Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(768)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/objects.cc

Issue 338793004: More set_map() calls replaced with MigrateToMap(). (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« src/factory.cc ('K') | « src/factory.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/objects.cc
diff --git a/src/objects.cc b/src/objects.cc
index e9bedcadeb1eff4b9fbd61d29a71a69b1218849c..408e35ab421e97a22d19533dbfb020c695e05e22 100644
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -761,7 +761,7 @@ Handle<Object> JSObject::DeleteNormalizedProperty(Handle<JSObject> object,
// the hole value.
Handle<Map> new_map = Map::CopyDropDescriptors(handle(object->map()));
ASSERT(new_map->is_dictionary_map());
- object->set_map(*new_map);
+ JSObject::MigrateToMap(object, new_map);
}
Handle<PropertyCell> cell(PropertyCell::cast(dictionary->ValueAt(entry)));
Handle<Object> value = isolate->factory()->the_hole_value();
@@ -2145,8 +2145,6 @@ void JSObject::MigrateToMap(Handle<JSObject> object, Handle<Map> new_map) {
// converted to doubles.
if (!old_map->InstancesNeedRewriting(
*new_map, number_of_fields, inobject, unused)) {
- // Writing the new map here does not require synchronization since it does
- // not change the actual object size.
object->synchronized_set_map(*new_map);
return;
}
@@ -2180,9 +2178,7 @@ void JSObject::MigrateToMap(Handle<JSObject> object, Handle<Map> new_map) {
// Set the new property value and do the map transition.
object->set_properties(*new_storage);
- // Writing the new map here does not require synchronization since it does
- // not change the actual object size.
- object->set_map(*new_map);
+ object->synchronized_set_map(*new_map);
return;
}
Handle<FixedArray> array = isolate->factory()->NewFixedArray(total_size);
@@ -2254,24 +2250,21 @@ void JSObject::MigrateToMap(Handle<JSObject> object, Handle<Map> new_map) {
ASSERT(instance_size_delta >= 0);
Address address = object->address() + new_instance_size;
- // The trimming is performed on a newly allocated object, which is on a
- // freshly allocated page or on an already swept page. Hence, the sweeper
- // thread can not get confused with the filler creation. No synchronization
- // needed.
- isolate->heap()->CreateFillerObjectAt(address, instance_size_delta);
+ Heap* heap = isolate->heap();
// If there are properties in the new backing store, trim it to the correct
// size and install the backing store into the object.
if (external > 0) {
- RightTrimFixedArray<Heap::FROM_MUTATOR>(isolate->heap(), *array, inobject);
+ RightTrimFixedArray<Heap::FROM_MUTATOR>(heap, *array, inobject);
object->set_properties(*array);
}
- // The trimming is performed on a newly allocated object, which is on a
- // freshly allocated page or on an already swept page. Hence, the sweeper
- // thread can not get confused with the filler creation. No synchronization
- // needed.
- object->set_map(*new_map);
+ heap->CreateFillerObjectAt(address, instance_size_delta);
+ heap->AdjustLiveBytes(address, -instance_size_delta, Heap::FROM_MUTATOR);
+
+ // We are storing the new map using release store after creating a filler for
+ // the left-over space to avoid races with the sweeper thread.
+ object->synchronized_set_map(*new_map);
}
@@ -4718,7 +4711,7 @@ void JSObject::TransformToFastProperties(Handle<JSObject> object,
ASSERT_LE(unused_property_fields, inobject_props);
// Transform the object.
new_map->set_unused_property_fields(inobject_props);
- object->set_map(*new_map);
+ object->synchronized_set_map(*new_map);
object->set_properties(isolate->heap()->empty_fixed_array());
// Check that it really works.
ASSERT(object->HasFastProperties());
@@ -4799,7 +4792,7 @@ void JSObject::TransformToFastProperties(Handle<JSObject> object,
new_map->set_unused_property_fields(unused_property_fields);
// Transform the object.
- object->set_map(*new_map);
+ object->synchronized_set_map(*new_map);
object->set_properties(*fields);
ASSERT(object->IsJSObject());
@@ -6641,7 +6634,7 @@ void JSObject::SetPropertyCallback(Handle<JSObject> object,
if (object->IsGlobalObject()) {
Handle<Map> new_map = Map::CopyDropDescriptors(handle(object->map()));
ASSERT(new_map->is_dictionary_map());
- object->set_map(*new_map);
+ JSObject::MigrateToMap(object, new_map);
// When running crankshaft, changing the map is not enough. We
// need to deoptimize all functions that rely on this global
« src/factory.cc ('K') | « src/factory.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698