review.tizen.org Git - platform/upstream/v8.git/commit

Prevent modification of cached normalized maps.

Finally sovles the problem that r5342 attempted to solve.
When adding a stub to a map's code cache we need to make
sure that this map is not used by object that do not need
this stub.

Existing solution had 2 flaws:
1. It checked that the map is cached by asking the current context.
If the object escaped into another context then NormalizedMapCache::Contains
returns false negative.

2. If a map gets evicted from the cache we should not try to modify it
even though Contains returns false.

This patch implements much less fragile solution of the same problem:
A map now has a flag (is_shared) that is set once the map is added
to a cache, stays set even after the cache eviction, and is cleared
if the object goes back to fast mode.

Added a regression test.

Review URL: http://codereview.chromium.org/3472006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5518 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

author	kaznacheev@chromium.org <kaznacheev@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
	Fri, 24 Sep 2010 08:18:33 +0000 (08:18 +0000)
committer	kaznacheev@chromium.org <kaznacheev@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
	Fri, 24 Sep 2010 08:18:33 +0000 (08:18 +0000)
commit	cfbc1eed9c8e882d324aaf82a2ced977fe11ba30
tree	cba65ca9ff4d2a159ff94bd84c1cdd6fc3255595	tree \| snapshot
parent	830185b175922de04e96c71fea7e04f9588426da	commit \| diff

src/objects-debug.cc		diff \| blob \| history
src/objects-inl.h		diff \| blob \| history
src/objects.cc		diff \| blob \| history
src/objects.h		diff \| blob \| history
test/cctest/test-api.cc		diff \| blob \| history