Issue 2570843002: Fix usage of literal cloning for large double arrays.

Issue 2570843002: Fix usage of literal cloning for large double arrays. (Closed)

Created:
4 years ago by Michael Starzinger

Modified:
4 years ago

Reviewers:
Benedikt Meurer, Camillo Bruni, rmcilroy

CC:
rmcilroy, v8-reviews_googlegroups.com

Target Ref:
refs/pending/heads/master

Project:
v8

Visibility:
Public.

More Reviews

Description

Fix usage of literal cloning for large double arrays. This fixes a corner case where the {FastCloneShallowArrayStub} was used for literals that are backed by a double backing store and would exceed limits for new-space allocations on 32-bit architectures. The stub in question does not support such literals, callers must use the runtime. Note that this fix is for Ignition as well as FullCodeGenerator. R=rmcilroy@chromium.org TEST=mjsunit/regress/regress-crbug-672792 BUG=chromium:672792 Review-Url: https://codereview.chromium.org/2570843002 Cr-Commit-Position: refs/heads/master@{#41713} Committed: https://chromium.googlesource.com/v8/v8/+/6c620e531268ca6dcdb858a75cc75c68e6b2a44b

Patch Set 1 #

Patch Set 2 : Extend to optimizing compilers. #

Patch Set 3 : Add missing flag. #

Total comments: 2

Patch Set 4 : Addressed comments. #

Created: 4 years ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+57 lines, -28 lines)			Patch
M	src/ast/ast.h	View	1 2 3	2 chunks	+6 lines, -0 lines	0 comments	Download
M	src/ast/ast.cc	View	1 2 3	2 chunks	+13 lines, -0 lines	0 comments	Download
M	src/code-stubs.h	View	1 2 3	3 chunks	+5 lines, -2 lines	0 comments	Download
M	src/code-stubs.cc	View	1 2 3	1 chunk	+0 lines, -9 lines	0 comments	Download
M	src/compiler/js-create-lowering.cc	View	1	1 chunk	+3 lines, -1 line	0 comments	Download
M	src/compiler/js-generic-lowering.cc	View		1 chunk	+3 lines, -3 lines	0 comments	Download
M	src/crankshaft/hydrogen.cc	View	1	1 chunk	+3 lines, -1 line	0 comments	Download
M	src/full-codegen/full-codegen.cc	View	1 2 3	1 chunk	+2 lines, -4 lines	0 comments	Download
M	src/interpreter/bytecode-generator.cc	View	1 2 3	2 chunks	+4 lines, -8 lines	0 comments	Download
A	test/mjsunit/regress/regress-crbug-672792.js	View	1 2	1 chunk	+18 lines, -0 lines	0 comments	Download

Messages

Total messages: 29 (20 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

Michael Starzinger

Ross: PTAL at interpreter (and full-codegen) changes. Camillo: PTAL at code stub interface changes.

4 years ago (2016-12-13 13:26:17 UTC) #4

Michael Starzinger

Benedikt: I extended the test coverage and the fix to the optimizing compilers. PTAL at ...

4 years ago (2016-12-13 14:49:37 UTC) #10

Camillo Bruni

LGTM with comment https://codereview.chromium.org/2570843002/diff/40001/src/code-stubs.cc File src/code-stubs.cc (right): https://codereview.chromium.org/2570843002/diff/40001/src/code-stubs.cc#newcode2730 src/code-stubs.cc:2730: expr->values()->length() <= kMaximumClonedElements; How about putting ...

4 years ago (2016-12-14 10:59:08 UTC) #17

Michael Starzinger

Thanks! Comments addressed. Will land soonish. https://codereview.chromium.org/2570843002/diff/40001/src/code-stubs.cc File src/code-stubs.cc (right): https://codereview.chromium.org/2570843002/diff/40001/src/code-stubs.cc#newcode2730 src/code-stubs.cc:2730: expr->values()->length() <= kMaximumClonedElements; ...

4 years ago (2016-12-14 14:01:03 UTC) #18

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2570843002/60001

4 years ago (2016-12-15 09:45:53 UTC) #26

commit-bot: I haz the power

4 years ago (2016-12-15 10:29:55 UTC) #29

Message was sent while issue was closed.

Committed patchset #4 (id:60001) as
https://chromium.googlesource.com/v8/v8/+/6c620e531268ca6dcdb858a75cc75c68e6b...

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages