review.tizen.org Git - platform/upstream/v8.git/commit

projects / platform / upstream / v8.git / commit

author	svenpanne <svenpanne@chromium.org>
	Tue, 16 Dec 2014 14:20:15 +0000 (06:20 -0800)
committer	Commit bot <commit-bot@chromium.org>
	Tue, 16 Dec 2014 14:20:28 +0000 (14:20 +0000)
commit	cbf3b0bcc745536ee97ca21a3f9a7e613f31bc18
tree	c0de9764fe2fb9fa8019336fa2897e0fb387c4aa	tree \| snapshot
parent	08146dc023ea02608a4184f88c292bd8f299aed0	commit \| diff

More -fsanitize=vptr fixes.

This actually fixes 3 different issues when accessing Operand1:

   * Object vs. HeapObject

   * Wrong defaults for equals/hash

   * silently dropping const

TEST=test/mjsunit/regress/regress-441099.js
BUG=chromium:441099
LOG=y

Review URL: https://codereview.chromium.org/812563002

Cr-Commit-Position: refs/heads/master@{#25843}

Domain: Web Framework / Web Engine;

RSS Atom

src/compiler/arm/instruction-selector-arm.cc		diff \| blob \| history
src/compiler/arm64/instruction-selector-arm64.cc		diff \| blob \| history
src/compiler/ia32/instruction-selector-ia32.cc		diff \| blob \| history
src/compiler/instruction-selector-impl.h		diff \| blob \| history
src/compiler/instruction-selector.cc		diff \| blob \| history
src/compiler/mips/instruction-selector-mips.cc		diff \| blob \| history
src/compiler/mips64/instruction-selector-mips64.cc		diff \| blob \| history
src/compiler/operator.h		diff \| blob \| history
src/compiler/typer.cc		diff \| blob \| history
src/compiler/x64/instruction-selector-x64.cc		diff \| blob \| history
test/mjsunit/regress/regress-441099.js	[new file with mode: 0644]	blob