Commit ebfb8771 authored by Georg Neis's avatar Georg Neis Committed by Commit Bot

[deoptimizer] Add missing HeapNumber allocation

This caused a CHECK failure after my recent CL.

Bug: chromium:1084820, chromium:1092650
Change-Id: Icdc2a755c6b30ad01dccc908e0e5e137fedf8918
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237145Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68263}
parent 7f69e7f9
...@@ -3991,6 +3991,9 @@ void TranslatedState::StoreMaterializedValuesAndDeopt(JavaScriptFrame* frame) { ...@@ -3991,6 +3991,9 @@ void TranslatedState::StoreMaterializedValuesAndDeopt(JavaScriptFrame* frame) {
if (!value.is_identical_to(marker)) { if (!value.is_identical_to(marker)) {
if (previously_materialized_objects->get(i) == *marker) { if (previously_materialized_objects->get(i) == *marker) {
if (value->IsSmi()) {
value = isolate()->factory()->NewHeapNumber(value->Number());
}
previously_materialized_objects->set(i, *value); previously_materialized_objects->set(i, *value);
value_changed = true; value_changed = true;
} else { } else {
......
// Copyright 2020 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --allow-natives-syntax
// Create map with HeapNumber in field 'a'
({a: 2**30});
function foo() {
return foo.arguments[0];
}
function main() {
foo({a: 42});
}
%PrepareFunctionForOptimization(foo);
%PrepareFunctionForOptimization(main);
main();
main();
%OptimizeFunctionOnNextCall(main);
main();
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment