[v8-dev] MIPS: Bugfix: The general array constructor stub did not handle the case properly when it is called… (issue 18858003)

Mon, 08 Jul 2013 10:41:33 -0700 

Reviewers: danno, mvstanton, Paul Lind, palfia, kisg,

Description:
MIPS: Bugfix: The general array constructor stub did not handle the case
properly when it is called with a function pointer in the type cell, instead
assuming that an AllocationSite object should be present.

Port r15555 (262c081)

Original commit message:
The case where this can happen is if the cell is uninitialized, then the
first constructor call made is to the Array function of a different
context. In that case, we'll store the function pointer in the cell,
and then go ahead and call the array constructor stub too. The bug is
fixed by checking for the AllocationSite object map. If not found, the
constructor stub goes forward with a default ElementsKind, just as in
several other cases.

A test in allocation-site-info.js was beefed up to make sure the state
chain described above is traversed.

BUG=


Please review this at https://codereview.chromium.org/18858003/

SVN Base: https://github.com/v8/v8.git@gbl

Affected files:
  M src/mips/code-stubs-mips.cc


Index: src/mips/code-stubs-mips.cc
diff --git a/src/mips/code-stubs-mips.cc b/src/mips/code-stubs-mips.cc
index d290342fe39a6039c7c21b50fa844b675d2876f7..2c1ddb1b6e5f0d6ee53959826fd40306cf14cbe8 100644 
--- a/src/mips/code-stubs-mips.cc
+++ b/src/mips/code-stubs-mips.cc
@@ -7491,14 +7491,10 @@ void ArrayConstructorStub::Generate(MacroAssembler* masm) { 
   __ LoadRoot(at, Heap::kUndefinedValueRootIndex);
   __ Branch(&no_info, eq, a3, Operand(at));

-  // We should have an allocation site object
-  if (FLAG_debug_code) {
-    __ push(a3);
-    __ sw(a3, FieldMemOperand(a3, 0));
-    __ LoadRoot(at, Heap::kAllocationSiteMapRootIndex);
-    __ Assert(eq, "Expected AllocationSite object in register a3",
-        a3, Operand(at));
-  }
+  // The type cell has either an AllocationSite or a JSFunction.
+  __ lw(t0, FieldMemOperand(a3, 0));
+  __ LoadRoot(at, Heap::kAllocationSiteMapRootIndex);
+  __ Branch(&no_info, ne, t0, Operand(at));

   __ lw(a3, FieldMemOperand(a3, AllocationSite::kPayloadOffset));
   __ SmiUntag(a3);


--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
--- You received this message because you are subscribed to the Google Groups "v8-dev" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to