• wingo@igalia.com's avatar
    Allocate generator result objects before unwinding try handlers · 418ddc80
    wingo@igalia.com authored
    When a generator suspends, it saves its state out to the heap and
    unwinds try handlers but doesn't pop anything off the stack.  Instead it
    relies on no GC happening between the suspend and the return from the
    generator.  However this was not the case: boxing the result object
    could cause GC, which would try to traverse the stack but would
    misinterpret words from unwound try handlers as heap objects.
    
    This CL changes to allocate the result objects before the suspend.  It
    also removes the generators-iteration skip introduced in r15065.
    
    R=mstarzinger@chromium.org
    TEST=mjsunit/harmony/generators-iteration
    BUG=
    
    Review URL: https://codereview.chromium.org/16801006
    
    git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15079 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
    418ddc80
mjsunit.status 9.36 KB