Fix arguments object stubs for large arrays.

src/ia32/code-stubs-ia32.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #if V8_TARGET_ARCH_IA32
 
 #include "src/code-stubs.h"
 #include "src/api-arguments.h"
 #include "src/base/bits.h"
 #include "src/bootstrapper.h"
@@ skipping 4766 matching lines @@
     __ LoadGlobalFunction(Context::JS_ARRAY_FAST_ELEMENTS_MAP_INDEX, ecx);
     __ mov(FieldOperand(edi, JSArray::kMapOffset), ecx);
     __ mov(FieldOperand(edi, JSArray::kPropertiesOffset),
            isolate()->factory()->empty_fixed_array());
     __ mov(FieldOperand(edi, JSArray::kElementsOffset), edx);
     __ mov(FieldOperand(edi, JSArray::kLengthOffset), eax);
     STATIC_ASSERT(JSArray::kSize == 4 * kPointerSize);
     __ mov(eax, edi);
     __ Ret();
 
-    // Fall back to %AllocateInNewSpace.
+    // Fall back to %AllocateInNewSpace (if not too big).
+    Label too_big_for_new_space;
     __ bind(&allocate);
+    __ cmp(ecx, Immediate(Page::kMaxRegularHeapObjectSize));
+    __ j(greater, &too_big_for_new_space);
     {
       FrameScope scope(masm, StackFrame::INTERNAL);
       __ SmiTag(ecx);
       __ Push(eax);
       __ Push(ebx);
       __ Push(ecx);
       __ CallRuntime(Runtime::kAllocateInNewSpace);
       __ mov(edx, eax);
       __ Pop(ebx);
       __ Pop(eax);
     }
     __ jmp(&done_allocate);
+
+    // Fall back to %NewRestParameter.
+    __ bind(&too_big_for_new_space);
+    __ PopReturnAddressTo(ecx);
+    // We reload the function from the caller frame due to register pressure
+    // within this stub. This is the slow path, hence reloading is preferable.
+    if (skip_stub_frame()) {
+      // For Ignition we need to skip the handler/stub frame to reach the
+      // JavaScript frame for the function.
+      __ mov(edx, Operand(ebp, StandardFrameConstants::kCallerFPOffset));
+      __ Push(Operand(edx, StandardFrameConstants::kFunctionOffset));
+    } else {
+      __ Push(Operand(ebp, StandardFrameConstants::kFunctionOffset));
+    }
+    __ PushReturnAddressFrom(ecx);
+    __ TailCallRuntime(Runtime::kNewRestParameter);
   }
 }
 
 
 void FastNewSloppyArgumentsStub::Generate(MacroAssembler* masm) {
   // ----------- S t a t e -------------
   //  -- edi    : function
   //  -- esi    : context
   //  -- ebp    : frame pointer
   //  -- esp[0] : return address
@@ skipping 336 matching lines @@
   __ LoadGlobalFunction(Context::STRICT_ARGUMENTS_MAP_INDEX, ecx);
   __ mov(FieldOperand(edi, JSStrictArgumentsObject::kMapOffset), ecx);
   __ mov(FieldOperand(edi, JSStrictArgumentsObject::kPropertiesOffset),
          isolate()->factory()->empty_fixed_array());
   __ mov(FieldOperand(edi, JSStrictArgumentsObject::kElementsOffset), edx);
   __ mov(FieldOperand(edi, JSStrictArgumentsObject::kLengthOffset), eax);
   STATIC_ASSERT(JSStrictArgumentsObject::kSize == 4 * kPointerSize);
   __ mov(eax, edi);
   __ Ret();
 
-  // Fall back to %AllocateInNewSpace.
+  // Fall back to %AllocateInNewSpace (if not too big).
+  Label too_big_for_new_space;
   __ bind(&allocate);
+  __ cmp(ecx, Immediate(Page::kMaxRegularHeapObjectSize));
+  __ j(greater, &too_big_for_new_space);
   {
     FrameScope scope(masm, StackFrame::INTERNAL);
     __ SmiTag(ecx);
     __ Push(eax);
     __ Push(ebx);
     __ Push(ecx);
     __ CallRuntime(Runtime::kAllocateInNewSpace);
     __ mov(edx, eax);
     __ Pop(ebx);
     __ Pop(eax);
   }
   __ jmp(&done_allocate);
+
+  // Fall back to %NewStrictArguments.
+  __ bind(&too_big_for_new_space);
+  __ PopReturnAddressTo(ecx);
+  // We reload the function from the caller frame due to register pressure
+  // within this stub. This is the slow path, hence reloading is preferable.
+  if (skip_stub_frame()) {
+    // For Ignition we need to skip the handler/stub frame to reach the
+    // JavaScript frame for the function.
+    __ mov(edx, Operand(ebp, StandardFrameConstants::kCallerFPOffset));
+    __ Push(Operand(edx, StandardFrameConstants::kFunctionOffset));
+  } else {
+    __ Push(Operand(ebp, StandardFrameConstants::kFunctionOffset));
+  }
+  __ PushReturnAddressFrom(ecx);
+  __ TailCallRuntime(Runtime::kNewStrictArguments);
 }
 
 
 void LoadGlobalViaContextStub::Generate(MacroAssembler* masm) {
   Register context_reg = esi;
   Register slot_reg = ebx;
   Register result_reg = eax;
   Label slow_case;
 
   // Go up context chain to the script context.
@@ skipping 521 matching lines @@
                            kStackUnwindSpace, nullptr, return_value_operand,
                            NULL);
 }
 
 #undef __
 
 }  // namespace internal
 }  // namespace v8
 
 #endif  // V8_TARGET_ARCH_IA32