[v8-dev] [v8] r18666 committed - Minor bugfix in building inlined Array: bad argument to JSArrayBuilder...

Fri, 17 Jan 2014 04:20:04 -0800 

Revision: 18666
Author:   [email protected]
Date:     Fri Jan 17 12:18:57 2014 UTC
Log: Minor bugfix in building inlined Array: bad argument to JSArrayBuilder. 

An HConstant pointing to a Cell rather than an AllocationSite
was passed. The argument wasn't used because of fortuitous
flags. An assert was added to protect the argument.

[email protected]

Review URL: https://codereview.chromium.org/141533003
http://code.google.com/p/v8/source/detail?r=18666

Modified:
 /branches/bleeding_edge/src/hydrogen.cc

=======================================
--- /branches/bleeding_edge/src/hydrogen.cc     Fri Jan 17 11:08:24 2014 UTC
+++ /branches/bleeding_edge/src/hydrogen.cc     Fri Jan 17 12:18:57 2014 UTC
@@ -2704,6 +2704,9 @@
         kind_(kind),
         allocation_site_payload_(allocation_site_payload),
         constructor_function_(constructor_function) {
+  ASSERT(!allocation_site_payload->IsConstant() ||
+         HConstant::cast(allocation_site_payload)->handle(
+             builder_->isolate())->IsAllocationSite());
   mode_ = override_mode == DISABLE_ALLOCATION_SITES
       ? DONT_TRACK_ALLOCATION_SITE
       : AllocationSite::GetMode(kind);
@@ -7944,10 +7947,10 @@
   Handle<Cell> cell = expr->allocation_info_cell();
   Handle<AllocationSite> site(AllocationSite::cast(cell->value()));

-  // Register on the site for deoptimization if the cell value changes.

+  // Register on the site for deoptimization if the transition feedback  
changes.

   AllocationSite::AddDependentCompilationInfo(
       site, AllocationSite::TRANSITIONS, top_info());
-  HInstruction* cell_instruction = Add<HConstant>(cell);
+  HInstruction* site_instruction = Add<HConstant>(site);


   // In the single constant argument case, we may have to adjust elements  
kind

   // to avoid creating a packed non-empty array.
@@ -7966,7 +7969,7 @@
   // Build the array.
   JSArrayBuilder array_builder(this,
                                kind,
-                               cell_instruction,
+                               site_instruction,
                                constructor,
                                DISABLE_ALLOCATION_SITES);
   HValue* new_object;

--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

--- 
You received this message because you are subscribed to the Google Groups "v8-dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.














    











					Reply via email to