470e68570e
This is a reland of981aafaf97It adds double checks to LoadFieldByIndex in the optimizing compiler, which are likely the source of the crashes. Original change's description: > Reland "[ic] In-place Double -> Tagged transitions" > > This is a reland of0736599a69. > This is a reland of7e1fbe8f34. > > Original change description: > > [ic] In-place Double -> Tagged transitions > > > > With no more MutableHeapNumber, we can make Double -> Tagged transitions > > in-place, at the cost of an extra map check when accessing double fields > > to make sure they are still doubles. > > > > Bug: v8:9606 > > Change-Id: I74ff39ed6fba62ee223cd37dfe761f7d73020e1c > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1743973 > > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#63374} > > TBR=verwaest@chromium.org, tebbi@chromium.org > > Bug: v8:9606 > Change-Id: I2d1b7416064d743582f4983fb868316b7e8a4cf2 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1777661 > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63499} TBR=verwaest@chromium.org Bug: v8:9606 Bug: chromium:997989 Change-Id: Iccfff8e5c6306c9ee4f6c62767dce883b1c6f743 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784288 Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#63582}
28 lines
716 B
JavaScript
28 lines
716 B
JavaScript
// Copyright 2019 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
//
|
|
// Flags: --allow-natives-syntax
|
|
|
|
// A function with a for-in loop, that will be optimized.
|
|
function foo(o) {
|
|
for (var i in o) {
|
|
return o[i];
|
|
}
|
|
}
|
|
|
|
var o = { x: 0.5 };
|
|
|
|
// Warm up foo with Double values in the enum cache.
|
|
%PrepareFunctionForOptimization(foo);
|
|
assertEquals(foo(o), 0.5);
|
|
assertEquals(foo(o), 0.5);
|
|
%OptimizeFunctionOnNextCall(foo);
|
|
assertEquals(foo(o), 0.5);
|
|
|
|
// Transition the double field to a tagged field
|
|
o.x = "abc";
|
|
|
|
// Make sure that the optimized code correctly loads the tagged field.
|
|
assertEquals(foo(o), "abc");
|