[v8-dev] [v8] r15562 committed - MIPS: Bugfix: The general array constructor stub did not handle the ca...

Mon, 08 Jul 2013 10:59:38 -0700 

Revision: 15562
Author:   [email protected]
Date:     Mon Jul  8 10:58:03 2013
Log: MIPS: Bugfix: The general array constructor stub did not handle the case properly when it is called with a function pointer in the type cell, instead assuming that an AllocationSite object should be present. 

Port r15555 (262c081)

Original commit message:
The case where this can happen is if the cell is uninitialized, then the
first constructor call made is to the Array function of a different
context. In that case, we'll store the function pointer in the cell,
and then go ahead and call the array constructor stub too. The bug is
fixed by checking for the AllocationSite object map. If not found, the
constructor stub goes forward with a default ElementsKind, just as in
several other cases.

A test in allocation-site-info.js was beefed up to make sure the state
chain described above is traversed.

BUG=

Review URL: https://codereview.chromium.org/18858003
Patch from Balazs Kilvady <[email protected]>.
http://code.google.com/p/v8/source/detail?r=15562

Modified:
 /branches/bleeding_edge/src/mips/code-stubs-mips.cc

=======================================

--- /branches/bleeding_edge/src/mips/code-stubs-mips.cc	Mon Jul  8 10:01:12  
2013
+++ /branches/bleeding_edge/src/mips/code-stubs-mips.cc	Mon Jul  8 10:58:03  
2013

@@ -7491,14 +7491,10 @@
   __ LoadRoot(at, Heap::kUndefinedValueRootIndex);
   __ Branch(&no_info, eq, a3, Operand(at));

-  // We should have an allocation site object
-  if (FLAG_debug_code) {
-    __ push(a3);
-    __ sw(a3, FieldMemOperand(a3, 0));
-    __ LoadRoot(at, Heap::kAllocationSiteMapRootIndex);
-    __ Assert(eq, "Expected AllocationSite object in register a3",
-        a3, Operand(at));
-  }
+  // The type cell has either an AllocationSite or a JSFunction.
+  __ lw(t0, FieldMemOperand(a3, 0));
+  __ LoadRoot(at, Heap::kAllocationSiteMapRootIndex);
+  __ Branch(&no_info, ne, t0, Operand(at));

   __ lw(a3, FieldMemOperand(a3, AllocationSite::kPayloadOffset));
   __ SmiUntag(a3);

--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

--- 
You received this message because you are subscribed to the Google Groups "v8-dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
















    











					Reply via email to