Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(151)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/objects-inl.h

Issue 9416058: Add missing checks for failure after AddElementsTransition. (Closed) Base URL: http://v8.googlecode.com/svn/branches/bleeding_edge/
Patch Set: Created 8 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « src/objects.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 3920 matching lines...) Expand 10 before | Expand all | Expand 10 after
3931 Object* array_function = 3931 Object* array_function =
3932 global_context->get(Context::ARRAY_FUNCTION_INDEX); 3932 global_context->get(Context::ARRAY_FUNCTION_INDEX);
3933 if (array_function->IsJSFunction() && 3933 if (array_function->IsJSFunction() &&
3934 this == JSFunction::cast(array_function)) { 3934 this == JSFunction::cast(array_function)) {
3935 ASSERT(initial_map->elements_kind() == FAST_SMI_ONLY_ELEMENTS); 3935 ASSERT(initial_map->elements_kind() == FAST_SMI_ONLY_ELEMENTS);
3936 3936
3937 MaybeObject* maybe_map = initial_map->CopyDropTransitions(); 3937 MaybeObject* maybe_map = initial_map->CopyDropTransitions();
3938 Map* new_double_map = NULL; 3938 Map* new_double_map = NULL;
3939 if (!maybe_map->To<Map>(&new_double_map)) return maybe_map; 3939 if (!maybe_map->To<Map>(&new_double_map)) return maybe_map;
3940 new_double_map->set_elements_kind(FAST_DOUBLE_ELEMENTS); 3940 new_double_map->set_elements_kind(FAST_DOUBLE_ELEMENTS);
3941 initial_map->AddElementsTransition(FAST_DOUBLE_ELEMENTS, new_double_map); 3941 maybe_map = initial_map->AddElementsTransition(FAST_DOUBLE_ELEMENTS,
3942 new_double_map);
3943 if (maybe_map->IsFailure()) return maybe_map;
3942 3944
3943 maybe_map = new_double_map->CopyDropTransitions(); 3945 maybe_map = new_double_map->CopyDropTransitions();
3944 Map* new_object_map = NULL; 3946 Map* new_object_map = NULL;
3945 if (!maybe_map->To<Map>(&new_object_map)) return maybe_map; 3947 if (!maybe_map->To<Map>(&new_object_map)) return maybe_map;
3946 new_object_map->set_elements_kind(FAST_ELEMENTS); 3948 new_object_map->set_elements_kind(FAST_ELEMENTS);
3947 new_double_map->AddElementsTransition(FAST_ELEMENTS, new_object_map); 3949 maybe_map = new_double_map->AddElementsTransition(FAST_ELEMENTS,
3950 new_object_map);
3951 if (maybe_map->IsFailure()) return maybe_map;
3948 3952
3949 global_context->set_smi_js_array_map(initial_map); 3953 global_context->set_smi_js_array_map(initial_map);
3950 global_context->set_double_js_array_map(new_double_map); 3954 global_context->set_double_js_array_map(new_double_map);
3951 global_context->set_object_js_array_map(new_object_map); 3955 global_context->set_object_js_array_map(new_object_map);
3952 } 3956 }
3953 set_initial_map(initial_map); 3957 set_initial_map(initial_map);
3954 return this; 3958 return this;
3955 } 3959 }
3956 3960
3957 3961
(...skipping 938 matching lines...) Expand 10 before | Expand all | Expand 10 after
4896 #undef WRITE_INT_FIELD 4900 #undef WRITE_INT_FIELD
4897 #undef READ_SHORT_FIELD 4901 #undef READ_SHORT_FIELD
4898 #undef WRITE_SHORT_FIELD 4902 #undef WRITE_SHORT_FIELD
4899 #undef READ_BYTE_FIELD 4903 #undef READ_BYTE_FIELD
4900 #undef WRITE_BYTE_FIELD 4904 #undef WRITE_BYTE_FIELD
4901 4905
4902 4906
4903 } } // namespace v8::internal 4907 } } // namespace v8::internal
4904 4908
4905 #endif // V8_OBJECTS_INL_H_ 4909 #endif // V8_OBJECTS_INL_H_
OLDNEW
« no previous file with comments | « src/objects.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698