Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/objects-inl.h

Issue 10883064: Disallow updates to ic_with_type_info_count with negative values. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Created 8 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 5223 matching lines...) Expand 10 before | Expand all | Expand 10 after
5234 5234
5235 5235
5236 int TypeFeedbackInfo::ic_with_type_info_count() { 5236 int TypeFeedbackInfo::ic_with_type_info_count() {
5237 int current = Smi::cast(READ_FIELD(this, kStorage2Offset))->value(); 5237 int current = Smi::cast(READ_FIELD(this, kStorage2Offset))->value();
5238 return ICsWithTypeInfoCountField::decode(current); 5238 return ICsWithTypeInfoCountField::decode(current);
5239 } 5239 }
5240 5240
5241 5241
5242 void TypeFeedbackInfo::change_ic_with_type_info_count(int delta) { 5242 void TypeFeedbackInfo::change_ic_with_type_info_count(int delta) {
5243 int value = Smi::cast(READ_FIELD(this, kStorage2Offset))->value(); 5243 int value = Smi::cast(READ_FIELD(this, kStorage2Offset))->value();
5244 int current_count = ICsWithTypeInfoCountField::decode(value); 5244 int new_count = ICsWithTypeInfoCountField::decode(value) + delta;
5245 value = 5245 // We can get negative count here when the type-feedback info is
5246 ICsWithTypeInfoCountField::update(value, current_count + delta); 5246 // shared between two code objects. The can only happen when
5247 WRITE_FIELD(this, kStorage2Offset, Smi::FromInt(value)); 5247 // the debugger made a shallow copy of code object (see Heap::CopyCode).
5248 // Since we do not optimize when the debugger is active, we can skip
5249 // this counter update.
5250 if (new_count >= 0) {
5251 new_count &= ICsWithTypeInfoCountField::kMask;
5252 value = ICsWithTypeInfoCountField::update(value, new_count);
5253 WRITE_FIELD(this, kStorage2Offset, Smi::FromInt(value));
5254 }
5248 } 5255 }
5249 5256
5250 5257
5251 void TypeFeedbackInfo::initialize_storage() { 5258 void TypeFeedbackInfo::initialize_storage() {
5252 WRITE_FIELD(this, kStorage1Offset, Smi::FromInt(0)); 5259 WRITE_FIELD(this, kStorage1Offset, Smi::FromInt(0));
5253 WRITE_FIELD(this, kStorage2Offset, Smi::FromInt(0)); 5260 WRITE_FIELD(this, kStorage2Offset, Smi::FromInt(0));
5254 } 5261 }
5255 5262
5256 5263
5257 void TypeFeedbackInfo::change_own_type_change_checksum() { 5264 void TypeFeedbackInfo::change_own_type_change_checksum() {
(...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after
5401 #undef WRITE_UINT32_FIELD 5408 #undef WRITE_UINT32_FIELD
5402 #undef READ_SHORT_FIELD 5409 #undef READ_SHORT_FIELD
5403 #undef WRITE_SHORT_FIELD 5410 #undef WRITE_SHORT_FIELD
5404 #undef READ_BYTE_FIELD 5411 #undef READ_BYTE_FIELD
5405 #undef WRITE_BYTE_FIELD 5412 #undef WRITE_BYTE_FIELD
5406 5413
5407 5414
5408 } } // namespace v8::internal 5415 } } // namespace v8::internal
5409 5416
5410 #endif // V8_OBJECTS_INL_H_ 5417 #endif // V8_OBJECTS_INL_H_
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698