Revision: 20603
Author: [email protected]
Date: Wed Apr 9 09:50:08 2014 UTC
Log: Make new space iterable when transitioning double array to objects
[email protected]
BUG=
Review URL: https://codereview.chromium.org/228643002
http://code.google.com/p/v8/source/detail?r=20603
Added:
/branches/bleeding_edge/test/mjsunit/regress/regress-transition-elements-heap-verification.js
Modified:
/branches/bleeding_edge/src/arm/codegen-arm.cc
/branches/bleeding_edge/src/arm64/codegen-arm64.cc
/branches/bleeding_edge/src/ia32/codegen-ia32.cc
/branches/bleeding_edge/src/x64/codegen-x64.cc
=======================================
--- /dev/null
+++
/branches/bleeding_edge/test/mjsunit/regress/regress-transition-elements-heap-verification.js
Wed Apr 9 09:50:08 2014 UTC
@@ -0,0 +1,83 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --expose-gc --allow-natives-syntax --verify-heap
--stress-compaction
+
+%SetAllocationTimeout(1000000, 1000000);
+
+function classOf(object) {
+ var string = Object.prototype.toString.call(object);
+ return string.substring(8, string.length - 1);
+}
+
+function PrettyPrint() { }
+
+function fail() { }
+
+function deepEquals(a, b) {
+ if (a === b) return true;
+ var objectClass = classOf(a);
+ var objectClassB = classOf(b);
+ if (objectClass !== objectClassB) return false;
+}
+
+function assertEquals(expected, found, name_opt) {
+ deepEquals(found, expected);
+ fail(PrettyPrint());
+}
+
+function assertTrue(value, name_opt) { assertEquals(true, value,
name_opt); }
+
+var __v_3 = {};
+
+assertEquals(true, true);
+
+Object.prototype.__defineGetter__(0, function() { } );
+var __v_9 = { };
+
+function __f_11(obj) {
+ if (%HasFastObjectElements(obj)) return __v_9.dummy2;
+ assertTrue(true);
+}
+
+function __f_10(expected, obj) {
+ assertEquals(true, __f_11(obj));
+}
+
+var __sequence = undefined + 1;
+
+function __f_12() {
+ this.__sequence = this.__sequence + 1;
+ return eval("/* " + this.__sequence + " */ [-5, 3, 9];");
+}
+
+function __f_15() {
+ var __v_8 = __f_12();
+ __v_8[0] = 0;
+ __f_10(__v_9.dummy1, __v_3);
+ return __v_8;
+}
+
+function __f_9() {
+ var __v_8 = __f_15();
+ __v_8[0] = 1.5;
+ __f_10("", __v_8);
+ return __v_8;
+}
+
+function __f_8(array, value, kind) {
+ array[1] = value;
+ __f_10("", array);
+ assertEquals(true, array[1]);
+}
+
+gc();
+%SetAllocationTimeout(100000, 150);
+
+function __f_14() {
+ __f_8(__f_15(), 1.5);
+ __f_8(__f_9(), "x");
+}
+
+__f_14();
=======================================
--- /branches/bleeding_edge/src/arm/codegen-arm.cc Fri Jan 24 11:48:09 2014
UTC
+++ /branches/bleeding_edge/src/arm/codegen-arm.cc Wed Apr 9 09:50:08 2014
UTC
@@ -562,7 +562,7 @@
// -- r3 : target map, scratch for subsequent call
// -- r4 : scratch (elements)
// -----------------------------------
- Label entry, loop, convert_hole, gc_required, only_change_map;
+ Label entry, loop, convert_hole, gc_required, gc_cleanup,
only_change_map;
if (mode == TRACK_ALLOCATION_SITE) {
__ JumpIfJSArrayHasAllocationMemento(r2, r4, fail);
@@ -604,6 +604,15 @@
// r9: heap number map
__ b(&entry);
+ __ bind(&gc_cleanup);
+#ifdef VERIFY_HEAP
+ // Make sure new space is iterable if we are verifying the heap.
+ __ mov(r0,
Operand(masm->isolate()->factory()->one_pointer_filler_map()));
+ __ str(r0, MemOperand(r3, 4, PostIndex));
+ __ cmp(r3, r5);
+ __ b(lt, &gc_cleanup);
+#endif
+
// Call into runtime if GC is required.
__ bind(&gc_required);
__ Pop(r3, r2, r1, r0);
@@ -618,7 +627,7 @@
__ b(eq, &convert_hole);
// Non-hole double, copy value into a heap number.
- __ AllocateHeapNumber(r2, r0, lr, r9, &gc_required);
+ __ AllocateHeapNumber(r2, r0, lr, r9, &gc_cleanup);
// r2: new heap number
__ ldr(r0, MemOperand(r4, 12, NegOffset));
__ Strd(r0, r1, FieldMemOperand(r2, HeapNumber::kValueOffset));
=======================================
--- /branches/bleeding_edge/src/arm64/codegen-arm64.cc Mon Mar 31 14:06:42
2014 UTC
+++ /branches/bleeding_edge/src/arm64/codegen-arm64.cc Wed Apr 9 09:50:08
2014 UTC
@@ -324,6 +324,16 @@
Label entry;
__ B(&entry);
+ Label gc_cleanup;
+ __ Bind(&gc_cleanup);
+#ifdef VERIFY_HEAP
+ // Make sure new space is iterable if we are verifying the heap.
+ __ Mov(x5,
Operand(masm->isolate()->factory()->one_pointer_filler_map()));
+ __ Str(x5, MemOperand(dst_elements, kPointerSize, PostIndex));
+ __ Cmp(dst_elements, dst_end);
+ __ B(lt, &gc_cleanup);
+#endif
+
// Call into runtime if GC is required.
__ Bind(&gc_required);
__ Pop(value, key, receiver, target_map);
@@ -339,7 +349,7 @@
// Non-hole double, copy value into a heap number.
Register heap_num = x5;
- __ AllocateHeapNumber(heap_num, &gc_required, x6, x4,
+ __ AllocateHeapNumber(heap_num, &gc_cleanup, x6, x4,
x13, heap_num_map);
__ Mov(x13, dst_elements);
__ Str(heap_num, MemOperand(dst_elements, kPointerSize, PostIndex));
=======================================
--- /branches/bleeding_edge/src/ia32/codegen-ia32.cc Tue Jan 14 09:57:05
2014 UTC
+++ /branches/bleeding_edge/src/ia32/codegen-ia32.cc Wed Apr 9 09:50:08
2014 UTC
@@ -783,7 +783,8 @@
// -- edx : receiver
// -- esp[0] : return address
// -----------------------------------
- Label loop, entry, convert_hole, gc_required, only_change_map, success;
+ Label loop, entry, convert_hole, gc_required, gc_cleanup,
only_change_map,
+ success;
if (mode == TRACK_ALLOCATION_SITE) {
__ JumpIfJSArrayHasAllocationMemento(edx, edi, fail);
@@ -829,8 +830,16 @@
OMIT_SMI_CHECK);
__ jmp(&success);
+ __ bind(&gc_cleanup);
+#ifdef VERIFY_HEAP
+ // Make sure new space is iterable if we are verifying the heap.
+ __ mov(edx, masm->isolate()->factory()->one_pointer_filler_map());
+ __ mov(FieldOperand(eax, ebx, times_2, FixedArray::kHeaderSize), edx);
+ __ sub(ebx, Immediate(Smi::FromInt(1)));
+ __ j(not_sign, &gc_cleanup);
+#endif
+ __ bind(&gc_required);
// Call into runtime if GC is required.
- __ bind(&gc_required);
__ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
__ pop(ebx);
__ pop(edx);
@@ -847,7 +856,7 @@
__ j(equal, &convert_hole);
// Non-hole double, copy value into a heap number.
- __ AllocateHeapNumber(edx, esi, no_reg, &gc_required);
+ __ AllocateHeapNumber(edx, esi, no_reg, &gc_cleanup);
// edx: new heap number
if (CpuFeatures::IsSupported(SSE2)) {
CpuFeatureScope fscope(masm, SSE2);
=======================================
--- /branches/bleeding_edge/src/x64/codegen-x64.cc Fri Mar 28 04:55:00 2014
UTC
+++ /branches/bleeding_edge/src/x64/codegen-x64.cc Wed Apr 9 09:50:08 2014
UTC
@@ -369,7 +369,7 @@
// -- rdx : receiver
// -- rsp[0] : return address
// -----------------------------------
- Label loop, entry, convert_hole, gc_required, only_change_map;
+ Label loop, entry, convert_hole, gc_required, gc_cleanup,
only_change_map;
if (mode == TRACK_ALLOCATION_SITE) {
__ JumpIfJSArrayHasAllocationMemento(rdx, rdi, fail);
@@ -402,6 +402,19 @@
// rdi: pointer to the-hole
__ jmp(&entry);
+ __ bind(&gc_cleanup);
+#ifdef VERIFY_HEAP
+ // Make sure new space is iterable if we are verifying the heap.
+ __ Move(rax, masm->isolate()->factory()->one_pointer_filler_map());
+ __ movp(FieldOperand(r11,
+ r9,
+ times_pointer_size,
+ FixedArray::kHeaderSize),
+ rax);
+ __ decp(r9);
+ __ j(not_sign, &gc_cleanup);
+#endif
+
// Call into runtime if GC is required.
__ bind(&gc_required);
__ Pop(rax);
@@ -420,7 +433,7 @@
__ j(equal, &convert_hole);
// Non-hole double, copy value into a heap number.
- __ AllocateHeapNumber(rax, r15, &gc_required);
+ __ AllocateHeapNumber(rax, r15, &gc_cleanup);
// rax: new heap number
__ movq(FieldOperand(rax, HeapNumber::kValueOffset), r14);
__ movp(FieldOperand(r11,
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
