Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(470)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/ic/keyed-store-generic.cc

Issue 2492783004: [ic] Fix elements conversion in KeyedStoreGeneric (Closed)
Patch Set: Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | test/mjsunit/regress/regress-crbug-664469.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 the V8 project authors. All rights reserved. 1 // Copyright 2016 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/ic/keyed-store-generic.h" 5 #include "src/ic/keyed-store-generic.h"
6 6
7 #include "src/compiler/code-assembler.h" 7 #include "src/compiler/code-assembler.h"
8 #include "src/contexts.h" 8 #include "src/contexts.h"
9 #include "src/isolate.h" 9 #include "src/isolate.h"
10 10
(...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after
132 var_target_map.Bind(LoadContextElement( 132 var_target_map.Bind(LoadContextElement(
133 native_context, Context::ArrayMapIndex(holey_to_kind))); 133 native_context, Context::ArrayMapIndex(holey_to_kind)));
134 Goto(&perform_transition); 134 Goto(&perform_transition);
135 } 135 }
136 136
137 // Found a supported transition target map, perform the transition! 137 // Found a supported transition target map, perform the transition!
138 Bind(&perform_transition); 138 Bind(&perform_transition);
139 { 139 {
140 if (IsFastDoubleElementsKind(from_kind) != 140 if (IsFastDoubleElementsKind(from_kind) !=
141 IsFastDoubleElementsKind(to_kind)) { 141 IsFastDoubleElementsKind(to_kind)) {
142 Node* capacity = LoadFixedArrayBaseLength(elements); 142 Node* capacity = SmiUntag(LoadFixedArrayBaseLength(elements));
143 GrowElementsCapacity(receiver, elements, from_kind, to_kind, capacity, 143 GrowElementsCapacity(receiver, elements, from_kind, to_kind, capacity,
144 capacity, INTPTR_PARAMETERS, bailout); 144 capacity, INTPTR_PARAMETERS, bailout);
145 } 145 }
146 StoreObjectField(receiver, JSObject::kMapOffset, var_target_map.value()); 146 StoreObjectField(receiver, JSObject::kMapOffset, var_target_map.value());
147 } 147 }
148 } 148 }
149 149
150 void KeyedStoreGenericAssembler::TryChangeToHoleyMapHelper( 150 void KeyedStoreGenericAssembler::TryChangeToHoleyMapHelper(
151 Node* receiver, Node* receiver_map, Node* native_context, 151 Node* receiver, Node* receiver_map, Node* native_context,
152 ElementsKind packed_kind, ElementsKind holey_kind, Label* done, 152 ElementsKind packed_kind, ElementsKind holey_kind, Label* done,
(...skipping 387 matching lines...) Expand 10 before | Expand all | Expand 10 after
540 Bind(&slow); 540 Bind(&slow);
541 { 541 {
542 Comment("KeyedStoreGeneric_slow"); 542 Comment("KeyedStoreGeneric_slow");
543 TailCallRuntime(Runtime::kSetProperty, p->context, p->receiver, p->name, 543 TailCallRuntime(Runtime::kSetProperty, p->context, p->receiver, p->name,
544 p->value, SmiConstant(language_mode)); 544 p->value, SmiConstant(language_mode));
545 } 545 }
546 } 546 }
547 547
548 } // namespace internal 548 } // namespace internal
549 } // namespace v8 549 } // namespace v8
OLDNEW
« no previous file with comments | « no previous file | test/mjsunit/regress/regress-crbug-664469.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698