6c620e5312
This fixes a corner case where the {FastCloneShallowArrayStub} was used
for literals that are backed by a double backing store and would exceed
limits for new-space allocations on 32-bit architectures. The stub in
question does not support such literals, callers must use the runtime.
Note that this fix is for Ignition as well as FullCodeGenerator.
R=rmcilroy@chromium.org
TEST=mjsunit/regress/regress-crbug-672792
BUG=chromium:672792
Review-Url: https://codereview.chromium.org/2570843002
Cr-Commit-Position: refs/heads/master@{#41713}
19 lines
642 B
JavaScript
19 lines
642 B
JavaScript
// Copyright 2016 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --allow-natives-syntax
|
|
|
|
// Generate a function {f} containing a large array literal of doubles.
|
|
eval("function f() { return [" + String("0.1,").repeat(65535) + "] }");
|
|
|
|
// Running the function once will initialize the boilerplate.
|
|
assertEquals(65535, f().length);
|
|
|
|
// Running the function again will perform cloning.
|
|
assertEquals(65535, f().length);
|
|
|
|
// Running the function as optimized code next.
|
|
%OptimizeFunctionOnNextCall(f);
|
|
assertEquals(65535, f().length);
|