test · 6003457c1d592073a3bea482e24f998066e76a71 · Linshizhi / V8

[deoptimizer] Make sure property arrays don't contain mutable heap numbers. · 9eb92da6

Jaroslav Sevcik authored Nov 09, 2017

Since the deoptimizer generalizes maps for all materialized objects, it
must make sure that none of the object's fields contain mutable heap numbers
(only double fields are allowed to point to mutable heap numbers). With this CL,
we simply change any mutable heap numbers in property arrays to immutable ones.

This could be dangerous if some non-materialized object could point to this
property array, but this cannot happen because interpreter registers cannot
refer to naked property arrays.

Bug: chromium:776309
Change-Id: I897b604fa804de673710cfa3ba0595dbd9f80eeb
Reviewed-on: https://chromium-review.googlesource.com/759781Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49263}

9eb92da6

Name	Last commit	Last update
..
benchmarks		Loading commit data...
cctest		Loading commit data...
common		Loading commit data...
debugger		Loading commit data...
fuzzer		Loading commit data...
inspector		Loading commit data...
intl		Loading commit data...
js-perf-test		Loading commit data...
memory		Loading commit data...
message		Loading commit data...
mjsunit		Loading commit data...
mkgrokdump		Loading commit data...
mozilla		Loading commit data...
preparser		Loading commit data...
promises-aplus		Loading commit data...
test262		Loading commit data...
unittests		Loading commit data...
wasm-spec-tests		Loading commit data...
webkit		Loading commit data...
BUILD.gn		Loading commit data...
bot_default.gyp		Loading commit data...
bot_default.isolate		Loading commit data...
default.gyp		Loading commit data...
default.isolate		Loading commit data...
optimize_for_size.gyp		Loading commit data...
optimize_for_size.isolate		Loading commit data...
perf.gyp		Loading commit data...
perf.isolate		Loading commit data...