Issue 8895025: Fix invalid usage of StoreIC_ArrayLength optimization.

Issue 8895025: Fix invalid usage of StoreIC_ArrayLength optimization. (Closed)

Created:
9 years ago by Michael Starzinger

Modified:
9 years ago

Reviewers:
Sven Panne

CC:
v8-dev

Base URL:
https://v8.googlecode.com/svn/branches/bleeding_edge

Visibility:
Public.

More Reviews

Description

Fix invalid usage of StoreIC_ArrayLength optimization. This introduces an additional check into the StoreIC_ArrayLength builtin checking that the array still has fast properties. Redifinitions of the length property that would cause it's type or attributes to change, will switch to slow properties, thereby invalidating said optimization. R=svenpanne@chromium.org BUG=v8:1756 TEST=test262 Committed: http://code.google.com/p/v8/source/detail?r=10254

Patch Set 1 #

Patch Set 2 : Change check to be in sync with JSObject::HasFastProperties. #

Total comments: 4

Patch Set 3 : Addressed comments by Sven Panne. #

Created: 9 years ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+77 lines, -45 lines)			Patch
M	src/arm/ic-arm.cc	View	1 2	2 chunks	+11 lines, -5 lines	0 comments	Download
M	src/ia32/ic-ia32.cc	View	1 2	2 chunks	+10 lines, -3 lines	0 comments	Download
M	src/ia32/macro-assembler-ia32.h	View	1 2	1 chunk	+2 lines, -1 line	0 comments	Download
M	src/ia32/macro-assembler-ia32.cc	View	1 2	1 chunk	+8 lines, -0 lines	0 comments	Download
M	src/ic.cc	View		2 chunks	+15 lines, -5 lines	0 comments	Download
M	src/mips/ic-mips.cc	View		2 chunks	+8 lines, -5 lines	0 comments	Download
M	src/objects.h	View		3 chunks	+4 lines, -4 lines	0 comments	Download
M	src/objects.cc	View		1 chunk	+1 line, -1 line	0 comments	Download
M	src/objects-inl.h	View		2 chunks	+7 lines, -8 lines	0 comments	Download
M	src/x64/ic-x64.cc	View	1 2	2 chunks	+11 lines, -5 lines	0 comments	Download
M	test/test262/test262.status	View		1 chunk	+0 lines, -8 lines	0 comments	Download

Messages

Total messages: 4 (0 generated)

Expand Messages | Collapse Messages

Sven Panne

http://codereview.chromium.org/8895025/diff/2001/src/ia32/ic-ia32.cc File src/ia32/ic-ia32.cc (right): http://codereview.chromium.org/8895025/diff/2001/src/ia32/ic-ia32.cc#newcode1406 src/ia32/ic-ia32.cc:1406: __ cmp(FieldOperand(scratch, FixedArray::kMapOffset), Immediate(map)); Perhaps we should generalize CompareRoot ...

9 years ago (2011-12-14 09:48:12 UTC) #2

Michael Starzinger

Also changed ARM to use CompareRoot() instead. http://codereview.chromium.org/8895025/diff/2001/src/ia32/ic-ia32.cc File src/ia32/ic-ia32.cc (right): http://codereview.chromium.org/8895025/diff/2001/src/ia32/ic-ia32.cc#newcode1406 src/ia32/ic-ia32.cc:1406: __ cmp(FieldOperand(scratch, ...

9 years ago (2011-12-14 10:10:15 UTC) #3

lgtm

Expand Messages | Collapse Messages