projects / platform / upstream / v8.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 14151c8) | patch
Hydrogen object literals: always initialize in-object properties
authorjkummerow <jkummerow@chromium.org>
Wed, 17 Jun 2015 11:24:15 +0000 (04:24 -0700)
committerCommit bot <commit-bot@chromium.org>
Wed, 17 Jun 2015 11:24:24 +0000 (11:24 +0000)
commit5fca3947cf52f5ff2c5d094281a38347eb9df68f
treed199157dd88827a2936673a03c160acfd817cbc7tree | snapshot
parent14151c81a26502fb50ba096fb7cdac9c0d7a201bcommit | diff
Hydrogen object literals: always initialize in-object properties

This fixes a bug where new-space GC could be triggered by non-folded allocations for some of the in-object properties, while the object was only partially initialized.

BUG=chromium:500497
LOG=y
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/1182113007

Cr-Commit-Position: refs/heads/master@{#29079}
src/hydrogen.cc diff | blob | history
src/hydrogen.h diff | blob | history
src/runtime/runtime-test.cc diff | blob | history
test/mjsunit/regress/regress-crbug-500497.js [new file with mode: 0644] blob
Domain: Web Framework / Web Engine;