Project: v8 Issues People Development process History Sign in
New issue
Advanced search Search tips
Issue 808 ASSERT failure with NormalizedMapCache, tricky underlying problem
Starred by 13 users Project Member Reported by whesse@chromium.org, Aug 2 2010 Back to list
Status: Assigned
Owner:
Cc:
HW: All
OS: All
Priority: 2
Type: Bug



Sign in to add a comment
There is a sporadic failure interactive_ui_tests --gtest_filter=DevToolsSanityTest.TestExpandScope where the ASSERT inv8/src/objects-debug.cc, line 652
# CHECK(code_cache() == Heap::empty_fixed_array()) failed
fails.

This is because the map of a slow case object can contain entries in its code cache, due to store ICs with an API defined callback on a field.  In this case, the object contains store ICs for textContent and InnerHTML (so it is a DOM object).  So the issue of these store ICs must be reconciled with the normalized map cache.  These should be cleared if there the fast-case object being converted does not have the same callbacks.  Also, should these be cleared if the callback is changed with delete or GetterSetter?

Removing the change from V8 until this is resolved.


 
Comment 1 by habl...@google.com, Apr 29 2015
Status: Assigned
Comment 2 Deleted
Cc: kaznacheev@chromium.org jkummerow@chromium.org
Owner: ishell@chromium.org
Labels: Priority-2
Sign in to add a comment