Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(101)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 194623005: 350884: KeyedStoreIC miss didn't handle a transitioning case. (Closed)

Created:
6 years, 9 months ago by mvstanton
Modified:
6 years, 9 months ago
Reviewers:
Toon Verwaest
CC:
v8-dev
Visibility:
Public.

Description

350884: KeyedStoreIC miss didn't handle a transitioning case. It's possible to get a transitioned map with no links to the origin map if it's a shared map. Code in KeyedStoreIC::StoreElementStub assumes it can check if two maps are in the same family by traversing the transition array. Long term, the "family" relationship should be recognized with the Normalized Map Cache. For now, allow the IC to remain monomorphic in this case if the receiver map and the previous receiver map are the same. Filed V8 issue 3210 (https://code.google.com/p/v8/issues/detail?id=3210) to track the issue with the Normalized Map Cache. BUG=350884 LOG=N R=verwaest@chromium.org Committed: https://code.google.com/p/v8/source/detail?r=19847

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+20 lines, -19 lines) Patch
M src/ic.cc View 1 chunk +11 lines, -11 lines 0 comments Download
A + test/mjsunit/regress/regress-350884.js View 1 chunk +9 lines, -8 lines 0 comments Download

Messages

Total messages: 3 (0 generated)
mvstanton
Hi Toon, here is the bug we discussed today, PTAL, thanks! --Michael
6 years, 9 months ago (2014-03-11 17:32:51 UTC) #1
Toon Verwaest
lgtm
6 years, 9 months ago (2014-03-12 13:02:09 UTC) #2
mvstanton
6 years, 9 months ago (2014-03-12 13:35:46 UTC) #3
Message was sent while issue was closed. 
Committed patchset #1 manually as r19847 (presubmit successful).

Powered by Google App Engine
This is Rietveld 408576698