Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(54)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/code-stubs.cc

Issue 2122943002: Abort if we ever allocate a non-0-sized packed array (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « src/code-stub-assembler.cc ('k') | test/cctest/interpreter/bytecode_expectations/Generators.golden » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/code-stubs.cc
diff --git a/src/code-stubs.cc b/src/code-stubs.cc
index 75278449ab0c0dfe34b5506d9ce899c060294959..f11aeaae60815737cc0ea42f05796f58acb8e5ad 100644
--- a/src/code-stubs.cc
+++ b/src/code-stubs.cc
@@ -4759,16 +4759,31 @@ void SingleArgumentConstructorCommon(CodeStubAssembler* assembler,
assembler->Branch(assembler->WordIsSmi(size), &smi_size, &call_runtime);
assembler->Bind(&smi_size);
- int element_size =
- IsFastDoubleElementsKind(elements_kind) ? kDoubleSize : kPointerSize;
- int max_fast_elements =
- (Page::kMaxRegularHeapObjectSize - FixedArray::kHeaderSize -
- JSArray::kSize - AllocationMemento::kSize) /
- element_size;
- assembler->Branch(
- assembler->SmiAboveOrEqual(
- size, assembler->SmiConstant(Smi::FromInt(max_fast_elements))),
- &call_runtime, &small_smi_size);
+
+ if (IsFastPackedElementsKind(elements_kind)) {
+ Label abort(assembler, Label::kDeferred);
+ assembler->Branch(
+ assembler->SmiEqual(size, assembler->SmiConstant(Smi::FromInt(0))),
+ &small_smi_size, &abort);
+
+ assembler->Bind(&abort);
+ Node* reason =
+ assembler->SmiConstant(Smi::FromInt(kAllocatingNonEmptyPackedArray));
+ Node* context = assembler->Parameter(
+ ArraySingleArgumentConstructorDescriptor::kContextIndex);
+ assembler->TailCallRuntime(Runtime::kAbort, context, reason);
+ } else {
+ int element_size =
+ IsFastDoubleElementsKind(elements_kind) ? kDoubleSize : kPointerSize;
+ int max_fast_elements =
+ (Page::kMaxRegularHeapObjectSize - FixedArray::kHeaderSize -
+ JSArray::kSize - AllocationMemento::kSize) /
+ element_size;
+ assembler->Branch(
+ assembler->SmiAboveOrEqual(
+ size, assembler->SmiConstant(Smi::FromInt(max_fast_elements))),
+ &call_runtime, &small_smi_size);
+ }
assembler->Bind(&small_smi_size);
{
« no previous file with comments | « src/code-stub-assembler.cc ('k') | test/cctest/interpreter/bytecode_expectations/Generators.golden » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698