Commit d207fcef authored by mstarzinger's avatar mstarzinger Committed by Commit bot

Fix bogus insertion of filler in LO-space by String#replace.

R=hpayer@chromium.org
TEST=mjsunit/regress/regress-crbug-493779
BUG=chromium:493779
LOG=N

Review URL: https://codereview.chromium.org/1163793002

Cr-Commit-Position: refs/heads/master@{#28727}
parent 017faaf4
......@@ -638,7 +638,11 @@ MUST_USE_RESULT static Object* StringReplaceGlobalRegExpWithEmptyString(
// fresly allocated page or on an already swept page. Hence, the sweeper
// thread can not get confused with the filler creation. No synchronization
// needed.
// TODO(hpayer): We should shrink the large object page if the size
// of the object changed significantly.
if (!heap->lo_space()->Contains(*answer)) {
heap->CreateFillerObjectAt(end_of_string, delta);
}
heap->AdjustLiveBytes(answer->address(), -delta, Heap::CONCURRENT_TO_SWEEPER);
return *answer;
}
......
// Copyright 2015 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --enable-slow-asserts
var s = "\u1234-------";
for (var i = 0; i < 17; i++) {
s += s;
}
s.replace(/[\u1234]/g, "");
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment