Commit fdef9ac2 authored by ishell@chromium.org's avatar ishell@chromium.org

FastCloneShallowArrayStub should not be used it the length of the array is too...

FastCloneShallowArrayStub should not be used it the length of the array is too big as it could eventually exceed the allowed size limit for manually folded allocations.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/300283003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21573 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
parent 0589ba70
......@@ -1802,7 +1802,7 @@ void FullCodeGenerator::VisitArrayLiteral(ArrayLiteral* expr) {
__ ldr(r3, FieldMemOperand(r3, JSFunction::kLiteralsOffset));
__ mov(r2, Operand(Smi::FromInt(expr->literal_index())));
__ mov(r1, Operand(constant_elements));
if (expr->depth() > 1) {
if (expr->depth() > 1 || length > JSObject::kInitialMaxFastElementArray) {
__ mov(r0, Operand(Smi::FromInt(flags)));
__ Push(r3, r2, r1, r0);
__ CallRuntime(Runtime::kHiddenCreateArrayLiteral, 4);
......
......@@ -1805,7 +1805,7 @@ void FullCodeGenerator::VisitArrayLiteral(ArrayLiteral* expr) {
__ Ldr(x3, FieldMemOperand(x3, JSFunction::kLiteralsOffset));
__ Mov(x2, Smi::FromInt(expr->literal_index()));
__ Mov(x1, Operand(constant_elements));
if (expr->depth() > 1) {
if (expr->depth() > 1 || length > JSObject::kInitialMaxFastElementArray) {
__ Mov(x0, Smi::FromInt(flags));
__ Push(x3, x2, x1, x0);
__ CallRuntime(Runtime::kHiddenCreateArrayLiteral, 4);
......
......@@ -586,9 +586,6 @@ class FastNewContextStub V8_FINAL : public HydrogenCodeStub {
class FastCloneShallowArrayStub : public HydrogenCodeStub {
public:
// Maximum length of copied elements array.
static const int kMaximumInlinedCloneLength = 8;
FastCloneShallowArrayStub(Isolate* isolate,
AllocationSiteMode allocation_site_mode)
: HydrogenCodeStub(isolate),
......
......@@ -2525,8 +2525,7 @@ void HGraphBuilder::BuildCopyElements(HValue* array,
capacity->IsConstant() &&
HConstant::cast(capacity)->HasInteger32Value()) {
int constant_candidate = HConstant::cast(capacity)->Integer32Value();
if (constant_candidate <=
FastCloneShallowArrayStub::kMaximumInlinedCloneLength) {
if (constant_candidate <= kElementLoopUnrollThreshold) {
constant_capacity = constant_candidate;
}
}
......@@ -2701,6 +2700,12 @@ HValue* HGraphBuilder::BuildCloneShallowArrayNonEmpty(HValue* boilerplate,
extra->ClearFlag(HValue::kCanOverflow);
extra = AddUncasted<HAdd>(extra, Add<HConstant>(FixedArray::kHeaderSize));
extra->ClearFlag(HValue::kCanOverflow);
// This function implicitly relies on the fact that the
// FastCloneShallowArrayStub is called only for literals shorter than
// JSObject::kInitialMaxFastElementArray and therefore the size of the
// resulting folded allocation will always be in allowed range.
// Can't add HBoundsCheck here because otherwise the stub will eager a frame.
HValue* elements = NULL;
HValue* result = BuildCloneShallowArrayCommon(boilerplate,
allocation_site, extra, &elements, mode);
......
......@@ -1739,7 +1739,7 @@ void FullCodeGenerator::VisitArrayLiteral(ArrayLiteral* expr) {
allocation_site_mode = DONT_TRACK_ALLOCATION_SITE;
}
if (expr->depth() > 1) {
if (expr->depth() > 1 || length > JSObject::kInitialMaxFastElementArray) {
__ mov(ebx, Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
__ push(FieldOperand(ebx, JSFunction::kLiteralsOffset));
__ push(Immediate(Smi::FromInt(expr->literal_index())));
......
......@@ -1815,7 +1815,7 @@ void FullCodeGenerator::VisitArrayLiteral(ArrayLiteral* expr) {
__ lw(a3, FieldMemOperand(a3, JSFunction::kLiteralsOffset));
__ li(a2, Operand(Smi::FromInt(expr->literal_index())));
__ li(a1, Operand(constant_elements));
if (expr->depth() > 1) {
if (expr->depth() > 1 || length > JSObject::kInitialMaxFastElementArray) {
__ li(a0, Operand(Smi::FromInt(flags)));
__ Push(a3, a2, a1, a0);
__ CallRuntime(Runtime::kHiddenCreateArrayLiteral, 4);
......
......@@ -1776,7 +1776,7 @@ void FullCodeGenerator::VisitArrayLiteral(ArrayLiteral* expr) {
allocation_site_mode = DONT_TRACK_ALLOCATION_SITE;
}
if (expr->depth() > 1) {
if (expr->depth() > 1 || length > JSObject::kInitialMaxFastElementArray) {
__ movp(rbx, Operand(rbp, JavaScriptFrameConstants::kFunctionOffset));
__ Push(FieldOperand(rbx, JSFunction::kLiteralsOffset));
__ Push(Smi::FromInt(expr->literal_index()));
......
......@@ -1736,7 +1736,7 @@ void FullCodeGenerator::VisitArrayLiteral(ArrayLiteral* expr) {
allocation_site_mode = DONT_TRACK_ALLOCATION_SITE;
}
if (expr->depth() > 1) {
if (expr->depth() > 1 || length > JSObject::kInitialMaxFastElementArray) {
__ mov(ebx, Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
__ push(FieldOperand(ebx, JSFunction::kLiteralsOffset));
__ push(Immediate(Smi::FromInt(expr->literal_index())));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment