Javascript constructors called from C++ code didn't have a type cell
properly filled in on ia32. This showed up as a bug in webkit bindings.
Re-enabled flag optimize-constructed-arrays.
BUG=
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/
15870002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14775
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
"eliminate unreachable code (hidden behind soft deopts)")
DEFINE_bool(track_allocation_sites, true,
"Use allocation site info to reduce transitions")
-DEFINE_bool(optimize_constructed_arrays, false,
+DEFINE_bool(optimize_constructed_arrays, true,
"Use allocation site info on constructed arrays")
DEFINE_bool(trace_osr, false, "trace on-stack replacement")
DEFINE_int(stress_runs, 0, "number of stress runs")
// Invoke the code.
if (is_construct) {
+ // No type feedback cell is available
+ Handle<Object> undefined_sentinel(
+ masm->isolate()->heap()->undefined_value(), masm->isolate());
+ __ mov(ebx, Immediate(undefined_sentinel));
CallConstructStub stub(NO_CALL_FUNCTION_FLAGS);
__ CallStub(&stub);
} else {
// support_smi_only_arrays = %HasFastSmiElements(new Array(1,2,3,4,5,6,7,8));
support_smi_only_arrays = true;
-optimize_constructed_arrays = false;
+optimize_constructed_arrays = true;
if (support_smi_only_arrays) {
print("Tests include smi-only arrays.");
projects / platform / upstream / v8.git / commitdiff