-
Ross McIlroy authored
If we flush the bytecode from a SFI we might recompile a JSFunction while the function still has its old feedback vector. This should usually be fine since the new and old feedback vectors have the same layout, however some bugs in the parser mean that it's possible for eagerly and lazily compiled eval functions to have different bytecode and so potentially different feedback vector layouts. For now reset the feedback vector if it doesn't have the same size when we compile the JSFunction, and recreate a new one of the correct layout. This will be replaced with a CHECK once the parser bugs are fixed. BUG=chromium:984344,v8:9511 Change-Id: Ib8976f2541516f7a07e4d4ab7dc3c750dfe9b5d4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708474 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Auto-Submit: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#62800}
b06a134c
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| benchmarks | ||
| cctest | ||
| common | ||
| debugger | ||
| fuzzer | ||
| inspector | ||
| intl | ||
| js-perf-test | ||
| memory | ||
| message | ||
| mjsunit | ||
| mkgrokdump | ||
| mozilla | ||
| preparser | ||
| test262 | ||
| torque | ||
| unittests | ||
| wasm-api-tests | ||
| wasm-js | ||
| wasm-spec-tests | ||
| webkit | ||
| BUILD.gn | ||
| OWNERS |