[crankshaft] Fix Smi overflow in {HMaybeGrowElements}.

[crankshaft] Fix Smi overflow in {HMaybeGrowElements}.

This fixes the case where the index passed to {HMaybeGrowElements} used
to derive the new capacity for the elements backing store does not fit
into Smi range. Such an overflow would fail the capacity check and cause
growing to be skipped. Subsequent keyed stores would potentially go out
of bounds.

R=mvstanton@chromium.org
TEST=mjsunit/regress/regress-crbug-686427
BUG=chromium:686427
Review-Url: https://codereview.chromium.org/2686263002
Cr-Commit-Position: refs/heads/master@{#43101}
Committed: https://chromium.googlesource.com/v8/v8/+/6c12d57eada07ab019f84b2882faee6e2815a7ff

[Michael Starzinger, 2017-02-10 13:38:10]

The CQ bit was checked by mstarzinger@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-02-10 13:38:18]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Michael Starzinger, 2017-02-10 13:39:16]

mstarzinger@chromium.org changed reviewers:
+ jarin@chromium.org

[Michael Starzinger, 2017-02-10 13:39:17]

Michael: PTAL.
Jaro: FYI.

[Jarin, 2017-02-10 13:47:34]

lgtm. Thanks!

[commit-bot: I haz the power, 2017-02-10 14:01:08]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-02-10 14:01:09]

Dry run: This issue passed the CQ dry run.

[mvstanton, 2017-02-10 14:14:30]

LGTM - thanks for delving into that..!
--Michael

[Michael Starzinger, 2017-02-10 14:19:09]

The CQ bit was checked by mstarzinger@chromium.org

[commit-bot: I haz the power, 2017-02-10 14:19:18]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-02-10 14:20:56]

CQ is committing da patch.

Bot data: {"patchset_id": 1, "attempt_start_ts": 1486736349819510, "parent_rev":
"6d1c114c721f319dc19fedd817c536f55d5a9eef", "commit_rev":
"6c12d57eada07ab019f84b2882faee6e2815a7ff"}

[commit-bot: I haz the power, 2017-02-10 14:21:00]

Description was changed from

==========
[crankshaft] Fix Smi overflow in {HMaybeGrowElements}.

This fixes the case where the index passed to {HMaybeGrowElements} used
to derive the new capacity for the elements backing store does not fit
into Smi range. Such an overflow would fail the capacity check and cause
growing to be skipped. Subsequent keyed stores would potentially go out
of bounds.

R=mvstanton@chromium.org
TEST=mjsunit/regress/regress-crbug-686427
BUG=chromium:686427
==========

to

==========
[crankshaft] Fix Smi overflow in {HMaybeGrowElements}.

This fixes the case where the index passed to {HMaybeGrowElements} used
to derive the new capacity for the elements backing store does not fit
into Smi range. Such an overflow would fail the capacity check and cause
growing to be skipped. Subsequent keyed stores would potentially go out
of bounds.

R=mvstanton@chromium.org
TEST=mjsunit/regress/regress-crbug-686427
BUG=chromium:686427

Review-Url: https://codereview.chromium.org/2686263002
Cr-Commit-Position: refs/heads/master@{#43101}
Committed:
https://chromium.googlesource.com/v8/v8/+/6c12d57eada07ab019f84b2882faee6e281...
==========

[commit-bot: I haz the power, 2017-02-10 14:21:01]

Committed patchset #1 (id:1) as
https://chromium.googlesource.com/v8/v8/+/6c12d57eada07ab019f84b2882faee6e281...