| Index: src/hydrogen.cc
|
| diff --git a/src/hydrogen.cc b/src/hydrogen.cc
|
| index 21ef8c019fb410b26214f1751c53e27e3a8579fb..8194d6b8ae49e37a567f175931e88a878be2f678 100644
|
| --- a/src/hydrogen.cc
|
| +++ b/src/hydrogen.cc
|
| @@ -8355,6 +8355,7 @@ bool HOptimizedGraphBuilder::TryInlineBuiltinMethodCall(
|
| if (receiver_map.is_null()) return false;
|
| if (receiver_map->instance_type() != JS_ARRAY_TYPE) return false;
|
| ElementsKind elements_kind = receiver_map->elements_kind();
|
| + if (JSArray::IsReadOnlyLengthDescriptor(receiver_map)) return false;
|
| if (!IsFastElementsKind(elements_kind)) return false;
|
| if (receiver_map->is_observed()) return false;
|
| if (!receiver_map->is_extensible()) return false;
|
| @@ -8472,6 +8473,7 @@ bool HOptimizedGraphBuilder::TryInlineBuiltinMethodCall(
|
| if (receiver_map.is_null()) return false;
|
| if (receiver_map->instance_type() != JS_ARRAY_TYPE) return false;
|
| ElementsKind kind = receiver_map->elements_kind();
|
| + if (JSArray::IsReadOnlyLengthDescriptor(receiver_map)) return false;
|
| if (!IsFastElementsKind(kind)) return false;
|
| if (receiver_map->is_observed()) return false;
|
| if (!receiver_map->is_extensible()) return false;
|
| @@ -8544,10 +8546,12 @@ bool HOptimizedGraphBuilder::TryInlineBuiltinMethodCall(
|
| graph()->GetConstant0(), new_length, Token::LT);
|
| HValue* key = AddUncasted<HAdd>(new_key, graph()->GetConstant1());
|
| key->ClearFlag(HValue::kCanOverflow);
|
| + ElementsKind copy_kind =
|
| + kind == FAST_HOLEY_SMI_ELEMENTS ? FAST_HOLEY_ELEMENTS : kind;
|
| HValue* element = AddUncasted<HLoadKeyed>(
|
| - elements, key, lengthiszero, kind, ALLOW_RETURN_HOLE);
|
| - HStoreKeyed* store = Add<HStoreKeyed>(
|
| - elements, new_key, element, kind);
|
| + elements, key, lengthiszero, copy_kind, ALLOW_RETURN_HOLE);
|
| + HStoreKeyed* store =
|
| + Add<HStoreKeyed>(elements, new_key, element, copy_kind);
|
| store->SetFlag(HValue::kAllowUndefinedAsNaN);
|
| }
|
| loop.EndBody();
|
| @@ -11375,11 +11379,13 @@ void HOptimizedGraphBuilder::BuildEmitFixedArray(
|
| site_context->ExitScope(current_site, value_object);
|
| Add<HStoreKeyed>(object_elements, key_constant, result, kind);
|
| } else {
|
| - HInstruction* value_instruction =
|
| - Add<HLoadKeyed>(boilerplate_elements, key_constant,
|
| - static_cast<HValue*>(NULL), kind,
|
| - ALLOW_RETURN_HOLE);
|
| - Add<HStoreKeyed>(object_elements, key_constant, value_instruction, kind);
|
| + ElementsKind copy_kind =
|
| + kind == FAST_HOLEY_SMI_ELEMENTS ? FAST_HOLEY_ELEMENTS : kind;
|
| + HInstruction* value_instruction = Add<HLoadKeyed>(
|
| + boilerplate_elements, key_constant, static_cast<HValue*>(NULL),
|
| + copy_kind, ALLOW_RETURN_HOLE);
|
| + Add<HStoreKeyed>(object_elements, key_constant, value_instruction,
|
| + copy_kind);
|
| }
|
| }
|
| }
|
|
|
Chromium Code Reviews
Issue 737383002:
Fix for 435073: CHECK failure in CHECK(p->IsSmi()) failed. (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master