Skip to content

V
V8
Commit dffb5082 authored by peter.rybin@gmail.com's avatar peter.rybin@gmail.com
Browse files
Options

Properly fix liveedit heap traversal bug with write barrier 

Review URL: https://chromiumcodereview.appspot.com/10682013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11960 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
parent ec65e4fe
Hide whitespace changes
Inline Side-by-side
Showing with 15 additions and 6 deletions
src/liveedit.cc
View file @ dffb5082
...@@ -965,12 +965,21 @@ class ReplacingVisitor : public ObjectVisitor { ...@@ -965,12 +965,21 @@ class ReplacingVisitor : public ObjectVisitor {
// Finds all references to original and replaces them with substitution. // Finds all references to original and replaces them with substitution.
static void ReplaceCodeObject(Code* original, Code* substitution) { static void ReplaceCodeObject(Handle<Code> original,
ASSERT(!HEAP->InNewSpace(substitution)); Handle<Code> substitution) {
// Perform a full GC in order to ensure that we are not in the middle of an
// incremental marking phase when we are replacing the code object.
// Since we are not in an incremental marking phase we can write pointers
// to code objects (that are never in new space) without worrying about
// write barriers.
HEAP->CollectAllGarbage(Heap::kMakeHeapIterableMask,
"liveedit.cc ReplaceCodeObject");
ASSERT(!HEAP->InNewSpace(*substitution));
AssertNoAllocation no_allocations_please; AssertNoAllocation no_allocations_please;
ReplacingVisitor visitor(original, substitution); ReplacingVisitor visitor(*original, *substitution);
// Iterate over all roots. Stack frames may have pointer into original code, // Iterate over all roots. Stack frames may have pointer into original code,
// so temporary replace the pointers with offset numbers // so temporary replace the pointers with offset numbers
...@@ -1066,8 +1075,8 @@ MaybeObject* LiveEdit::ReplaceFunctionCode( ...@@ -1066,8 +1075,8 @@ MaybeObject* LiveEdit::ReplaceFunctionCode(
if (IsJSFunctionCode(shared_info->code())) { if (IsJSFunctionCode(shared_info->code())) {
Handle<Code> code = compile_info_wrapper.GetFunctionCode(); Handle<Code> code = compile_info_wrapper.GetFunctionCode();
ReplaceCodeObject(shared_info->code(), *code); ReplaceCodeObject(Handle<Code>(shared_info->code()), code);
Handle<Object> code_scope_info = compile_info_wrapper.GetCodeScopeInfo(); Handle<Object> code_scope_info = compile_info_wrapper.GetCodeScopeInfo();
if (code_scope_info->IsFixedArray()) { if (code_scope_info->IsFixedArray()) {
shared_info->set_scope_info(ScopeInfo::cast(*code_scope_info)); shared_info->set_scope_info(ScopeInfo::cast(*code_scope_info));
} }
...@@ -1309,7 +1318,7 @@ MaybeObject* LiveEdit::PatchFunctionPositions( ...@@ -1309,7 +1318,7 @@ MaybeObject* LiveEdit::PatchFunctionPositions(
// on stack (it is safe to substitute the code object on stack, because // on stack (it is safe to substitute the code object on stack, because
// we only change the structure of rinfo and leave instructions // we only change the structure of rinfo and leave instructions
// untouched). // untouched).
ReplaceCodeObject(info->code(), *patched_code); ReplaceCodeObject(Handle<Code>(info->code()), patched_code);
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment