| Index: src/crankshaft/hydrogen.cc
|
| diff --git a/src/crankshaft/hydrogen.cc b/src/crankshaft/hydrogen.cc
|
| index e5332a2f5d1a961c6a9eb69da3b29d6390bd22d0..f1521c8d9169f552336e2f0f9762f2b997b76aa4 100644
|
| --- a/src/crankshaft/hydrogen.cc
|
| +++ b/src/crankshaft/hydrogen.cc
|
| @@ -2368,7 +2368,7 @@ HValue* HGraphBuilder::BuildAddStringLengths(HValue* left_length,
|
| HValue* length = AddUncasted<HAdd>(left_length, right_length);
|
| // Check that length <= kMaxLength <=> length < MaxLength + 1.
|
| HValue* max_length = Add<HConstant>(String::kMaxLength + 1);
|
| - if (top_info()->IsStub()) {
|
| + if (top_info()->IsStub() || !isolate()->IsStringLengthOverflowIntact()) {
|
| // This is a mitigation for crbug.com/627934; the real fix
|
| // will be to migrate the StringAddStub to TurboFan one day.
|
| IfBuilder if_invalid(this);
|
| @@ -2380,6 +2380,7 @@ HValue* HGraphBuilder::BuildAddStringLengths(HValue* left_length,
|
| }
|
| if_invalid.End();
|
| } else {
|
| + graph()->MarkDependsOnStringLengthOverflow();
|
| Add<HBoundsCheck>(length, max_length);
|
| }
|
| return length;
|
| @@ -3570,6 +3571,7 @@ HGraph::HGraph(CompilationInfo* info, CallInterfaceDescriptor descriptor)
|
| allow_code_motion_(false),
|
| use_optimistic_licm_(false),
|
| depends_on_empty_array_proto_elements_(false),
|
| + depends_on_string_length_overflow_(false),
|
| type_change_checksum_(0),
|
| maximum_environment_size_(0),
|
| no_side_effects_scope_count_(0),
|
|
|
Chromium Code Reviews
Issue 2348293002:
[crankshaft] Protect against deopt loops from string length overflows. (Closed)
