Chromium Code Reviews Chromium Code Reviews
Issue 1086873003:
Array() in optimized code can create with wrong ElementsKind in corner cases. (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 // | 4 // |
| 5 // Review notes: | 5 // Review notes: |
| 6 // | 6 // |
| 7 // - The use of macros in these inline functions may seem superfluous | 7 // - The use of macros in these inline functions may seem superfluous |
| 8 // but it is absolutely needed to make sure gcc generates optimal | 8 // but it is absolutely needed to make sure gcc generates optimal |
| 9 // code. gcc is not happy when attempting to inline too deep. | 9 // code. gcc is not happy when attempting to inline too deep. |
| 10 // | 10 // |
| (...skipping 7183 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 7194 } | 7194 } |
| 7195 } | 7195 } |
| 7196 | 7196 |
| 7197 | 7197 |
| 7198 void JSArray::set_length(Smi* length) { | 7198 void JSArray::set_length(Smi* length) { |
| 7199 // Don't need a write barrier for a Smi. | 7199 // Don't need a write barrier for a Smi. |
| 7200 set_length(static_cast<Object*>(length), SKIP_WRITE_BARRIER); | 7200 set_length(static_cast<Object*>(length), SKIP_WRITE_BARRIER); |
| 7201 } | 7201 } |
| 7202 | 7202 |
| 7203 | 7203 |
| 7204 bool JSArray::SetElementsLengthWouldNormalize( | |
| 7205 Heap* heap, Handle<Object> new_length_handle) { | |
| 7206 // If the new array won't fit in a some non-trivial fraction of the max old | |
| 7207 // space size, then force it to go dictionary mode. | |
| 7208 int max_fast_array_size = | |
| 7209 static_cast<int>((heap->MaxOldGenerationSize() / kDoubleSize) / 4); | |
| 7210 if (new_length_handle->IsNumber() && | |
|
Toon Verwaest
2015/04/15 12:56:23
return new_length_handle->IsNumber() && NumberToIn
mvstanton
2015/04/15 14:10:34
Done.
| |
| 7211 NumberToInt32(*new_length_handle) >= max_fast_array_size) { | |
| 7212 return true; | |
| 7213 } | |
| 7214 return false; | |
| 7215 } | |
| 7216 | |
| 7217 | |
| 7204 bool JSArray::AllowsSetElementsLength() { | 7218 bool JSArray::AllowsSetElementsLength() { |
| 7205 bool result = elements()->IsFixedArray() || elements()->IsFixedDoubleArray(); | 7219 bool result = elements()->IsFixedArray() || elements()->IsFixedDoubleArray(); |
| 7206 DCHECK(result == !HasExternalArrayElements()); | 7220 DCHECK(result == !HasExternalArrayElements()); |
| 7207 return result; | 7221 return result; |
| 7208 } | 7222 } |
| 7209 | 7223 |
| 7210 | 7224 |
| 7211 void JSArray::SetContent(Handle<JSArray> array, | 7225 void JSArray::SetContent(Handle<JSArray> array, |
| 7212 Handle<FixedArrayBase> storage) { | 7226 Handle<FixedArrayBase> storage) { |
| 7213 EnsureCanContainElements(array, storage, storage->length(), | 7227 EnsureCanContainElements(array, storage, storage->length(), |
| (...skipping 317 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 7531 #undef READ_SHORT_FIELD | 7545 #undef READ_SHORT_FIELD |
| 7532 #undef WRITE_SHORT_FIELD | 7546 #undef WRITE_SHORT_FIELD |
| 7533 #undef READ_BYTE_FIELD | 7547 #undef READ_BYTE_FIELD |
| 7534 #undef WRITE_BYTE_FIELD | 7548 #undef WRITE_BYTE_FIELD |
| 7535 #undef NOBARRIER_READ_BYTE_FIELD | 7549 #undef NOBARRIER_READ_BYTE_FIELD |
| 7536 #undef NOBARRIER_WRITE_BYTE_FIELD | 7550 #undef NOBARRIER_WRITE_BYTE_FIELD |
| 7537 | 7551 |
| 7538 } } // namespace v8::internal | 7552 } } // namespace v8::internal |
| 7539 | 7553 |
| 7540 #endif // V8_OBJECTS_INL_H_ | 7554 #endif // V8_OBJECTS_INL_H_ |
| OLD | NEW |
