Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(25)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/runtime.cc

Issue 10414023: Fix prepareElementsForSort crash bug=117879. This is a back (Closed) Base URL: http://v8.googlecode.com/svn/branches/3.10/
Patch Set: Created 8 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « src/runtime.h ('k') | src/version.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 9995 matching lines...) Expand 10 before | Expand all | Expand 10 after
10006 int result = SeededNumberDictionary::cast(elements)->NumberOfElements(); 10006 int result = SeededNumberDictionary::cast(elements)->NumberOfElements();
10007 return Smi::FromInt(result); 10007 return Smi::FromInt(result);
10008 } else if (object->IsJSArray()) { 10008 } else if (object->IsJSArray()) {
10009 return JSArray::cast(object)->length(); 10009 return JSArray::cast(object)->length();
10010 } else { 10010 } else {
10011 return Smi::FromInt(FixedArray::cast(elements)->length()); 10011 return Smi::FromInt(FixedArray::cast(elements)->length());
10012 } 10012 }
10013 } 10013 }
10014 10014
10015 10015
10016 RUNTIME_FUNCTION(MaybeObject*, Runtime_SwapElements) {
10017 HandleScope handle_scope(isolate);
10018
10019 ASSERT_EQ(3, args.length());
10020
10021 CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0);
10022 Handle<Object> key1 = args.at<Object>(1);
10023 Handle<Object> key2 = args.at<Object>(2);
10024
10025 uint32_t index1, index2;
10026 if (!key1->ToArrayIndex(&index1)
10027 || !key2->ToArrayIndex(&index2)) {
10028 return isolate->ThrowIllegalOperation();
10029 }
10030
10031 Handle<JSObject> jsobject = Handle<JSObject>::cast(object);
10032 Handle<Object> tmp1 = Object::GetElement(jsobject, index1);
10033 RETURN_IF_EMPTY_HANDLE(isolate, tmp1);
10034 Handle<Object> tmp2 = Object::GetElement(jsobject, index2);
10035 RETURN_IF_EMPTY_HANDLE(isolate, tmp2);
10036
10037 RETURN_IF_EMPTY_HANDLE(
10038 isolate, JSObject::SetElement(jsobject, index1, tmp2, NONE, kStrictMode));
10039 RETURN_IF_EMPTY_HANDLE(
10040 isolate, JSObject::SetElement(jsobject, index2, tmp1, NONE, kStrictMode));
10041
10042 return isolate->heap()->undefined_value();
10043 }
10044
10045
10046 // Returns an array that tells you where in the [0, length) interval an array 10016 // Returns an array that tells you where in the [0, length) interval an array
10047 // might have elements. Can either return keys (positive integers) or 10017 // might have elements. Can either return keys (positive integers) or
10048 // intervals (pair of a negative integer (-start-1) followed by a 10018 // intervals (pair of a negative integer (-start-1) followed by a
10049 // positive (length)) or undefined values. 10019 // positive (length)) or undefined values.
10050 // Intervals can span over some keys that are not in the object. 10020 // Intervals can span over some keys that are not in the object.
10051 RUNTIME_FUNCTION(MaybeObject*, Runtime_GetArrayKeys) { 10021 RUNTIME_FUNCTION(MaybeObject*, Runtime_GetArrayKeys) {
10052 ASSERT(args.length() == 2); 10022 ASSERT(args.length() == 2);
10053 HandleScope scope(isolate); 10023 HandleScope scope(isolate);
10054 CONVERT_ARG_HANDLE_CHECKED(JSObject, array, 0); 10024 CONVERT_ARG_HANDLE_CHECKED(JSObject, array, 0);
10055 CONVERT_NUMBER_CHECKED(uint32_t, length, Uint32, args[1]); 10025 CONVERT_NUMBER_CHECKED(uint32_t, length, Uint32, args[1]);
(...skipping 3436 matching lines...) Expand 10 before | Expand all | Expand 10 after
13492 // Handle last resort GC and make sure to allow future allocations 13462 // Handle last resort GC and make sure to allow future allocations
13493 // to grow the heap without causing GCs (if possible). 13463 // to grow the heap without causing GCs (if possible).
13494 isolate->counters()->gc_last_resort_from_js()->Increment(); 13464 isolate->counters()->gc_last_resort_from_js()->Increment();
13495 isolate->heap()->CollectAllGarbage(Heap::kNoGCFlags, 13465 isolate->heap()->CollectAllGarbage(Heap::kNoGCFlags,
13496 "Runtime::PerformGC"); 13466 "Runtime::PerformGC");
13497 } 13467 }
13498 } 13468 }
13499 13469
13500 13470
13501 } } // namespace v8::internal 13471 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « src/runtime.h ('k') | src/version.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698