projects / platform / upstream / v8.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 83d02a8)
Minor bugfix in building inlined Array: bad argument to JSArrayBuilder.
authormvstanton@chromium.org <mvstanton@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Fri, 17 Jan 2014 12:18:57 +0000 (12:18 +0000)
committermvstanton@chromium.org <mvstanton@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Fri, 17 Jan 2014 12:18:57 +0000 (12:18 +0000)
An HConstant pointing to a Cell rather than an AllocationSite
was passed. The argument wasn't used because of fortuitous
flags. An assert was added to protect the argument.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/141533003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18666 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/hydrogen.cc patch | blob | history

diff --git a/src/hydrogen.cc b/src/hydrogen.cc
index 8e2ac74..54e7ee8 100644 (file)
--- a/src/hydrogen.cc
+++ b/src/hydrogen.cc
@@ -2704,6 +2704,9 @@ HGraphBuilder::JSArrayBuilder::JSArrayBuilder(HGraphBuilder* builder,
         kind_(kind),
         allocation_site_payload_(allocation_site_payload),
         constructor_function_(constructor_function) {
+  ASSERT(!allocation_site_payload->IsConstant() ||
+         HConstant::cast(allocation_site_payload)->handle(
+             builder_->isolate())->IsAllocationSite());
   mode_ = override_mode == DISABLE_ALLOCATION_SITES
       ? DONT_TRACK_ALLOCATION_SITE
       : AllocationSite::GetMode(kind);
@@ -7944,10 +7947,10 @@ void HOptimizedGraphBuilder::BuildInlinedCallNewArray(CallNew* expr) {
   Handle<Cell> cell = expr->allocation_info_cell();
   Handle<AllocationSite> site(AllocationSite::cast(cell->value()));
 
-  // Register on the site for deoptimization if the cell value changes.
+  // Register on the site for deoptimization if the transition feedback changes.
   AllocationSite::AddDependentCompilationInfo(
       site, AllocationSite::TRANSITIONS, top_info());
-  HInstruction* cell_instruction = Add<HConstant>(cell);
+  HInstruction* site_instruction = Add<HConstant>(site);
 
   // In the single constant argument case, we may have to adjust elements kind
   // to avoid creating a packed non-empty array.
@@ -7966,7 +7969,7 @@ void HOptimizedGraphBuilder::BuildInlinedCallNewArray(CallNew* expr) {
   // Build the array.
   JSArrayBuilder array_builder(this,
                                kind,
-                               cell_instruction,
+                               site_instruction,
                                constructor,
                                DISABLE_ALLOCATION_SITES);
   HValue* new_object;
Domain: Web Framework / Web Engine;