Revision: 21573
Author: [email protected]
Date: Wed May 28 16:00:52 2014 UTC
Log: FastCloneShallowArrayStub should not be used it the length of the
array is too big as it could eventually exceed the allowed size limit for
manually folded allocations.
[email protected]
Review URL: https://codereview.chromium.org/300283003
http://code.google.com/p/v8/source/detail?r=21573
Modified:
/branches/bleeding_edge/src/arm/full-codegen-arm.cc
/branches/bleeding_edge/src/arm64/full-codegen-arm64.cc
/branches/bleeding_edge/src/code-stubs.h
/branches/bleeding_edge/src/hydrogen.cc
/branches/bleeding_edge/src/ia32/full-codegen-ia32.cc
/branches/bleeding_edge/src/mips/full-codegen-mips.cc
/branches/bleeding_edge/src/x64/full-codegen-x64.cc
/branches/bleeding_edge/src/x87/full-codegen-x87.cc
=======================================
--- /branches/bleeding_edge/src/arm/full-codegen-arm.cc Mon May 26 08:13:09
2014 UTC
+++ /branches/bleeding_edge/src/arm/full-codegen-arm.cc Wed May 28 16:00:52
2014 UTC
@@ -1802,7 +1802,7 @@
__ ldr(r3, FieldMemOperand(r3, JSFunction::kLiteralsOffset));
__ mov(r2, Operand(Smi::FromInt(expr->literal_index())));
__ mov(r1, Operand(constant_elements));
- if (expr->depth() > 1) {
+ if (expr->depth() > 1 || length > JSObject::kInitialMaxFastElementArray)
{
__ mov(r0, Operand(Smi::FromInt(flags)));
__ Push(r3, r2, r1, r0);
__ CallRuntime(Runtime::kHiddenCreateArrayLiteral, 4);
=======================================
--- /branches/bleeding_edge/src/arm64/full-codegen-arm64.cc Mon May 26
08:13:09 2014 UTC
+++ /branches/bleeding_edge/src/arm64/full-codegen-arm64.cc Wed May 28
16:00:52 2014 UTC
@@ -1805,7 +1805,7 @@
__ Ldr(x3, FieldMemOperand(x3, JSFunction::kLiteralsOffset));
__ Mov(x2, Smi::FromInt(expr->literal_index()));
__ Mov(x1, Operand(constant_elements));
- if (expr->depth() > 1) {
+ if (expr->depth() > 1 || length > JSObject::kInitialMaxFastElementArray)
{
__ Mov(x0, Smi::FromInt(flags));
__ Push(x3, x2, x1, x0);
__ CallRuntime(Runtime::kHiddenCreateArrayLiteral, 4);
=======================================
--- /branches/bleeding_edge/src/code-stubs.h Wed May 28 11:45:09 2014 UTC
+++ /branches/bleeding_edge/src/code-stubs.h Wed May 28 16:00:52 2014 UTC
@@ -586,9 +586,6 @@
class FastCloneShallowArrayStub : public HydrogenCodeStub {
public:
- // Maximum length of copied elements array.
- static const int kMaximumInlinedCloneLength = 8;
-
FastCloneShallowArrayStub(Isolate* isolate,
AllocationSiteMode allocation_site_mode)
: HydrogenCodeStub(isolate),
=======================================
--- /branches/bleeding_edge/src/hydrogen.cc Wed May 28 08:06:14 2014 UTC
+++ /branches/bleeding_edge/src/hydrogen.cc Wed May 28 16:00:52 2014 UTC
@@ -2525,8 +2525,7 @@
capacity->IsConstant() &&
HConstant::cast(capacity)->HasInteger32Value()) {
int constant_candidate = HConstant::cast(capacity)->Integer32Value();
- if (constant_candidate <=
- FastCloneShallowArrayStub::kMaximumInlinedCloneLength) {
+ if (constant_candidate <= kElementLoopUnrollThreshold) {
constant_capacity = constant_candidate;
}
}
@@ -2701,6 +2700,12 @@
extra->ClearFlag(HValue::kCanOverflow);
extra = AddUncasted<HAdd>(extra,
Add<HConstant>(FixedArray::kHeaderSize));
extra->ClearFlag(HValue::kCanOverflow);
+ // This function implicitly relies on the fact that the
+ // FastCloneShallowArrayStub is called only for literals shorter than
+ // JSObject::kInitialMaxFastElementArray and therefore the size of the
+ // resulting folded allocation will always be in allowed range.
+ // Can't add HBoundsCheck here because otherwise the stub will eager a
frame.
+
HValue* elements = NULL;
HValue* result = BuildCloneShallowArrayCommon(boilerplate,
allocation_site, extra, &elements, mode);
=======================================
--- /branches/bleeding_edge/src/ia32/full-codegen-ia32.cc Mon May 26
08:13:09 2014 UTC
+++ /branches/bleeding_edge/src/ia32/full-codegen-ia32.cc Wed May 28
16:00:52 2014 UTC
@@ -1739,7 +1739,7 @@
allocation_site_mode = DONT_TRACK_ALLOCATION_SITE;
}
- if (expr->depth() > 1) {
+ if (expr->depth() > 1 || length > JSObject::kInitialMaxFastElementArray)
{
__ mov(ebx, Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
__ push(FieldOperand(ebx, JSFunction::kLiteralsOffset));
__ push(Immediate(Smi::FromInt(expr->literal_index())));
=======================================
--- /branches/bleeding_edge/src/mips/full-codegen-mips.cc Mon May 26
14:40:55 2014 UTC
+++ /branches/bleeding_edge/src/mips/full-codegen-mips.cc Wed May 28
16:00:52 2014 UTC
@@ -1815,7 +1815,7 @@
__ lw(a3, FieldMemOperand(a3, JSFunction::kLiteralsOffset));
__ li(a2, Operand(Smi::FromInt(expr->literal_index())));
__ li(a1, Operand(constant_elements));
- if (expr->depth() > 1) {
+ if (expr->depth() > 1 || length > JSObject::kInitialMaxFastElementArray)
{
__ li(a0, Operand(Smi::FromInt(flags)));
__ Push(a3, a2, a1, a0);
__ CallRuntime(Runtime::kHiddenCreateArrayLiteral, 4);
=======================================
--- /branches/bleeding_edge/src/x64/full-codegen-x64.cc Mon May 26 08:13:09
2014 UTC
+++ /branches/bleeding_edge/src/x64/full-codegen-x64.cc Wed May 28 16:00:52
2014 UTC
@@ -1776,7 +1776,7 @@
allocation_site_mode = DONT_TRACK_ALLOCATION_SITE;
}
- if (expr->depth() > 1) {
+ if (expr->depth() > 1 || length > JSObject::kInitialMaxFastElementArray)
{
__ movp(rbx, Operand(rbp, JavaScriptFrameConstants::kFunctionOffset));
__ Push(FieldOperand(rbx, JSFunction::kLiteralsOffset));
__ Push(Smi::FromInt(expr->literal_index()));
=======================================
--- /branches/bleeding_edge/src/x87/full-codegen-x87.cc Wed May 28 04:56:28
2014 UTC
+++ /branches/bleeding_edge/src/x87/full-codegen-x87.cc Wed May 28 16:00:52
2014 UTC
@@ -1736,7 +1736,7 @@
allocation_site_mode = DONT_TRACK_ALLOCATION_SITE;
}
- if (expr->depth() > 1) {
+ if (expr->depth() > 1 || length > JSObject::kInitialMaxFastElementArray)
{
__ mov(ebx, Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
__ push(FieldOperand(ebx, JSFunction::kLiteralsOffset));
__ push(Immediate(Smi::FromInt(expr->literal_index())));
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
