• Jakob Gruber's avatar
    [csa] Canonicalize empty elements in AllocateJSArray · 2859dba7
    Jakob Gruber authored
    Prior to this, AllocateJSArray would go ahead and allocate an empty
    FixedArray as elements if passed any capacity that is not a compile-time
    constant 0.
    
    Things break later on since we rely on the fact that empty fixed arrays
    are always canonicalize, and we use
    
      obj.elements == empty_fixed_array_constant
    
    interchangeably with
    
      obj.elements.length == 0.
    
    This CL introduces two new branches in AllocateJSArray: one if the
    capacity is known to be non-zero; and another that explicitly
    distinguishes between 0 and non-zero capacities.
    
    Bug: chromium:760790
    Change-Id: I7c22b19ce9ce15a46f91b0f75e6b4a1ff3a29a0f
    Reviewed-on: https://chromium-review.googlesource.com/645959
    Commit-Queue: Jakob Gruber <jgruber@chromium.org>
    Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#47776}
    2859dba7
code-stub-assembler.cc 364 KB