Chromium Code Reviews Chromium Code Reviews
Issue 650073002:
vector-based ICs did not update type feedback counts correctly. (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge| Index: src/type-feedback-vector.cc |
| diff --git a/src/type-feedback-vector.cc b/src/type-feedback-vector.cc |
| index a3fe0707c7d578fbbbcf204dc51a68694308b271..6af5d81c0152cedd91ad4d65a25be7fa04d1513a 100644 |
| --- a/src/type-feedback-vector.cc |
| +++ b/src/type-feedback-vector.cc |
| @@ -4,6 +4,7 @@ |
| #include "src/v8.h" |
| +#include "src/ic/ic-state.h" |
| #include "src/objects.h" |
| #include "src/type-feedback-vector-inl.h" |
| @@ -11,6 +12,36 @@ namespace v8 { |
| namespace internal { |
| // static |
| +Handle<TypeFeedbackVector> TypeFeedbackVector::Allocate(Isolate* isolate, |
| + int slot_count, |
| + int ic_slot_count) { |
| + int length = slot_count + ic_slot_count + kReservedIndexCount; |
| + if (length == kReservedIndexCount) { |
| + return Handle<TypeFeedbackVector>::cast( |
| + isolate->factory()->empty_fixed_array()); |
| + } |
| + |
| + Handle<FixedArray> array = isolate->factory()->NewFixedArray(length, TENURED); |
| + if (ic_slot_count > 0) { |
| + array->set(kFirstICSlotIndex, |
| + Smi::FromInt(slot_count + kReservedIndexCount)); |
| + } else { |
| + array->set(kFirstICSlotIndex, Smi::FromInt(length)); |
| + } |
| + array->set(kWithTypesIndex, Smi::FromInt(0)); |
| + array->set(kGenericCountIndex, Smi::FromInt(0)); |
| + |
| + // Ensure we can skip the write barrier |
| + Handle<Object> uninitialized_sentinel = UninitializedSentinel(isolate); |
| + DCHECK_EQ(isolate->heap()->uninitialized_symbol(), *uninitialized_sentinel); |
| + for (int i = kReservedIndexCount; i < length; i++) { |
| + array->set(i, *uninitialized_sentinel, SKIP_WRITE_BARRIER); |
| + } |
| + return Handle<TypeFeedbackVector>::cast(array); |
| +} |
| + |
| + |
| +// static |
| Handle<TypeFeedbackVector> TypeFeedbackVector::Copy( |
| Isolate* isolate, Handle<TypeFeedbackVector> vector) { |
| Handle<TypeFeedbackVector> result; |
| @@ -18,5 +49,43 @@ Handle<TypeFeedbackVector> TypeFeedbackVector::Copy( |
| isolate->factory()->CopyFixedArray(Handle<FixedArray>::cast(vector))); |
| return result; |
| } |
| + |
| + |
| +void TypeFeedbackVector::ClearSlots(SharedFunctionInfo* shared) { |
| + int slots = Slots(); |
| + Isolate* isolate = GetIsolate(); |
| + Object* uninitialized_sentinel = |
| + TypeFeedbackVector::RawUninitializedSentinel(isolate->heap()); |
| + |
| + for (int i = 0; i < slots; i++) { |
| + FeedbackVectorSlot slot(i); |
| + Object* obj = Get(slot); |
| + if (obj->IsHeapObject()) { |
| + InstanceType instance_type = |
| + HeapObject::cast(obj)->map()->instance_type(); |
| + switch (instance_type) { |
| + case ALLOCATION_SITE_TYPE: |
| + // AllocationSites are not cleared because they do not store |
| + // information that leaks. |
| + break; |
| + // Fall through... |
|
Jakob Kummerow
2014/10/20 10:29:43
Uhm, what? Either "break;" or "// Fall through.",
mvstanton
2014/10/20 11:09:22
You are right, it's unwieldy...changing to if()...
|
| + default: |
| + Set(slot, uninitialized_sentinel, SKIP_WRITE_BARRIER); |
| + } |
| + } |
| + } |
| + |
| + // Now clear vector-based ICs. They are all CallICs. |
|
Jakob Kummerow
2014/10/20 10:29:43
Whoa. The comment in the header said "leaves vecto
mvstanton
2014/10/20 11:09:22
Nice catch, I'll fix that outdated comment in the
|
| + // Try and pass the containing code (the "host") |
| + slots = ICSlots(); |
| + Code* host = shared->code(); |
| + for (int i = 0; i < slots; i++) { |
| + FeedbackVectorICSlot slot(i); |
| + Object* obj = Get(slot); |
| + if (obj != uninitialized_sentinel) { |
| + ICUtility::Clear(isolate, Code::CALL_IC, host, this, slot); |
| + } |
| + } |
| +} |
| } |
| } // namespace v8::internal |
