AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
14,063 Commits 1 Branch 0 Tags 839 MiB
3d062847a4
Commit Graph

5 Commits

Author SHA1 Message Date
mvstanton@chromium.org
c9591f005e Store mode for keyed stores should be passed in from type feedback 
regardless of the map used in polymorphic stores.

BUG=
R=jkummerow@chromium.org, verwaest@chromium.org

Review URL: https://codereview.chromium.org/21058003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16323 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-08-26 12:28:08 +00:00
mvstanton@chromium.org
43e35a87e2 Fix: Need to remove function type feedback between stress stages in 
release build

BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/20987005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15933 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-29 12:22:34 +00:00
mvstanton@chromium.org
e9cc78af7e Fix for V8 issue 2795: Check fails with deopt for mjsunit/array-store-and-grow 
(https://code.google.com/p/v8/issues/detail?id=2795)

The reason is when allocating and building arrays in hydrogen we need to ensure
we do any int32-to-smi conversions BEFORE the allocation. These conversions can
at least theoretically deoptimize. If this happens before all the fields of the
newly allocated object are filled in, we will have a corrupted heap.

BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/20726002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15929 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-29 11:50:39 +00:00
verwaest@chromium.org
08cfda49f2 Ensure CopyElementsImpl is always executed so it fills in holes even if from_size is 0. Allow FixedDoubleArray::cast to also support FixedArray with size 0. 
Review URL: https://chromiumcodereview.appspot.com/11280054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13000 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-11-19 15:00:34 +00:00
danno@chromium.org
f0c4b87f34 Implement KeyedStoreICs to grow arrays on out-of-bound stores. 
Supports growing non-COW JSArray by a single element if the backing store has room, and initial allocation of a backing store for the store to index zero of an empty array  to kPreallocatedArrayElements elements (e.g. the [] array literal).

Review URL: https://chromiumcodereview.appspot.com/9310117

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10673 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-02-10 12:36:05 +00:00