From 3a739a1cb613fa1433355c833cec115571caeb98 Mon Sep 17 00:00:00 2001 From: "mstarzinger@chromium.org" Date: Fri, 15 Jun 2012 10:36:45 +0000 Subject: [PATCH] Fix list traversal of optimized functions in deoptimizer. R=fschneider@chromium.org Review URL: https://chromiumcodereview.appspot.com/10546179 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11829 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/deoptimizer.cc | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/src/deoptimizer.cc b/src/deoptimizer.cc index 3debf55..af0a171 100644 --- a/src/deoptimizer.cc +++ b/src/deoptimizer.cc @@ -268,20 +268,29 @@ void Deoptimizer::DeoptimizeGlobalObject(JSObject* object) { void Deoptimizer::VisitAllOptimizedFunctionsForContext( Context* context, OptimizedFunctionVisitor* visitor) { + Isolate* isolate = context->GetIsolate(); + ZoneScope zone_scope(isolate, DELETE_ON_EXIT); AssertNoAllocation no_allocation; ASSERT(context->IsGlobalContext()); visitor->EnterContext(context); - // Run through the list of optimized functions and deoptimize them. + + // Create a snapshot of the optimized functions list. This is needed because + // visitors might remove more than one link from the list at once. + ZoneList snapshot(1, isolate->zone()); Object* element = context->OptimizedFunctionsListHead(); while (!element->IsUndefined()) { JSFunction* element_function = JSFunction::cast(element); - // Get the next link before deoptimizing as deoptimizing will clear the - // next link. + snapshot.Add(element_function, isolate->zone()); element = element_function->next_function_link(); - visitor->VisitFunction(element_function); } + + // Run through the snapshot of optimized functions and visit them. + for (int i = 0; i < snapshot.length(); ++i) { + visitor->VisitFunction(snapshot.at(i)); + } + visitor->LeaveContext(context); } -- 2.7.4