src/objects.cc - Issue 10802051: Fix corner case when transforming dictionary to fast elements.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/objects.cc

Issue 10802051: Fix corner case when transforming dictionary to fast elements. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge

Patch Set: Created 8 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/objects.cc

diff --git a/src/objects.cc b/src/objects.cc

index 7ce612d83b1c79dfd49adabbe7b694ba3fbcd122..b88c73d1f38981efcfab5ebc44ea9c3dd40266a5 100644

--- a/src/objects.cc

+++ b/src/objects.cc

@@ -12447,6 +12447,31 @@ MaybeObject* StringDictionary::TransformPropertiesToFastFor(

}

+ // Allocate new map.

+ Map* new_map;

+ MaybeObject* maybe_new_map = obj->map()->CopyDropDescriptors();

+ if (!maybe_new_map->To(&new_map)) return maybe_new_map;

+ // Calculate fields to allocate.

+ int inobject_props = obj->map()->inobject_properties();

+ int number_of_allocated_fields =

+ number_of_fields + unused_property_fields - inobject_props;

+ if (number_of_allocated_fields < 0) {

+ // There is enough inobject space for all fields (including unused).

+ number_of_allocated_fields = 0;

+ unused_property_fields = inobject_props - number_of_fields;

+ }

Toon Verwaest 2012/07/20 13:47:49 What about moving all of this code (starting from

+ if (instance_descriptor_length == 0) {

+ ASSERT_EQ(0, number_of_allocated_fields);

Toon Verwaest 2012/07/20 13:47:49 Here we can just use number_of_fields.

+ // Transform the object.

+ obj->set_map(new_map);

+ obj->set_properties(heap->empty_fixed_array());

+ // Check that it really works.

+ ASSERT(obj->HasFastProperties());

+ return obj;

+ }

// Allocate the instance descriptor.

DescriptorArray* descriptors;

MaybeObject* maybe_descriptors =

@@ -12458,15 +12483,6 @@ MaybeObject* StringDictionary::TransformPropertiesToFastFor(

FixedArray::WhitenessWitness witness(descriptors);

- int inobject_props = obj->map()->inobject_properties();

- int number_of_allocated_fields =

- number_of_fields + unused_property_fields - inobject_props;

- if (number_of_allocated_fields < 0) {

- // There is enough inobject space for all fields (including unused).

- number_of_allocated_fields = 0;

- unused_property_fields = inobject_props - number_of_fields;

- }

// Allocate the fixed array for the fields.

FixedArray* fields;

MaybeObject* maybe_fields =

@@ -12523,10 +12539,6 @@ MaybeObject* StringDictionary::TransformPropertiesToFastFor(

ASSERT(current_offset == number_of_fields);

descriptors->Sort(witness);

- // Allocate new map.

- Map* new_map;

- MaybeObject* maybe_new_map = obj->map()->CopyDropDescriptors();

- if (!maybe_new_map->To(&new_map)) return maybe_new_map;

new_map->InitializeDescriptors(descriptors);

new_map->set_unused_property_fields(unused_property_fields);

« src/compiler.cc ('K') | « src/compiler.cc ('k') | test/mjsunit/regress-2249.js » ('j') | no next file with comments »