src/objects.cc - Issue 1522413002: [field type tracking] Fix handling of cleared WeakCells.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/objects.cc

Issue 1522413002: [field type tracking] Fix handling of cleared WeakCells. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master

Patch Set: Fix Created 5 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/objects.cc

diff --git a/src/objects.cc b/src/objects.cc

index 65b1524b981933a6a829a4fe084918bddd0e16ff..3173b3b390dbc10ee2e2b1bf57c9242966d44f10 100644

--- a/src/objects.cc

+++ b/src/objects.cc

@@ -3046,7 +3046,7 @@ void Map::UpdateFieldType(int descriptor, Handle<Name> name,

}

-bool FieldTypeIsCleared(Representation rep, Handle<HeapType> type) {

+bool FieldTypeIsCleared(Representation rep, HeapType* type) {

return type->Is(HeapType::None()) && rep.IsHeapObject();

}

@@ -3060,7 +3060,7 @@ Handle<HeapType> Map::GeneralizeFieldType(Representation rep1,

// Cleared field types need special treatment. They represent lost knowledge,

// so we must be conservative, so their generalization with any other type

// is "Any".

- if (FieldTypeIsCleared(rep1, type1) || FieldTypeIsCleared(rep2, type2)) {

+ if (FieldTypeIsCleared(rep1, *type1) || FieldTypeIsCleared(rep2, *type2)) {

return HeapType::Any(isolate);

}

if (type1->NowIs(type2)) return type2;

@@ -3083,7 +3083,7 @@ void Map::GeneralizeFieldType(Handle<Map> map, int modify_index,

isolate);

if (old_representation.Equals(new_representation) &&

- !FieldTypeIsCleared(new_representation, new_field_type) &&

+ !FieldTypeIsCleared(new_representation, *new_field_type) &&

// Checking old_field_type for being cleared is not necessary because

// the NowIs check below would fail anyway in that case.

new_field_type->NowIs(old_field_type)) {

@@ -3735,10 +3735,16 @@ MaybeHandle<Map> Map::TryUpdate(Handle<Map> old_map) {

switch (new_details.type()) {

case DATA: {

HeapType* new_type = new_descriptors->GetFieldType(i);

+ // Cleared field types need special treatment. They represent lost

+ // knowledge, so we must first generalize the old_type to "Any".

+ if (!FieldTypeIsCleared(new_details.representation(), new_type)) {

+ return MaybeHandle<Map>();

+ }

PropertyType old_property_type = old_details.type();

if (old_property_type == DATA) {

HeapType* old_type = old_descriptors->GetFieldType(i);

- if (!old_type->NowIs(new_type)) {

+ if (FieldTypeIsCleared(old_details.representation(), old_type) ||

+ !old_type->NowIs(new_type)) {

return MaybeHandle<Map>();

}

} else {

« no previous file with comments | « no previous file | src/objects-debug.cc » ('j') | no next file with comments »