Comment #3 on issue 4359 by bugdro...@chromium.org: Crash in
v8::internal::MemoryChunk::IsEvacuationCandidate on arm64 in
mjsunit/strong/load-proxy.js
https://code.google.com/p/v8/issues/detail?id=4359#c3
The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8.git/+/a039ff2930cbe6881360925e4debc959c7db392a
commit a039ff2930cbe6881360925e4debc959c7db392a
Author: mlippautz <mlippa...@chromium.org>
Date: Fri Aug 07 12:54:49 2015
[GC] Align behavior of JSProxy with JSObject when embedded in optimized code
With --harmony-proxies enabled, embedded pointers in optimized code can
point to
a JSProxy (via a cell). Since JSProxy can morph into JSObject we need to
align
the expectations of weak vs strong refs.
With this patch we also treat JSPRoxy as weak ref (like JSObject) and
therefore
properly record a dependency on it, so that once the cell pointing to it
becomes
unreachable we deoptimize the corresponding code.
BUG=v8:4359
LOG=N
Review URL: https://codereview.chromium.org/1270393003
Cr-Commit-Position: refs/heads/master@{#30067}
[modify]
http://crrev.com/a039ff2930cbe6881360925e4debc959c7db392a/src/objects-inl.h
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
