BuildGrowElementsCapacity bounds check used wrong elements kind.
In a refactoring, HGraphBuilder::BuildGrowElementsCapacity() ended up using the old_elements_kind instead of new_kind when calculating if a new capacity for an array exceeds Page::kMaxRegularHeapObjectSize. Repair, such that the check is correct. R=hpayer@chromium.org BUG= Review URL: https://codereview.chromium.org/366583006 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22126 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This commit is contained in:
parent
e3af6b1821
commit
dd676cb628
@ -2683,7 +2683,7 @@ HValue* HGraphBuilder::BuildGrowElementsCapacity(HValue* object,
|
|||||||
HValue* new_capacity) {
|
HValue* new_capacity) {
|
||||||
Add<HBoundsCheck>(new_capacity, Add<HConstant>(
|
Add<HBoundsCheck>(new_capacity, Add<HConstant>(
|
||||||
(Page::kMaxRegularHeapObjectSize - FixedArray::kHeaderSize) >>
|
(Page::kMaxRegularHeapObjectSize - FixedArray::kHeaderSize) >>
|
||||||
ElementsKindToShiftSize(kind)));
|
ElementsKindToShiftSize(new_kind)));
|
||||||
|
|
||||||
HValue* new_elements = BuildAllocateElementsAndInitializeElementsHeader(
|
HValue* new_elements = BuildAllocateElementsAndInitializeElementsHeader(
|
||||||
new_kind, new_capacity);
|
new_kind, new_capacity);
|
||||||
|
Loading…
Reference in New Issue
Block a user