| Index: src/type-feedback-vector.cc
|
| diff --git a/src/type-feedback-vector.cc b/src/type-feedback-vector.cc
|
| index 45028b87879f7bbe2984179c111f586ce6f9025e..c51d9877f1c27c4e31fcdb02316a36c1883e2c92 100644
|
| --- a/src/type-feedback-vector.cc
|
| +++ b/src/type-feedback-vector.cc
|
| @@ -223,12 +223,13 @@ Handle<FixedArray> FeedbackNexus::EnsureArrayOfSize(int length) {
|
| void FeedbackNexus::InstallHandlers(int start_index, TypeHandleList* types,
|
| CodeHandleList* handlers) {
|
| Isolate* isolate = GetIsolate();
|
| - FixedArray* array = FixedArray::cast(GetFeedback());
|
| + Handle<FixedArray> array = handle(FixedArray::cast(GetFeedback()), isolate);
|
| int receiver_count = types->length();
|
| for (int current = 0; current < receiver_count; ++current) {
|
| Handle<HeapType> type = types->at(current);
|
| Handle<Map> map = IC::TypeToMap(*type, isolate);
|
| - array->set(start_index + (current * 2), *map);
|
| + Handle<WeakCell> cell = Map::WeakCellForMap(map);
|
| + array->set(start_index + (current * 2), *cell);
|
| array->set(start_index + (current * 2 + 1), *handlers->at(current));
|
| }
|
| }
|
| @@ -244,6 +245,8 @@ InlineCacheState LoadICNexus::StateFromFeedback() const {
|
| } else if (feedback == *vector()->PremonomorphicSentinel(isolate)) {
|
| return PREMONOMORPHIC;
|
| } else if (feedback->IsFixedArray()) {
|
| + // Determine state purely by our structure, don't check if the maps are
|
| + // cleared.
|
| FixedArray* array = FixedArray::cast(feedback);
|
| int length = array->length();
|
| DCHECK(length >= 2);
|
| @@ -264,6 +267,8 @@ InlineCacheState KeyedLoadICNexus::StateFromFeedback() const {
|
| } else if (feedback == *vector()->GenericSentinel(isolate)) {
|
| return GENERIC;
|
| } else if (feedback->IsFixedArray()) {
|
| + // Determine state purely by our structure, don't check if the maps are
|
| + // cleared.
|
| FixedArray* array = FixedArray::cast(feedback);
|
| int length = array->length();
|
| DCHECK(length >= 3);
|
| @@ -344,7 +349,8 @@ void LoadICNexus::ConfigureMonomorphic(Handle<HeapType> type,
|
| Handle<Code> handler) {
|
| Handle<FixedArray> array = EnsureArrayOfSize(2);
|
| Handle<Map> receiver_map = IC::TypeToMap(*type, GetIsolate());
|
| - array->set(0, *receiver_map);
|
| + Handle<WeakCell> cell = Map::WeakCellForMap(receiver_map);
|
| + array->set(0, *cell);
|
| array->set(1, *handler);
|
| }
|
|
|
| @@ -359,7 +365,8 @@ void KeyedLoadICNexus::ConfigureMonomorphic(Handle<Name> name,
|
| } else {
|
| array->set(0, *name);
|
| }
|
| - array->set(1, *receiver_map);
|
| + Handle<WeakCell> cell = Map::WeakCellForMap(receiver_map);
|
| + array->set(1, *cell);
|
| array->set(2, *handler);
|
| }
|
|
|
| @@ -390,15 +397,20 @@ int FeedbackNexus::ExtractMaps(int start_index, MapHandleList* maps) const {
|
| Isolate* isolate = GetIsolate();
|
| Object* feedback = GetFeedback();
|
| if (feedback->IsFixedArray()) {
|
| + int found = 0;
|
| FixedArray* array = FixedArray::cast(feedback);
|
| // The array should be of the form [<optional name>], then
|
| // [map, handler, map, handler, ... ]
|
| DCHECK(array->length() >= (2 + start_index));
|
| for (int i = start_index; i < array->length(); i += 2) {
|
| - Map* map = Map::cast(array->get(i));
|
| - maps->Add(handle(map, isolate));
|
| + WeakCell* cell = WeakCell::cast(array->get(i));
|
| + if (!cell->cleared()) {
|
| + Map* map = Map::cast(cell->value());
|
| + maps->Add(handle(map, isolate));
|
| + found++;
|
| + }
|
| }
|
| - return (array->length() - start_index) / 2;
|
| + return found;
|
| }
|
|
|
| return 0;
|
| @@ -411,11 +423,14 @@ MaybeHandle<Code> FeedbackNexus::FindHandlerForMap(int start_index,
|
| if (feedback->IsFixedArray()) {
|
| FixedArray* array = FixedArray::cast(feedback);
|
| for (int i = start_index; i < array->length(); i += 2) {
|
| - Map* array_map = Map::cast(array->get(i));
|
| - if (array_map == *map) {
|
| - Code* code = Code::cast(array->get(i + 1));
|
| - DCHECK(code->kind() == Code::HANDLER);
|
| - return handle(code);
|
| + WeakCell* cell = WeakCell::cast(array->get(i));
|
| + if (!cell->cleared()) {
|
| + Map* array_map = Map::cast(cell->value());
|
| + if (array_map == *map) {
|
| + Code* code = Code::cast(array->get(i + 1));
|
| + DCHECK(code->kind() == Code::HANDLER);
|
| + return handle(code);
|
| + }
|
| }
|
| }
|
| }
|
| @@ -431,13 +446,17 @@ bool FeedbackNexus::FindHandlers(int start_index, CodeHandleList* code_list,
|
| if (feedback->IsFixedArray()) {
|
| FixedArray* array = FixedArray::cast(feedback);
|
| // The array should be of the form [<optional name>], then
|
| - // [map, handler, map, handler, ... ]
|
| + // [map, handler, map, handler, ... ]. Be sure to skip handlers whose maps
|
| + // have been cleared.
|
| DCHECK(array->length() >= (2 + start_index));
|
| for (int i = start_index; i < array->length(); i += 2) {
|
| - Code* code = Code::cast(array->get(i + 1));
|
| - DCHECK(code->kind() == Code::HANDLER);
|
| - code_list->Add(handle(code));
|
| - count++;
|
| + WeakCell* cell = WeakCell::cast(array->get(i));
|
| + if (!cell->cleared()) {
|
| + Code* code = Code::cast(array->get(i + 1));
|
| + DCHECK(code->kind() == Code::HANDLER);
|
| + code_list->Add(handle(code));
|
| + count++;
|
| + }
|
| }
|
| }
|
| return count == length;
|
|
|
Chromium Code Reviews
Issue 815953002:
Vector-based ICs also need to hold maps weakly. (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master