Fix of argument materialization of captured heap numbers.
The escape analysis calculates the number of slots in an object as
no-of-slots = object-size / pointer-size. This gives 3 slots for
heap numbers on 32-bit architectures (one slot for the map, two for
the double value); however, my argument materialization code assumed
just two slots (map + value). Since Hydrogen allocates heap numbers
quite rarely, it is hard to produce a more meaningful repro than the
one provided by Clusterfuzz. Any suggestions are welcome.
The fix is simple - we just read out all extra slots (beyond the map
and the double) for heap numbers.
R=mstarzinger@chromium.org
BUG=351315
LOG=N
Review URL: https://codereview.chromium.org/
196283004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19874
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
projects / platform / upstream / v8.git / commit