Always initialize elements pointer in fast literals.

BUG=
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/211103003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20262 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

diff --git a/src/hydrogen.cc b/src/hydrogen.cc
index 03d4ff9..c292a17 100644 (file)
--- a/src/hydrogen.cc
+++ b/src/hydrogen.cc
@@ -9763,6 +9763,15 @@ HInstruction* HOptimizedGraphBuilder::BuildFastLiteral(
   HInstruction* object = Add<HAllocate>(object_size_constant, type,
       pretenure_flag, instance_type, site_context->current());
 
+  // If allocation folding reaches Page::kMaxRegularHeapObjectSize the
+  // elements array may not get folded into the object. Hence, we set the
+  // elements pointer to empty fixed array and let store elimination remove
+  // this store in the folding case.
+  HConstant* empty_fixed_array = Add<HConstant>(
+      isolate()->factory()->empty_fixed_array());
+  Add<HStoreNamedField>(object, HObjectAccess::ForElementsPointer(),
+      empty_fixed_array, INITIALIZING_STORE);
+
   BuildEmitObjectHeader(boilerplate_object, object);
 
   Handle<FixedArrayBase> elements(boilerplate_object->elements());
@@ -9786,14 +9795,6 @@ HInstruction* HOptimizedGraphBuilder::BuildFastLiteral(
   if (elements_size > 0) {
     HValue* object_elements_size = Add<HConstant>(elements_size);
     if (boilerplate_object->HasFastDoubleElements()) {
-      // Allocation folding will not be able to fold |object| and
-      // |object_elements| together if they are pre-tenured.
-      if (pretenure_flag == TENURED) {
-        HConstant* empty_fixed_array = Add<HConstant>(
-            isolate()->factory()->empty_fixed_array());
-        Add<HStoreNamedField>(object, HObjectAccess::ForElementsPointer(),
-                              empty_fixed_array);
-      }
       object_elements = Add<HAllocate>(object_elements_size, HType::Tagged(),
           pretenure_flag, FIXED_DOUBLE_ARRAY_TYPE, site_context->current());
     } else {