[v8-dev] Clear the EnumLength fields of maps that lose their enumeration cache. (issue 10905262)

Thu, 13 Sep 2012 07:25:23 -0700 

Reviewers: Jakob,

Message:
PTAL.

Description:
Clear the EnumLength fields of maps that lose their enumeration cache.


Please review this at https://chromiumcodereview.appspot.com/10905262/

SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge

Affected files:
  M src/objects.cc


Index: src/objects.cc
diff --git a/src/objects.cc b/src/objects.cc
index a7d6faa5e6ca06a8c0e53662dd58bfa1a22a27f1..0bcabdf50e63ef6daa0ec451a3e0597eeca5ed8e 100644 
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -1813,6 +1813,18 @@ MaybeObject* JSObject::ConvertTransitionToMapTransition( old_map->transitions()->set_descriptors(new_map->instance_descriptors()); 
     new_map->ClearTransitions(GetHeap());
     old_map->set_owns_descriptors(false);
+    Map* map;
+    JSGlobalPropertyCell* pointer =
+        old_map->transitions()->descriptors_pointer();
+    for (Object* current = old_map;
+         !current->IsUndefined();
+         current = map->GetBackPointer()) {
+      map = Map::cast(current);
+      if (!map->HasTransitionArray()) break;
+      TransitionArray* transitions = map->transitions();
+      if (transitions->descriptors_pointer() != pointer) break;
+      map->SetEnumLength(Map::kInvalidEnumCache);
+    }
   } else if (old_target->instance_descriptors() ==
              old_map->instance_descriptors()) {
// Since the conversion above generated a new fast map with an additional @@ -1831,6 +1843,7 @@ MaybeObject* JSObject::ConvertTransitionToMapTransition( 
       if (!map->HasTransitionArray()) break;
       TransitionArray* transitions = map->transitions();
       if (transitions->descriptors_pointer() != old_pointer) break;
+      map->SetEnumLength(Map::kInvalidEnumCache);
       transitions->set_descriptors_pointer(new_pointer);
     }
     new_map->ClearTransitions(GetHeap());


--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

Reply via email to