[baseline] Do not compile large code object on heap

Bug: v8:11872
Change-Id: I8511bec7f4eaed5d154094083b46e3895ac0b1a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2992728Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75469}

src/baseline/baseline-compiler.cc

@@ -253,17 +253,17 @@ std::unique_ptr<AssemblerBuffer> AllocateBuffer(
     DisallowHeapAllocation no_gc;
     estimated_size = BaselineCompiler::EstimateInstructionSize(*bytecodes);
   }
+  Heap* heap = isolate->heap();
   // TODO(victorgomes): When compiling on heap, we allocate whatever is left
   // over on the page with a minimum of the estimated_size.
-  switch (code_location) {
-    case BaselineCompiler::kOffHeap:
-      return NewAssemblerBuffer(RoundUp(estimated_size, 4 * KB));
-    case BaselineCompiler::kOnHeap:
-      // TODO(victorgomes): We're currently underestimating the size of the
-      // buffer, since we don't know how big the reloc info will be. We could
-      // use a separate zone vector for the RelocInfo.
-      return NewOnHeapAssemblerBuffer(isolate, estimated_size);
+  if (code_location == BaselineCompiler::kOnHeap &&
+      estimated_size < heap->MaxRegularHeapObjectSize(AllocationType::kCode)) {
+    // TODO(victorgomes): We're currently underestimating the size of the
+    // buffer, since we don't know how big the reloc info will be. We could
+    // use a separate zone vector for the RelocInfo.
+    return NewOnHeapAssemblerBuffer(isolate, estimated_size);
   }
+  return NewAssemblerBuffer(RoundUp(estimated_size, 4 * KB));
 }
 }  // namespace
 

src/heap/factory.cc

@@ -284,26 +284,23 @@ MaybeHandle<Code> Factory::CodeBuilder::AllocateCode(
 void Factory::CodeBuilder::FinalizeOnHeapCode(Handle<Code> code) {
   Heap* heap = isolate_->heap();
 
+  // We cannot trim the Code object in CODE_LO_SPACE.
+  DCHECK(!heap->code_lo_space()->Contains(*code));
+
   code->CopyRelocInfoToByteArray(code->unchecked_relocation_info(), code_desc_);
   code->RelocateFromDesc(heap, code_desc_);
 
   int buffer_size = code_desc_.origin->buffer_size();
-  if (heap->code_lo_space()->Contains(*code)) {
-    // We cannot trim the Code object in CODE_LO_SPACE, so we update the
-    // metadata size to contain the extra bits.
-    code->set_raw_metadata_size(buffer_size - code_desc_.instruction_size());
-  } else {
-    // TODO(v8:11883): add a hook to GC to check if the filler is just before
-    // the current LAB, and if it is, immediately give back the memory.
-    int old_object_size = Code::SizeFor(buffer_size);
-    int new_object_size = Code::SizeFor(code_desc_.instruction_size() +
-                                        code_desc_.metadata_size());
-    int size_to_trim = old_object_size - new_object_size;
-    DCHECK_GE(size_to_trim, 0);
-    if (size_to_trim > 0) {
-      heap->CreateFillerObjectAt(code->address() + new_object_size,
-                                 size_to_trim, ClearRecordedSlots::kNo);
-    }
+  // TODO(v8:11883): add a hook to GC to check if the filler is just before
+  // the current LAB, and if it is, immediately give back the memory.
+  int old_object_size = Code::SizeFor(buffer_size);
+  int new_object_size =
+      Code::SizeFor(code_desc_.instruction_size() + code_desc_.metadata_size());
+  int size_to_trim = old_object_size - new_object_size;
+  DCHECK_GE(size_to_trim, 0);
+  if (size_to_trim > 0) {
+    heap->CreateFillerObjectAt(code->address() + new_object_size, size_to_trim,
+                               ClearRecordedSlots::kNo);
   }
 }