Fix GC bug with missing handle. Bug=133618

Review URL: https://chromiumcodereview.appspot.com/10559083 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11886 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix GC bug with missing handle. Bug=133618
Review URL: https://chromiumcodereview.appspot.com/10559083 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11886 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
d31ed984 · erik.corry@gmail.com · dce8dccd · d31ed984 · d31ed984 · d31ed984
Commit d31ed984 authored Jun 20, 2012 by erik.corry@gmail.com
4 changed files
--- a/src/arm/lithium-codegen-arm.cc
+++ b/src/arm/lithium-codegen-arm.cc
@@ -2597,15 +2597,15 @@ void LCodeGen::EmitLoadFieldOrConstantFunction(Register result,
  } else {
    // Negative lookup.
    // Check prototypes.
-    HeapObject* current = HeapObject::cast((*type)->prototype());
+    Handle<HeapObject> current(HeapObject::cast((*type)->prototype()));
    Heap* heap = type->GetHeap();
-    while (current != heap->null_value()) {
+    while (*current != heap->null_value()) {
-      Handle<HeapObject> link(current);
+      __ LoadHeapObject(result, current);
-      __ LoadHeapObject(result, link);
      __ ldr(result, FieldMemOperand(result, HeapObject::kMapOffset));
-      __ cmp(result, Operand(Handle<Map>(JSObject::cast(current)->map())));
+      __ cmp(result, Operand(Handle<Map>(current->map())));
      DeoptimizeIf(ne, env);
-      current = HeapObject::cast(current->map()->prototype());
+      current =
+          Handle<HeapObject>(HeapObject::cast(current->map()->prototype()));
    }
    __ LoadRoot(result, Heap::kUndefinedValueRootIndex);
  }

--- a/src/ia32/lithium-codegen-ia32.cc
+++ b/src/ia32/lithium-codegen-ia32.cc
@@ -2327,15 +2327,15 @@ void LCodeGen::EmitLoadFieldOrConstantFunction(Register result,
  } else {
    // Negative lookup.
    // Check prototypes.
-    HeapObject* current = HeapObject::cast((*type)->prototype());
+    Handle<HeapObject> current(HeapObject::cast((*type)->prototype()));
    Heap* heap = type->GetHeap();
-    while (current != heap->null_value()) {
+    while (*current != heap->null_value()) {
-      Handle<HeapObject> link(current);
+      __ LoadHeapObject(result, current);
-      __ LoadHeapObject(result, link);
      __ cmp(FieldOperand(result, HeapObject::kMapOffset),
-                          Handle<Map>(JSObject::cast(current)->map()));
+                          Handle<Map>(current->map()));
      DeoptimizeIf(not_equal, env);
-      current = HeapObject::cast(current->map()->prototype());
+      current =
+          Handle<HeapObject>(HeapObject::cast(current->map()->prototype()));
    }
    __ mov(result, factory()->undefined_value());
  }

--- a/src/mips/lithium-codegen-mips.cc
+++ b/src/mips/lithium-codegen-mips.cc
@@ -2341,15 +2341,14 @@ void LCodeGen::EmitLoadFieldOrConstantFunction(Register result,
  } else {
    // Negative lookup.
    // Check prototypes.
-    HeapObject* current = HeapObject::cast((*type)->prototype());
+    Handle<HeapObject> current(HeapObject::cast((*type)->prototype()));
    Heap* heap = type->GetHeap();
-    while (current != heap->null_value()) {
+    while (*current != heap->null_value()) {
-      Handle<HeapObject> link(current);
+      __ LoadHeapObject(result, current);
-      __ LoadHeapObject(result, link);
      __ lw(result, FieldMemOperand(result, HeapObject::kMapOffset));
-      DeoptimizeIf(ne, env,
+      DeoptimizeIf(ne, env, result, Operand(Handle<Map>(current->map())));
-          result, Operand(Handle<Map>(JSObject::cast(current)->map())));
+      current =
-      current = HeapObject::cast(current->map()->prototype());
+          Handle<HeapObject>(HeapObject::cast(current->map()->prototype()));
    }
    __ LoadRoot(result, Heap::kUndefinedValueRootIndex);
  }

--- a/src/x64/lithium-codegen-x64.cc
+++ b/src/x64/lithium-codegen-x64.cc
@@ -2221,15 +2221,15 @@ void LCodeGen::EmitLoadFieldOrConstantFunction(Register result,
  } else {
    // Negative lookup.
    // Check prototypes.
-    HeapObject* current = HeapObject::cast((*type)->prototype());
+    Handle<HeapObject> current(HeapObject::cast((*type)->prototype()));
    Heap* heap = type->GetHeap();
-    while (current != heap->null_value()) {
+    while (*current != heap->null_value()) {
-      Handle<HeapObject> link(current);
+      __ LoadHeapObject(result, current);
-      __ LoadHeapObject(result, link);
      __ Cmp(FieldOperand(result, HeapObject::kMapOffset),
-                          Handle<Map>(JSObject::cast(current)->map()));
+                          Handle<Map>(current->map()));
      DeoptimizeIf(not_equal, env);
-      current = HeapObject::cast(current->map()->prototype());
+      current =
+          Handle<HeapObject>(HeapObject::cast(current->map()->prototype()));
    }
    __ LoadRoot(result, Heap::kUndefinedValueRootIndex);
  }