| OLD | NEW |
|---|
| 1 // Copyright 2014 the V8 project authors. All rights reserved. | 1 // Copyright 2014 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <stdlib.h> | 5 #include <stdlib.h> |
| 6 #include <utility> | 6 #include <utility> |
| 7 | 7 |
| 8 #include "src/v8.h" | 8 #include "src/v8.h" |
| 9 | 9 |
| 10 #include "src/compilation-cache.h" | 10 #include "src/compilation-cache.h" |
| (...skipping 999 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1010 // a pointer to "from space" pointer. Do scavenge one more time and ensure | 1010 // a pointer to "from space" pointer. Do scavenge one more time and ensure |
| 1011 // that it didn't crash or corrupt the double value stored in the object. | 1011 // that it didn't crash or corrupt the double value stored in the object. |
| 1012 | 1012 |
| 1013 Handle<HeapType> any_type = HeapType::Any(isolate); | 1013 Handle<HeapType> any_type = HeapType::Any(isolate); |
| 1014 Handle<Map> map = Map::Create(isolate, 10); | 1014 Handle<Map> map = Map::Create(isolate, 10); |
| 1015 map = Map::CopyWithField(map, MakeName("prop", 0), any_type, NONE, | 1015 map = Map::CopyWithField(map, MakeName("prop", 0), any_type, NONE, |
| 1016 Representation::Double(), | 1016 Representation::Double(), |
| 1017 INSERT_TRANSITION).ToHandleChecked(); | 1017 INSERT_TRANSITION).ToHandleChecked(); |
| 1018 | 1018 |
| 1019 // Create object in new space. | 1019 // Create object in new space. |
| 1020 Handle<JSObject> obj = factory->NewJSObjectFromMap(map, NOT_TENURED, false); | 1020 Handle<JSObject> obj = factory->NewJSObjectFromMap(map, NOT_TENURED); |
| 1021 | 1021 |
| 1022 Handle<HeapNumber> heap_number = factory->NewHeapNumber(42.5); | 1022 Handle<HeapNumber> heap_number = factory->NewHeapNumber(42.5); |
| 1023 obj->WriteToField(0, *heap_number); | 1023 obj->WriteToField(0, *heap_number); |
| 1024 | 1024 |
| 1025 { | 1025 { |
| 1026 // Ensure the object is properly set up. | 1026 // Ensure the object is properly set up. |
| 1027 FieldIndex field_index = FieldIndex::ForDescriptor(*map, 0); | 1027 FieldIndex field_index = FieldIndex::ForDescriptor(*map, 0); |
| 1028 CHECK(field_index.is_inobject() && field_index.is_double()); | 1028 CHECK(field_index.is_inobject() && field_index.is_double()); |
| 1029 CHECK_EQ(FLAG_unbox_double_fields, map->IsUnboxedDoubleField(field_index)); | 1029 CHECK_EQ(FLAG_unbox_double_fields, map->IsUnboxedDoubleField(field_index)); |
| 1030 CHECK_EQ(42.5, GetDoubleFieldValue(*obj, field_index)); | 1030 CHECK_EQ(42.5, GetDoubleFieldValue(*obj, field_index)); |
| (...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1087 { | 1087 { |
| 1088 AlwaysAllocateScope always_allocate(isolate); | 1088 AlwaysAllocateScope always_allocate(isolate); |
| 1089 // Make sure |obj_value| is placed on an old-space evacuation candidate. | 1089 // Make sure |obj_value| is placed on an old-space evacuation candidate. |
| 1090 SimulateFullSpace(old_space); | 1090 SimulateFullSpace(old_space); |
| 1091 obj_value = factory->NewJSArray(32 * KB, FAST_HOLEY_ELEMENTS, | 1091 obj_value = factory->NewJSArray(32 * KB, FAST_HOLEY_ELEMENTS, |
| 1092 Strength::WEAK, TENURED); | 1092 Strength::WEAK, TENURED); |
| 1093 ec_page = Page::FromAddress(obj_value->address()); | 1093 ec_page = Page::FromAddress(obj_value->address()); |
| 1094 } | 1094 } |
| 1095 | 1095 |
| 1096 // Create object in new space. | 1096 // Create object in new space. |
| 1097 Handle<JSObject> obj = factory->NewJSObjectFromMap(map, NOT_TENURED, false); | 1097 Handle<JSObject> obj = factory->NewJSObjectFromMap(map, NOT_TENURED); |
| 1098 | 1098 |
| 1099 Handle<HeapNumber> heap_number = factory->NewHeapNumber(42.5); | 1099 Handle<HeapNumber> heap_number = factory->NewHeapNumber(42.5); |
| 1100 obj->WriteToField(0, *heap_number); | 1100 obj->WriteToField(0, *heap_number); |
| 1101 obj->WriteToField(1, *obj_value); | 1101 obj->WriteToField(1, *obj_value); |
| 1102 | 1102 |
| 1103 { | 1103 { |
| 1104 // Ensure the object is properly set up. | 1104 // Ensure the object is properly set up. |
| 1105 FieldIndex field_index = FieldIndex::ForDescriptor(*map, 0); | 1105 FieldIndex field_index = FieldIndex::ForDescriptor(*map, 0); |
| 1106 CHECK(field_index.is_inobject() && field_index.is_double()); | 1106 CHECK(field_index.is_inobject() && field_index.is_double()); |
| 1107 CHECK_EQ(FLAG_unbox_double_fields, map->IsUnboxedDoubleField(field_index)); | 1107 CHECK_EQ(FLAG_unbox_double_fields, map->IsUnboxedDoubleField(field_index)); |
| (...skipping 236 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1344 Factory* factory = isolate->factory(); | 1344 Factory* factory = isolate->factory(); |
| 1345 v8::HandleScope scope(CcTest::isolate()); | 1345 v8::HandleScope scope(CcTest::isolate()); |
| 1346 | 1346 |
| 1347 Handle<HeapType> any_type = HeapType::Any(isolate); | 1347 Handle<HeapType> any_type = HeapType::Any(isolate); |
| 1348 Handle<Map> map = Map::Create(isolate, 10); | 1348 Handle<Map> map = Map::Create(isolate, 10); |
| 1349 map = Map::CopyWithField(map, MakeName("prop", 0), any_type, NONE, | 1349 map = Map::CopyWithField(map, MakeName("prop", 0), any_type, NONE, |
| 1350 Representation::Double(), | 1350 Representation::Double(), |
| 1351 INSERT_TRANSITION).ToHandleChecked(); | 1351 INSERT_TRANSITION).ToHandleChecked(); |
| 1352 | 1352 |
| 1353 // Create object in new space. | 1353 // Create object in new space. |
| 1354 Handle<JSObject> obj = factory->NewJSObjectFromMap(map, NOT_TENURED, false); | 1354 Handle<JSObject> obj = factory->NewJSObjectFromMap(map, NOT_TENURED); |
| 1355 | 1355 |
| 1356 Handle<HeapNumber> heap_number = factory->NewHeapNumber(42.5); | 1356 Handle<HeapNumber> heap_number = factory->NewHeapNumber(42.5); |
| 1357 obj->WriteToField(0, *heap_number); | 1357 obj->WriteToField(0, *heap_number); |
| 1358 | 1358 |
| 1359 { | 1359 { |
| 1360 // Ensure the object is properly set up. | 1360 // Ensure the object is properly set up. |
| 1361 DescriptorArray* descriptors = map->instance_descriptors(); | 1361 DescriptorArray* descriptors = map->instance_descriptors(); |
| 1362 CHECK(descriptors->GetDetails(0).representation().IsDouble()); | 1362 CHECK(descriptors->GetDetails(0).representation().IsDouble()); |
| 1363 FieldIndex field_index = FieldIndex::ForDescriptor(*map, 0); | 1363 FieldIndex field_index = FieldIndex::ForDescriptor(*map, 0); |
| 1364 CHECK(field_index.is_inobject() && field_index.is_double()); | 1364 CHECK(field_index.is_inobject() && field_index.is_double()); |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1416 // that the value of the unboxed double property of the cloned object has | 1416 // that the value of the unboxed double property of the cloned object has |
| 1417 // was not corrupted by GC. | 1417 // was not corrupted by GC. |
| 1418 | 1418 |
| 1419 // Step 1: prepare a map for the object. We add unboxed double property to it. | 1419 // Step 1: prepare a map for the object. We add unboxed double property to it. |
| 1420 // Create a map with single inobject property. | 1420 // Create a map with single inobject property. |
| 1421 Handle<Map> my_map = Map::Create(isolate, 1); | 1421 Handle<Map> my_map = Map::Create(isolate, 1); |
| 1422 Handle<String> name = isolate->factory()->InternalizeUtf8String("foo"); | 1422 Handle<String> name = isolate->factory()->InternalizeUtf8String("foo"); |
| 1423 my_map = Map::CopyWithField(my_map, name, HeapType::Any(isolate), NONE, | 1423 my_map = Map::CopyWithField(my_map, name, HeapType::Any(isolate), NONE, |
| 1424 Representation::Double(), | 1424 Representation::Double(), |
| 1425 INSERT_TRANSITION).ToHandleChecked(); | 1425 INSERT_TRANSITION).ToHandleChecked(); |
| 1426 my_map->set_pre_allocated_property_fields(1); | |
| 1427 int n_properties = my_map->InitialPropertiesLength(); | |
| 1428 CHECK_GE(n_properties, 0); | |
| 1429 | 1426 |
| 1430 int object_size = my_map->instance_size(); | 1427 int object_size = my_map->instance_size(); |
| 1431 | 1428 |
| 1432 // Step 2: allocate a lot of objects so to almost fill new space: we need | 1429 // Step 2: allocate a lot of objects so to almost fill new space: we need |
| 1433 // just enough room to allocate JSObject and thus fill the newspace. | 1430 // just enough room to allocate JSObject and thus fill the newspace. |
| 1434 | 1431 |
| 1435 int allocation_amount = | 1432 int allocation_amount = |
| 1436 Min(FixedArray::kMaxSize, Page::kMaxRegularHeapObjectSize + kPointerSize); | 1433 Min(FixedArray::kMaxSize, Page::kMaxRegularHeapObjectSize + kPointerSize); |
| 1437 int allocation_len = LenFromSize(allocation_amount); | 1434 int allocation_len = LenFromSize(allocation_amount); |
| 1438 NewSpace* new_space = heap->new_space(); | 1435 NewSpace* new_space = heap->new_space(); |
| (...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1496 // new space and ensure that write barrier is triggered when |obj_value| is | 1493 // new space and ensure that write barrier is triggered when |obj_value| is |
| 1497 // written to property |tagged_descriptor| of |obj|. | 1494 // written to property |tagged_descriptor| of |obj|. |
| 1498 // Then migrate object to |new_map| and set proper value for property | 1495 // Then migrate object to |new_map| and set proper value for property |
| 1499 // |double_descriptor|. Call GC and ensure that it did not crash during | 1496 // |double_descriptor|. Call GC and ensure that it did not crash during |
| 1500 // store buffer entries updating. | 1497 // store buffer entries updating. |
| 1501 | 1498 |
| 1502 Handle<JSObject> obj; | 1499 Handle<JSObject> obj; |
| 1503 Handle<HeapObject> obj_value; | 1500 Handle<HeapObject> obj_value; |
| 1504 { | 1501 { |
| 1505 AlwaysAllocateScope always_allocate(isolate); | 1502 AlwaysAllocateScope always_allocate(isolate); |
| 1506 obj = factory->NewJSObjectFromMap(map, TENURED, false); | 1503 obj = factory->NewJSObjectFromMap(map, TENURED); |
| 1507 CHECK(old_space->Contains(*obj)); | 1504 CHECK(old_space->Contains(*obj)); |
| 1508 | 1505 |
| 1509 obj_value = factory->NewJSArray(32 * KB, FAST_HOLEY_ELEMENTS); | 1506 obj_value = factory->NewJSArray(32 * KB, FAST_HOLEY_ELEMENTS); |
| 1510 } | 1507 } |
| 1511 | 1508 |
| 1512 CHECK(heap->InNewSpace(*obj_value)); | 1509 CHECK(heap->InNewSpace(*obj_value)); |
| 1513 | 1510 |
| 1514 { | 1511 { |
| 1515 FieldIndex index = FieldIndex::ForDescriptor(*map, tagged_descriptor); | 1512 FieldIndex index = FieldIndex::ForDescriptor(*map, tagged_descriptor); |
| 1516 const int n = 153; | 1513 const int n = 153; |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1561 // when |obj_value| is written to property |tagged_descriptor| of |obj|. | 1558 // when |obj_value| is written to property |tagged_descriptor| of |obj|. |
| 1562 // Then migrate object to |new_map| and set proper value for property | 1559 // Then migrate object to |new_map| and set proper value for property |
| 1563 // |double_descriptor|. Call GC and ensure that it did not crash during | 1560 // |double_descriptor|. Call GC and ensure that it did not crash during |
| 1564 // slots buffer entries updating. | 1561 // slots buffer entries updating. |
| 1565 | 1562 |
| 1566 Handle<JSObject> obj; | 1563 Handle<JSObject> obj; |
| 1567 Handle<HeapObject> obj_value; | 1564 Handle<HeapObject> obj_value; |
| 1568 Page* ec_page; | 1565 Page* ec_page; |
| 1569 { | 1566 { |
| 1570 AlwaysAllocateScope always_allocate(isolate); | 1567 AlwaysAllocateScope always_allocate(isolate); |
| 1571 obj = factory->NewJSObjectFromMap(map, TENURED, false); | 1568 obj = factory->NewJSObjectFromMap(map, TENURED); |
| 1572 CHECK(old_space->Contains(*obj)); | 1569 CHECK(old_space->Contains(*obj)); |
| 1573 | 1570 |
| 1574 // Make sure |obj_value| is placed on an old-space evacuation candidate. | 1571 // Make sure |obj_value| is placed on an old-space evacuation candidate. |
| 1575 SimulateFullSpace(old_space); | 1572 SimulateFullSpace(old_space); |
| 1576 obj_value = factory->NewJSArray(32 * KB, FAST_HOLEY_ELEMENTS, | 1573 obj_value = factory->NewJSArray(32 * KB, FAST_HOLEY_ELEMENTS, |
| 1577 Strength::WEAK, TENURED); | 1574 Strength::WEAK, TENURED); |
| 1578 ec_page = Page::FromAddress(obj_value->address()); | 1575 ec_page = Page::FromAddress(obj_value->address()); |
| 1579 CHECK_NE(ec_page, Page::FromAddress(obj->address())); | 1576 CHECK_NE(ec_page, Page::FromAddress(obj->address())); |
| 1580 } | 1577 } |
| 1581 | 1578 |
| (...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1683 | 1680 |
| 1684 // TODO(ishell): add respective tests for property kind reconfiguring from | 1681 // TODO(ishell): add respective tests for property kind reconfiguring from |
| 1685 // accessor field to double, once accessor fields are supported by | 1682 // accessor field to double, once accessor fields are supported by |
| 1686 // Map::ReconfigureProperty(). | 1683 // Map::ReconfigureProperty(). |
| 1687 | 1684 |
| 1688 | 1685 |
| 1689 // TODO(ishell): add respective tests for fast property removal case once | 1686 // TODO(ishell): add respective tests for fast property removal case once |
| 1690 // Map::ReconfigureProperty() supports that. | 1687 // Map::ReconfigureProperty() supports that. |
| 1691 | 1688 |
| 1692 #endif | 1689 #endif |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1226203011:
Remove unused byte from Map::instance_sizes field. (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master