Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(55)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/code-stubs-hydrogen.cc

Issue 2068693003: [stubs] Ensure that StoreTransitionStub does not bailout after the properties backing store is enla… (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | src/crankshaft/hydrogen.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/code-stubs-hydrogen.cc
diff --git a/src/code-stubs-hydrogen.cc b/src/code-stubs-hydrogen.cc
index e688bedcad1fd20b21f904329f9ceaaea1a81884..672023c0e01f21d9f9defc2eeef9bf14a9f811b6 100644
--- a/src/code-stubs-hydrogen.cc
+++ b/src/code-stubs-hydrogen.cc
@@ -1363,8 +1363,21 @@ Handle<Code> StoreFieldStub::GenerateCode() { return DoGenerateCode(this); }
template <>
HValue* CodeStubGraphBuilder<StoreTransitionStub>::BuildCodeStub() {
HValue* object = GetParameter(StoreTransitionHelper::ReceiverIndex());
+ HValue* value = GetParameter(StoreTransitionHelper::ValueIndex());
+ StoreTransitionStub::StoreMode store_mode = casted_stub()->store_mode();
+
+ if (store_mode != StoreTransitionStub::StoreMapOnly) {
+ value = GetParameter(StoreTransitionHelper::ValueIndex());
+ Representation representation = casted_stub()->representation();
+ if (representation.IsDouble()) {
+ // In case we are storing a double, assure that the value is a double
+ // before manipulating the properties backing store. Otherwise the actual
+ // store may deopt, leaving the backing store in an overallocated state.
+ value = AddUncasted<HForceRepresentation>(value, representation);
+ }
+ }
- switch (casted_stub()->store_mode()) {
+ switch (store_mode) {
case StoreTransitionStub::ExtendStorageAndStoreMapAndValue: {
HValue* properties = Add<HLoadNamedField>(
object, nullptr, HObjectAccess::ForPropertiesPointer());
@@ -1392,9 +1405,8 @@ HValue* CodeStubGraphBuilder<StoreTransitionStub>::BuildCodeStub() {
// Fall through.
case StoreTransitionStub::StoreMapAndValue:
// Store the new value into the "extended" object.
- BuildStoreNamedField(
- object, GetParameter(StoreTransitionHelper::ValueIndex()),
- casted_stub()->index(), casted_stub()->representation(), true);
+ BuildStoreNamedField(object, value, casted_stub()->index(),
+ casted_stub()->representation(), true);
// Fall through.
case StoreTransitionStub::StoreMapOnly:
@@ -1403,7 +1415,7 @@ HValue* CodeStubGraphBuilder<StoreTransitionStub>::BuildCodeStub() {
GetParameter(StoreTransitionHelper::MapIndex()));
break;
}
- return GetParameter(StoreTransitionHelper::ValueIndex());
+ return value;
}
« no previous file with comments | « no previous file | src/crankshaft/hydrogen.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698