AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

[builtins] Fix folded allocation in AsyncFunctionEnter

Browse Source 
A folded allocation must fit into a regular (= non-large-object) heap
space. This CL changes AsyncFunctionEnter to allocate the
variable-sized fixed array separately from the folded JSPromise and
JSAsyncFunctionObject.

Bug: v8:9398
Change-Id: I9f3642e0bf060f7b61a42d6f490adbbb6d753ac6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1684000
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62476}
This commit is contained in:
Jakob Gruber 2019-07-01 16:31:01 +02:00 committed by Commit Bot
parent df54d51148
commit 131b7ecdb3
1 changed files with 9 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/builtins/builtins-async-function-gen.cc
View File

@ -95,27 +95,19 @@ TF_BUILTIN(AsyncFunctionEnter, AsyncFunctionBuiltinsAssembler) {
Signed(IntPtrAdd(WordSar(frame_size, IntPtrConstant(kTaggedSizeLog2)), Signed(IntPtrAdd(WordSar(frame_size, IntPtrConstant(kTaggedSizeLog2)),
formal_parameter_count)); formal_parameter_count));
// Allocate space for the promise, the async function object // Allocate and initialize the register file.
// and the register file. TNode<FixedArrayBase> parameters_and_registers =
TNode<IntPtrT> size = IntPtrAdd( AllocateFixedArray(HOLEY_ELEMENTS, parameters_and_register_length,
IntPtrConstant(JSPromise::kSizeWithEmbedderFields + INTPTR_PARAMETERS, kAllowLargeObjectAllocation);
JSAsyncFunctionObject::kSize + FixedArray::kHeaderSize),
Signed(WordShl(parameters_and_register_length,
IntPtrConstant(kTaggedSizeLog2))));
TNode<HeapObject> base = AllocateInNewSpace(size);
// Initialize the register file.
TNode<FixedArray> parameters_and_registers = UncheckedCast<FixedArray>(
InnerAllocate(base, JSAsyncFunctionObject::kSize +
JSPromise::kSizeWithEmbedderFields));
StoreMapNoWriteBarrier(parameters_and_registers, RootIndex::kFixedArrayMap);
StoreObjectFieldNoWriteBarrier(parameters_and_registers,
FixedArray::kLengthOffset,
SmiFromIntPtr(parameters_and_register_length));
FillFixedArrayWithValue(HOLEY_ELEMENTS, parameters_and_registers, FillFixedArrayWithValue(HOLEY_ELEMENTS, parameters_and_registers,
IntPtrConstant(0), parameters_and_register_length, IntPtrConstant(0), parameters_and_register_length,
RootIndex::kUndefinedValue); RootIndex::kUndefinedValue);
// Allocate space for the promise, the async function object.
TNode<IntPtrT> size = IntPtrConstant(JSPromise::kSizeWithEmbedderFields +
JSAsyncFunctionObject::kSize);
TNode<HeapObject> base = AllocateInNewSpace(size);
// Initialize the promise. // Initialize the promise.
TNode<Context> native_context = LoadNativeContext(context); TNode<Context> native_context = LoadNativeContext(context);
TNode<JSFunction> promise_function = TNode<JSFunction> promise_function =