Reland "[builtins] Fix Array.p.join length overflow and invalid string length handling"
This is a reland of ec969ea3 Temporarily removes high memory usage test. Original change's description: > [builtins] Fix Array.p.join length overflow and invalid string length handling > > - Fixes and simplify allocating the temporary fixed array for ToString-ed elements. > - When the array size is greater than representable by an intptr, it overflowed into a negative value causing a non-negative assert to fail. > - Simplify fallback behavior by always allocating a conservatively sized temporary fixed array. Previously, if the array had dictionary elements, the temporary fixed array was sized based on %GetNumberDictionaryNumberOfElements() and then resized when entering the fallback. > > - Fixes related invalid string length handling. When the running total of the resulting string length overflowed or exceeded String::kMaxLength, a RangeError is thrown. Previously, this thrown RangeError bypassed JoinStackPop and left the receiver on the stack. > > Bug: chromium:897404 > Change-Id: I157b71ef04ab06125a5b1c3454e5ed3713bdb591 > Reviewed-on: https://chromium-review.googlesource.com/c/1293070 > Commit-Queue: Peter Wong <peter.wm.wong@gmail.com> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/heads/master@{#56907} Bug: chromium:897404 Change-Id: I4995893f6f9724b26c231d05619ad65dbccc7223 Reviewed-on: https://chromium-review.googlesource.com/c/1297675Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Peter Wong <peter.wm.wong@gmail.com> Cr-Commit-Position: refs/heads/master@{#56946}
Showing
Please
register
or
sign in
to comment