Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(441)

Unified Diff: src/hydrogen.h

Issue 1092043002: Protect the emptiness of Array prototype elements with a PropertyCell. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Try again :p. Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « src/heap/heap.cc ('k') | src/isolate.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/hydrogen.h
diff --git a/src/hydrogen.h b/src/hydrogen.h
index 1ac72a04b50802af9d399350c15aeb7b91ffd8f8..8617d385347a889430f0a86492cc3250da6f7a35 100644
--- a/src/hydrogen.h
+++ b/src/hydrogen.h
@@ -416,10 +416,8 @@ class HGraph final : public ZoneObject {
void MarkDependsOnEmptyArrayProtoElements() {
// Add map dependency if not already added.
if (depends_on_empty_array_proto_elements_) return;
- info()->dependencies()->AssumeElementsCantBeAdded(
- handle(isolate()->initial_object_prototype()->map()));
- info()->dependencies()->AssumeElementsCantBeAdded(
- handle(isolate()->initial_array_prototype()->map()));
+ info()->dependencies()->AssumePropertyCell(
+ isolate()->factory()->array_protector());
depends_on_empty_array_proto_elements_ = true;
}
« no previous file with comments | « src/heap/heap.cc ('k') | src/isolate.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698