Commit 29e65853 authored by danno@chromium.org's avatar danno@chromium.org

Ensure that constant-capacity elements are initialized on copy

R=ishell@chromium.org

Review URL: https://codereview.chromium.org/308003015

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21728 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
parent 7eea77bc
......@@ -2576,6 +2576,17 @@ void HGraphBuilder::BuildCopyElements(HValue* from_elements,
}
}
bool pre_fill_with_holes =
IsFastDoubleElementsKind(from_elements_kind) &&
IsFastObjectElementsKind(to_elements_kind);
if (pre_fill_with_holes) {
// If the copy might trigger a GC, make sure that the FixedArray is
// pre-initialized with holes to make sure that it's always in a
// consistent state.
BuildFillElementsWithHole(to_elements, to_elements_kind,
graph()->GetConstant0(), NULL);
}
if (constant_capacity != -1) {
// Unroll the loop for small elements kinds.
for (int i = 0; i < constant_capacity; i++) {
......@@ -2586,17 +2597,8 @@ void HGraphBuilder::BuildCopyElements(HValue* from_elements,
Add<HStoreKeyed>(to_elements, key_constant, value, to_elements_kind);
}
} else {
bool pre_fill_with_holes =
IsFastDoubleElementsKind(from_elements_kind) &&
IsFastObjectElementsKind(to_elements_kind);
if (pre_fill_with_holes) {
// If the copy might trigger a GC, make sure that the FixedArray is
// pre-initialized with holes to make sure that it's always in a
// consistent state.
BuildFillElementsWithHole(to_elements, to_elements_kind,
graph()->GetConstant0(), NULL);
} else if (capacity == NULL || !length->Equals(capacity)) {
if (!pre_fill_with_holes &&
(capacity == NULL || !length->Equals(capacity))) {
BuildFillElementsWithHole(to_elements, to_elements_kind,
length, NULL);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment