Tag all prototypes as proto, except those set using __proto__

src/objects.cc

 // Copyright 2013 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/v8.h"
 
 #include "src/accessors.h"
 #include "src/allocation-site-scopes.h"
 #include "src/api.h"
 #include "src/arguments.h"
@@ skipping 6961 matching lines @@
 
 Handle<Map> Map::Normalize(Handle<Map> fast_map,
                            PropertyNormalizationMode mode) {
   DCHECK(!fast_map->is_dictionary_map());
 
   Isolate* isolate = fast_map->GetIsolate();
   Handle<NormalizedMapCache> cache(
       isolate->context()->native_context()->normalized_map_cache());
 
   Handle<Map> new_map;
-  if (cache->Get(fast_map, mode).ToHandle(&new_map)) {
+  if (!fast_map->is_prototype_map() &&
+      cache->Get(fast_map, mode).ToHandle(&new_map)) {
 #ifdef VERIFY_HEAP
     if (FLAG_verify_heap) {
       new_map->SharedMapVerify();
     }
 #endif
 #ifdef ENABLE_SLOW_DCHECKS
     if (FLAG_enable_slow_asserts) {
       // The cached map should match newly created normalized map bit-by-bit,
       // except for the code cache, which can contain some ics which can be
       // applied to the shared map.
       Handle<Map> fresh = Map::CopyNormalized(
           fast_map, mode, SHARED_NORMALIZED_MAP);
 
       DCHECK(memcmp(fresh->address(),
                     new_map->address(),
                     Map::kCodeCacheOffset) == 0);
       STATIC_ASSERT(Map::kDependentCodeOffset ==
                     Map::kCodeCacheOffset + kPointerSize);
       int offset = Map::kDependentCodeOffset + kPointerSize;
       DCHECK(memcmp(fresh->address() + offset,
                     new_map->address() + offset,
                     Map::kSize - offset) == 0);
     }
 #endif
   } else {
     new_map = Map::CopyNormalized(fast_map, mode, SHARED_NORMALIZED_MAP);
-    cache->Set(fast_map, new_map);
-    isolate->counters()->normalized_maps()->Increment();
+    if (!fast_map->is_prototype_map()) {
+      cache->Set(fast_map, new_map);
+      isolate->counters()->normalized_maps()->Increment();
+    }
   }
   fast_map->NotifyLeafMapLayoutChange();
   return new_map;
 }
 
 
 Handle<Map> Map::CopyNormalized(Handle<Map> map,
                                 PropertyNormalizationMode mode,
                                 NormalizedMapSharingMode sharing) {
   int new_instance_size = map->instance_size();
@@ skipping 2848 matching lines @@
   // Now some logic for the maps of the objects that are created by using this
   // function as a constructor.
   if (function->has_initial_map()) {
     // If the function has allocated the initial map replace it with a
     // copy containing the new prototype.  Also complete any in-object
     // slack tracking that is in progress at this point because it is
     // still tracking the old copy.
     if (function->IsInobjectSlackTrackingInProgress()) {
       function->CompleteInobjectSlackTracking();
     }
+
     Handle<Map> initial_map(function->initial_map(), isolate);
-    Handle<Map> new_map = Map::Copy(initial_map);
-    new_map->set_prototype(*value);
 
-    // If the function is used as the global Array function, cache the
-    // initial map (and transitioned versions) in the native context.
-    Context* native_context = function->context()->native_context();
-    Object* array_function = native_context->get(Context::ARRAY_FUNCTION_INDEX);
-    if (array_function->IsJSFunction() &&
-        *function == JSFunction::cast(array_function)) {
-      CacheInitialJSArrayMaps(handle(native_context, isolate), new_map);
+    if (!initial_map->GetIsolate()->bootstrapper()->IsActive() &&
+        initial_map->instance_type() == JS_OBJECT_TYPE) {
+      // Put the value in the initial map field until an initial map is needed.
+      // At that point, a new initial map is created and the prototype is put
+      // into the initial map where it belongs.
+      function->set_prototype_or_initial_map(*value);
+    } else {
+      Handle<Map> new_map = Map::Copy(initial_map);
+      JSFunction::SetInitialMap(function, new_map, value);
+
+      // If the function is used as the global Array function, cache the
+      // initial map (and transitioned versions) in the native context.
+      Context* native_context = function->context()->native_context();
+      Object* array_function =
+          native_context->get(Context::ARRAY_FUNCTION_INDEX);
+      if (array_function->IsJSFunction() &&
+          *function == JSFunction::cast(array_function)) {
+        CacheInitialJSArrayMaps(handle(native_context, isolate), new_map);
+      }
     }
 
-    JSFunction::SetInitialMap(function, new_map);
-
     // Deoptimize all code that embeds the previous initial map.
     initial_map->dependent_code()->DeoptimizeDependentCodeGroup(
         isolate, DependentCode::kInitialMapChangedGroup);
   } else {
     // Put the value in the initial map field until an initial map is
     // needed.  At that point, a new initial map is created and the
     // prototype is put into the initial map where it belongs.
     function->set_prototype_or_initial_map(*value);
   }
   isolate->heap()->ClearInstanceofCache();
@@ skipping 45 matching lines @@
     return false;
   }
 #endif
 
   set_map(no_prototype_map);
   set_prototype_or_initial_map(no_prototype_map->GetHeap()->the_hole_value());
   return true;
 }
 
 
-void JSFunction::SetInitialMap(Handle<JSFunction> function, Handle<Map> map) {
-  if (map->prototype()->IsJSObject()) {
-    Handle<JSObject> js_proto = handle(JSObject::cast(map->prototype()));
+void JSFunction::SetInitialMap(Handle<JSFunction> function, Handle<Map> map,
+                               Handle<Object> prototype) {
+  if (prototype->IsJSObject()) {
+    Handle<JSObject> js_proto = Handle<JSObject>::cast(prototype);
     if (!js_proto->map()->is_prototype_map() &&
         !js_proto->map()->IsGlobalObjectMap() &&
         !js_proto->map()->IsJSGlobalProxyMap()) {
       // Normalize and turn fast again to make all functions CONSTANT
       // properties.
       if (!js_proto->GetIsolate()->bootstrapper()->IsActive()) {
         JSObject::NormalizeProperties(js_proto, KEEP_INOBJECT_PROPERTIES, 0);
       }
       if (!js_proto->HasFastProperties()) {
         JSObject::MigrateSlowToFast(js_proto, 0);
       }
       if (js_proto->HasFastProperties()) {
         Handle<Map> new_map = Map::Copy(handle(js_proto->map()));
         JSObject::MigrateToMap(js_proto, new_map);
         js_proto->map()->set_is_prototype_map(true);
       }
     }
   }
+  map->set_prototype(*prototype);
   function->set_prototype_or_initial_map(*map);
   map->set_constructor(*function);
 }
 
 
 void JSFunction::EnsureHasInitialMap(Handle<JSFunction> function) {
   if (function->has_initial_map()) return;
   Isolate* isolate = function->GetIsolate();
 
   // First create a new map with the size and number of in-object properties
@@ skipping 14 matching lines @@
 
   // Fetch or allocate prototype.
   Handle<Object> prototype;
   if (function->has_instance_prototype()) {
     prototype = handle(function->instance_prototype(), isolate);
   } else {
     prototype = isolate->factory()->NewFunctionPrototype(function);
   }
   map->set_inobject_properties(in_object_properties);
   map->set_unused_property_fields(in_object_properties);
-  map->set_prototype(*prototype);
   DCHECK(map->has_fast_object_elements());
 
   // Finally link initial map and constructor function.
-  JSFunction::SetInitialMap(function, map);
+  JSFunction::SetInitialMap(function, map, Handle<JSReceiver>::cast(prototype));
 
   if (!function->shared()->is_generator()) {
     function->StartInobjectSlackTracking();
   }
 }
 
 
 void JSFunction::SetInstanceClassName(String* name) {
   shared()->set_instance_class_name(name);
 }
@@ skipping 2064 matching lines @@
     new_map = Copy(map);
     PutPrototypeTransition(map, prototype, new_map);
     new_map->set_prototype(*prototype);
   }
   return new_map;
 }
 
 
 MaybeHandle<Object> JSObject::SetPrototype(Handle<JSObject> object,
                                            Handle<Object> value,
-                                           bool skip_hidden_prototypes) {
+                                           bool from_javascript) {
 #ifdef DEBUG
   int size = object->Size();
 #endif
 
   Isolate* isolate = object->GetIsolate();
   Heap* heap = isolate->heap();
   // Silently ignore the change if value is not a JSObject or null.
   // SpiderMonkey behaves this way.
   if (!value->IsJSReceiver() && !value->IsNull()) return value;
 
@@ skipping 24 matching lines @@
       Handle<Object> error = isolate->factory()->NewError(
           "cyclic_proto", HandleVector<Object>(NULL, 0));
       return isolate->Throw<Object>(error);
     }
   }
 
   bool dictionary_elements_in_chain =
       object->map()->DictionaryElementsInPrototypeChainOnly();
   Handle<JSObject> real_receiver = object;
 
-  if (skip_hidden_prototypes) {
+  if (from_javascript) {
     // Find the first object in the chain whose prototype object is not
     // hidden and set the new prototype on that object.
     PrototypeIterator iter(isolate, real_receiver);
     while (!iter.IsAtEnd(PrototypeIterator::END_AT_NON_HIDDEN)) {
       real_receiver =
           Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter));
       iter.Advance();
     }
   }
 
   // Set the new prototype of the object.
   Handle<Map> map(real_receiver->map());
 
   // Nothing to do if prototype is already set.
   if (map->prototype() == *value) return value;
 
   if (value->IsJSObject()) {
-    JSObject::OptimizeAsPrototype(Handle<JSObject>::cast(value));
+    Handle<JSObject> js_proto = Handle<JSObject>::cast(value);
+    if (!from_javascript && !js_proto->IsJSGlobalProxy() &&
+        !js_proto->IsGlobalObject() && !js_proto->map()->is_prototype_map()) {
+      JSObject::NormalizeProperties(js_proto, KEEP_INOBJECT_PROPERTIES, 0);
+      JSObject::MigrateSlowToFast(js_proto, 0);
+      if (js_proto->HasFastProperties()) {
+        Handle<Map> new_map = Map::Copy(handle(js_proto->map()));
+        JSObject::MigrateToMap(js_proto, new_map);
+        js_proto->map()->set_is_prototype_map(true);
+      }

[Igor Sheludko, 2014/08/11 07:42:13]

The "make-prototype-super-fast" piece of code looks like a copy of a part of
JSFunction::SetInitialMap(). Please try to merge them.

+    } else {
+      JSObject::OptimizeAsPrototype(js_proto);
+    }
   }
 
   Handle<Map> new_map = Map::TransitionToPrototype(map, value);
   DCHECK(new_map->prototype() == *value);
   JSObject::MigrateToMap(real_receiver, new_map);
 
   if (!dictionary_elements_in_chain &&
       new_map->DictionaryElementsInPrototypeChainOnly()) {
     // If the prototype chain didn't previously have element callbacks, then
     // KeyedStoreICs need to be cleared to ensure any that involve this
@@ skipping 4721 matching lines @@
 #define ERROR_MESSAGES_TEXTS(C, T) T,
   static const char* error_messages_[] = {
       ERROR_MESSAGES_LIST(ERROR_MESSAGES_TEXTS)
   };
 #undef ERROR_MESSAGES_TEXTS
   return error_messages_[reason];
 }
 
 
 } }  // namespace v8::internal