Revision: 19926
Author: [email protected]
Date: Fri Mar 14 10:22:55 2014 UTC
Log: Fix for issue 351261.
This relands the following fix: "HAllocate should never generate
allocation code if the requested size does not fit into page. Regression
test included. (bug 347543)" along with additional fixes to KeyedStoreIC.
BUG=351261
LOG=N
[email protected]
Review URL: https://codereview.chromium.org/200113002
http://code.google.com/p/v8/source/detail?r=19926
Added:
/branches/bleeding_edge/test/mjsunit/regress/regress-351261.js
Modified:
/branches/bleeding_edge/src/a64/lithium-codegen-a64.cc
/branches/bleeding_edge/src/arm/lithium-codegen-arm.cc
/branches/bleeding_edge/src/ia32/lithium-codegen-ia32.cc
/branches/bleeding_edge/src/ic.cc
/branches/bleeding_edge/src/mips/lithium-codegen-mips.cc
/branches/bleeding_edge/src/x64/lithium-codegen-x64.cc
=======================================
--- /dev/null
+++ /branches/bleeding_edge/test/mjsunit/regress/regress-351261.js Fri Mar
14 10:22:55 2014 UTC
@@ -0,0 +1,19 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --fold-constants
+
+function store(a) {
+ a[5000000] = 1;
+}
+
+function foo() {
+ var __v_8 = new Object;
+ var __v_7 = new Array(4999990);
+ store(__v_8);
+ store(__v_7);
+}
+foo();
+%OptimizeFunctionOnNextCall(foo);
+foo();
=======================================
--- /branches/bleeding_edge/src/a64/lithium-codegen-a64.cc Fri Mar 14
10:18:57 2014 UTC
+++ /branches/bleeding_edge/src/a64/lithium-codegen-a64.cc Fri Mar 14
10:22:55 2014 UTC
@@ -1507,7 +1507,11 @@
if (instr->size()->IsConstantOperand()) {
int32_t size = ToInteger32(LConstantOperand::cast(instr->size()));
- __ Allocate(size, result, temp1, temp2, deferred->entry(), flags);
+ if (size <= Page::kMaxRegularHeapObjectSize) {
+ __ Allocate(size, result, temp1, temp2, deferred->entry(), flags);
+ } else {
+ __ B(deferred->entry());
+ }
} else {
Register size = ToRegister32(instr->size());
__ Sxtw(size.X(), size);
=======================================
--- /branches/bleeding_edge/src/arm/lithium-codegen-arm.cc Thu Mar 13
08:17:44 2014 UTC
+++ /branches/bleeding_edge/src/arm/lithium-codegen-arm.cc Fri Mar 14
10:22:55 2014 UTC
@@ -5220,7 +5220,11 @@
if (instr->size()->IsConstantOperand()) {
int32_t size = ToInteger32(LConstantOperand::cast(instr->size()));
- __ Allocate(size, result, scratch, scratch2, deferred->entry(), flags);
+ if (size <= Page::kMaxRegularHeapObjectSize) {
+ __ Allocate(size, result, scratch, scratch2, deferred->entry(),
flags);
+ } else {
+ __ jmp(deferred->entry());
+ }
} else {
Register size = ToRegister(instr->size());
__ Allocate(size,
=======================================
--- /branches/bleeding_edge/src/ia32/lithium-codegen-ia32.cc Thu Mar 13
08:17:44 2014 UTC
+++ /branches/bleeding_edge/src/ia32/lithium-codegen-ia32.cc Fri Mar 14
10:22:55 2014 UTC
@@ -5845,7 +5845,11 @@
if (instr->size()->IsConstantOperand()) {
int32_t size = ToInteger32(LConstantOperand::cast(instr->size()));
- __ Allocate(size, result, temp, no_reg, deferred->entry(), flags);
+ if (size <= Page::kMaxRegularHeapObjectSize) {
+ __ Allocate(size, result, temp, no_reg, deferred->entry(), flags);
+ } else {
+ __ jmp(deferred->entry());
+ }
} else {
Register size = ToRegister(instr->size());
__ Allocate(size, result, temp, no_reg, deferred->entry(), flags);
=======================================
--- /branches/bleeding_edge/src/ic.cc Thu Mar 13 12:17:43 2014 UTC
+++ /branches/bleeding_edge/src/ic.cc Fri Mar 14 10:22:55 2014 UTC
@@ -1599,7 +1599,10 @@
key->ToSmi()->To(&smi_key);
int index = smi_key->value();
bool oob_access = IsOutOfBoundsAccess(receiver, index);
- bool allow_growth = receiver->IsJSArray() && oob_access;
+ // Don't consider this a growing store if the store would send the
receiver to
+ // dictionary mode.
+ bool allow_growth = receiver->IsJSArray() && oob_access &&
+ !receiver->WouldConvertToSlowElements(key);
if (allow_growth) {
// Handle growing array in stub if necessary.
if (receiver->HasFastSmiElements()) {
@@ -1724,12 +1727,7 @@
if
(!(receiver->map()->DictionaryElementsInPrototypeChainOnly())) {
KeyedAccessStoreMode store_mode =
GetStoreMode(receiver, key, value);
- // Use the generic stub if the store would send the receiver to
- // dictionary mode.
- if (!IsGrowStoreMode(store_mode) ||
- !receiver->WouldConvertToSlowElements(key)) {
- stub = StoreElementStub(receiver, store_mode);
- }
+ stub = StoreElementStub(receiver, store_mode);
}
}
}
=======================================
--- /branches/bleeding_edge/src/mips/lithium-codegen-mips.cc Thu Mar 13
17:38:40 2014 UTC
+++ /branches/bleeding_edge/src/mips/lithium-codegen-mips.cc Fri Mar 14
10:22:55 2014 UTC
@@ -5184,7 +5184,11 @@
}
if (instr->size()->IsConstantOperand()) {
int32_t size = ToInteger32(LConstantOperand::cast(instr->size()));
- __ Allocate(size, result, scratch, scratch2, deferred->entry(), flags);
+ if (size <= Page::kMaxRegularHeapObjectSize) {
+ __ Allocate(size, result, scratch, scratch2, deferred->entry(),
flags);
+ } else {
+ __ jmp(deferred->entry());
+ }
} else {
Register size = ToRegister(instr->size());
__ Allocate(size,
=======================================
--- /branches/bleeding_edge/src/x64/lithium-codegen-x64.cc Thu Mar 13
13:57:21 2014 UTC
+++ /branches/bleeding_edge/src/x64/lithium-codegen-x64.cc Fri Mar 14
10:22:55 2014 UTC
@@ -5144,7 +5144,11 @@
if (instr->size()->IsConstantOperand()) {
int32_t size = ToInteger32(LConstantOperand::cast(instr->size()));
- __ Allocate(size, result, temp, no_reg, deferred->entry(), flags);
+ if (size <= Page::kMaxRegularHeapObjectSize) {
+ __ Allocate(size, result, temp, no_reg, deferred->entry(), flags);
+ } else {
+ __ jmp(deferred->entry());
+ }
} else {
Register size = ToRegister(instr->size());
__ Allocate(size, result, temp, no_reg, deferred->entry(), flags);
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
