Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(539)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/objects.cc

Issue 759823004: Map::CopyGeneralizeAllRepresentations() left incorrect layout descriptor in a new map. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | test/mjsunit/regress/regress-crbug-436820.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 the V8 project authors. All rights reserved. 1 // Copyright 2013 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <sstream> 5 #include <sstream>
6 6
7 #include "src/v8.h" 7 #include "src/v8.h"
8 8
9 #include "src/accessors.h" 9 #include "src/accessors.h"
10 #include "src/allocation-site-scopes.h" 10 #include "src/allocation-site-scopes.h"
(...skipping 2165 matching lines...) Expand 10 before | Expand all | Expand 10 after
2176 return result; 2176 return result;
2177 } 2177 }
2178 2178
2179 2179
2180 Handle<Map> Map::CopyGeneralizeAllRepresentations(Handle<Map> map, 2180 Handle<Map> Map::CopyGeneralizeAllRepresentations(Handle<Map> map,
2181 int modify_index, 2181 int modify_index,
2182 StoreMode store_mode, 2182 StoreMode store_mode,
2183 PropertyAttributes attributes, 2183 PropertyAttributes attributes,
2184 const char* reason) { 2184 const char* reason) {
2185 Isolate* isolate = map->GetIsolate(); 2185 Isolate* isolate = map->GetIsolate();
2186 Handle<Map> new_map = Copy(map, reason); 2186 Handle<DescriptorArray> old_descriptors(map->instance_descriptors(), isolate);
2187 int number_of_own_descriptors = map->NumberOfOwnDescriptors();
2188 Handle<DescriptorArray> descriptors =
2189 DescriptorArray::CopyUpTo(old_descriptors, number_of_own_descriptors);
2187 2190
2188 DescriptorArray* descriptors = new_map->instance_descriptors(); 2191 for (int i = 0; i < number_of_own_descriptors; i++) {
2189 int length = descriptors->number_of_descriptors();
2190 for (int i = 0; i < length; i++) {
2191 descriptors->SetRepresentation(i, Representation::Tagged()); 2192 descriptors->SetRepresentation(i, Representation::Tagged());
2192 if (descriptors->GetDetails(i).type() == FIELD) { 2193 if (descriptors->GetDetails(i).type() == FIELD) {
2193 descriptors->SetValue(i, HeapType::Any()); 2194 descriptors->SetValue(i, HeapType::Any());
2194 } 2195 }
2195 } 2196 }
2196 2197
2198 Handle<LayoutDescriptor> new_layout_descriptor(
2199 LayoutDescriptor::FastPointerLayout(), isolate);
2200 Handle<Map> new_map =
2201 CopyReplaceDescriptors(map, descriptors, new_layout_descriptor,
2202 OMIT_TRANSITION, MaybeHandle<Name>(), reason);
2203
2197 // Unless the instance is being migrated, ensure that modify_index is a field. 2204 // Unless the instance is being migrated, ensure that modify_index is a field.
2198 PropertyDetails details = descriptors->GetDetails(modify_index); 2205 PropertyDetails details = descriptors->GetDetails(modify_index);
2199 if (store_mode == FORCE_FIELD && 2206 if (store_mode == FORCE_FIELD &&
2200 (details.type() != FIELD || details.attributes() != attributes)) { 2207 (details.type() != FIELD || details.attributes() != attributes)) {
2201 int field_index = details.type() == FIELD ? details.field_index() 2208 int field_index = details.type() == FIELD ? details.field_index()
2202 : new_map->NumberOfFields(); 2209 : new_map->NumberOfFields();
2203 FieldDescriptor d(handle(descriptors->GetKey(modify_index), isolate), 2210 FieldDescriptor d(handle(descriptors->GetKey(modify_index), isolate),
2204 field_index, attributes, Representation::Tagged()); 2211 field_index, attributes, Representation::Tagged());
2205 descriptors->Replace(modify_index, &d); 2212 descriptors->Replace(modify_index, &d);
2206 if (details.type() != FIELD) { 2213 if (details.type() != FIELD) {
(...skipping 14617 matching lines...) Expand 10 before | Expand all | Expand 10 after
16824 Handle<DependentCode> codes = 16831 Handle<DependentCode> codes =
16825 DependentCode::Insert(handle(cell->dependent_code(), info->isolate()), 16832 DependentCode::Insert(handle(cell->dependent_code(), info->isolate()),
16826 DependentCode::kPropertyCellChangedGroup, 16833 DependentCode::kPropertyCellChangedGroup,
16827 info->object_wrapper()); 16834 info->object_wrapper());
16828 if (*codes != cell->dependent_code()) cell->set_dependent_code(*codes); 16835 if (*codes != cell->dependent_code()) cell->set_dependent_code(*codes);
16829 info->dependencies(DependentCode::kPropertyCellChangedGroup)->Add( 16836 info->dependencies(DependentCode::kPropertyCellChangedGroup)->Add(
16830 cell, info->zone()); 16837 cell, info->zone());
16831 } 16838 }
16832 16839
16833 } } // namespace v8::internal 16840 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « no previous file | test/mjsunit/regress/regress-crbug-436820.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698