[v8-dev] Fix a number of GC-unsafe evaluation order dependent places.... (issue6731054)

Tue, 29 Mar 2011 10:58:46 -0700 

Reviewers: Mads Ager,

Description:
Fix a number of GC-unsafe evaluation order dependent places.

Also change places which are triggering false positive alert in our static
analysis tool.


Please review this at http://codereview.chromium.org/6731054/

SVN Base: http://v8.googlecode.com/svn/branches/bleeding_edge/

Affected files:
  M     src/api.cc
  M     src/bootstrapper.cc
  M     src/liveedit.cc


Index: src/api.cc
===================================================================
--- src/api.cc  (revision 7417)
+++ src/api.cc  (working copy)
@@ -4246,7 +4246,9 @@
   ENTER_V8(isolate);
   int real_length = length > 0 ? length : 0;
   i::Handle<i::JSArray> obj = isolate->factory()->NewJSArray(real_length);
-  obj->set_length(*isolate->factory()->NewNumberFromInt(real_length));
+  i::Handle<i::Object> length_obj =
+      isolate->factory()->NewNumberFromInt(real_length);
+  obj->set_length(*length_obj);
   return Utils::ToLocal(obj);
 }

Index: src/bootstrapper.cc
===================================================================
--- src/bootstrapper.cc (revision 7417)
+++ src/bootstrapper.cc (working copy)
@@ -400,19 +400,22 @@

   // Please note that the prototype property for function instances must be
   // writable.
-  global_context()->set_function_instance_map(
-      *CreateFunctionMap(ADD_WRITEABLE_PROTOTYPE));
+  Handle<Map> function_instance_map =
+      CreateFunctionMap(ADD_WRITEABLE_PROTOTYPE);
+  global_context()->set_function_instance_map(*function_instance_map);

   // Functions with this map will not have a 'prototype' property, and
   // can not be used as constructors.
+  Handle<Map> function_without_prototype_map =
+      CreateFunctionMap(DONT_ADD_PROTOTYPE);
   global_context()->set_function_without_prototype_map(
-      *CreateFunctionMap(DONT_ADD_PROTOTYPE));
+      *function_without_prototype_map);
// Allocate the function map. This map is temporary, used only for processing 
   // of builtins.
// Later the map is replaced with writable prototype map, allocated below. 
-  global_context()->set_function_map(
-      *CreateFunctionMap(ADD_READONLY_PROTOTYPE));
+  Handle<Map> function_map = CreateFunctionMap(ADD_READONLY_PROTOTYPE);
+  global_context()->set_function_map(*function_map);

   // The final map for functions. Writeable prototype.
   // This map is installed in MakeFunctionInstancePrototypeWritable.
@@ -474,8 +477,6 @@
function_instance_map_writable_prototype_->set_prototype(*empty_function); 

   // Allocate the function map first and then patch the prototype later
-  Handle<Map> function_without_prototype_map(
-      global_context()->function_without_prototype_map());
   Handle<Map> empty_fm = factory->CopyMapDropDescriptors(
       function_without_prototype_map);
   empty_fm->set_instance_descriptors(
@@ -578,21 +579,27 @@
   Handle<FixedArray> caller = factory->NewFixedArray(2, TENURED);

   // Allocate map for the strict mode function instances.
+  Handle<Map> strict_mode_function_instance_map =
+      CreateStrictModeFunctionMap(
+          ADD_WRITEABLE_PROTOTYPE, empty, arguments, caller);
   global_context()->set_strict_mode_function_instance_map(
-      *CreateStrictModeFunctionMap(
-          ADD_WRITEABLE_PROTOTYPE, empty, arguments, caller));
+      *strict_mode_function_instance_map);

   // Allocate map for the prototype-less strict mode instances.
+  Handle<Map> strict_mode_function_without_prototype_map =
+      CreateStrictModeFunctionMap(
+          DONT_ADD_PROTOTYPE, empty, arguments, caller);
   global_context()->set_strict_mode_function_without_prototype_map(
-      *CreateStrictModeFunctionMap(
-          DONT_ADD_PROTOTYPE, empty, arguments, caller));
+      *strict_mode_function_without_prototype_map);
// Allocate map for the strict mode functions. This map is temporary, used 
   // only for processing of builtins.
// Later the map is replaced with writable prototype map, allocated below. 
+  Handle<Map> strict_mode_function_map =
+      CreateStrictModeFunctionMap(
+          ADD_READONLY_PROTOTYPE, empty, arguments, caller);
   global_context()->set_strict_mode_function_map(
-      *CreateStrictModeFunctionMap(
-          ADD_READONLY_PROTOTYPE, empty, arguments, caller));
+      *strict_mode_function_map);

   // The final map for the strict mode functions. Writeable prototype.
   // This map is installed in MakeFunctionInstancePrototypeWritable.
@@ -1239,10 +1246,11 @@
 }
-#define INSTALL_NATIVE(Type, name, var) \ - Handle<String> var##_name = factory->LookupAsciiSymbol(name); \ - global_context()->set_##var(Type::cast( \ - global_context()->builtins()->GetPropertyNoExceptionThrown(*var##_name))); +#define INSTALL_NATIVE(Type, name, var) \ + Handle<String> var##_name = factory->LookupAsciiSymbol(name); \ + Object* var##_native = \ + global_context()->builtins()->GetPropertyNoExceptionThrown(*var##_name); \ 
+  global_context()->set_##var(Type::cast(var##_native));


 void Genesis::InstallNativeFunctions() {
Index: src/liveedit.cc
===================================================================
--- src/liveedit.cc     (revision 7417)
+++ src/liveedit.cc     (working copy)
@@ -1013,8 +1013,8 @@
   Handle<SharedFunctionInfo> shared_info = shared_info_wrapper.GetInfo();

   if (IsJSFunctionCode(shared_info->code())) {
-    ReplaceCodeObject(shared_info->code(),
-                      *(compile_info_wrapper.GetFunctionCode()));
+    Handle<Code> code = compile_info_wrapper.GetFunctionCode();
+    ReplaceCodeObject(shared_info->code(), *code);
Handle<Object> code_scope_info = compile_info_wrapper.GetCodeScopeInfo(); 
     if (code_scope_info->IsFixedArray()) {
shared_info->set_scope_info(SerializedScopeInfo::cast(*code_scope_info)); 
@@ -1028,8 +1028,10 @@
     debug_info->set_original_code(*new_original_code);
   }

-  shared_info->set_start_position(compile_info_wrapper.GetStartPosition());
-  shared_info->set_end_position(compile_info_wrapper.GetEndPosition());
+  int start_position = compile_info_wrapper.GetStartPosition();
+  int end_position = compile_info_wrapper.GetEndPosition();
+  shared_info->set_start_position(start_position);
+  shared_info->set_end_position(end_position);

   shared_info->set_construct_stub(
       Isolate::Current()->builtins()->builtin(
@@ -1233,14 +1235,15 @@
   int old_function_start = info->start_position();
   int new_function_start = TranslatePosition(old_function_start,
                                              position_change_array);
+  int new_function_end = TranslatePosition(info->end_position(),
+                                           position_change_array);
+  int new_function_token_pos =
+ TranslatePosition(info->function_token_position(), position_change_array); 
+
   info->set_start_position(new_function_start);
-  info->set_end_position(TranslatePosition(info->end_position(),
-                                           position_change_array));
+  info->set_end_position(new_function_end);
+  info->set_function_token_position(new_function_token_pos);

-  info->set_function_token_position(
-      TranslatePosition(info->function_token_position(),
-      position_change_array));
-
   if (IsJSFunctionCode(info->code())) {
     // Patch relocation info section of the code.
Handle<Code> patched_code = PatchPositionsInCode(Handle<Code>(info->code()), 


--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev

Reply via email to