Reviewers: Yang,
Message:
Hi Yang, here is the CL we just discussed. Thanks for the look,
--Michael
Description:
VectorICs: keyed element loads were kicking out non-smi keys unnecessarily
Handlers should be in charge of this work. The change uncovered a bug in
vector-ics related to keyed loads into strings. It's important for
StringCharCodeAtGenerator, a helper used in full code and in
LoadIndexedStringStub (a handler) to protect the vector and slot registers
when it makes a runtime call to convert a HeapNumber to a Smi.
It's still possible for the handler to MISS after this call, perhaps due
to out of bounds access. In that case, the vector and slot registers need
to be delivered safely to the MISS handler.
BUG=
Please review this at https://codereview.chromium.org/1028093002/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+89, -36 lines):
M src/arm/code-stubs-arm.cc
M src/arm/full-codegen-arm.cc
M src/arm64/code-stubs-arm64.cc
M src/arm64/full-codegen-arm64.cc
M src/code-stubs.h
M src/flag-definitions.h
M src/ia32/code-stubs-ia32.cc
M src/ia32/full-codegen-ia32.cc
M src/mips/code-stubs-mips.cc
M src/mips/full-codegen-mips.cc
M src/x64/code-stubs-x64.cc
M src/x64/full-codegen-x64.cc
M test/mjsunit/string-index.js
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
