• mvstanton's avatar
    Array() in optimized code can create with wrong ElementsKind in corner cases. · 13459c1a
    mvstanton authored
    Calling new Array(JSObject::kInitialMaxFastElementArray) in optimized code
    makes a stub call that bails out due to the length. Currently, the bailout
    code a) doesn't have the allocation site, and b) wouldn't use it if it did
    because the length is perceived to be too high.
    
    This CL passes the allocation site to the stub call (rather than undefined),
    and alters the bailout code to utilize the feedback.
    
    BUG=
    
    Review URL: https://codereview.chromium.org/1086873003
    
    Cr-Commit-Position: refs/heads/master@{#27857}
    13459c1a
objects.cc 601 KB