Comment #16 on issue 3692 by [email protected]: function suddenly
becomes undefined
https://code.google.com/p/v8/issues/detail?id=3692
@jkummerow I totally agree with you about staleness of v8 in v0.10. There
are tons of stuff that was fixed by just rewriting, and even more plain bug
fixes.
I have debugged this issue a bit, and I am not totally sure if this bug
could be applied to trunk v8. Do you mind helping me verify that it is
fixed now?
Basically, the reproduction test case for old node is there:
https://gist.github.com/indutny/3130c097d11570476f22 .
The idea is that if we have ArgumentsElements in outer-to-inlined function,
it will PushArgument and shift the stack. But the deoptimizer does not seem
to take in account that stack shift when it sees `arg:0` in it's
environment, thus loading the wrong value on deopt right before CallNew.
The responsible code is at WriteTranslation (at least in older v8
versions). Could you please help me in verifying that newer v8 is not
vulnerable to this?
Thank you,
Fedor.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
