-
mvstanton@chromium.org authored
(https://code.google.com/p/v8/issues/detail?id=2795) The reason is when allocating and building arrays in hydrogen we need to ensure we do any int32-to-smi conversions BEFORE the allocation. These conversions can at least theoretically deoptimize. If this happens before all the fields of the newly allocated object are filled in, we will have a corrupted heap. BUG= R=verwaest@chromium.org Review URL: https://codereview.chromium.org/20726002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15929 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
e9cc78af
| Name |
Last commit
|
Last update |
|---|---|---|
| benchmarks | ||
| build | ||
| include | ||
| preparser | ||
| samples | ||
| src | ||
| test | ||
| tools | ||
| .gitignore | ||
| AUTHORS | ||
| ChangeLog | ||
| DEPS | ||
| LICENSE | ||
| LICENSE.strongtalk | ||
| LICENSE.v8 | ||
| LICENSE.valgrind | ||
| Makefile | ||
| Makefile.android | ||
| Makefile.nacl | ||
| OWNERS | ||
| PRESUBMIT.py |