Additional work to get array literal allocation tracking working, even with --always-opt

src/heap.cc

Index: src/heap.cc
diff --git a/src/heap.cc b/src/heap.cc
index 401f4f7948adc09cb845390ef7f37036fa179aee..6ea3c4ddfe0565bb9710244c0ddf134b5bf5deab 100644
--- a/src/heap.cc
+++ b/src/heap.cc
@@ -4362,7 +4362,8 @@ MaybeObject* Heap::AllocateGlobalObject(JSFunction* constructor) {
 }
 
 
-MaybeObject* Heap::CopyJSObject(JSObject* source) {
+MaybeObject* Heap::CopyJSObject(JSObject* source,
+                                AllocationSiteInfoMode mode) {
   // Never used to copy functions.  If functions need to be copied we
   // have to be careful to clear the literals array.
   SLOW_ASSERT(!source->IsJSFunction());
@@ -4372,6 +4373,9 @@ MaybeObject* Heap::CopyJSObject(JSObject* source) {
   int object_size = map->instance_size();
   Object* clone;
 
+  bool track_origin = FLAG_track_allocation_sites &&
+      mode == TRACK_ALLOCATION_SITE_INFO;
+
   WriteBarrierMode wb_mode = UPDATE_WRITE_BARRIER;
 
   // If we're forced to always allocate, we use the general allocation
@@ -4389,9 +4393,26 @@ MaybeObject* Heap::CopyJSObject(JSObject* source) {
     RecordWrites(clone_address,
                  JSObject::kHeaderSize,
                  (object_size - JSObject::kHeaderSize) / kPointerSize);
+
+    // Track allocation site information
+    if (track_origin && InNewSpace(clone)) {

[danno, 2013/01/10 22:58:59]

This is a bit dicey. Although I don't see a reason that the two allocations (the
object above and the AllocationSiteInfo) won't be contiguous, it's a bit
fragile. If track_origin is false, you should call AllocateRaw as before. If
it's true, you should check object_size against:

  Heap* heap = isolate()->heap();
  const int kMinFreeNewSpaceAfterGC = heap->InitialSemiSpaceSize() * 3/4;

and if it's smaller, call AllocateInNewSpace for both objects together, it
_must_ succeed in this case. In the case that object_size is greater than
kMinFreeNewSpaceAfterGC, don't allocate the AllocationSiteInfo at all. 

Also note that in this code you are allocation AllocationSiteInfos for all
objects you allocate, not just JSArrays. Maybe you want add a predicate
CanTrackAllocationSite to Map that returns "true" for JSArray maps, and then
change the track_origin predicate above to contain "&&
source->map()->CanTrackAllocationSite() 

[mvstanton, 2013/01/11 13:43:01]

Thanks, good advice. I actually removed the FLAG_track_allocation_sites, as it
seems to be everywhere. I figure that if someone has asked for the feature to be
on as a parameter to the function call, like here, then any flag checking is
upstream.

+      MaybeObject* maybe_alloc_info =
+          AllocateStruct(ALLOCATION_SITE_INFO_TYPE);
+      AllocationSiteInfo* alloc_info;
+      if (maybe_alloc_info->To(&alloc_info)) {
+        alloc_info->set_map(allocation_site_info_map());
+        alloc_info->set_payload(source);
+      }
+    }
   } else {
     wb_mode = SKIP_WRITE_BARRIER;
-    { MaybeObject* maybe_clone = new_space_.AllocateRaw(object_size);
+
+    int adjusted_object_size = object_size;
+    if (track_origin) {
+      adjusted_object_size += AllocationSiteInfo::kSize;
+    }
+
+    { MaybeObject* maybe_clone = new_space_.AllocateRaw(adjusted_object_size);
       if (!maybe_clone->ToObject(&clone)) return maybe_clone;
     }
     SLOW_ASSERT(InNewSpace(clone));
@@ -4400,6 +4421,14 @@ MaybeObject* Heap::CopyJSObject(JSObject* source) {
     CopyBlock(HeapObject::cast(clone)->address(),
               source->address(),
               object_size);
+
+    if (track_origin) {
+      AllocationSiteInfo* alloc_info = reinterpret_cast<AllocationSiteInfo*>(
+          reinterpret_cast<Address>(clone) + object_size);
+      alloc_info->set_map(allocation_site_info_map());
+      // TODO(mvstanton): I don't understand this payload? the original object?

[danno, 2013/01/10 22:58:59]

Yes. And as discussed today, this is a bit wrong right now, it kind of assumes
that source is a boilerplate array because this code path gated by track_origin
is only used to copy boilerplate arrays (see my code above to limit tracking to
just JSArrays).

When you copy deep boilerplates, you will have to pass in the AllocationSite to
use rather than the array itself.

[mvstanton, 2013/01/11 13:43:01]

Right. For the moment, the boilerplate is exactly the right payload. Later, when
we move to AllocationMomentos, it will live in the AllocationSite object
instead. For this checkin I just remove the TODO.

+      alloc_info->set_payload(source);
+    }
   }
 
   SLOW_ASSERT(