LGTM.
Am I correct that the bug means that you write one entry (two elements)
past the
end of the FixedArray?
http://codereview.chromium.org/1709001/diff/1/2
File src/runtime.cc (right):
http://codereview.chromium.org/1709001/diff/1/2#newcode10094
src/runtime.cc:10094: if (size < cache->length()) {
Is there something we could pre-fill the cache with to remove this case
(and also remove the "size" handling entirely)? It would need to have a
key value that is never an input to the function (e.g., a newly created
object that isn't used anywhere else).
http://codereview.chromium.org/1709001/diff/1/2#newcode10098
src/runtime.cc:10098: int target_index = finger_index + 2;
This constant, 2, should have a name.
Perhaps add JSFunctionResultCache::kEntrySize = 2 and use it here.
http://codereview.chromium.org/1709001/show
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
