Revision: 20324
Author: [email protected]
Date: Fri Mar 28 08:59:46 2014 UTC
Log: Fix deopts causing uninitialized fixed typed arrays.
The deopt will not happen in production code, since we check that
lengths of fixed typed arrays are smis before calling
TypedArrayInitialze, but that makes deopt bot happy.
[email protected]
Review URL: https://codereview.chromium.org/212643016
http://code.google.com/p/v8/source/detail?r=20324
Modified:
/branches/bleeding_edge/src/hydrogen.cc
/branches/bleeding_edge/src/runtime.cc
=======================================
--- /branches/bleeding_edge/src/hydrogen.cc Thu Mar 27 16:30:03 2014 UTC
+++ /branches/bleeding_edge/src/hydrogen.cc Fri Mar 28 08:59:46 2014 UTC
@@ -8510,6 +8510,10 @@
HValue* buffer, HValue* byte_offset, HValue* length) {
Handle<Map> external_array_map(
isolate()->heap()->MapForExternalArrayType(array_type));
+
+ // The HForceRepresentation is to prevent possible deopt on int-smi
+ // conversion after allocation but before the new object fields are set.
+ length = AddUncasted<HForceRepresentation>(length,
Representation::Smi());
HValue* elements =
Add<HAllocate>(
Add<HConstant>(ExternalArray::kAlignedSize),
@@ -8518,6 +8522,8 @@
external_array_map->instance_type());
AddStoreMapConstant(elements, external_array_map);
+ Add<HStoreNamedField>(elements,
+ HObjectAccess::ForFixedArrayLength(), length);
HValue* backing_store = Add<HLoadNamedField>(
buffer, static_cast<HValue*>(NULL),
@@ -8534,14 +8540,11 @@
external_pointer->ClearFlag(HValue::kCanOverflow);
typed_array_start = external_pointer;
}
-
Add<HStoreNamedField>(elements,
HObjectAccess::ForExternalArrayExternalPointer(),
typed_array_start);
- Add<HStoreNamedField>(elements,
- HObjectAccess::ForFixedArrayLength(), length);
return elements;
}
@@ -8565,6 +8568,9 @@
total_size->ClearFlag(HValue::kCanOverflow);
}
+ // The HForceRepresentation is to prevent possible deopt on int-smi
+ // conversion after allocation but before the new object fields are set.
+ length = AddUncasted<HForceRepresentation>(length,
Representation::Smi());
Handle<Map> fixed_typed_array_map(
isolate()->heap()->MapForFixedTypedArray(array_type));
HValue* elements =
@@ -8576,6 +8582,7 @@
Add<HStoreNamedField>(elements,
HObjectAccess::ForFixedArrayLength(),
length);
+
HValue* filler = Add<HConstant>(static_cast<int32_t>(0));
{
@@ -8588,8 +8595,6 @@
builder.EndBody();
}
- Add<HStoreNamedField>(
- elements, HObjectAccess::ForFixedArrayLength(), length);
return elements;
}
=======================================
--- /branches/bleeding_edge/src/runtime.cc Thu Mar 27 17:40:52 2014 UTC
+++ /branches/bleeding_edge/src/runtime.cc Fri Mar 28 08:59:46 2014 UTC
@@ -1236,7 +1236,8 @@
RUNTIME_FUNCTION(MaybeObject*, Runtime_TypedArrayMaxSizeInHeap) {
- ASSERT_OBJECT_SIZE(FLAG_typed_array_max_size_in_heap);
+ ASSERT_OBJECT_SIZE(
+ FLAG_typed_array_max_size_in_heap +
FixedTypedArrayBase::kDataOffset);
return Smi::FromInt(FLAG_typed_array_max_size_in_heap);
}
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
