projects / platform / upstream / v8.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 891e289)
Revert "Limit the number of transitions allowed per hidden class." Due to crashes...
authorverwaest@chromium.org <verwaest@chromium.org>
Mon, 27 Oct 2014 11:57:58 +0000 (11:57 +0000)
committerverwaest@chromium.org <verwaest@chromium.org>
Mon, 27 Oct 2014 11:58:18 +0000 (11:58 +0000)
BUG=
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/661583004

Cr-Commit-Position: refs/heads/master@{#24900}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24900 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/heap/mark-compact.cc patch | blob | history
src/objects-inl.h patch | blob | history
src/objects.cc patch | blob | history
src/objects.h patch | blob | history
src/transitions-inl.h patch | blob | history
src/transitions.cc patch | blob | history
src/transitions.h patch | blob | history
test/cctest/test-heap.cc patch | blob | history

diff --git a/src/heap/mark-compact.cc b/src/heap/mark-compact.cc
index f7899c960440932a1a6c3c931755632a1bd7e497..f309eae9d1406150cd4dba059e238e0254d7c4ae 100644 (file)
--- a/src/heap/mark-compact.cc
+++ b/src/heap/mark-compact.cc
@@ -2521,14 +2521,13 @@ void MarkCompactCollector::ClearMapTransitions(Map* map) {
 
   // Note that we never eliminate a transition array, though we might right-trim
   // such that number_of_transitions() == 0. If this assumption changes,
-  // TransitionArray::Insert() will need to deal with the case that a transition
-  // array disappeared during GC.
-  int trim = t->number_of_transitions_storage() - transition_index;
+  // TransitionArray::CopyInsert() will need to deal with the case that a
+  // transition array disappeared during GC.
+  int trim = t->number_of_transitions() - transition_index;
   if (trim > 0) {
     heap_->RightTrimFixedArray<Heap::FROM_GC>(
         t, t->IsSimpleTransition() ? trim
                                    : trim * TransitionArray::kTransitionSize);
-    t->SetNumberOfTransitions(transition_index);
   }
   DCHECK(map->HasTransitionArray());
 }
diff --git a/src/objects-inl.h b/src/objects-inl.h
index 10aaabfeb6b1ad993217f4d80f1b8192cdb56ec4..33363238c4d28a056421c19d32e1e3935c13bb64 100644 (file)
--- a/src/objects-inl.h
+++ b/src/objects-inl.h
@@ -5203,8 +5203,9 @@ Map* Map::elements_transition_map() {
 
 bool Map::CanHaveMoreTransitions() {
   if (!HasTransitionArray()) return true;
-  return transitions()->number_of_transitions() <=
-         TransitionArray::kMaxNumberOfTransitions;
+  return FixedArray::SizeFor(transitions()->length() +
+                             TransitionArray::kTransitionSize)
+      <= Page::kMaxRegularHeapObjectSize;
 }
 
 
@@ -6994,14 +6995,6 @@ void Map::ClearCodeCache(Heap* heap) {
 }
 
 
-int Map::SlackForArraySize(int old_size, int size_limit) {
-  const int max_slack = size_limit - old_size;
-  DCHECK(max_slack >= 0);
-  if (old_size < 4) return Min(max_slack, 1);
-  return Min(max_slack, old_size / 2);
-}
-
-
 void JSArray::EnsureSize(Handle<JSArray> array, int required_size) {
   DCHECK(array->HasFastSmiOrObjectElements());
   Handle<FixedArray> elts = handle(FixedArray::cast(array->elements()));
diff --git a/src/objects.cc b/src/objects.cc
index 81eec5e3df5cf87ec111ee876bc222f5881f2c63..3a4b9c9d34d938cd79838fd6f0af37e264753c46 100644 (file)
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -6584,8 +6584,7 @@ Handle<Map> Map::ShareDescriptor(Handle<Map> map,
     if (old_size == 0) {
       descriptors = DescriptorArray::Allocate(map->GetIsolate(), 0, 1);
     } else {
-      EnsureDescriptorSlack(
-          map, SlackForArraySize(old_size, kMaxNumberOfDescriptors));
+      EnsureDescriptorSlack(map, old_size < 4 ? 1 : old_size / 2);
       descriptors = handle(map->instance_descriptors());
     }
   }
@@ -6610,11 +6609,8 @@ void Map::ConnectTransition(Handle<Map> parent, Handle<Map> child,
     DCHECK(child->is_prototype_map());
   } else {
     Handle<TransitionArray> transitions =
-        TransitionArray::Insert(parent, name, child, flag);
-    if (!parent->HasTransitionArray() ||
-        *transitions != parent->transitions()) {
-      parent->set_transitions(*transitions);
-    }
+        TransitionArray::CopyInsert(parent, name, child, flag);
+    parent->set_transitions(*transitions);
     child->SetBackPointer(*parent);
   }
 }
diff --git a/src/objects.h b/src/objects.h
index 63c8d996f0e504ea290f9ff682c1e4dba1e906d1..6ecbdf2d8b26717a0d7df679081b556293621de2 100644 (file)
--- a/src/objects.h
+++ b/src/objects.h
@@ -6119,8 +6119,6 @@ class Map: public HeapObject {
   static void AppendCallbackDescriptors(Handle<Map> map,
                                         Handle<Object> descriptors);
 
-  static inline int SlackForArraySize(int old_size, int size_limit);
-
   static void EnsureDescriptorSlack(Handle<Map> map, int slack);
 
   // Returns the found code or undefined if absent.
diff --git a/src/transitions-inl.h b/src/transitions-inl.h
index 6ed86a1407e120b7f5ae279650b01d9c2fd665f5..cc4d4b11d4165bac0ebab6d06317f8e902566ba5 100644 (file)
--- a/src/transitions-inl.h
+++ b/src/transitions-inl.h
@@ -160,15 +160,6 @@ void TransitionArray::NoIncrementalWriteBarrierSet(int transition_number,
 }
 
 
-void TransitionArray::SetNumberOfTransitions(int number_of_transitions) {
-  if (IsFullTransitionArray()) {
-    DCHECK(number_of_transitions <= number_of_transitions_storage());
-    WRITE_FIELD(this, kTransitionLengthOffset,
-                Smi::FromInt(number_of_transitions));
-  }
-}
-
-
 #undef FIELD_ADDR
 #undef WRITE_FIELD
 #undef CONDITIONAL_WRITE_BARRIER
diff --git a/src/transitions.cc b/src/transitions.cc
index 5e6d4106fc06bc917c3f3620f570604ea71b2cb4..96ed870e07b43465bccef7b29abe24b7305f246e 100644 (file)
--- a/src/transitions.cc
+++ b/src/transitions.cc
@@ -13,12 +13,10 @@ namespace internal {
 
 
 Handle<TransitionArray> TransitionArray::Allocate(Isolate* isolate,
-                                                  int number_of_transitions,
-                                                  int slack) {
-  Handle<FixedArray> array = isolate->factory()->NewFixedArray(
-      LengthFor(number_of_transitions + slack));
+                                                  int number_of_transitions) {
+  Handle<FixedArray> array =
+      isolate->factory()->NewFixedArray(ToKeyIndex(number_of_transitions));
   array->set(kPrototypeTransitionsIndex, Smi::FromInt(0));
-  array->set(kTransitionLengthIndex, Smi::FromInt(number_of_transitions));
   return Handle<TransitionArray>::cast(array);
 }
 
@@ -76,7 +74,6 @@ Handle<TransitionArray> TransitionArray::ExtendToFullTransitionArray(
   if (new_nof != nof) {
     DCHECK(new_nof == 0);
     result->Shrink(ToKeyIndex(0));
-    result->SetNumberOfTransitions(0);
   } else if (nof == 1) {
     result->NoIncrementalWriteBarrierCopyFrom(
         containing_map->transitions(), kSimpleTransitionIndex, 0);
@@ -88,47 +85,21 @@ Handle<TransitionArray> TransitionArray::ExtendToFullTransitionArray(
 }
 
 
-Handle<TransitionArray> TransitionArray::Insert(Handle<Map> map,
-                                                Handle<Name> name,
-                                                Handle<Map> target,
-                                                SimpleTransitionFlag flag) {
+Handle<TransitionArray> TransitionArray::CopyInsert(Handle<Map> map,
+                                                    Handle<Name> name,
+                                                    Handle<Map> target,
+                                                    SimpleTransitionFlag flag) {
   if (!map->HasTransitionArray()) {
     return TransitionArray::NewWith(map, name, target, flag);
   }
 
   int number_of_transitions = map->transitions()->number_of_transitions();
-  int new_nof = number_of_transitions;
+  int new_size = number_of_transitions;
 
   int insertion_index = map->transitions()->Search(*name);
-  if (insertion_index == kNotFound) ++new_nof;
-  DCHECK(new_nof <= kMaxNumberOfTransitions);
-
-  if (new_nof <= map->transitions()->number_of_transitions_storage()) {
-    DisallowHeapAllocation no_gc;
-    TransitionArray* array = map->transitions();
-
-    if (insertion_index != kNotFound) {
-      array->SetTarget(insertion_index, *target);
-      return handle(array);
-    }
-
-    array->SetNumberOfTransitions(new_nof);
-    uint32_t hash = name->Hash();
-    for (insertion_index = number_of_transitions; insertion_index > 0;
-         --insertion_index) {
-      Name* key = array->GetKey(insertion_index - 1);
-      if (key->Hash() <= hash) break;
-      array->SetKey(insertion_index, key);
-      array->SetTarget(insertion_index, array->GetTarget(insertion_index - 1));
-    }
-    array->SetKey(insertion_index, *name);
-    array->SetTarget(insertion_index, *target);
-    return handle(array);
-  }
+  if (insertion_index == kNotFound) ++new_size;
 
-  Handle<TransitionArray> result = Allocate(
-      map->GetIsolate(), new_nof,
-      Map::SlackForArraySize(number_of_transitions, kMaxNumberOfTransitions));
+  Handle<TransitionArray> result = Allocate(map->GetIsolate(), new_size);
 
   // The map's transition array may grown smaller during the allocation above as
   // it was weakly traversed, though it is guaranteed not to disappear. Trim the
@@ -140,19 +111,29 @@ Handle<TransitionArray> TransitionArray::Insert(Handle<Map> map,
     DCHECK(array->number_of_transitions() < number_of_transitions);
 
     number_of_transitions = array->number_of_transitions();
-    new_nof = number_of_transitions;
+    new_size = number_of_transitions;
 
     insertion_index = array->Search(*name);
-    if (insertion_index == kNotFound) ++new_nof;
+    if (insertion_index == kNotFound) ++new_size;
 
-    result->Shrink(ToKeyIndex(new_nof));
-    result->SetNumberOfTransitions(new_nof);
+    result->Shrink(ToKeyIndex(new_size));
   }
 
   if (array->HasPrototypeTransitions()) {
     result->SetPrototypeTransitions(array->GetPrototypeTransitions());
   }
 
+  if (insertion_index != kNotFound) {
+    for (int i = 0; i < number_of_transitions; ++i) {
+      if (i != insertion_index) {
+        result->NoIncrementalWriteBarrierCopyFrom(array, i, i);
+      }
+    }
+    result->NoIncrementalWriteBarrierSet(insertion_index, *name, *target);
+    result->set_back_pointer_storage(array->back_pointer_storage());
+    return result;
+  }
+
   insertion_index = 0;
   for (; insertion_index < number_of_transitions; ++insertion_index) {
     if (InsertionPointFound(array->GetKey(insertion_index), *name)) break;
diff --git a/src/transitions.h b/src/transitions.h
index b7e4ebe2856e022dc963fcbf3e74e3b7e1881c69..aa9b7b86d6a02b1180bc26f5766b3c7fd2ac0d89 100644 (file)
--- a/src/transitions.h
+++ b/src/transitions.h
@@ -30,9 +30,8 @@ namespace internal {
 // The full format is:
 // [0] Undefined or back pointer map
 // [1] Smi(0) or fixed array of prototype transitions
-// [2] Number of transitions
-// [3] First transition
-// [3 + number of transitions * kTransitionSize]: start of slack
+// [2] First transition
+// [length() - kTransitionSize] Last transition
 class TransitionArray: public FixedArray {
  public:
   // Accessors for fetching instance transition at transition number.
@@ -68,21 +67,10 @@ class TransitionArray: public FixedArray {
   // Returns the number of transitions in the array.
   int number_of_transitions() {
     if (IsSimpleTransition()) return 1;
-    if (length() <= kFirstIndex) return 0;
-    return Smi::cast(get(kTransitionLengthIndex))->value();
+    int len = length();
+    return len <= kFirstIndex ? 0 : (len - kFirstIndex) / kTransitionSize;
   }
 
-  int number_of_transitions_storage() {
-    if (IsSimpleTransition()) return 1;
-    if (length() <= kFirstIndex) return 0;
-    return (length() - kFirstIndex) / kTransitionSize;
-  }
-
-  int NumberOfSlackTransitions() {
-    return number_of_transitions_storage() - number_of_transitions();
-  }
-
-  inline void SetNumberOfTransitions(int number_of_transitions);
   inline int number_of_entries() { return number_of_transitions(); }
 
   // Creates a FullTransitionArray from a SimpleTransitionArray in
@@ -90,22 +78,21 @@ class TransitionArray: public FixedArray {
   static Handle<TransitionArray> ExtendToFullTransitionArray(
       Handle<Map> containing_map);
 
-  // Return a transition array, using the array from the owning map if it
-  // already has one (copying into a larger array if necessary), otherwise
-  // creating a new one according to flag.
+  // Create a transition array, copying from the owning map if it already has
+  // one, otherwise creating a new one according to flag.
   // TODO(verwaest): This should not cause an existing transition to be
   // overwritten.
-  static Handle<TransitionArray> Insert(Handle<Map> map, Handle<Name> name,
-                                        Handle<Map> target,
-                                        SimpleTransitionFlag flag);
+  static Handle<TransitionArray> CopyInsert(Handle<Map> map,
+                                            Handle<Name> name,
+                                            Handle<Map> target,
+                                            SimpleTransitionFlag flag);
 
   // Search a transition for a given property name.
   inline int Search(Name* name);
 
   // Allocates a TransitionArray.
-  static Handle<TransitionArray> Allocate(Isolate* isolate,
-                                          int number_of_transitions,
-                                          int slack = 0);
+  static Handle<TransitionArray> Allocate(
+      Isolate* isolate, int number_of_transitions);
 
   bool IsSimpleTransition() {
     return length() == kSimpleTransitionSize &&
@@ -133,8 +120,7 @@ class TransitionArray: public FixedArray {
 
   // Layout for full transition arrays.
   static const int kPrototypeTransitionsIndex = 1;
-  static const int kTransitionLengthIndex = 2;
-  static const int kFirstIndex = 3;
+  static const int kFirstIndex = 2;
 
   // Layout for simple transition arrays.
   static const int kSimpleTransitionTarget = 1;
@@ -147,8 +133,6 @@ class TransitionArray: public FixedArray {
   // Layout for the full transition array header.
   static const int kPrototypeTransitionsOffset = kBackPointerStorageOffset +
                                                  kPointerSize;
-  static const int kTransitionLengthOffset =
-      kPrototypeTransitionsOffset + kPointerSize;
 
   // Layout of map transition entries in full transition arrays.
   static const int kTransitionKey = 0;
@@ -173,12 +157,6 @@ class TransitionArray: public FixedArray {
   // fit in a page).
   static const int kMaxNumberOfTransitions = 1024 + 512;
 
-  // Returns the fixed array length required to hold number_of_transitions
-  // transitions.
-  static int LengthFor(int number_of_transitions) {
-    return ToKeyIndex(number_of_transitions);
-  }
-
  private:
   // Conversion from transition number to array indices.
   static int ToKeyIndex(int transition_number) {
diff --git a/test/cctest/test-heap.cc b/test/cctest/test-heap.cc
index eef43dc6147ea9afb7308b3b9877c7f7d2daf7bd..ac121e059fe9a313e921d656918281da96d105eb 100644 (file)
--- a/test/cctest/test-heap.cc
+++ b/test/cctest/test-heap.cc
@@ -2848,7 +2848,6 @@ TEST(TransitionArrayShrinksDuringAllocToZero) {
              "root = new F");
   root = GetByName("root");
   AddPropertyTo(2, root, "funny");
-  CcTest::heap()->CollectGarbage(NEW_SPACE);
 
   // Count number of live transitions after marking.  Note that one transition
   // is left, because 'o' still holds an instance of one transition target.
@@ -2875,7 +2874,6 @@ TEST(TransitionArrayShrinksDuringAllocToOne) {
 
   root = GetByName("root");
   AddPropertyTo(2, root, "funny");
-  CcTest::heap()->CollectGarbage(NEW_SPACE);
 
   // Count number of live transitions after marking.  Note that one transition
   // is left, because 'o' still holds an instance of one transition target.
Domain: Web Framework / Web Engine;