Reviewers: Michael Starzinger,
Message:
ptal
Description:
Reland "Re-enable on-heap typed array allocation"
[email protected]
BUG=v8:3996
LOG=y
Please review this at https://codereview.chromium.org/1144143006/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+15, -4 lines):
M src/bootstrapper.cc
M src/hydrogen.cc
Index: src/bootstrapper.cc
diff --git a/src/bootstrapper.cc b/src/bootstrapper.cc
index
f0779b4fe91e116f3855bd409e4445cca7d71d3d..b5c7dfac3e4f555785cc42dcf268589b1f18fac5
100644
--- a/src/bootstrapper.cc
+++ b/src/bootstrapper.cc
@@ -1195,7 +1195,6 @@ void Genesis::InitializeGlobal(Handle<GlobalObject>
global_object,
isolate->initial_object_prototype(),
Builtins::kIllegal);
native_context()->set_array_buffer_fun(*array_buffer_fun);
-
native_context()->set_array_buffer_map(array_buffer_fun->initial_map());
}
{ // -- T y p e d A r r a y s
@@ -2800,6 +2799,8 @@ bool Genesis::ConfigureGlobalObjects(
native_context()->set_initial_array_prototype(
JSArray::cast(native_context()->array_function()->prototype()));
+ native_context()->set_array_buffer_map(
+ native_context()->array_buffer_fun()->initial_map());
return true;
}
Index: src/hydrogen.cc
diff --git a/src/hydrogen.cc b/src/hydrogen.cc
index
30406d656c3ee4d293877ab96ec36eaee7168e09..809640fb437aa303c39e0d51e087e59b3e210b29
100644
--- a/src/hydrogen.cc
+++ b/src/hydrogen.cc
@@ -9727,8 +9727,18 @@ HValue*
HGraphBuilder::BuildAllocateEmptyArrayBuffer(HValue* byte_length) {
native_context, nullptr,
HObjectAccess::ForContextSlot(Context::ARRAY_BUFFER_MAP_INDEX)));
- Add<HStoreNamedField>(result,
HObjectAccess::ForJSArrayBufferBackingStore(),
- Add<HConstant>(ExternalReference()));
+ HConstant* empty_fixed_array =
+ Add<HConstant>(isolate()->factory()->empty_fixed_array());
+ Add<HStoreNamedField>(
+ result, HObjectAccess::ForJSArrayOffset(JSArray::kPropertiesOffset),
+ empty_fixed_array);
+ Add<HStoreNamedField>(
+ result, HObjectAccess::ForJSArrayOffset(JSArray::kElementsOffset),
+ empty_fixed_array);
+ Add<HStoreNamedField>(
+ result,
HObjectAccess::ForJSArrayBufferBackingStore().WithRepresentation(
+ Representation::Smi()),
+ graph()->GetConstant0());
Add<HStoreNamedField>(result,
HObjectAccess::ForJSArrayBufferByteLength(),
byte_length);
Add<HStoreNamedField>(result,
HObjectAccess::ForJSArrayBufferBitFieldSlot(),
@@ -9935,7 +9945,7 @@ void
HOptimizedGraphBuilder::GenerateTypedArrayInitialize(
CHECK_ALIVE(VisitForValue(arguments->at(kObjectArg)));
HValue* obj = Pop();
- if (arguments->at(kArrayIdArg)->IsLiteral()) {
+ if (!arguments->at(kArrayIdArg)->IsLiteral()) {
// This should never happen in real use, but can happen when fuzzing.
// Just bail out.
Bailout(kNeedSmiLiteral);
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
