Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(29)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/code-stub-assembler.cc

Issue 2122943002: Abort if we ever allocate a non-0-sized packed array (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/bailout-reason.h ('k') | src/code-stubs.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 the V8 project authors. All rights reserved. 1 // Copyright 2016 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/code-stub-assembler.h" 5 #include "src/code-stub-assembler.h"
6 #include "src/code-factory.h" 6 #include "src/code-factory.h"
7 #include "src/frames-inl.h" 7 #include "src/frames-inl.h"
8 #include "src/frames.h" 8 #include "src/frames.h"
9 #include "src/ic/stub-cache.h" 9 #include "src/ic/stub-cache.h"
10 10
(...skipping 816 matching lines...) Expand 10 before | Expand all | Expand 10 after
827 827
828 int32_t capacity; 828 int32_t capacity;
829 bool constant_capacity = ToInt32Constant(capacity_node, capacity); 829 bool constant_capacity = ToInt32Constant(capacity_node, capacity);
830 Node* total_size = 830 Node* total_size =
831 ElementOffsetFromIndex(capacity_node, kind, mode, base_size); 831 ElementOffsetFromIndex(capacity_node, kind, mode, base_size);
832 832
833 // Allocate both array and elements object, and initialize the JSArray. 833 // Allocate both array and elements object, and initialize the JSArray.
834 Heap* heap = isolate()->heap(); 834 Heap* heap = isolate()->heap();
835 Node* array = Allocate(total_size); 835 Node* array = Allocate(total_size);
836 StoreMapNoWriteBarrier(array, array_map); 836 StoreMapNoWriteBarrier(array, array_map);
837 Node* empty_properties = 837 Node* empty_properties = LoadRoot(Heap::kEmptyFixedArrayRootIndex);
838 HeapConstant(Handle<HeapObject>(heap->empty_fixed_array()));
839 StoreObjectFieldNoWriteBarrier(array, JSArray::kPropertiesOffset, 838 StoreObjectFieldNoWriteBarrier(array, JSArray::kPropertiesOffset,
840 empty_properties); 839 empty_properties);
841 StoreObjectFieldNoWriteBarrier( 840 StoreObjectFieldNoWriteBarrier(
842 array, JSArray::kLengthOffset, 841 array, JSArray::kLengthOffset,
843 mode == SMI_PARAMETERS ? length_node : SmiTag(length_node)); 842 mode == SMI_PARAMETERS ? length_node : SmiTag(length_node));
844 843
845 if (allocation_site != nullptr) { 844 if (allocation_site != nullptr) {
846 InitializeAllocationMemento(array, JSArray::kSize, allocation_site); 845 InitializeAllocationMemento(array, JSArray::kSize, allocation_site);
847 } 846 }
848 847
(...skipping 2006 matching lines...) Expand 10 before | Expand all | Expand 10 after
2855 } 2854 }
2856 Bind(&miss); 2855 Bind(&miss);
2857 { 2856 {
2858 TailCallRuntime(Runtime::kLoadGlobalIC_Miss, p->context, p->slot, 2857 TailCallRuntime(Runtime::kLoadGlobalIC_Miss, p->context, p->slot,
2859 p->vector); 2858 p->vector);
2860 } 2859 }
2861 } 2860 }
2862 2861
2863 } // namespace internal 2862 } // namespace internal
2864 } // namespace v8 2863 } // namespace v8
OLDNEW
« no previous file with comments | « src/bailout-reason.h ('k') | src/code-stubs.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698