[bootstrapper] Fix raw pointer use during potential GC.

This should fix a weird random crash we keep seeing on Linux nosnap bot with TurboFan enabled. BUG=v8:4435,v8:4423 LOG=n R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/1374663002 Cr-Commit-Position: refs/heads/master@{#30968}

[bootstrapper] Fix raw pointer use during potential GC.
This should fix a weird random crash we keep seeing on Linux nosnap bot with TurboFan enabled. BUG=v8:4435,v8:4423 LOG=n R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/1374663002 Cr-Commit-Position: refs/heads/master@{#30968}
8611fb31 · bmeurer · Commit bot · 39114da1 · 8611fb31
Commit 8611fb31 authored Sep 28, 2015 by bmeurer Committed by Commit bot Sep 28, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 26 additions and 19 deletions

bootstrapper.cc src/bootstrapper.cc +26 -19

No files found.
--- a/src/bootstrapper.cc
+++ b/src/bootstrapper.cc
@@ -1803,23 +1803,29 @@ void Bootstrapper::ExportFromRuntime(Isolate* isolate,
  PUBLIC_SYMBOL_LIST(EXPORT_PUBLIC_SYMBOL)
 #undef EXPORT_PUBLIC_SYMBOL
-  Handle<JSFunction> apply = InstallFunction(
+  {
-      container, "reflect_apply", JS_OBJECT_TYPE, JSObject::kHeaderSize,
+    Handle<JSFunction> apply = InstallFunction(
-      MaybeHandle<JSObject>(), Builtins::kReflectApply);
+        container, "reflect_apply", JS_OBJECT_TYPE, JSObject::kHeaderSize,
-  apply->shared()->set_internal_formal_parameter_count(3);
+        MaybeHandle<JSObject>(), Builtins::kReflectApply);
-  apply->shared()->set_length(3);
+    apply->shared()->set_internal_formal_parameter_count(3);
-  apply->shared()->set_feedback_vector(
+    apply->shared()->set_length(3);
-      *TypeFeedbackVector::CreatePushAppliedArgumentsVector(isolate));
+    Handle<TypeFeedbackVector> feedback_vector =
-  isolate->native_context()->set_reflect_apply(*apply);
+        TypeFeedbackVector::CreatePushAppliedArgumentsVector(isolate);
+    apply->shared()->set_feedback_vector(*feedback_vector);
-  Handle<JSFunction> construct = InstallFunction(
+    isolate->native_context()->set_reflect_apply(*apply);
-      container, "reflect_construct", JS_OBJECT_TYPE, JSObject::kHeaderSize,
+  }
-      MaybeHandle<JSObject>(), Builtins::kReflectConstruct);
-  construct->shared()->set_internal_formal_parameter_count(3);
+  {
-  construct->shared()->set_length(2);
+    Handle<JSFunction> construct = InstallFunction(
-  construct->shared()->set_feedback_vector(
+        container, "reflect_construct", JS_OBJECT_TYPE, JSObject::kHeaderSize,
-      *TypeFeedbackVector::CreatePushAppliedArgumentsVector(isolate));
+        MaybeHandle<JSObject>(), Builtins::kReflectConstruct);
-  isolate->native_context()->set_reflect_construct(*construct);
+    construct->shared()->set_internal_formal_parameter_count(3);
+    construct->shared()->set_length(2);
+    Handle<TypeFeedbackVector> feedback_vector =
+        TypeFeedbackVector::CreatePushAppliedArgumentsVector(isolate);
+    construct->shared()->set_feedback_vector(*feedback_vector);
+    isolate->native_context()->set_reflect_construct(*construct);
+  }
 }
@@ -2421,8 +2427,9 @@ bool Genesis::InstallNatives(ContextType context_type) {
    Handle<JSFunction> apply =
        InstallFunction(proto, "apply", JS_OBJECT_TYPE, JSObject::kHeaderSize,
                        MaybeHandle<JSObject>(), Builtins::kFunctionApply);
-    apply->shared()->set_feedback_vector(
+    Handle<TypeFeedbackVector> feedback_vector =
-        *TypeFeedbackVector::CreatePushAppliedArgumentsVector(isolate()));
+        TypeFeedbackVector::CreatePushAppliedArgumentsVector(isolate());
+    apply->shared()->set_feedback_vector(*feedback_vector);
    // Make sure that Function.prototype.call appears to be compiled.
    // The code will never be called, but inline caching for call will