Revert of Reland of "Fix memory leak caused by field type in descriptor array."

src/objects.cc

 // Copyright 2013 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <iomanip>
 #include <sstream>
 
 #include "src/v8.h"
 
 #include "src/accessors.h"
@@ skipping 1681 matching lines @@
   // If the constructor is not present, return "Object".
   return GetHeap()->Object_string();
 }
 
 
 String* JSReceiver::constructor_name() {
   return map()->constructor_name();
 }
 
 
-static Handle<Object> WrapType(Handle<HeapType> type) {
-  if (type->IsClass()) return Map::WeakCellForMap(type->AsClass()->Map());
-  return type;
-}
-
-
 MaybeHandle<Map> Map::CopyWithField(Handle<Map> map,
                                     Handle<Name> name,
                                     Handle<HeapType> type,
                                     PropertyAttributes attributes,
                                     Representation representation,
                                     TransitionFlag flag) {
   DCHECK(DescriptorArray::kNotFound ==
          map->instance_descriptors()->Search(
              *name, map->NumberOfOwnDescriptors()));
 
   // Ensure the descriptor array does not get too big.
   if (map->NumberOfOwnDescriptors() >= kMaxNumberOfDescriptors) {
     return MaybeHandle<Map>();
   }
 
   Isolate* isolate = map->GetIsolate();
 
   // Compute the new index for new field.
   int index = map->NextFreePropertyIndex();
 
   if (map->instance_type() == JS_CONTEXT_EXTENSION_OBJECT_TYPE) {
     representation = Representation::Tagged();
     type = HeapType::Any(isolate);
   }
 
-  Handle<Object> wrapped_type(WrapType(type));
-
-  DataDescriptor new_field_desc(name, index, wrapped_type, attributes,
-                                representation);
+  DataDescriptor new_field_desc(name, index, type, attributes, representation);
   Handle<Map> new_map = Map::CopyAddDescriptor(map, &new_field_desc, flag);
   int unused_property_fields = new_map->unused_property_fields() - 1;
   if (unused_property_fields < 0) {
     unused_property_fields += JSObject::kFieldsAdded;
   }
   new_map->set_unused_property_fields(unused_property_fields);
   return new_map;
 }
 
 
@@ skipping 553 matching lines @@
     Map* parent = Map::cast(back);
     if (parent->NumberOfOwnDescriptors() <= descriptor) break;
     result = parent;
   }
   return result;
 }
 
 
 void Map::UpdateFieldType(int descriptor, Handle<Name> name,
                           Representation new_representation,
-                          Handle<Object> new_wrapped_type) {
-  DCHECK(new_wrapped_type->IsSmi() || new_wrapped_type->IsWeakCell());
+                          Handle<HeapType> new_type) {
   DisallowHeapAllocation no_allocation;
   PropertyDetails details = instance_descriptors()->GetDetails(descriptor);
   if (details.type() != DATA) return;
   Object* transitions = raw_transitions();
   int num_transitions = TransitionArray::NumberOfTransitions(transitions);
   for (int i = 0; i < num_transitions; ++i) {
     Map* target = TransitionArray::GetTarget(transitions, i);
-    target->UpdateFieldType(descriptor, name, new_representation,
-                            new_wrapped_type);
+    target->UpdateFieldType(descriptor, name, new_representation, new_type);
   }
   // It is allowed to change representation here only from None to something.
   DCHECK(details.representation().Equals(new_representation) ||
          details.representation().IsNone());
 
   // Skip if already updated the shared descriptor.
-  if (instance_descriptors()->GetValue(descriptor) == *new_wrapped_type) return;
+  if (instance_descriptors()->GetFieldType(descriptor) == *new_type) return;
   DataDescriptor d(name, instance_descriptors()->GetFieldIndex(descriptor),
-                   new_wrapped_type, details.attributes(), new_representation);
+                   new_type, details.attributes(), new_representation);
   instance_descriptors()->Replace(descriptor, &d);
 }
 
 
 // static
 Handle<HeapType> Map::GeneralizeFieldType(Handle<HeapType> type1,
                                           Handle<HeapType> type2,
                                           Isolate* isolate) {
   if (type1->NowIs(type2)) return type2;
   if (type2->NowIs(type1)) return type1;
@@ skipping 27 matching lines @@
   Handle<DescriptorArray> descriptors(
       field_owner->instance_descriptors(), isolate);
   DCHECK_EQ(*old_field_type, descriptors->GetFieldType(modify_index));
 
   // Determine the generalized new field type.
   new_field_type = Map::GeneralizeFieldType(
       old_field_type, new_field_type, isolate);
 
   PropertyDetails details = descriptors->GetDetails(modify_index);
   Handle<Name> name(descriptors->GetKey(modify_index));
-
-  Handle<Object> wrapped_type(WrapType(new_field_type));
   field_owner->UpdateFieldType(modify_index, name, new_representation,
-                               wrapped_type);
+                               new_field_type);
   field_owner->dependent_code()->DeoptimizeDependentCodeGroup(
       isolate, DependentCode::kFieldTypeGroup);
 
   if (FLAG_trace_generalization) {
     map->PrintGeneralization(
         stdout, "field type generalization",
         modify_index, map->NumberOfOwnDescriptors(),
         map->NumberOfOwnDescriptors(), false,
         details.representation(), details.representation(),
         *old_field_type, *new_field_type);
@@ skipping 372 matching lines @@
             next_field_type =
                 GeneralizeFieldType(next_field_type, old_field_type, isolate);
           }
         } else {
           Handle<HeapType> old_field_type =
               GetFieldType(isolate, old_descriptors, i, old_details.location(),
                            next_representation);
           next_field_type =
               GeneralizeFieldType(target_field_type, old_field_type, isolate);
         }
-        Handle<Object> wrapped_type(WrapType(next_field_type));
-        DataDescriptor d(target_key, current_offset, wrapped_type,
+        DataDescriptor d(target_key, current_offset, next_field_type,
                          next_attributes, next_representation);
         current_offset += d.GetDetails().field_width_in_words();
         new_descriptors->Set(i, &d);
       } else {
         UNIMPLEMENTED();  // TODO(ishell): implement.
       }
     } else {
       PropertyDetails details(next_attributes, next_kind, next_location,
                               next_representation);
       Descriptor d(target_key, handle(target_descriptors->GetValue(i), isolate),
@@ skipping 47 matching lines @@
             next_field_type =
                 GeneralizeFieldType(next_field_type, old_field_type, isolate);
           }
         } else {
           Handle<HeapType> old_field_type =
               GetFieldType(isolate, old_descriptors, i, old_details.location(),
                            next_representation);
           next_field_type = old_field_type;
         }
 
-        Handle<Object> wrapped_type(WrapType(next_field_type));
-
-        DataDescriptor d(old_key, current_offset, wrapped_type, next_attributes,
-                         next_representation);
+        DataDescriptor d(old_key, current_offset, next_field_type,
+                         next_attributes, next_representation);
         current_offset += d.GetDetails().field_width_in_words();
         new_descriptors->Set(i, &d);
       } else {
         UNIMPLEMENTED();  // TODO(ishell): implement.
       }
     } else {
       PropertyDetails details(next_attributes, next_kind, next_location,
                               next_representation);
       Descriptor d(old_key, handle(old_descriptors->GetValue(i), isolate),
                    details);
@@ skipping 111 matching lines @@
     if (transition == NULL) return MaybeHandle<Map>();
     new_map = transition;
     DescriptorArray* new_descriptors = new_map->instance_descriptors();
 
     PropertyDetails new_details = new_descriptors->GetDetails(i);
     DCHECK_EQ(old_details.kind(), new_details.kind());
     DCHECK_EQ(old_details.attributes(), new_details.attributes());
     if (!old_details.representation().fits_into(new_details.representation())) {
       return MaybeHandle<Map>();
     }
+    Object* new_value = new_descriptors->GetValue(i);
+    Object* old_value = old_descriptors->GetValue(i);
     switch (new_details.type()) {
       case DATA: {
-        HeapType* new_type = new_descriptors->GetFieldType(i);
-        PropertyType old_property_type = old_details.type();
-        if (old_property_type == DATA) {
-          HeapType* old_type = old_descriptors->GetFieldType(i);
-          if (!old_type->NowIs(new_type)) {
+        PropertyType old_type = old_details.type();
+        if (old_type == DATA) {
+          if (!HeapType::cast(old_value)->NowIs(HeapType::cast(new_value))) {
             return MaybeHandle<Map>();
           }
         } else {
-          DCHECK(old_property_type == DATA_CONSTANT);
-          Object* old_value = old_descriptors->GetValue(i);
-          if (!new_type->NowContains(old_value)) {
+          DCHECK(old_type == DATA_CONSTANT);
+          if (!HeapType::cast(new_value)->NowContains(old_value)) {
             return MaybeHandle<Map>();
           }
         }
         break;
       }
-      case ACCESSOR: {
-#ifdef DEBUG
-        HeapType* new_type = new_descriptors->GetFieldType(i);
-        DCHECK(HeapType::Any()->Is(new_type));
-#endif
+      case ACCESSOR:
+        DCHECK(HeapType::Any()->Is(HeapType::cast(new_value)));
         break;
-      }
 
       case DATA_CONSTANT:
-      case ACCESSOR_CONSTANT: {
-        Object* old_value = old_descriptors->GetValue(i);
-        Object* new_value = new_descriptors->GetValue(i);
+      case ACCESSOR_CONSTANT:
         if (old_details.location() == kField || old_value != new_value) {
           return MaybeHandle<Map>();
         }
         break;
-      }
     }
   }
   if (new_map->NumberOfOwnDescriptors() != old_nof) return MaybeHandle<Map>();
   return handle(new_map);
 }
 
 
 // static
 Handle<Map> Map::Update(Handle<Map> map) {
   if (!map->is_deprecated()) return map;
@@ skipping 14081 matching lines @@
                                                CompilationInfo* info) {
   Handle<DependentCode> codes = DependentCode::InsertCompilationInfo(
       handle(cell->dependent_code(), info->isolate()),
       DependentCode::kPropertyCellChangedGroup, info->object_wrapper());
   if (*codes != cell->dependent_code()) cell->set_dependent_code(*codes);
   info->dependencies(DependentCode::kPropertyCellChangedGroup)->Add(
       cell, info->zone());
 }
 
 } }  // namespace v8::internal