Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(61)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/objects.cc

Issue 1086873003: Array() in optimized code can create with wrong ElementsKind in corner cases. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Address comments and test failure. Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/objects.h ('k') | src/objects-inl.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 the V8 project authors. All rights reserved. 1 // Copyright 2013 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <iomanip> 5 #include <iomanip>
6 #include <sstream> 6 #include <sstream>
7 7
8 #include "src/v8.h" 8 #include "src/v8.h"
9 9
10 #include "src/accessors.h" 10 #include "src/accessors.h"
(...skipping 11918 matching lines...) Expand 10 before | Expand all | Expand 10 after
11929 11929
11930 return Execution::Call( 11930 return Execution::Call(
11931 isolate, Handle<JSFunction>(isolate->observers_end_perform_splice()), 11931 isolate, Handle<JSFunction>(isolate->observers_end_perform_splice()),
11932 isolate->factory()->undefined_value(), arraysize(args), args); 11932 isolate->factory()->undefined_value(), arraysize(args), args);
11933 } 11933 }
11934 11934
11935 11935
11936 MaybeHandle<Object> JSArray::SetElementsLength( 11936 MaybeHandle<Object> JSArray::SetElementsLength(
11937 Handle<JSArray> array, 11937 Handle<JSArray> array,
11938 Handle<Object> new_length_handle) { 11938 Handle<Object> new_length_handle) {
11939 if (array->HasFastElements()) { 11939 if (array->HasFastElements() &&
11940 // If the new array won't fit in a some non-trivial fraction of the max old 11940 SetElementsLengthWouldNormalize(array->GetHeap(), new_length_handle)) {
11941 // space size, then force it to go dictionary mode. 11941 NormalizeElements(array);
11942 int max_fast_array_size = static_cast<int>(
11943 (array->GetHeap()->MaxOldGenerationSize() / kDoubleSize) / 4);
11944 if (new_length_handle->IsNumber() &&
11945 NumberToInt32(*new_length_handle) >= max_fast_array_size) {
11946 NormalizeElements(array);
11947 }
11948 } 11942 }
11949 11943
11950 // We should never end in here with a pixel or external array. 11944 // We should never end in here with a pixel or external array.
11951 DCHECK(array->AllowsSetElementsLength()); 11945 DCHECK(array->AllowsSetElementsLength());
11952 if (!array->map()->is_observed()) { 11946 if (!array->map()->is_observed()) {
11953 return array->GetElementsAccessor()->SetLength(array, new_length_handle); 11947 return array->GetElementsAccessor()->SetLength(array, new_length_handle);
11954 } 11948 }
11955 11949
11956 Isolate* isolate = array->GetIsolate(); 11950 Isolate* isolate = array->GetIsolate();
11957 List<uint32_t> indices; 11951 List<uint32_t> indices;
(...skipping 5093 matching lines...) Expand 10 before | Expand all | Expand 10 after
17051 CompilationInfo* info) { 17045 CompilationInfo* info) {
17052 Handle<DependentCode> codes = DependentCode::InsertCompilationInfo( 17046 Handle<DependentCode> codes = DependentCode::InsertCompilationInfo(
17053 handle(cell->dependent_code(), info->isolate()), 17047 handle(cell->dependent_code(), info->isolate()),
17054 DependentCode::kPropertyCellChangedGroup, info->object_wrapper()); 17048 DependentCode::kPropertyCellChangedGroup, info->object_wrapper());
17055 if (*codes != cell->dependent_code()) cell->set_dependent_code(*codes); 17049 if (*codes != cell->dependent_code()) cell->set_dependent_code(*codes);
17056 info->dependencies(DependentCode::kPropertyCellChangedGroup)->Add( 17050 info->dependencies(DependentCode::kPropertyCellChangedGroup)->Add(
17057 cell, info->zone()); 17051 cell, info->zone());
17058 } 17052 }
17059 17053
17060 } } // namespace v8::internal 17054 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « src/objects.h ('k') | src/objects-inl.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698