Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(8)

Issue 737383002: Fix for 435073: CHECK failure in CHECK(p->IsSmi()) failed. (Closed)

Created:
4 years, 11 months ago by mvstanton
Modified:
4 years, 11 months ago
Reviewers:
Toon Verwaest
CC:
v8-dev, Jarin
Base URL:
https://chromium.googlesource.com/v8/v8.git@master
Project:
v8
Visibility:
Public.

Description

Fix for 435073: CHECK failure in CHECK(p->IsSmi()) failed. The bug was an error when copying arrays in crankshaft. If it's a holey smi array, the copy must be done as FAST_HOLEY_ELEMENTS to prevent representation changes from being inserted that deopt on encountering the hole. Also, prevent inlining array pop() and shift() if the length is read-only. BUG=435073 LOG=N R=verwaest@chromium.org Committed: https://chromium.googlesource.com/v8/v8/+/3d58b82addcdc72755539631b1d5dc603a9b2135

Patch Set 1 #

Patch Set 2 : Added test for pop and shift issue. #

Patch Set 3 : Another test. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+59 lines, -19 lines) Patch
M src/hydrogen.cc View 4 chunks +14 lines, -8 lines 0 comments Download
M test/mjsunit/array-methods-read-only-length.js View 1 2 chunks +15 lines, -5 lines 0 comments Download
A test/mjsunit/array-shift4.js View 1 2 1 chunk +24 lines, -0 lines 0 comments Download
A + test/mjsunit/regress/regress-435073.js View 1 chunk +6 lines, -6 lines 0 comments Download

Messages

Total messages: 6 (1 generated)
mvstanton
Hi Toon, Here is the fix we discussed, thx for the look, --Michael
4 years, 11 months ago (2014-11-20 12:45:35 UTC) #2
Toon Verwaest
Please add some tests for the additional issues you fixed. Otherwise looks good.
4 years, 11 months ago (2014-11-20 12:56:41 UTC) #3
mvstanton
Good idea. * array-shift4.js - this covers the case where a hole is encountered in ...
4 years, 11 months ago (2014-11-20 14:21:19 UTC) #4
Toon Verwaest
lgtm
4 years, 11 months ago (2014-11-21 10:00:55 UTC) #5
mvstanton
4 years, 11 months ago (2014-11-21 10:14:26 UTC) #6
Message was sent while issue was closed.
Committed patchset #3 (id:40001) manually as
3d58b82addcdc72755539631b1d5dc603a9b2135 (presubmit successful).

Powered by Google App Engine
This is Rietveld 408576698