Commit 8c123486 authored by Jaroslav Sevcik's avatar Jaroslav Sevcik Committed by Commit Bot

[turbofan] Bailout from optimizations for large bytecode sizes (>128kB).

Turbofan can only handle 64K control inputs for merges. Such large
can only be created by functions with 64K jumps, so we limit the
bytecode size to the minimum size of bytecode arrays with 64K jumps.

Bug: chromium:815392, v8:7438
Change-Id: I674705e87e19ce451b40d5827c9fe3e6ec17293a
Reviewed-on: https://chromium-review.googlesource.com/938421
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51598}
parent 928900aa
...@@ -100,6 +100,7 @@ namespace internal { ...@@ -100,6 +100,7 @@ namespace internal {
"Cyclic object state detected by escape analysis") \ "Cyclic object state detected by escape analysis") \
V(kFunctionBeingDebugged, "Function is being debugged") \ V(kFunctionBeingDebugged, "Function is being debugged") \
V(kGraphBuildingFailed, "Optimized graph construction failed") \ V(kGraphBuildingFailed, "Optimized graph construction failed") \
V(kFunctionTooBig, "Function is too big to be optimized") \
V(kLiveEdit, "LiveEdit") \ V(kLiveEdit, "LiveEdit") \
V(kNativeFunctionLiteral, "Native function literal") \ V(kNativeFunctionLiteral, "Native function literal") \
V(kNotEnoughVirtualRegistersRegalloc, \ V(kNotEnoughVirtualRegistersRegalloc, \
......
...@@ -83,6 +83,11 @@ struct ProtectedInstructionData; ...@@ -83,6 +83,11 @@ struct ProtectedInstructionData;
namespace compiler { namespace compiler {
// Turbofan can only handle 2^16 control inputs. Since each control flow split
// requires at least two bytes (jump and offset), we limit the bytecode size
// to 128K bytes.
const int kMaxBytecodeSizeForTurbofan = 128 * 1024;
class PipelineData { class PipelineData {
public: public:
// For main entry point. // For main entry point.
...@@ -780,6 +785,11 @@ class PipelineCompilationJob final : public CompilationJob { ...@@ -780,6 +785,11 @@ class PipelineCompilationJob final : public CompilationJob {
PipelineCompilationJob::Status PipelineCompilationJob::PrepareJobImpl( PipelineCompilationJob::Status PipelineCompilationJob::PrepareJobImpl(
Isolate* isolate) { Isolate* isolate) {
if (compilation_info()->shared_info()->bytecode_array()->length() >
kMaxBytecodeSizeForTurbofan) {
return AbortOptimization(BailoutReason::kFunctionTooBig);
}
if (!FLAG_always_opt) { if (!FLAG_always_opt) {
compilation_info()->MarkAsBailoutOnUninitialized(); compilation_info()->MarkAsBailoutOnUninitialized();
} }
......
// Copyright 2018 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
const __f_1 = eval(`(function __f_1() {
class Derived extends Object {
constructor() {
${"this.a=1;".repeat(0x3fffe-8)}
}
}
return Derived;
})`);
assertThrows(() => new (__f_1())());
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment