From ed034b39e56d919c6374975937052c8dee3f43e9 Mon Sep 17 00:00:00 2001 From: "mstarzinger@chromium.org" Date: Fri, 15 Nov 2013 18:44:59 +0000 Subject: [PATCH] Fix bogus allocation limit in allocation folding. R=ishell@chromium.org TEST=mjsunit/allocation-folding Review URL: https://codereview.chromium.org/73563004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17805 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/hydrogen-instructions.cc | 2 +- test/mjsunit/allocation-folding.js | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/src/hydrogen-instructions.cc b/src/hydrogen-instructions.cc index f7a9569..38eabda 100644 --- a/src/hydrogen-instructions.cc +++ b/src/hydrogen-instructions.cc @@ -3404,7 +3404,7 @@ void HAllocate::HandleSideEffectDominator(GVNFlag side_effect, } } - if (new_dominator_size > Page::kMaxNonCodeHeapObjectSize) { + if (new_dominator_size > isolate()->heap()->MaxRegularSpaceAllocationSize()) { if (FLAG_trace_allocation_folding) { PrintF("#%d (%s) cannot fold into #%d (%s) due to size: %d\n", id(), Mnemonic(), dominator_allocate->id(), diff --git a/test/mjsunit/allocation-folding.js b/test/mjsunit/allocation-folding.js index ec07392..a914b59 100644 --- a/test/mjsunit/allocation-folding.js +++ b/test/mjsunit/allocation-folding.js @@ -100,3 +100,17 @@ gc(); assertEquals(result[1], 4); assertEquals(result2[1], 6); + +// Test to exceed the Heap::MaxRegularSpaceAllocationSize limit but not +// the Page::kMaxNonCodeHeapObjectSize limit with allocation folding. + +function boom() { + var a1 = new Array(84632); + var a2 = new Array(84632); + var a3 = new Array(84632); + return [ a1, a2, a3 ]; +} + +boom(); boom(); boom(); +%OptimizeFunctionOnNextCall(boom); +boom(); -- 2.7.4