From d31ed98428e499f3bed0f4f2676f5cb7b5fa710c Mon Sep 17 00:00:00 2001
From: "erik.corry@gmail.com"
 <erik.corry@gmail.com@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Wed, 20 Jun 2012 13:40:10 +0000
Subject: [PATCH] Fix GC bug with missing handle. Bug=133618 Review URL:
 https://chromiumcodereview.appspot.com/10559083

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11886 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---
 src/arm/lithium-codegen-arm.cc   | 12 ++++++------
 src/ia32/lithium-codegen-ia32.cc | 12 ++++++------
 src/mips/lithium-codegen-mips.cc | 13 ++++++-------
 src/x64/lithium-codegen-x64.cc   | 12 ++++++------
 4 files changed, 24 insertions(+), 25 deletions(-)

diff --git a/src/arm/lithium-codegen-arm.cc b/src/arm/lithium-codegen-arm.cc
index 6a6a062..43d7f9d 100644
--- a/src/arm/lithium-codegen-arm.cc
+++ b/src/arm/lithium-codegen-arm.cc
@@ -2597,15 +2597,15 @@ void LCodeGen::EmitLoadFieldOrConstantFunction(Register result,
   } else {
     // Negative lookup.
     // Check prototypes.
-    HeapObject* current = HeapObject::cast((*type)->prototype());
+    Handle<HeapObject> current(HeapObject::cast((*type)->prototype()));
     Heap* heap = type->GetHeap();
-    while (current != heap->null_value()) {
-      Handle<HeapObject> link(current);
-      __ LoadHeapObject(result, link);
+    while (*current != heap->null_value()) {
+      __ LoadHeapObject(result, current);
       __ ldr(result, FieldMemOperand(result, HeapObject::kMapOffset));
-      __ cmp(result, Operand(Handle<Map>(JSObject::cast(current)->map())));
+      __ cmp(result, Operand(Handle<Map>(current->map())));
       DeoptimizeIf(ne, env);
-      current = HeapObject::cast(current->map()->prototype());
+      current =
+          Handle<HeapObject>(HeapObject::cast(current->map()->prototype()));
     }
     __ LoadRoot(result, Heap::kUndefinedValueRootIndex);
   }
diff --git a/src/ia32/lithium-codegen-ia32.cc b/src/ia32/lithium-codegen-ia32.cc
index 1ea2188..a1a5482 100644
--- a/src/ia32/lithium-codegen-ia32.cc
+++ b/src/ia32/lithium-codegen-ia32.cc
@@ -2327,15 +2327,15 @@ void LCodeGen::EmitLoadFieldOrConstantFunction(Register result,
   } else {
     // Negative lookup.
     // Check prototypes.
-    HeapObject* current = HeapObject::cast((*type)->prototype());
+    Handle<HeapObject> current(HeapObject::cast((*type)->prototype()));
     Heap* heap = type->GetHeap();
-    while (current != heap->null_value()) {
-      Handle<HeapObject> link(current);
-      __ LoadHeapObject(result, link);
+    while (*current != heap->null_value()) {
+      __ LoadHeapObject(result, current);
       __ cmp(FieldOperand(result, HeapObject::kMapOffset),
-                          Handle<Map>(JSObject::cast(current)->map()));
+                          Handle<Map>(current->map()));
       DeoptimizeIf(not_equal, env);
-      current = HeapObject::cast(current->map()->prototype());
+      current =
+          Handle<HeapObject>(HeapObject::cast(current->map()->prototype()));
     }
     __ mov(result, factory()->undefined_value());
   }
diff --git a/src/mips/lithium-codegen-mips.cc b/src/mips/lithium-codegen-mips.cc
index 2a022b5..db88d59 100644
--- a/src/mips/lithium-codegen-mips.cc
+++ b/src/mips/lithium-codegen-mips.cc
@@ -2341,15 +2341,14 @@ void LCodeGen::EmitLoadFieldOrConstantFunction(Register result,
   } else {
     // Negative lookup.
     // Check prototypes.
-    HeapObject* current = HeapObject::cast((*type)->prototype());
+    Handle<HeapObject> current(HeapObject::cast((*type)->prototype()));
     Heap* heap = type->GetHeap();
-    while (current != heap->null_value()) {
-      Handle<HeapObject> link(current);
-      __ LoadHeapObject(result, link);
+    while (*current != heap->null_value()) {
+      __ LoadHeapObject(result, current);
       __ lw(result, FieldMemOperand(result, HeapObject::kMapOffset));
-      DeoptimizeIf(ne, env,
-          result, Operand(Handle<Map>(JSObject::cast(current)->map())));
-      current = HeapObject::cast(current->map()->prototype());
+      DeoptimizeIf(ne, env, result, Operand(Handle<Map>(current->map())));
+      current =
+          Handle<HeapObject>(HeapObject::cast(current->map()->prototype()));
     }
     __ LoadRoot(result, Heap::kUndefinedValueRootIndex);
   }
diff --git a/src/x64/lithium-codegen-x64.cc b/src/x64/lithium-codegen-x64.cc
index ccc81bb..12d38fc 100644
--- a/src/x64/lithium-codegen-x64.cc
+++ b/src/x64/lithium-codegen-x64.cc
@@ -2221,15 +2221,15 @@ void LCodeGen::EmitLoadFieldOrConstantFunction(Register result,
   } else {
     // Negative lookup.
     // Check prototypes.
-    HeapObject* current = HeapObject::cast((*type)->prototype());
+    Handle<HeapObject> current(HeapObject::cast((*type)->prototype()));
     Heap* heap = type->GetHeap();
-    while (current != heap->null_value()) {
-      Handle<HeapObject> link(current);
-      __ LoadHeapObject(result, link);
+    while (*current != heap->null_value()) {
+      __ LoadHeapObject(result, current);
       __ Cmp(FieldOperand(result, HeapObject::kMapOffset),
-                          Handle<Map>(JSObject::cast(current)->map()));
+                          Handle<Map>(current->map()));
       DeoptimizeIf(not_equal, env);
-      current = HeapObject::cast(current->map()->prototype());
+      current =
+          Handle<HeapObject>(HeapObject::cast(current->map()->prototype()));
     }
     __ LoadRoot(result, Heap::kUndefinedValueRootIndex);
   }
-- 
2.7.4