Merge bleeding_edge revision 3501 to trunk. This change contains a
fix for a crash triggered by GC during generation of a callback inline
cache stub.
Review URL: http://codereview.chromium.org/508002
git-svn-id: http://v8.googlecode.com/svn/trunk@3502 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
diff --git a/src/ia32/stub-cache-ia32.cc b/src/ia32/stub-cache-ia32.cc
index 0e83615..75e478b 100644
--- a/src/ia32/stub-cache-ia32.cc
+++ b/src/ia32/stub-cache-ia32.cc
@@ -802,9 +802,10 @@
Address getter_address = v8::ToCData<Address>(callback->getter());
ApiFunction fun(getter_address);
ApiGetterEntryStub stub(callback_handle, &fun);
- // Calling the stub may try to allocate (if the code is not already
- // generated). Do not allow the call to perform a garbage
- // collection but instead return the allocation failure object.
+ // Emitting a stub call may try to allocate (if the code is not
+ // already generated). Do not allow the assembler to perform a
+ // garbage collection but instead return the allocation failure
+ // object.
Object* result = masm()->TryCallStub(&stub);
if (result->IsFailure()) {
*failure = Failure::cast(result);
@@ -813,7 +814,14 @@
// We need to avoid using eax since that now holds the result.
Register tmp = other.is(eax) ? reg : other;
- __ PopHandleScope(eax, tmp);
+ // Emitting PopHandleScope may try to allocate. Do not allow the
+ // assembler to perform a garbage collection but instead return a
+ // failure object.
+ result = masm()->TryPopHandleScope(eax, tmp);
+ if (result->IsFailure()) {
+ *failure = Failure::cast(result);
+ return false;
+ }
__ LeaveInternalFrame();
__ ret(0);