Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(597)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 399067: Fixed bug in pixel array inline cache on x64. The value was not... (Closed)

Created:
11 years, 1 month ago by Mads Ager (chromium)
Modified:
9 years, 7 months ago
CC:
v8-dev
Visibility:
Public.

Description

Fixed bug in pixel array inline cache on x64. The value was not zero-extended as it should be. Therefore, the index into the pixel array could influence the value on reads. BUG=http://code.google.com/p/chromium/issues/detail?id=26337 Committed: http://code.google.com/p/v8/source/detail?r=3328

Patch Set 1 #

Total comments: 2
Unified diffs Side-by-side diffs Delta from patch set Stats (+14 lines, -5 lines) Patch
M src/x64/ic-x64.cc View 1 chunk +1 line, -1 line 0 comments Download
M test/cctest/test-api.cc View 2 chunks +13 lines, -4 lines 2 comments Download

Messages

Total messages: 3 (0 generated)
Mads Ager (chromium)
11 years, 1 month ago (2009-11-18 11:21:50 UTC) #1
Søren Thygesen Gjesse
LGTM http://codereview.chromium.org/399067/diff/1/2 File test/cctest/test-api.cc (right): http://codereview.chromium.org/399067/diff/1/2#newcode7773 Line 7773: "for (var j = 0; j < ...
11 years, 1 month ago (2009-11-18 11:30:16 UTC) #2
Mads Ager (chromium)
11 years, 1 month ago (2009-11-18 11:35:55 UTC) #3 
http://codereview.chromium.org/399067/diff/1/2
File test/cctest/test-api.cc (right):

http://codereview.chromium.org/399067/diff/1/2#newcode7773
Line 7773: "for (var j = 0; j < 8; j++) { i = pixels[256]; }"
On 2009/11/18 11:30:16, Søren Gjesse wrote:
> How about using i+= pixels[256] and checking for i == 8 * 255?

The 8 is only there to make sure that we hit the IC case.  All other tests here
use 8, so I went for that as well.

Powered by Google App Engine
This is Rietveld 408576698