
13656 } 13626 }
13657 } 13627 }
13658 13628
13659 13629
13660 } } // namespace v8::internal 13630 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « src/runtime.h ('k') | src/version.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698