[builtins] Fix folded allocation in AsyncFunctionEnter

A folded allocation must fit into a regular (= non-large-object) heap space. This CL changes AsyncFunctionEnter to allocate the variable-sized fixed array separately from the folded JSPromise and JSAsyncFunctionObject. Bug: v8:9398 Change-Id: I9f3642e0bf060f7b61a42d6f490adbbb6d753ac6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1684000 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#62476}
2019-07-01 16:31:01 +02:00 · 2019-07-01 16:31:01 +02:00 · 131b7ecdb3
commit 131b7ecdb3
parent df54d51148
1 changed files with 9 additions and 17 deletions
--- a/src/builtins/builtins-async-function-gen.cc
+++ b/src/builtins/builtins-async-function-gen.cc
@ -95,27 +95,19 @@ TF_BUILTIN(AsyncFunctionEnter, AsyncFunctionBuiltinsAssembler) {
      Signed(IntPtrAdd(WordSar(frame_size, IntPtrConstant(kTaggedSizeLog2)),
                       formal_parameter_count));

-  // Allocate space for the promise, the async function object
-  // and the register file.
-  TNode<IntPtrT> size = IntPtrAdd(
-      IntPtrConstant(JSPromise::kSizeWithEmbedderFields +
-                     JSAsyncFunctionObject::kSize + FixedArray::kHeaderSize),
-      Signed(WordShl(parameters_and_register_length,
-                     IntPtrConstant(kTaggedSizeLog2))));
-  TNode<HeapObject> base = AllocateInNewSpace(size);
-
-  // Initialize the register file.
-  TNode<FixedArray> parameters_and_registers = UncheckedCast<FixedArray>(
-      InnerAllocate(base, JSAsyncFunctionObject::kSize +
-                              JSPromise::kSizeWithEmbedderFields));
-  StoreMapNoWriteBarrier(parameters_and_registers, RootIndex::kFixedArrayMap);
-  StoreObjectFieldNoWriteBarrier(parameters_and_registers,
-                                 FixedArray::kLengthOffset,
-                                 SmiFromIntPtr(parameters_and_register_length));
+  // Allocate and initialize the register file.
+  TNode<FixedArrayBase> parameters_and_registers =
+      AllocateFixedArray(HOLEY_ELEMENTS, parameters_and_register_length,
+                         INTPTR_PARAMETERS, kAllowLargeObjectAllocation);
  FillFixedArrayWithValue(HOLEY_ELEMENTS, parameters_and_registers,
                          IntPtrConstant(0), parameters_and_register_length,
                          RootIndex::kUndefinedValue);

+  // Allocate space for the promise, the async function object.
+  TNode<IntPtrT> size = IntPtrConstant(JSPromise::kSizeWithEmbedderFields +
+                                       JSAsyncFunctionObject::kSize);
+  TNode<HeapObject> base = AllocateInNewSpace(size);
+
  // Initialize the promise.
  TNode<Context> native_context = LoadNativeContext(context);
  TNode<JSFunction> promise_function =