Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(985)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/objects.cc

Issue 6469006: Bailout from PrepareSlowElementsForSort when hiting a key outside of smi-rang... (Closed) Base URL: http://v8.googlecode.com/svn/branches/bleeding_edge/
Patch Set: Created 9 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | test/mjsunit/regress/regress-1131.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2010 the V8 project authors. All rights reserved. 1 // Copyright 2010 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 8547 matching lines...) Expand 10 before | Expand all | Expand 10 after
8558 return Smi::FromInt(-1); 8558 return Smi::FromInt(-1);
8559 } 8559 }
8560 uint32_t key = NumberToUint32(k); 8560 uint32_t key = NumberToUint32(k);
8561 // In the following we assert that adding the entry to the new dictionary 8561 // In the following we assert that adding the entry to the new dictionary
8562 // does not cause GC. This is the case because we made sure to allocate 8562 // does not cause GC. This is the case because we made sure to allocate
8563 // the dictionary big enough above, so it need not grow. 8563 // the dictionary big enough above, so it need not grow.
8564 if (key < limit) { 8564 if (key < limit) {
8565 if (value->IsUndefined()) { 8565 if (value->IsUndefined()) {
8566 undefs++; 8566 undefs++;
8567 } else { 8567 } else {
8568 if (pos > static_cast<uint32_t>(Smi::kMaxValue)) {
8569 // Adding an entry with the key beyond smi-range requires
8570 // allocation. Bailout.
8571 return Smi::FromInt(-1);
8572 }
8568 new_dict->AddNumberEntry(pos, value, details)->ToObjectUnchecked(); 8573 new_dict->AddNumberEntry(pos, value, details)->ToObjectUnchecked();
8569 pos++; 8574 pos++;
8570 } 8575 }
8571 } else { 8576 } else {
8577 if (key > static_cast<uint32_t>(Smi::kMaxValue)) {
8578 // Adding an entry with the key beyond smi-range requires
8579 // allocation. Bailout.
8580 return Smi::FromInt(-1);
8581 }
8572 new_dict->AddNumberEntry(key, value, details)->ToObjectUnchecked(); 8582 new_dict->AddNumberEntry(key, value, details)->ToObjectUnchecked();
8573 } 8583 }
8574 } 8584 }
8575 } 8585 }
8576 8586
8577 uint32_t result = pos; 8587 uint32_t result = pos;
8578 PropertyDetails no_details = PropertyDetails(NONE, NORMAL); 8588 PropertyDetails no_details = PropertyDetails(NONE, NORMAL);
8579 while (undefs > 0) { 8589 while (undefs > 0) {
8590 if (pos > static_cast<uint32_t>(Smi::kMaxValue)) {
8591 // Adding an entry with the key beyond smi-range requires
8592 // allocation. Bailout.
8593 return Smi::FromInt(-1);
8594 }
8580 new_dict->AddNumberEntry(pos, Heap::undefined_value(), no_details)-> 8595 new_dict->AddNumberEntry(pos, Heap::undefined_value(), no_details)->
8581 ToObjectUnchecked(); 8596 ToObjectUnchecked();
8582 pos++; 8597 pos++;
8583 undefs--; 8598 undefs--;
8584 } 8599 }
8585 8600
8586 set_elements(new_dict); 8601 set_elements(new_dict);
8587 8602
8588 if (result <= static_cast<uint32_t>(Smi::kMaxValue)) { 8603 if (result <= static_cast<uint32_t>(Smi::kMaxValue)) {
8589 return Smi::FromInt(static_cast<int>(result)); 8604 return Smi::FromInt(static_cast<int>(result));
(...skipping 1323 matching lines...) Expand 10 before | Expand all | Expand 10 after
9913 if (break_point_objects()->IsUndefined()) return 0; 9928 if (break_point_objects()->IsUndefined()) return 0;
9914 // Single beak point. 9929 // Single beak point.
9915 if (!break_point_objects()->IsFixedArray()) return 1; 9930 if (!break_point_objects()->IsFixedArray()) return 1;
9916 // Multiple break points. 9931 // Multiple break points.
9917 return FixedArray::cast(break_point_objects())->length(); 9932 return FixedArray::cast(break_point_objects())->length();
9918 } 9933 }
9919 #endif 9934 #endif
9920 9935
9921 9936
9922 } } // namespace v8::internal 9937 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « no previous file | test/mjsunit/regress/regress-1131.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698