713aa33f2a
The escape analysis calculates the number of slots in an object as no-of-slots = object-size / pointer-size. This gives 3 slots for heap numbers on 32-bit architectures (one slot for the map, two for the double value); however, my argument materialization code assumed just two slots (map + value). Since Hydrogen allocates heap numbers quite rarely, it is hard to produce a more meaningful repro than the one provided by Clusterfuzz. Any suggestions are welcome. The fix is simple - we just read out all extra slots (beyond the map and the double) for heap numbers. R=mstarzinger@chromium.org BUG=351315 LOG=N Review URL: https://codereview.chromium.org/196283004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19874 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
50 lines
1.9 KiB
JavaScript
50 lines
1.9 KiB
JavaScript
// Copyright 2014 the V8 project authors. All rights reserved.
|
|
// Redistribution and use in source and binary forms, with or without
|
|
// modification, are permitted provided that the following conditions are
|
|
// met:
|
|
//
|
|
// * Redistributions of source code must retain the above copyright
|
|
// notice, this list of conditions and the following disclaimer.
|
|
// * Redistributions in binary form must reproduce the above
|
|
// copyright notice, this list of conditions and the following
|
|
// disclaimer in the documentation and/or other materials provided
|
|
// with the distribution.
|
|
// * Neither the name of Google Inc. nor the names of its
|
|
// contributors may be used to endorse or promote products derived
|
|
// from this software without specific prior written permission.
|
|
//
|
|
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
// Flags: --allow-natives-syntax
|
|
|
|
function f_13(x, y, z) { }
|
|
|
|
v_5 = f_13.bind({}, -7);
|
|
|
|
function f_0(z) {
|
|
return %NewObjectFromBound(v_5);
|
|
}
|
|
|
|
function f_8(z2, y2) {
|
|
var v_0 = { f1 : 0.5, f2 : 0.25 };
|
|
return f_0(v_0);
|
|
}
|
|
|
|
function f_12(f, args) {
|
|
f.apply(this, args);
|
|
%OptimizeFunctionOnNextCall(f);
|
|
f.apply(this, args);
|
|
}
|
|
|
|
f_12(f_8, [6, 4]);
|