Make handle dereference check more precise.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23578022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16658 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

diff --git a/src/handles-inl.h b/src/handles-inl.h
index 4f4490b..5b879d8 100644 (file)
--- a/src/handles-inl.h
+++ b/src/handles-inl.h
@@ -32,6 +32,7 @@
 #include "api.h"
 #include "apiutils.h"
 #include "handles.h"
+#include "heap.h"
 #include "isolate.h"
 
 namespace v8 {
@@ -85,11 +86,13 @@ bool Handle<T>::IsDereferenceAllowed(DereferenceCheckMode mode) const {
   Object* object = *BitCast<T**>(location_);
   if (object->IsSmi()) return true;
   HeapObject* heap_object = HeapObject::cast(object);
-  Isolate* isolate = heap_object->GetIsolate();
+  Heap* heap = heap_object->GetHeap();
   Object** handle = reinterpret_cast<Object**>(location_);
-  Object** roots_array_start = isolate->heap()->roots_array_start();
+  Object** roots_array_start = heap->roots_array_start();
   if (roots_array_start <= handle &&
-      handle < roots_array_start + Heap::kStrongRootListLength) {
+      handle < roots_array_start + Heap::kStrongRootListLength &&
+      heap->RootCanBeTreatedAsConstant(
+        static_cast<Heap::RootListIndex>(handle - roots_array_start))) {
     return true;
   }
   if (!AllowHandleDereference::IsAllowed()) return false;
@@ -98,7 +101,7 @@ bool Handle<T>::IsDereferenceAllowed(DereferenceCheckMode mode) const {
     // Accessing maps and internalized strings is safe.
     if (heap_object->IsMap()) return true;
     if (heap_object->IsInternalizedString()) return true;
-    return !isolate->IsDeferredHandle(handle);
+    return !heap->isolate()->IsDeferredHandle(handle);
   }
   return true;
 }