Index: src/runtime.cc |
diff --git a/src/runtime.cc b/src/runtime.cc |
index b97af64f838b6c2386c4b90b914bf82f0b0a2fdf..15e1adaf0e4d400d3296186576c67e0950cc3953 100644 |
--- a/src/runtime.cc |
+++ b/src/runtime.cc |
@@ -10034,7 +10034,7 @@ class ArrayConcatVisitor { |
// getters on the arrays increasing the length of later arrays |
// during iteration. |
// This shouldn't happen in anything but pathological cases. |
- SetDictionaryMode(index); |
+ SetDictionaryMode(); |
// Fall-through to dictionary mode. |
} |
ASSERT(!fast_elements_); |
@@ -10055,6 +10055,14 @@ class ArrayConcatVisitor { |
} else { |
index_offset_ += delta; |
} |
+ // If the initial length estimate was off (see special case in visit()), |
+ // but the array blowing the limit didn't contain elements beyond the |
+ // provided-for index range, go to dictionary mode now. |
+ if (fast_elements_ && |
+ index_offset_ >= static_cast<uint32_t>( |
+ FixedArrayBase::cast(*storage_)->length())) { |
+ SetDictionaryMode(); |
+ } |
} |
bool exceeds_array_limit() { |
@@ -10076,7 +10084,7 @@ class ArrayConcatVisitor { |
private: |
// Convert storage to dictionary mode. |
- void SetDictionaryMode(uint32_t index) { |
+ void SetDictionaryMode() { |
ASSERT(fast_elements_); |
Handle<FixedArray> current_storage(*storage_); |
Handle<SeededNumberDictionary> slow_storage( |