Revision: 20694
Author: [email protected]
Date: Fri Apr 11 14:25:00 2014 UTC
Log: Gcstress bug fix: Transition arrays may get smaller during gc.
[email protected]
Review URL: https://codereview.chromium.org/234873004
http://code.google.com/p/v8/source/detail?r=20694
Modified:
/branches/bleeding_edge/src/objects-inl.h
/branches/bleeding_edge/src/transitions.cc
/branches/bleeding_edge/src/transitions.h
=======================================
--- /branches/bleeding_edge/src/objects-inl.h Fri Apr 11 12:47:34 2014 UTC
+++ /branches/bleeding_edge/src/objects-inl.h Fri Apr 11 14:25:00 2014 UTC
@@ -4987,8 +4987,7 @@
transitions = TransitionArray::Allocate(map->GetIsolate(), 0);
transitions->set_back_pointer_storage(map->GetBackPointer());
} else if (!map->transitions()->IsFullTransitionArray()) {
- transitions = TransitionArray::ExtendToFullTransitionArray(
- handle(map->transitions()));
+ transitions = TransitionArray::ExtendToFullTransitionArray(map);
} else {
return;
}
=======================================
--- /branches/bleeding_edge/src/transitions.cc Fri Apr 11 12:13:53 2014 UTC
+++ /branches/bleeding_edge/src/transitions.cc Fri Apr 11 14:25:00 2014 UTC
@@ -86,17 +86,24 @@
Handle<TransitionArray> TransitionArray::ExtendToFullTransitionArray(
- Handle<TransitionArray> array) {
- ASSERT(!array->IsFullTransitionArray());
- int nof = array->number_of_transitions();
- Handle<TransitionArray> result = Allocate(array->GetIsolate(), nof);
+ Handle<Map> containing_map) {
+ ASSERT(!containing_map->transitions()->IsFullTransitionArray());
+ int nof = containing_map->transitions()->number_of_transitions();
- if (nof == 1) {
+ // A transition array may shrink during GC.
+ Handle<TransitionArray> result = Allocate(containing_map->GetIsolate(),
nof);
+ DisallowHeapAllocation no_gc;
+ int new_nof = containing_map->transitions()->number_of_transitions();
+ if (new_nof != nof) {
+ ASSERT(new_nof == 0);
+ result->Shrink(ToKeyIndex(0));
+ } else if (nof == 1) {
result->NoIncrementalWriteBarrierCopyFrom(
- *array, kSimpleTransitionIndex, 0);
+ containing_map->transitions(), kSimpleTransitionIndex, 0);
}
- result->set_back_pointer_storage(array->back_pointer_storage());
+ result->set_back_pointer_storage(
+ containing_map->transitions()->back_pointer_storage());
return result;
}
=======================================
--- /branches/bleeding_edge/src/transitions.h Fri Apr 11 12:13:53 2014 UTC
+++ /branches/bleeding_edge/src/transitions.h Fri Apr 11 14:25:00 2014 UTC
@@ -95,8 +95,10 @@
inline int number_of_entries() { return number_of_transitions(); }
+ // Creates a FullTransitionArray from a SimpleTransitionArray in
+ // containing_map.
static Handle<TransitionArray> ExtendToFullTransitionArray(
- Handle<TransitionArray> array);
+ Handle<Map> containing_map);
// Create a transition array, copying from the owning map if it already
has
// one, otherwise creating a new one according to flag.
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
