Back port r11886: Fix GC bug with missing handle. Bug=133618
Review URL: https://chromiumcodereview.appspot.com/10584030
git-svn-id: http://v8.googlecode.com/svn/branches/3.11@11890 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
diff --git a/src/arm/lithium-codegen-arm.cc b/src/arm/lithium-codegen-arm.cc
index 256d180..b03ba8c 100644
--- a/src/arm/lithium-codegen-arm.cc
+++ b/src/arm/lithium-codegen-arm.cc
@@ -2594,15 +2594,15 @@
} else {
// Negative lookup.
// Check prototypes.
- HeapObject* current = HeapObject::cast((*type)->prototype());
+ Handle<HeapObject> current(HeapObject::cast((*type)->prototype()));
Heap* heap = type->GetHeap();
- while (current != heap->null_value()) {
- Handle<HeapObject> link(current);
- __ LoadHeapObject(result, link);
+ while (*current != heap->null_value()) {
+ __ LoadHeapObject(result, current);
__ ldr(result, FieldMemOperand(result, HeapObject::kMapOffset));
- __ cmp(result, Operand(Handle<Map>(JSObject::cast(current)->map())));
+ __ cmp(result, Operand(Handle<Map>(current->map())));
DeoptimizeIf(ne, env);
- current = HeapObject::cast(current->map()->prototype());
+ current =
+ Handle<HeapObject>(HeapObject::cast(current->map()->prototype()));
}
__ LoadRoot(result, Heap::kUndefinedValueRootIndex);
}
diff --git a/src/ia32/lithium-codegen-ia32.cc b/src/ia32/lithium-codegen-ia32.cc
index 7fd64ca..7c9c88260 100644
--- a/src/ia32/lithium-codegen-ia32.cc
+++ b/src/ia32/lithium-codegen-ia32.cc
@@ -2325,15 +2325,15 @@
} else {
// Negative lookup.
// Check prototypes.
- HeapObject* current = HeapObject::cast((*type)->prototype());
+ Handle<HeapObject> current(HeapObject::cast((*type)->prototype()));
Heap* heap = type->GetHeap();
- while (current != heap->null_value()) {
- Handle<HeapObject> link(current);
- __ LoadHeapObject(result, link);
+ while (*current != heap->null_value()) {
+ __ LoadHeapObject(result, current);
__ cmp(FieldOperand(result, HeapObject::kMapOffset),
- Handle<Map>(JSObject::cast(current)->map()));
+ Handle<Map>(current->map()));
DeoptimizeIf(not_equal, env);
- current = HeapObject::cast(current->map()->prototype());
+ current =
+ Handle<HeapObject>(HeapObject::cast(current->map()->prototype()));
}
__ mov(result, factory()->undefined_value());
}
diff --git a/src/mips/lithium-codegen-mips.cc b/src/mips/lithium-codegen-mips.cc
index 67dbe69..68f8a3d 100644
--- a/src/mips/lithium-codegen-mips.cc
+++ b/src/mips/lithium-codegen-mips.cc
@@ -2338,15 +2338,14 @@
} else {
// Negative lookup.
// Check prototypes.
- HeapObject* current = HeapObject::cast((*type)->prototype());
+ Handle<HeapObject> current(HeapObject::cast((*type)->prototype()));
Heap* heap = type->GetHeap();
- while (current != heap->null_value()) {
- Handle<HeapObject> link(current);
- __ LoadHeapObject(result, link);
+ while (*current != heap->null_value()) {
+ __ LoadHeapObject(result, current);
__ lw(result, FieldMemOperand(result, HeapObject::kMapOffset));
- DeoptimizeIf(ne, env,
- result, Operand(Handle<Map>(JSObject::cast(current)->map())));
- current = HeapObject::cast(current->map()->prototype());
+ DeoptimizeIf(ne, env, result, Operand(Handle<Map>(current->map())));
+ current =
+ Handle<HeapObject>(HeapObject::cast(current->map()->prototype()));
}
__ LoadRoot(result, Heap::kUndefinedValueRootIndex);
}
diff --git a/src/version.cc b/src/version.cc
index 4849c63..03526d3 100644
--- a/src/version.cc
+++ b/src/version.cc
@@ -35,7 +35,7 @@
#define MAJOR_VERSION 3
#define MINOR_VERSION 11
#define BUILD_NUMBER 10
-#define PATCH_LEVEL 9
+#define PATCH_LEVEL 10
// Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.)
#define IS_CANDIDATE_VERSION 0
diff --git a/src/x64/lithium-codegen-x64.cc b/src/x64/lithium-codegen-x64.cc
index bc8f848..f62528e 100644
--- a/src/x64/lithium-codegen-x64.cc
+++ b/src/x64/lithium-codegen-x64.cc
@@ -2218,15 +2218,15 @@
} else {
// Negative lookup.
// Check prototypes.
- HeapObject* current = HeapObject::cast((*type)->prototype());
+ Handle<HeapObject> current(HeapObject::cast((*type)->prototype()));
Heap* heap = type->GetHeap();
- while (current != heap->null_value()) {
- Handle<HeapObject> link(current);
- __ LoadHeapObject(result, link);
+ while (*current != heap->null_value()) {
+ __ LoadHeapObject(result, current);
__ Cmp(FieldOperand(result, HeapObject::kMapOffset),
- Handle<Map>(JSObject::cast(current)->map()));
+ Handle<Map>(current->map()));
DeoptimizeIf(not_equal, env);
- current = HeapObject::cast(current->map()->prototype());
+ current =
+ Handle<HeapObject>(HeapObject::cast(current->map()->prototype()));
}
__ LoadRoot(result, Heap::kUndefinedValueRootIndex);
}
