static void SetObjectPrototype(Handle<JSObject> object, Handle<Object> proto) {
// object.__proto__ = proto;
- Handle<Map> old_to_map = Handle<Map>(object->map());
- Handle<Map> new_to_map = Map::Copy(old_to_map);
- new_to_map->set_prototype(*proto);
- object->set_map(*new_to_map);
+ Handle<Map> old_map = Handle<Map>(object->map());
+ Handle<Map> new_map = Map::Copy(old_map);
+ new_map->set_prototype(*proto);
+ JSObject::MigrateToMap(object, new_map);
}
TransferIndexedProperties(from, to);
// Transfer the prototype (new map is needed).
- Handle<Map> old_to_map = Handle<Map>(to->map());
- Handle<Map> new_to_map = Map::Copy(old_to_map);
- new_to_map->set_prototype(from->map()->prototype());
- to->set_map(*new_to_map);
+ Handle<Object> proto(from->map()->prototype(), isolate());
+ SetObjectPrototype(to, proto);
}
// before object re-initialization is finished and filler object is installed.
DisallowHeapAllocation no_allocation;
+ // Put in filler if the new object is smaller than the old.
+ if (size_difference > 0) {
+ Address address = object->address() + map->instance_size();
+ heap->CreateFillerObjectAt(address, size_difference);
+ heap->AdjustLiveBytes(address, -size_difference, Heap::FROM_MUTATOR);
+ }
+
// Reset the map for the object.
- object->set_map(*map);
+ object->synchronized_set_map(*map);
Handle<JSObject> jsobj = Handle<JSObject>::cast(object);
// Reinitialize the object from the constructor map.
Handle<Context> context(isolate()->context()->native_context());
InitializeFunction(js_function, shared.ToHandleChecked(), context);
}
-
- // Put in filler if the new object is smaller than the old.
- if (size_difference > 0) {
- heap->CreateFillerObjectAt(
- object->address() + map->instance_size(), size_difference);
- }
}
DisallowHeapAllocation no_allocation;
// Reset the map for the object.
- object->set_map(constructor->initial_map());
+ object->synchronized_set_map(*map);
Heap* heap = isolate()->heap();
// Reinitialize the object from the constructor map.
// the hole value.
Handle<Map> new_map = Map::CopyDropDescriptors(handle(object->map()));
ASSERT(new_map->is_dictionary_map());
- object->set_map(*new_map);
+ JSObject::MigrateToMap(object, new_map);
}
Handle<PropertyCell> cell(PropertyCell::cast(dictionary->ValueAt(entry)));
Handle<Object> value = isolate->factory()->the_hole_value();
// converted to doubles.
if (!old_map->InstancesNeedRewriting(
*new_map, number_of_fields, inobject, unused)) {
- // Writing the new map here does not require synchronization since it does
- // not change the actual object size.
object->synchronized_set_map(*new_map);
return;
}
// Set the new property value and do the map transition.
object->set_properties(*new_storage);
- // Writing the new map here does not require synchronization since it does
- // not change the actual object size.
- object->set_map(*new_map);
+ object->synchronized_set_map(*new_map);
return;
}
Handle<FixedArray> array = isolate->factory()->NewFixedArray(total_size);
ASSERT(instance_size_delta >= 0);
Address address = object->address() + new_instance_size;
- // The trimming is performed on a newly allocated object, which is on a
- // freshly allocated page or on an already swept page. Hence, the sweeper
- // thread can not get confused with the filler creation. No synchronization
- // needed.
- isolate->heap()->CreateFillerObjectAt(address, instance_size_delta);
+ Heap* heap = isolate->heap();
// If there are properties in the new backing store, trim it to the correct
// size and install the backing store into the object.
if (external > 0) {
- RightTrimFixedArray<Heap::FROM_MUTATOR>(isolate->heap(), *array, inobject);
+ RightTrimFixedArray<Heap::FROM_MUTATOR>(heap, *array, inobject);
object->set_properties(*array);
}
- // The trimming is performed on a newly allocated object, which is on a
- // freshly allocated page or on an already swept page. Hence, the sweeper
- // thread can not get confused with the filler creation. No synchronization
- // needed.
- object->set_map(*new_map);
+ heap->CreateFillerObjectAt(address, instance_size_delta);
+ heap->AdjustLiveBytes(address, -instance_size_delta, Heap::FROM_MUTATOR);
+
+ // We are storing the new map using release store after creating a filler for
+ // the left-over space to avoid races with the sweeper thread.
+ object->synchronized_set_map(*new_map);
}
ASSERT_LE(unused_property_fields, inobject_props);
// Transform the object.
new_map->set_unused_property_fields(inobject_props);
- object->set_map(*new_map);
+ object->synchronized_set_map(*new_map);
object->set_properties(isolate->heap()->empty_fixed_array());
// Check that it really works.
ASSERT(object->HasFastProperties());
new_map->set_unused_property_fields(unused_property_fields);
// Transform the object.
- object->set_map(*new_map);
+ object->synchronized_set_map(*new_map);
object->set_properties(*fields);
ASSERT(object->IsJSObject());
if (object->IsGlobalObject()) {
Handle<Map> new_map = Map::CopyDropDescriptors(handle(object->map()));
ASSERT(new_map->is_dictionary_map());
- object->set_map(*new_map);
+ JSObject::MigrateToMap(object, new_map);
// When running crankshaft, changing the map is not enough. We
// need to deoptimize all functions that rely on this global
projects / platform / upstream / v8.git / commitdiff