Commit 82429663 authored by mstarzinger's avatar mstarzinger Committed by Commit bot

[turbofan] Add size DCHECK for inline allocations.

This ensure that all inline allocations generated by {JSCreateLowering}
will fit into a regular heap page. Allocations targeting LO-space must
be done via a slower runtime call.

R=bmeurer@chromium.org
BUG=chromium:669850

Review-Url: https://codereview.chromium.org/2533353003
Cr-Commit-Position: refs/heads/master@{#41412}
parent db0c86fa
...@@ -38,6 +38,7 @@ class AllocationBuilder final { ...@@ -38,6 +38,7 @@ class AllocationBuilder final {
// Primitive allocation of static size. // Primitive allocation of static size.
void Allocate(int size, PretenureFlag pretenure = NOT_TENURED, void Allocate(int size, PretenureFlag pretenure = NOT_TENURED,
Type* type = Type::Any()) { Type* type = Type::Any()) {
DCHECK_LE(size, kMaxRegularHeapObjectSize);
effect_ = graph()->NewNode( effect_ = graph()->NewNode(
common()->BeginRegion(RegionObservability::kNotObservable), effect_); common()->BeginRegion(RegionObservability::kNotObservable), effect_);
allocation_ = allocation_ =
...@@ -1104,23 +1105,15 @@ Node* JSCreateLowering::AllocateFastLiteral( ...@@ -1104,23 +1105,15 @@ Node* JSCreateLowering::AllocateFastLiteral(
boilerplate_object, site_context); boilerplate_object, site_context);
site_context->ExitScope(current_site, boilerplate_object); site_context->ExitScope(current_site, boilerplate_object);
} else if (property_details.representation().IsDouble()) { } else if (property_details.representation().IsDouble()) {
double number = Handle<HeapNumber>::cast(boilerplate_value)->value();
// Allocate a mutable HeapNumber box and store the value into it. // Allocate a mutable HeapNumber box and store the value into it.
effect = graph()->NewNode( AllocationBuilder builder(jsgraph(), effect, control);
common()->BeginRegion(RegionObservability::kNotObservable), effect); builder.Allocate(HeapNumber::kSize, pretenure);
value = effect = graph()->NewNode( builder.Store(AccessBuilder::ForMap(),
simplified()->Allocate(pretenure), factory()->mutable_heap_number_map());
jsgraph()->Constant(HeapNumber::kSize), effect, control); builder.Store(AccessBuilder::ForHeapNumberValue(),
effect = graph()->NewNode( jsgraph()->Constant(number));
simplified()->StoreField(AccessBuilder::ForMap()), value, value = effect = builder.Finish();
jsgraph()->HeapConstant(factory()->mutable_heap_number_map()),
effect, control);
effect = graph()->NewNode(
simplified()->StoreField(AccessBuilder::ForHeapNumberValue()),
value, jsgraph()->Constant(
Handle<HeapNumber>::cast(boilerplate_value)->value()),
effect, control);
value = effect =
graph()->NewNode(common()->FinishRegion(), value, effect);
} else if (property_details.representation().IsSmi()) { } else if (property_details.representation().IsSmi()) {
// Ensure that value is stored as smi. // Ensure that value is stored as smi.
value = boilerplate_value->IsUninitialized(isolate()) value = boilerplate_value->IsUninitialized(isolate())
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment