Guard against undefined fields in global context.

BUG=v8:1860 TEST= R=vegorov@chromium.org Review URL: http://codereview.chromium.org/8917014 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10243 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Guard against undefined fields in global context.
BUG=v8:1860 TEST= R=vegorov@chromium.org Review URL: http://codereview.chromium.org/8917014 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10243 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
76b48da7 · ulan@chromium.org · 91efb313 · 76b48da7 · 76b48da7 · 76b48da7
Commit 76b48da7 authored Dec 13, 2011 by ulan@chromium.org
Showing with 38 additions and 24 deletions

assembler.cc src/assembler.cc +0 -5

assembler.h src/assembler.h +0 -1

deoptimizer.cc src/deoptimizer.cc +10 -5

heap.cc src/heap.cc +18 -8

incremental-marking.cc src/incremental-marking.cc +10 -5

No files found.
--- a/src/assembler.cc
+++ b/src/assembler.cc
@@ -817,11 +817,6 @@ ExternalReference ExternalReference::compute_output_frames_function(
 }
-ExternalReference ExternalReference::global_contexts_list(Isolate* isolate) {
-  return ExternalReference(isolate->heap()->global_contexts_list_address());
-}
 ExternalReference ExternalReference::keyed_lookup_cache_keys(Isolate* isolate) {
  return ExternalReference(isolate->keyed_lookup_cache()->keys_address());
 }

--- a/src/assembler.h
+++ b/src/assembler.h
@@ -590,7 +590,6 @@ class ExternalReference BASE_EMBEDDED {
  // Deoptimization support.
  static ExternalReference new_deoptimizer_function(Isolate* isolate);
  static ExternalReference compute_output_frames_function(Isolate* isolate);
-  static ExternalReference global_contexts_list(Isolate* isolate);
  // Static data in the keyed lookup cache.
  static ExternalReference keyed_lookup_cache_keys(Isolate* isolate);

--- a/src/deoptimizer.cc
+++ b/src/deoptimizer.cc
@@ -264,11 +264,16 @@ void Deoptimizer::VisitAllOptimizedFunctions(
  AssertNoAllocation no_allocation;
  // Run through the list of all global contexts and deoptimize.
-  Object* global = Isolate::Current()->heap()->global_contexts_list();
+  Object* context = Isolate::Current()->heap()->global_contexts_list();
-  while (!global->IsUndefined()) {
+  while (!context->IsUndefined()) {
-    VisitAllOptimizedFunctionsForGlobalObject(Context::cast(global)->global(),
+    // GC can happen when the context is not fully initialized,
-                                              visitor);
+    // so the global field of the context can be undefined.
-    global = Context::cast(global)->get(Context::NEXT_CONTEXT_LINK);
+    Object* global = Context::cast(context)->get(Context::GLOBAL_INDEX);
+    if (!global->IsUndefined()) {
+      VisitAllOptimizedFunctionsForGlobalObject(JSObject::cast(global),
+                                                visitor);
+    }
+    context = Context::cast(context)->get(Context::NEXT_CONTEXT_LINK);
  }
 }

--- a/src/heap.cc
+++ b/src/heap.cc
@@ -642,13 +642,17 @@ void Heap::ClearJSFunctionResultCaches() {
  Object* context = global_contexts_list_;
  while (!context->IsUndefined()) {
-    // Get the caches for this context:
+    // Get the caches for this context. GC can happen when the context
-    FixedArray* caches =
+    // is not fully initialized, so the caches can be undefined.
-      Context::cast(context)->jsfunction_result_caches();
+    Object* caches_or_undefined =
-    // Clear the caches:
+        Context::cast(context)->get(Context::JSFUNCTION_RESULT_CACHES_INDEX);
-    int length = caches->length();
+    if (!caches_or_undefined->IsUndefined()) {
-    for (int i = 0; i < length; i++) {
+      FixedArray* caches = FixedArray::cast(caches_or_undefined);
-      JSFunctionResultCache::cast(caches->get(i))->Clear();
+      // Clear the caches:
+      int length = caches->length();
+      for (int i = 0; i < length; i++) {
+        JSFunctionResultCache::cast(caches->get(i))->Clear();
+      }
    }
    // Get the next context:
    context = Context::cast(context)->get(Context::NEXT_CONTEXT_LINK);
@@ -665,7 +669,13 @@ void Heap::ClearNormalizedMapCaches() {
  Object* context = global_contexts_list_;
  while (!context->IsUndefined()) {
-    Context::cast(context)->normalized_map_cache()->Clear();
+    // GC can happen when the context is not fully initialized,
+    // so the cache can be undefined.
+    Object* cache =
+        Context::cast(context)->get(Context::NORMALIZED_MAP_CACHE_INDEX);
+    if (!cache->IsUndefined()) {
+      NormalizedMapCache::cast(cache)->Clear();
+    }
    context = Context::cast(context)->get(Context::NEXT_CONTEXT_LINK);
  }
 }

--- a/src/incremental-marking.cc
+++ b/src/incremental-marking.cc
@@ -677,11 +677,16 @@ void IncrementalMarking::Hurry() {
  Object* context = heap_->global_contexts_list();
  while (!context->IsUndefined()) {
-    NormalizedMapCache* cache = Context::cast(context)->normalized_map_cache();
+    // GC can happen when the context is not fully initialized,
-    MarkBit mark_bit = Marking::MarkBitFrom(cache);
+    // so the cache can be undefined.
-    if (Marking::IsGrey(mark_bit)) {
+    HeapObject* cache = HeapObject::cast(
-      Marking::GreyToBlack(mark_bit);
+        Context::cast(context)->get(Context::NORMALIZED_MAP_CACHE_INDEX));
-      MemoryChunk::IncrementLiveBytes(cache->address(), cache->Size());
+    if (!cache->IsUndefined()) {
+      MarkBit mark_bit = Marking::MarkBitFrom(cache);
+      if (Marking::IsGrey(mark_bit)) {
+        Marking::GreyToBlack(mark_bit);
+        MemoryChunk::IncrementLiveBytes(cache->address(), cache->Size());
+      }
    }
    context = Context::cast(context)->get(Context::NEXT_CONTEXT_LINK);
  }