Status: Accepted
Owner: [email protected]
CC: [email protected]
Labels: Type-Bug Priority-Medium
New issue 3985 by [email protected]: Arguments object materialization for
escape analyzed objects can return wrong arguments
https://code.google.com/p/v8/issues/detail?id=3985
We can return a wrong arguments object if we materialize arguments object
(using f.arguments) and then throw around f's frame so that f does not
clean up the materialized frame information (see the
MaterializedObjectStore in deoptimizer.h/.cc). If we enter another function
that has the same frame pointer and request an arguments object of (or
lazily deoptimize) that function, we can get the materialized object of the
original function.
We should clean up the materialized object store when we unwind the stack.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
