1. 09 Nov, 2017 1 commit
    • Jaroslav Sevcik's avatar
      [deoptimizer] Make sure property arrays don't contain mutable heap numbers. · 9eb92da6
      Jaroslav Sevcik authored
      Since the deoptimizer generalizes maps for all materialized objects, it
      must make sure that none of the object's fields contain mutable heap numbers
      (only double fields are allowed to point to mutable heap numbers). With this CL,
      we simply change any mutable heap numbers in property arrays to immutable ones.
      
      This could be dangerous if some non-materialized object could point to this
      property array, but this cannot happen because interpreter registers cannot
      refer to naked property arrays.
      
      Bug: chromium:776309
      Change-Id: I897b604fa804de673710cfa3ba0595dbd9f80eeb
      Reviewed-on: https://chromium-review.googlesource.com/759781Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#49263}
      9eb92da6