Chromium Code Reviews Chromium Code Reviews
Issue 10802051:
Fix corner case when transforming dictionary to fast elements. (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge| OLD | NEW |
|---|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Redistribution and use in source and binary forms, with or without | 2 // Redistribution and use in source and binary forms, with or without |
| 3 // modification, are permitted provided that the following conditions are | 3 // modification, are permitted provided that the following conditions are |
| 4 // met: | 4 // met: |
| 5 // | 5 // |
| 6 // * Redistributions of source code must retain the above copyright | 6 // * Redistributions of source code must retain the above copyright |
| 7 // notice, this list of conditions and the following disclaimer. | 7 // notice, this list of conditions and the following disclaimer. |
| 8 // * Redistributions in binary form must reproduce the above | 8 // * Redistributions in binary form must reproduce the above |
| 9 // copyright notice, this list of conditions and the following | 9 // copyright notice, this list of conditions and the following |
| 10 // disclaimer in the documentation and/or other materials provided | 10 // disclaimer in the documentation and/or other materials provided |
| (...skipping 12429 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 12440 PropertyType type = DetailsAt(i).type(); | 12440 PropertyType type = DetailsAt(i).type(); |
| 12441 ASSERT(type != FIELD); | 12441 ASSERT(type != FIELD); |
| 12442 instance_descriptor_length++; | 12442 instance_descriptor_length++; |
| 12443 if (type == NORMAL && | 12443 if (type == NORMAL && |
| 12444 (!value->IsJSFunction() || heap->InNewSpace(value))) { | 12444 (!value->IsJSFunction() || heap->InNewSpace(value))) { |
| 12445 number_of_fields += 1; | 12445 number_of_fields += 1; |
| 12446 } | 12446 } |
| 12447 } | 12447 } |
| 12448 } | 12448 } |
| 12449 | 12449 |
| 12450 // Allocate new map. | |
| 12451 Map* new_map; | |
| 12452 MaybeObject* maybe_new_map = obj->map()->CopyDropDescriptors(); | |
| 12453 if (!maybe_new_map->To(&new_map)) return maybe_new_map; | |
| 12454 | |
| 12455 // Calculate fields to allocate. | |
| 12456 int inobject_props = obj->map()->inobject_properties(); | |
| 12457 int number_of_allocated_fields = | |
| 12458 number_of_fields + unused_property_fields - inobject_props; | |
| 12459 if (number_of_allocated_fields < 0) { | |
| 12460 // There is enough inobject space for all fields (including unused). | |
| 12461 number_of_allocated_fields = 0; | |
| 12462 unused_property_fields = inobject_props - number_of_fields; | |
| 12463 } | |
|
Toon Verwaest
2012/07/20 13:47:49
What about moving all of this code (starting from
| |
| 12464 | |
| 12465 if (instance_descriptor_length == 0) { | |
| 12466 ASSERT_EQ(0, number_of_allocated_fields); | |
|
Toon Verwaest
2012/07/20 13:47:49
Here we can just use number_of_fields.
| |
| 12467 // Transform the object. | |
| 12468 obj->set_map(new_map); | |
| 12469 obj->set_properties(heap->empty_fixed_array()); | |
| 12470 // Check that it really works. | |
| 12471 ASSERT(obj->HasFastProperties()); | |
| 12472 return obj; | |
| 12473 } | |
| 12474 | |
| 12450 // Allocate the instance descriptor. | 12475 // Allocate the instance descriptor. |
| 12451 DescriptorArray* descriptors; | 12476 DescriptorArray* descriptors; |
| 12452 MaybeObject* maybe_descriptors = | 12477 MaybeObject* maybe_descriptors = |
| 12453 DescriptorArray::Allocate(instance_descriptor_length, | 12478 DescriptorArray::Allocate(instance_descriptor_length, |
| 12454 DescriptorArray::MAY_BE_SHARED); | 12479 DescriptorArray::MAY_BE_SHARED); |
| 12455 if (!maybe_descriptors->To(&descriptors)) { | 12480 if (!maybe_descriptors->To(&descriptors)) { |
| 12456 return maybe_descriptors; | 12481 return maybe_descriptors; |
| 12457 } | 12482 } |
| 12458 | 12483 |
| 12459 FixedArray::WhitenessWitness witness(descriptors); | 12484 FixedArray::WhitenessWitness witness(descriptors); |
| 12460 | 12485 |
| 12461 int inobject_props = obj->map()->inobject_properties(); | |
| 12462 int number_of_allocated_fields = | |
| 12463 number_of_fields + unused_property_fields - inobject_props; | |
| 12464 if (number_of_allocated_fields < 0) { | |
| 12465 // There is enough inobject space for all fields (including unused). | |
| 12466 number_of_allocated_fields = 0; | |
| 12467 unused_property_fields = inobject_props - number_of_fields; | |
| 12468 } | |
| 12469 | |
| 12470 // Allocate the fixed array for the fields. | 12486 // Allocate the fixed array for the fields. |
| 12471 FixedArray* fields; | 12487 FixedArray* fields; |
| 12472 MaybeObject* maybe_fields = | 12488 MaybeObject* maybe_fields = |
| 12473 heap->AllocateFixedArray(number_of_allocated_fields); | 12489 heap->AllocateFixedArray(number_of_allocated_fields); |
| 12474 if (!maybe_fields->To(&fields)) return maybe_fields; | 12490 if (!maybe_fields->To(&fields)) return maybe_fields; |
| 12475 | 12491 |
| 12476 // Fill in the instance descriptor and the fields. | 12492 // Fill in the instance descriptor and the fields. |
| 12477 int next_descriptor = 0; | 12493 int next_descriptor = 0; |
| 12478 int current_offset = 0; | 12494 int current_offset = 0; |
| 12479 for (int i = 0; i < capacity; i++) { | 12495 for (int i = 0; i < capacity; i++) { |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 12516 descriptors->Set(next_descriptor, &d, witness); | 12532 descriptors->Set(next_descriptor, &d, witness); |
| 12517 } else { | 12533 } else { |
| 12518 UNREACHABLE(); | 12534 UNREACHABLE(); |
| 12519 } | 12535 } |
| 12520 ++next_descriptor; | 12536 ++next_descriptor; |
| 12521 } | 12537 } |
| 12522 } | 12538 } |
| 12523 ASSERT(current_offset == number_of_fields); | 12539 ASSERT(current_offset == number_of_fields); |
| 12524 | 12540 |
| 12525 descriptors->Sort(witness); | 12541 descriptors->Sort(witness); |
| 12526 // Allocate new map. | |
| 12527 Map* new_map; | |
| 12528 MaybeObject* maybe_new_map = obj->map()->CopyDropDescriptors(); | |
| 12529 if (!maybe_new_map->To(&new_map)) return maybe_new_map; | |
| 12530 | 12542 |
| 12531 new_map->InitializeDescriptors(descriptors); | 12543 new_map->InitializeDescriptors(descriptors); |
| 12532 new_map->set_unused_property_fields(unused_property_fields); | 12544 new_map->set_unused_property_fields(unused_property_fields); |
| 12533 | 12545 |
| 12534 // Transform the object. | 12546 // Transform the object. |
| 12535 obj->set_map(new_map); | 12547 obj->set_map(new_map); |
| 12536 | 12548 |
| 12537 obj->set_properties(fields); | 12549 obj->set_properties(fields); |
| 12538 ASSERT(obj->IsJSObject()); | 12550 ASSERT(obj->IsJSObject()); |
| 12539 | 12551 |
| (...skipping 501 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 13041 set_year(Smi::FromInt(year), SKIP_WRITE_BARRIER); | 13053 set_year(Smi::FromInt(year), SKIP_WRITE_BARRIER); |
| 13042 set_month(Smi::FromInt(month), SKIP_WRITE_BARRIER); | 13054 set_month(Smi::FromInt(month), SKIP_WRITE_BARRIER); |
| 13043 set_day(Smi::FromInt(day), SKIP_WRITE_BARRIER); | 13055 set_day(Smi::FromInt(day), SKIP_WRITE_BARRIER); |
| 13044 set_weekday(Smi::FromInt(weekday), SKIP_WRITE_BARRIER); | 13056 set_weekday(Smi::FromInt(weekday), SKIP_WRITE_BARRIER); |
| 13045 set_hour(Smi::FromInt(hour), SKIP_WRITE_BARRIER); | 13057 set_hour(Smi::FromInt(hour), SKIP_WRITE_BARRIER); |
| 13046 set_min(Smi::FromInt(min), SKIP_WRITE_BARRIER); | 13058 set_min(Smi::FromInt(min), SKIP_WRITE_BARRIER); |
| 13047 set_sec(Smi::FromInt(sec), SKIP_WRITE_BARRIER); | 13059 set_sec(Smi::FromInt(sec), SKIP_WRITE_BARRIER); |
| 13048 } | 13060 } |
| 13049 | 13061 |
| 13050 } } // namespace v8::internal | 13062 } } // namespace v8::internal |
| OLD | NEW |
