• mvstanton@chromium.org's avatar
    Bugfix: The general array constructor stub did not handle the case · c1e19bfc
    mvstanton@chromium.org authored
    properly when it is called with a function pointer in the type cell,
    instead assuming that an AllocationSite object should be present. The
    case where this can happen is if the cell is uninitialized, then the
    first constructor call made is to the Array function of a different
    context. In that case, we'll store the function pointer in the cell,
    and then go ahead and call the array constructor stub too. The bug is
    fixed by checking for the AllocationSite object map. If not found, the
    constructor stub goes forward with a default ElementsKind, just as in
    several other cases.
    
    A test in allocation-site-info.js was beefed up to make sure the state
    chain described above is traversed.
    
    BUG=
    R=hpayer@chromium.org, hpayer@google.com
    
    Review URL: https://codereview.chromium.org/18277006
    
    git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15555 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
    c1e19bfc
Name
Last commit
Last update
benchmarks Loading commit data...
build Loading commit data...
include Loading commit data...
preparser Loading commit data...
samples Loading commit data...
src Loading commit data...
test Loading commit data...
tools Loading commit data...
.gitignore Loading commit data...
AUTHORS Loading commit data...
ChangeLog Loading commit data...
DEPS Loading commit data...
LICENSE Loading commit data...
LICENSE.strongtalk Loading commit data...
LICENSE.v8 Loading commit data...
LICENSE.valgrind Loading commit data...
Makefile Loading commit data...
Makefile.android Loading commit data...
Makefile.nacl Loading commit data...
OWNERS Loading commit data...
PRESUBMIT.py Loading commit data...