Commit 24622f5f authored by hpayer's avatar hpayer Committed by Commit bot

Bailout for large object allocations in full code EmitFastOneByteArrayJoin.

BUG=chromium:542823
LOG=n

Review URL: https://codereview.chromium.org/1391373004

Cr-Commit-Position: refs/heads/master@{#31257}
parent 822b493b
......@@ -4245,6 +4245,10 @@ void FullCodeGenerator::EmitFastOneByteArrayJoin(CallRuntime* expr) {
__ b(vs, &bailout);
__ SmiUntag(string_length);
// Bailout for large object allocations.
__ cmp(string_length, Operand(Page::kMaxRegularHeapObjectSize));
__ b(gt, &bailout);
// Get first element in the array to free up the elements register to be used
// for the result.
__ add(element,
......
......@@ -3961,6 +3961,10 @@ void FullCodeGenerator::EmitFastOneByteArrayJoin(CallRuntime* expr) {
__ Umaddl(string_length, array_length.W(), separator_length.W(),
string_length);
// Bailout for large object allocations.
__ Cmp(string_length, Page::kMaxRegularHeapObjectSize);
__ B(gt, &bailout);
// Get first element in the array.
__ Add(element, elements, FixedArray::kHeaderSize - kHeapObjectTag);
// Live values in registers:
......
......@@ -4160,6 +4160,11 @@ void FullCodeGenerator::EmitFastOneByteArrayJoin(CallRuntime* expr) {
__ j(overflow, &bailout);
__ shr(string_length, 1);
// Bailout for large object allocations.
__ cmp(string_length, Page::kMaxRegularHeapObjectSize);
__ j(greater, &bailout);
// Live registers and stack values:
// string_length
// elements
......
......@@ -4276,6 +4276,10 @@ void FullCodeGenerator::EmitFastOneByteArrayJoin(CallRuntime* expr) {
__ BranchOnOverflow(&bailout, scratch3);
__ SmiUntag(string_length);
// Bailout for large object allocations.
__ Branch(&bailout, gt, string_length,
Operand(Page::kMaxRegularHeapObjectSize));
// Get first element in the array to free up the elements register to be used
// for the result.
__ Addu(element,
......
......@@ -4279,6 +4279,10 @@ void FullCodeGenerator::EmitFastOneByteArrayJoin(CallRuntime* expr) {
__ AdduAndCheckForOverflow(string_length, string_length, scratch2, scratch3);
__ BranchOnOverflow(&bailout, scratch3);
// Bailout for large object allocations.
__ Branch(&bailout, gt, string_length,
Operand(Page::kMaxRegularHeapObjectSize));
// Get first element in the array to free up the elements register to be used
// for the result.
__ Daddu(element,
......
......@@ -4261,6 +4261,10 @@ void FullCodeGenerator::EmitFastOneByteArrayJoin(CallRuntime* expr) {
__ BranchOnOverflow(&bailout);
__ SmiUntag(string_length);
// Bailout for large object allocations.
__ cmpi(string_length, Operand(Page::kMaxRegularHeapObjectSize));
__ bgt(&bailout);
// Get first element in the array to free up the elements register to be used
// for the result.
__ addi(element, elements, Operand(FixedArray::kHeaderSize - kHeapObjectTag));
......
......@@ -4166,6 +4166,11 @@ void FullCodeGenerator::EmitFastOneByteArrayJoin(CallRuntime* expr) {
__ j(overflow, &bailout);
__ addl(string_length, scratch);
__ j(overflow, &bailout);
__ jmp(&bailout);
// Bailout for large object allocations.
__ cmpl(string_length, Immediate(Page::kMaxRegularHeapObjectSize));
__ j(greater, &bailout);
// Live registers and stack values:
// string_length: Total length of result string.
......
// Copyright 2015 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
__v_0 = 100000;
__v_1 = new Array();
for (var __v_2 = 0; __v_2 < __v_0; __v_2++) {
__v_1[__v_2] = 0.5;
}
for (var __v_2 = 0; __v_2 < 10; __v_2++) {
var __v_0 = __v_1 + 0.5;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment