| Index: src/factory.cc
|
| diff --git a/src/factory.cc b/src/factory.cc
|
| index c1c761d747acde1bceb84e83a6bdb036990cc40d..d561801c54df6456e9935947f81ae79c1e72c3e4 100644
|
| --- a/src/factory.cc
|
| +++ b/src/factory.cc
|
| @@ -1843,6 +1843,15 @@ Handle<JSObject> Factory::NewJSObjectFromMap(
|
| JSObject);
|
| }
|
|
|
| +Handle<JSObject> Factory::NewSlowJSObjectFromMap(Handle<Map> map, int capacity,
|
| + PretenureFlag pretenure) {
|
| + DCHECK(map->is_dictionary_map());
|
| + Handle<FixedArray> object_properties =
|
| + NameDictionary::New(isolate(), capacity);
|
| + Handle<JSObject> js_object = NewJSObjectFromMap(map, pretenure);
|
| + js_object->set_properties(*object_properties);
|
| + return js_object;
|
| +}
|
|
|
| Handle<JSArray> Factory::NewJSArray(ElementsKind elements_kind,
|
| PretenureFlag pretenure) {
|
| @@ -2612,32 +2621,38 @@ Handle<JSWeakMap> Factory::NewJSWeakMap() {
|
| return Handle<JSWeakMap>::cast(NewJSObjectFromMap(map));
|
| }
|
|
|
| -
|
| -Handle<Map> Factory::ObjectLiteralMapFromCache(Handle<Context> context,
|
| +Handle<Map> Factory::ObjectLiteralMapFromCache(Handle<Context> native_context,
|
| int number_of_properties,
|
| - bool* is_result_from_cache) {
|
| + bool has_null_prototype) {
|
| + DCHECK(native_context->IsNativeContext());
|
| const int kMapCacheSize = 128;
|
|
|
| + // Ignoring number_of_properties for force dictionary map with __proto__:null.
|
| + if (has_null_prototype) {
|
| + return handle(native_context->slow_object_with_null_prototype_map(),
|
| + isolate());
|
| + }
|
| // We do not cache maps for too many properties or when running builtin code.
|
| - if (number_of_properties > kMapCacheSize ||
|
| - isolate()->bootstrapper()->IsActive()) {
|
| - *is_result_from_cache = false;
|
| - Handle<Map> map = Map::Create(isolate(), number_of_properties);
|
| - return map;
|
| + if (isolate()->bootstrapper()->IsActive()) {
|
| + return Map::Create(isolate(), number_of_properties);
|
| + }
|
| + // Use initial slow object proto map for too many properties.
|
| + if (number_of_properties > kMapCacheSize) {
|
| + return handle(native_context->slow_object_with_object_prototype_map(),
|
| + isolate());
|
| }
|
| - *is_result_from_cache = true;
|
| if (number_of_properties == 0) {
|
| // Reuse the initial map of the Object function if the literal has no
|
| // predeclared properties.
|
| - return handle(context->object_function()->initial_map(), isolate());
|
| + return handle(native_context->object_function()->initial_map(), isolate());
|
| }
|
|
|
| int cache_index = number_of_properties - 1;
|
| - Handle<Object> maybe_cache(context->map_cache(), isolate());
|
| + Handle<Object> maybe_cache(native_context->map_cache(), isolate());
|
| if (maybe_cache->IsUndefined(isolate())) {
|
| // Allocate the new map cache for the native context.
|
| maybe_cache = NewFixedArray(kMapCacheSize, TENURED);
|
| - context->set_map_cache(*maybe_cache);
|
| + native_context->set_map_cache(*maybe_cache);
|
| } else {
|
| // Check to see whether there is a matching element in the cache.
|
| Handle<FixedArray> cache = Handle<FixedArray>::cast(maybe_cache);
|
| @@ -2645,13 +2660,16 @@ Handle<Map> Factory::ObjectLiteralMapFromCache(Handle<Context> context,
|
| if (result->IsWeakCell()) {
|
| WeakCell* cell = WeakCell::cast(result);
|
| if (!cell->cleared()) {
|
| - return handle(Map::cast(cell->value()), isolate());
|
| + Map* map = Map::cast(cell->value());
|
| + DCHECK(!map->is_dictionary_map());
|
| + return handle(map, isolate());
|
| }
|
| }
|
| }
|
| // Create a new map and add it to the cache.
|
| Handle<FixedArray> cache = Handle<FixedArray>::cast(maybe_cache);
|
| Handle<Map> map = Map::Create(isolate(), number_of_properties);
|
| + DCHECK(!map->is_dictionary_map());
|
| Handle<WeakCell> cell = NewWeakCell(map);
|
| cache->set(cache_index, *cell);
|
| return map;
|
|
|
Chromium Code Reviews
Issue 2445333002:
Ensure slow properties for simple {__proto__:null} literals. (Closed)
