Chromium Code Reviews Chromium Code Reviews
Issue 23441080:
Correct large packed array length limitation (Closed)
Base URL: git://github.com/v8/v8.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Redistribution and use in source and binary forms, with or without | 2 // Redistribution and use in source and binary forms, with or without |
| 3 // modification, are permitted provided that the following conditions are | 3 // modification, are permitted provided that the following conditions are |
| 4 // met: | 4 // met: |
| 5 // | 5 // |
| 6 // * Redistributions of source code must retain the above copyright | 6 // * Redistributions of source code must retain the above copyright |
| 7 // notice, this list of conditions and the following disclaimer. | 7 // notice, this list of conditions and the following disclaimer. |
| 8 // * Redistributions in binary form must reproduce the above | 8 // * Redistributions in binary form must reproduce the above |
| 9 // copyright notice, this list of conditions and the following | 9 // copyright notice, this list of conditions and the following |
| 10 // disclaimer in the documentation and/or other materials provided | 10 // disclaimer in the documentation and/or other materials provided |
| (...skipping 643 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 654 HInstruction* elements = Add<HArgumentsElements>(false); | 654 HInstruction* elements = Add<HArgumentsElements>(false); |
| 655 HInstruction* argument = AddInstruction( | 655 HInstruction* argument = AddInstruction( |
| 656 new(zone()) HAccessArgumentsAt(elements, constant_one, constant_zero)); | 656 new(zone()) HAccessArgumentsAt(elements, constant_one, constant_zero)); |
| 657 | 657 |
| 658 HConstant* max_alloc_length = | 658 HConstant* max_alloc_length = |
| 659 Add<HConstant>(JSObject::kInitialMaxFastElementArray); | 659 Add<HConstant>(JSObject::kInitialMaxFastElementArray); |
| 660 const int initial_capacity = JSArray::kPreallocatedArrayElements; | 660 const int initial_capacity = JSArray::kPreallocatedArrayElements; |
| 661 HConstant* initial_capacity_node = New<HConstant>(initial_capacity); | 661 HConstant* initial_capacity_node = New<HConstant>(initial_capacity); |
| 662 AddInstruction(initial_capacity_node); | 662 AddInstruction(initial_capacity_node); |
| 663 | 663 |
| 664 HInstruction* checked_arg = Add<HBoundsCheck>(argument, max_alloc_length); | 664 HInstruction* checked_arg = Add<HBoundsCheck>(argument, max_alloc_length + 1); |
|
Jakob Kummerow
2013/09/23 16:53:30
No way!
| |
| 665 IfBuilder if_builder(this); | 665 IfBuilder if_builder(this); |
| 666 if_builder.If<HCompareNumericAndBranch>(checked_arg, constant_zero, | 666 if_builder.If<HCompareNumericAndBranch>(checked_arg, constant_zero, |
| 667 Token::EQ); | 667 Token::EQ); |
| 668 if_builder.Then(); | 668 if_builder.Then(); |
| 669 Push(initial_capacity_node); // capacity | 669 Push(initial_capacity_node); // capacity |
| 670 Push(constant_zero); // length | 670 Push(constant_zero); // length |
| 671 if_builder.Else(); | 671 if_builder.Else(); |
| 672 Push(checked_arg); // capacity | 672 Push(checked_arg); // capacity |
| 673 Push(checked_arg); // length | 673 Push(checked_arg); // length |
| 674 if_builder.End(); | 674 if_builder.End(); |
| (...skipping 434 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1109 return js_function; | 1109 return js_function; |
| 1110 } | 1110 } |
| 1111 | 1111 |
| 1112 | 1112 |
| 1113 Handle<Code> FastNewClosureStub::GenerateCode(Isolate* isolate) { | 1113 Handle<Code> FastNewClosureStub::GenerateCode(Isolate* isolate) { |
| 1114 return DoGenerateCode(isolate, this); | 1114 return DoGenerateCode(isolate, this); |
| 1115 } | 1115 } |
| 1116 | 1116 |
| 1117 | 1117 |
| 1118 } } // namespace v8::internal | 1118 } } // namespace v8::internal |
| OLD | NEW |
