Fix bogus allocation limit in allocation folding.

R=ishell@chromium.org
TEST=mjsunit/allocation-folding

Review URL: https://codereview.chromium.org/73563004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17805 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

diff --git a/src/hydrogen-instructions.cc b/src/hydrogen-instructions.cc
index f7a9569..38eabda 100644 (file)
--- a/src/hydrogen-instructions.cc
+++ b/src/hydrogen-instructions.cc
@@ -3404,7 +3404,7 @@ void HAllocate::HandleSideEffectDominator(GVNFlag side_effect,
     }
   }
 
-  if (new_dominator_size > Page::kMaxNonCodeHeapObjectSize) {
+  if (new_dominator_size > isolate()->heap()->MaxRegularSpaceAllocationSize()) {
     if (FLAG_trace_allocation_folding) {
       PrintF("#%d (%s) cannot fold into #%d (%s) due to size: %d\n",
           id(), Mnemonic(), dominator_allocate->id(),

diff --git a/test/mjsunit/allocation-folding.js b/test/mjsunit/allocation-folding.js
index ec07392..a914b59 100644 (file)
--- a/test/mjsunit/allocation-folding.js
+++ b/test/mjsunit/allocation-folding.js
@@ -100,3 +100,17 @@ gc();
 
 assertEquals(result[1], 4);
 assertEquals(result2[1], 6);
+
+// Test to exceed the Heap::MaxRegularSpaceAllocationSize limit but not
+// the Page::kMaxNonCodeHeapObjectSize limit with allocation folding.
+
+function boom() {
+  var a1 = new Array(84632);
+  var a2 = new Array(84632);
+  var a3 = new Array(84632);
+  return [ a1, a2, a3 ];
+}
+
+boom(); boom(); boom();
+%OptimizeFunctionOnNextCall(boom);
+boom();