Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(541)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 418023002: CallIC customization stubs must accept that a vector slot is cleared. (Closed)

Created:
6 years, 5 months ago by mvstanton
Modified:
6 years, 4 months ago
Reviewers:
Toon Verwaest
CC:
v8-dev
Project:
v8
Visibility:
Public.

Description

CallIC customization stubs must accept that a vector slot is cleared. The CallIC Array custom IC stub read from the type vector, expecting to get an AllocationSite. But there are paths in the system where a type vector can be re-created with default values, even though we currently grant an exception to clearing of vector slots with AllocationSites in them at gc time. BUG=392114 LOG=N R=verwaest@chromium.org Committed: https://code.google.com/p/v8/source/detail?r=22668

Patch Set 1 #

Total comments: 6

Patch Set 2 : Regression test, fixed useless cycling. #

Patch Set 3 : CallIC feedback slots don't contain smis. #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+100 lines, -35 lines) Patch
M src/arm/code-stubs-arm.cc View 1 2 2 chunks +13 lines, -4 lines 0 comments Download
M src/arm64/code-stubs-arm64.cc View 1 2 2 chunks +12 lines, -5 lines 0 comments Download
M src/ia32/code-stubs-ia32.cc View 1 2 2 chunks +13 lines, -3 lines 0 comments Download
M src/ic.cc View 1 2 3 chunks +18 lines, -5 lines 0 comments Download
M src/x64/code-stubs-x64.cc View 1 2 2 chunks +12 lines, -4 lines 0 comments Download
A + test/mjsunit/regress/regress-392114.js View 1 2 chunks +32 lines, -14 lines 1 comment Download

Messages

Total messages: 5 (0 generated)
mvstanton
Hi Toon, Here is the fix for the chrome bug we discussed.
6 years, 5 months ago (2014-07-24 15:11:25 UTC) #1
Toon Verwaest
lgtm with nit. You can land the repro separately. https://codereview.chromium.org/418023002/diff/1/src/arm/code-stubs-arm.cc File src/arm/code-stubs-arm.cc (right): https://codereview.chromium.org/418023002/diff/1/src/arm/code-stubs-arm.cc#newcode2972 src/arm/code-stubs-arm.cc:2972: ...
6 years, 4 months ago (2014-07-28 14:11:39 UTC) #2
mvstanton
Thanks Toon, here is the update we discussed. The custom handler still has to check ...
6 years, 4 months ago (2014-07-28 16:02:50 UTC) #3
Toon Verwaest
lgtm with nit https://codereview.chromium.org/418023002/diff/60001/test/mjsunit/regress/regress-392114.js File test/mjsunit/regress/regress-392114.js (right): https://codereview.chromium.org/418023002/diff/60001/test/mjsunit/regress/regress-392114.js#newcode38 test/mjsunit/regress/regress-392114.js:38: if (arg === true) { if ...
6 years, 4 months ago (2014-07-29 11:28:18 UTC) #4
mvstanton
6 years, 4 months ago (2014-07-29 11:53:38 UTC) #5
Message was sent while issue was closed. 
Committed patchset #3 manually as r22668.

Powered by Google App Engine
This is Rietveld 408576698