Experimental: merge from bleeding_edge. Merge up to and including...

src/objects.cc

 // Copyright 2006-2008 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 25 matching lines @@
 #include "scanner.h"
 #include "scopeinfo.h"
 #include "string-stream.h"
 
 #ifdef ENABLE_DISASSEMBLER
 #include "disassembler.h"
 #endif
 
 namespace v8 { namespace internal {
 
+#define FIELD_ADDR(p, offset) \
+  (reinterpret_cast<byte*>(p) + offset - kHeapObjectTag)
+
+
+#define WRITE_FIELD(p, offset, value) \
+  (*reinterpret_cast<Object**>(FIELD_ADDR(p, offset)) = value)
+
+
+#define WRITE_INT_FIELD(p, offset, value) \
+  (*reinterpret_cast<int*>(FIELD_ADDR(p, offset)) = value)
+
+
+#define WRITE_BARRIER(object, offset) \
+  Heap::RecordWrite(object->address(), offset);
+
+
 // Getters and setters are stored in a fixed array property.  These are
 // constants for their indices.
 const int kGetterIndex = 0;
 const int kSetterIndex = 1;
 
 bool Object::IsInstanceOf(FunctionTemplateInfo* expected) {
   // There is a constraint on the object; check
   if (!this->IsJSObject()) return false;
   // Fetch the constructor function of the object
   Object* cons_obj = JSObject::cast(this)->map()->constructor();
@@ skipping 861 matching lines @@
         break;
     }
     return;
   }
 
   switch (type) {
     case FIXED_ARRAY_TYPE:
       reinterpret_cast<FixedArray*>(this)->FixedArrayIterateBody(v);
       break;
     case JS_OBJECT_TYPE:
+    case JS_CONTEXT_EXTENSION_OBJECT_TYPE:
     case JS_VALUE_TYPE:
     case JS_ARRAY_TYPE:
     case JS_REGEXP_TYPE:
     case JS_FUNCTION_TYPE:
     case JS_GLOBAL_PROXY_TYPE:
     case JS_GLOBAL_OBJECT_TYPE:
     case JS_BUILTINS_OBJECT_TYPE:
       reinterpret_cast<JSObject*>(this)->JSObjectIterateBody(object_size, v);
       break;
     case ODDBALL_TYPE:
@@ skipping 96 matching lines @@
   return FastPropertyAtPut(index, value);
 }
 
 
 Object* JSObject::AddFastProperty(String* name,
                                   Object* value,
                                   PropertyAttributes attributes) {
   // Normalize the object if the name is not a real identifier.
   StringInputBuffer buffer(name);
   if (!Scanner::IsIdentifier(&buffer)) {
-    Object* obj = NormalizeProperties();
+    Object* obj = NormalizeProperties(CLEAR_INOBJECT_PROPERTIES);
     if (obj->IsFailure()) return obj;
     return AddSlowProperty(name, value, attributes);
   }
 
   DescriptorArray* old_descriptors = map()->instance_descriptors();
   // Compute the new index for new field.
   int index = map()->NextFreePropertyIndex();
 
   // Allocate new instance descriptors with (name, index) added
   FieldDescriptor new_field(name, index, attributes);
@@ skipping 17 matching lines @@
   if (allow_map_transition) {
     // Allocate new instance descriptors for the old map with map transition.
     MapTransitionDescriptor d(name, Map::cast(new_map), attributes);
     Object* r = old_descriptors->CopyInsert(&d, KEEP_TRANSITIONS);
     if (r->IsFailure()) return r;
     old_descriptors = DescriptorArray::cast(r);
   }
 
   if (map()->unused_property_fields() == 0) {
     if (properties()->length() > kMaxFastProperties) {
-      Object* obj = NormalizeProperties();
+      Object* obj = NormalizeProperties(CLEAR_INOBJECT_PROPERTIES);
       if (obj->IsFailure()) return obj;
       return AddSlowProperty(name, value, attributes);
     }
     // Make room for the new value
     Object* values =
         properties()->CopySize(properties()->length() + kFieldsAdded);
     if (values->IsFailure()) return values;
     set_properties(FixedArray::cast(values));
     new_map->set_unused_property_fields(kFieldsAdded - 1);
   } else {
@@ skipping 81 matching lines @@
       if (value->IsJSFunction()) {
         return AddConstantFunctionProperty(name,
                                            JSFunction::cast(value),
                                            attributes);
       } else {
         return AddFastProperty(name, value, attributes);
       }
     } else {
       // Normalize the object to prevent very large instance descriptors.
       // This eliminates unwanted N^2 allocation and lookup behavior.
-      Object* obj = NormalizeProperties();
+      Object* obj = NormalizeProperties(CLEAR_INOBJECT_PROPERTIES);
       if (obj->IsFailure()) return obj;
     }
   }
   return AddSlowProperty(name, value, attributes);
 }
 
 
 Object* JSObject::SetPropertyPostInterceptor(String* name,
                                              Object* value,
                                              PropertyAttributes attributes) {
@@ skipping 52 matching lines @@
   old_map->set_instance_descriptors(DescriptorArray::cast(new_descriptors));
   return result;
 }
 
 
 Object* JSObject::ConvertDescriptorToField(String* name,
                                            Object* new_value,
                                            PropertyAttributes attributes) {
   if (map()->unused_property_fields() == 0 &&
       properties()->length() > kMaxFastProperties) {
-    Object* obj = NormalizeProperties();
+    Object* obj = NormalizeProperties(CLEAR_INOBJECT_PROPERTIES);
     if (obj->IsFailure()) return obj;
     return ReplaceSlowProperty(name, new_value, attributes);
   }
 
   int index = map()->NextFreePropertyIndex();
   FieldDescriptor new_field(name, index, attributes);
   // Make a new DescriptorArray replacing an entry with FieldDescriptor.
   Object* descriptors_unchecked = map()->instance_descriptors()->
       CopyInsert(&new_field, REMOVE_TRANSITIONS);
   if (descriptors_unchecked->IsFailure()) return descriptors_unchecked;
@@ skipping 308 matching lines @@
     return SetPropertyWithFailedAccessCheck(result, name, value);
   }
 
   if (IsJSGlobalProxy()) {
     Object* proto = GetPrototype();
     if (proto->IsNull()) return value;
     ASSERT(proto->IsJSGlobalObject());
     return JSObject::cast(proto)->SetProperty(result, name, value, attributes);
   }
 
-  if (result->IsNotFound() || !result->IsProperty()) {
+  if (!result->IsProperty() && !IsJSContextExtensionObject()) {
     // We could not find a local property so let's check whether there is an
     // accessor that wants to handle the property.
     LookupResult accessor_result;
     LookupCallbackSetterInPrototypes(name, &accessor_result);
     if (accessor_result.IsValid()) {
       return SetPropertyWithCallback(accessor_result.GetCallbackObject(),
                                      name,
                                      value,
                                      accessor_result.holder());
     }
@@ skipping 245 matching lines @@
     if (HasLocalElement(index)) return NONE;
     return ABSENT;
   }
   // Named property.
   LookupResult result;
   LocalLookup(name, &result);
   return GetPropertyAttribute(this, &result, name, false);
 }
 
 
-Object* JSObject::NormalizeProperties() {
+Object* JSObject::NormalizeProperties(PropertyNormalizationMode mode) {
   if (!HasFastProperties()) return this;
 
   // Allocate new content
   Object* obj =
       Dictionary::Allocate(map()->NumberOfDescribedProperties() * 2 + 4);
   if (obj->IsFailure()) return obj;
   Dictionary* dictionary = Dictionary::cast(obj);
 
   for (DescriptorReader r(map()->instance_descriptors());
        !r.eos();
@@ skipping 39 matching lines @@
     }
   }
 
   // Copy the next enumeration index from instance descriptor.
   int index = map()->instance_descriptors()->NextEnumerationIndex();
   dictionary->SetNextEnumerationIndex(index);
 
   // Allocate new map.
   obj = map()->Copy();
   if (obj->IsFailure()) return obj;
+  Map* new_map = Map::cast(obj);
+
+  // Clear inobject properties if needed by adjusting the instance
+  // size and putting in a filler or byte array instead of the
+  // inobject properties.
+  if (mode == CLEAR_INOBJECT_PROPERTIES && map()->inobject_properties() > 0) {
+    int instance_size_delta = map()->inobject_properties() * kPointerSize;
+    int new_instance_size = map()->instance_size() - instance_size_delta;
+    new_map->set_inobject_properties(0);
+    new_map->set_instance_size(new_instance_size);
+    if (instance_size_delta == kPointerSize) {
+      WRITE_FIELD(this, new_instance_size, Heap::one_word_filler_map());
+    } else {
+      int byte_array_length = ByteArray::LengthFor(instance_size_delta);
+      int byte_array_length_offset = new_instance_size + kPointerSize;
+      WRITE_FIELD(this, new_instance_size, Heap::byte_array_map());
+      WRITE_INT_FIELD(this, byte_array_length_offset, byte_array_length);
+    }
+    WRITE_BARRIER(this, new_instance_size);
+  }
+  new_map->set_unused_property_fields(0);
 
   // We have now sucessfully allocated all the necessary objects.
   // Changes can now be made with the guarantee that all of them take effect.
-  set_map(Map::cast(obj));
+  set_map(new_map);
   map()->set_instance_descriptors(Heap::empty_descriptor_array());
 
-  map()->set_unused_property_fields(0);
   set_properties(dictionary);
 
   Counters::props_to_dictionary.Increment();
 
 #ifdef DEBUG
   if (FLAG_trace_normalization) {
     PrintF("Object properties have been normalized:\n");
     Print();
   }
 #endif
@@ skipping 47 matching lines @@
 }
 
 
 Object* JSObject::DeletePropertyPostInterceptor(String* name) {
   // Check local property, ignore interceptor.
   LookupResult result;
   LocalLookupRealNamedProperty(name, &result);
   if (!result.IsValid()) return Heap::true_value();
 
   // Normalize object if needed.
-  Object* obj = NormalizeProperties();
+  Object* obj = NormalizeProperties(CLEAR_INOBJECT_PROPERTIES);
   if (obj->IsFailure()) return obj;
 
   ASSERT(!HasFastProperties());
   // Attempt to remove the property from the property dictionary.
   Dictionary* dictionary = property_dictionary();
   int entry = dictionary->FindStringEntry(name);
   if (entry != -1) return dictionary->DeleteProperty(entry);
   return Heap::true_value();
 }
 
@@ skipping 142 matching lines @@
     if (!result.IsValid()) return Heap::true_value();
     if (result.IsDontDelete()) return Heap::false_value();
     // Check for interceptor.
     if (result.type() == INTERCEPTOR) {
       return DeletePropertyWithInterceptor(name);
     }
     if (!result.IsLoaded()) {
       return JSObject::cast(this)->DeleteLazyProperty(&result, name);
     }
     // Normalize object if needed.
-    Object* obj = NormalizeProperties();
+    Object* obj = NormalizeProperties(CLEAR_INOBJECT_PROPERTIES);
     if (obj->IsFailure()) return obj;
     // Make sure the properties are normalized before removing the entry.
     Dictionary* dictionary = property_dictionary();
     int entry = dictionary->FindStringEntry(name);
     if (entry != -1) return dictionary->DeleteProperty(entry);
     return Heap::true_value();
   }
 }
 
 
@@ skipping 158 matching lines @@
     return JSObject::cast(proto)->LocalLookup(name, result);
   }
 
   // Do not use inline caching if the object is a non-global object
   // that requires access checks.
   if (!IsJSGlobalProxy() && IsAccessCheckNeeded()) {
     result->DisallowCaching();
   }
 
   // Check __proto__ before interceptor.
-  if (name->Equals(Heap::Proto_symbol())) {
+  if (name->Equals(Heap::Proto_symbol()) && !IsJSContextExtensionObject()) {
     result->ConstantResult(this);
     return;
   }
 
   // Check for lookup interceptor except when bootstrapping.
   if (HasNamedInterceptor() && !Bootstrapper::IsActive()) {
     result->InterceptorResult(this);
     return;
   }
 
@@ skipping 66 matching lines @@
   LocalLookup(name, &result);
   if (result.IsValid()) {
     if (result.IsReadOnly()) return Heap::undefined_value();
     if (result.type() == CALLBACKS) {
       Object* obj = result.GetCallbackObject();
       if (obj->IsFixedArray()) return obj;
     }
   }
 
   // Normalize object to make this operation simple.
-  Object* ok = NormalizeProperties();
+  Object* ok = NormalizeProperties(CLEAR_INOBJECT_PROPERTIES);
   if (ok->IsFailure()) return ok;
 
   // Allocate the fixed array to hold getter and setter.
   Object* array = Heap::AllocateFixedArray(2);
   if (array->IsFailure()) return array;
 
   // Update the dictionary with the new CALLBACKS property.
   PropertyDetails details = PropertyDetails(attributes, CALLBACKS);
   Object* dict =
       property_dictionary()->SetOrAddStringEntry(name, array, details);
@@ skipping 4232 matching lines @@
       if (type == NORMAL && !value->IsJSFunction()) number_of_fields += 1;
     }
   }
 
   // Allocate the instance descriptor.
   Object* descriptors_unchecked =
       DescriptorArray::Allocate(instance_descriptor_length);
   if (descriptors_unchecked->IsFailure()) return descriptors_unchecked;
   DescriptorArray* descriptors = DescriptorArray::cast(descriptors_unchecked);
 
-  int number_of_allocated_fields = number_of_fields + unused_property_fields;
+  int inobject_props = obj->map()->inobject_properties();
+  int number_of_allocated_fields =
+      number_of_fields + unused_property_fields - inobject_props;
 
   // Allocate the fixed array for the fields.
   Object* fields = Heap::AllocateFixedArray(number_of_allocated_fields);
   if (fields->IsFailure()) return fields;
 
   // Fill in the instance descriptor and the fields.
   DescriptorWriter w(descriptors);
   int current_offset = 0;
   for (int i = 0; i < capacity; i++) {
     Object* k = KeyAt(i);
     if (IsKey(k)) {
       Object* value = ValueAt(i);
       // Ensure the key is a symbol before writing into the instance descriptor.
       Object* key = Heap::LookupSymbol(String::cast(k));
       if (key->IsFailure()) return key;
       PropertyDetails details = DetailsAt(i);
       PropertyType type = details.type();
+
       if (value->IsJSFunction()) {
         ConstantFunctionDescriptor d(String::cast(key),
                                      JSFunction::cast(value),
                                      details.attributes(),
                                      details.index());
         w.Write(&d);
       } else if (type == NORMAL) {
-        FixedArray::cast(fields)->set(current_offset, value);
+        if (current_offset < inobject_props) {
+          obj->InObjectPropertyAtPut(current_offset,
+                                     value,
+                                     UPDATE_WRITE_BARRIER);
+        } else {
+          int offset = current_offset - inobject_props;
+          FixedArray::cast(fields)->set(offset, value);
+        }
         FieldDescriptor d(String::cast(key),
                           current_offset++,
                           details.attributes(),
                           details.index());
         w.Write(&d);
       } else if (type == CALLBACKS) {
         CallbacksDescriptor d(String::cast(key),
                               value,
                               details.attributes(),
                               details.index());
@@ skipping 12 matching lines @@
 
   // Transform the object.
   obj->set_map(Map::cast(new_map));
   obj->map()->set_instance_descriptors(descriptors);
   obj->map()->set_unused_property_fields(unused_property_fields);
 
   obj->set_properties(FixedArray::cast(fields));
   ASSERT(obj->IsJSObject());
 
   descriptors->SetNextEnumerationIndex(NextEnumerationIndex());
-  // Check it really works.
+  // Check that it really works.
   ASSERT(obj->HasFastProperties());
+
   return obj;
 }
 
 
 // Check if there is a break point at this code position.
 bool DebugInfo::HasBreakPoint(int code_position) {
   // Get the break point info object for this code position.
   Object* break_point_info = GetBreakPointInfo(code_position);
 
   // If there is no break point info object or no break points in the break
@@ skipping 230 matching lines @@
   // No break point.
   if (break_point_objects()->IsUndefined()) return 0;
   // Single beak point.
   if (!break_point_objects()->IsFixedArray()) return 1;
   // Multiple break points.
   return FixedArray::cast(break_point_objects())->length();
 }
 
 
 } }  // namespace v8::internal