| Index: src/hydrogen.cc
|
| diff --git a/src/hydrogen.cc b/src/hydrogen.cc
|
| index 7c8c0560664056249ddfce0ef1cbd918b8de8fbe..9c782f2967bc143464ea2760a1ae9897cd1da296 100644
|
| --- a/src/hydrogen.cc
|
| +++ b/src/hydrogen.cc
|
| @@ -1535,12 +1535,14 @@ HValue* HGraphBuilder::BuildRegExpConstructResult(HValue* length,
|
|
|
| // Compute the size of the RegExpResult followed by FixedArray with length.
|
| HValue* size = length;
|
| - size = AddUncasted<HShl>(size, Add<HConstant>(kPointerSizeLog2));
|
| - size = AddUncasted<HAdd>(size, Add<HConstant>(static_cast<int32_t>(
|
| - JSRegExpResult::kSize + FixedArray::kHeaderSize)));
|
| + // Make sure size does not exceed max regular heap object size.
|
| + const int kHeaderSize = JSRegExpResult::kSize + FixedArray::kHeaderSize;
|
| + const int kMaxLength =
|
| + (Page::kMaxRegularHeapObjectSize - kHeaderSize) >> kPointerSizeLog2;
|
| + Add<HBoundsCheck>(size, Add<HConstant>(kMaxLength));
|
|
|
| - // Make sure size does not exceeds max regular heap object size.
|
| - Add<HBoundsCheck>(size, Add<HConstant>(Page::kMaxRegularHeapObjectSize));
|
| + size = AddUncasted<HShl>(size, Add<HConstant>(kPointerSizeLog2));
|
| + size = AddUncasted<HAdd>(size, Add<HConstant>(kHeaderSize));
|
|
|
| // Allocate the JSRegExpResult and the FixedArray in one step.
|
| HValue* result = Add<HAllocate>(
|
|
|
Chromium Code Reviews
Issue 286203010:
Harden builtins BuildResultFromMatchInfo and URIDecodeOctets (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge