}
+static bool HasDuplicates(DescriptorArray* descriptors) {
+ int count = descriptors->number_of_descriptors();
+ if (count > 1) {
+ String* prev_key = descriptors->GetKey(0);
+ for (int i = 1; i != count; i++) {
+ String* current_key = descriptors->GetKey(i);
+ if (prev_key == current_key) return true;
+ prev_key = current_key;
+ }
+ }
+ return false;
+}
+
+
Object* Heap::AllocateInitialMap(JSFunction* fun) {
ASSERT(!fun->has_initial_map());
if (fun->shared()->CanGenerateInlineConstructor(prototype)) {
int count = fun->shared()->this_property_assignments_count();
if (count > in_object_properties) {
- count = in_object_properties;
- }
- Object* descriptors_obj = DescriptorArray::Allocate(count);
- if (descriptors_obj->IsFailure()) return descriptors_obj;
- DescriptorArray* descriptors = DescriptorArray::cast(descriptors_obj);
- for (int i = 0; i < count; i++) {
- String* name = fun->shared()->GetThisPropertyAssignmentName(i);
- ASSERT(name->IsSymbol());
- FieldDescriptor field(name, i, NONE);
- field.SetEnumerationIndex(i);
- descriptors->Set(i, &field);
+ // Inline constructor can only handle inobject properties.
+ fun->shared()->ForbidInlineConstructor();
+ } else {
+ Object* descriptors_obj = DescriptorArray::Allocate(count);
+ if (descriptors_obj->IsFailure()) return descriptors_obj;
+ DescriptorArray* descriptors = DescriptorArray::cast(descriptors_obj);
+ for (int i = 0; i < count; i++) {
+ String* name = fun->shared()->GetThisPropertyAssignmentName(i);
+ ASSERT(name->IsSymbol());
+ FieldDescriptor field(name, i, NONE);
+ field.SetEnumerationIndex(i);
+ descriptors->Set(i, &field);
+ }
+ descriptors->SetNextEnumerationIndex(count);
+ descriptors->SortUnchecked();
+
+ // The descriptors may contain duplicates because the compiler does not
+ // guarantee the uniqueness of property names (it would have required
+ // quadratic time). Once the descriptors are sorted we can check for
+ // duplicates in linear time.
+ if (HasDuplicates(descriptors)) {
+ fun->shared()->ForbidInlineConstructor();
+ } else {
+ map->set_instance_descriptors(descriptors);
+ map->set_pre_allocated_property_fields(count);
+ map->set_unused_property_fields(in_object_properties - count);
+ }
}
- descriptors->SetNextEnumerationIndex(count);
- descriptors->Sort();
- map->set_instance_descriptors(descriptors);
- map->set_pre_allocated_property_fields(count);
- map->set_unused_property_fields(in_object_properties - count);
}
return map;
}
}
-void DescriptorArray::Sort() {
+void DescriptorArray::SortUnchecked() {
// In-place heap sort.
int len = number_of_descriptors();
parent_index = child_index;
}
}
+}
+
+void DescriptorArray::Sort() {
+ SortUnchecked();
SLOW_ASSERT(IsSortedNoDuplicates());
}
}
+void SharedFunctionInfo::ForbidInlineConstructor() {
+ set_compiler_hints(BooleanBit::set(compiler_hints(),
+ kHasOnlySimpleThisPropertyAssignments,
+ false));
+}
+
+
void SharedFunctionInfo::SetThisPropertyAssignmentsInfo(
bool only_simple_this_property_assignments,
FixedArray* assignments) {
MUST_USE_RESULT Object* RemoveTransitions();
// Sort the instance descriptors by the hash codes of their keys.
+ // Does not check for duplicates.
+ void SortUnchecked();
+
+ // Sort the instance descriptors by the hash codes of their keys.
+ // Checks the result for duplicates.
void Sort();
// Search the instance descriptors for given name.
// prototype.
bool CanGenerateInlineConstructor(Object* prototype);
+ // Prevents further attempts to generate inline constructors.
+ // To be called if generation failed for any reason.
+ void ForbidInlineConstructor();
+
// For functions which only contains this property assignments this provides
// access to the names for the properties assigned.
DECL_ACCESSORS(this_property_assignments, Object)
--- /dev/null
+// Copyright 2010 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Tests the handling of multiple assignments to the same property in a
+// constructor that only has simple this property assignments.
+
+function Node() {
+ this.a = 1;
+ this.a = 2;
+ this.a = 3;
+}
+
+var n1 = new Node();
+assertEquals(3, n1.a);
+
+var n2 = new Node();
+assertEquals(3, n2.a);
projects / platform / upstream / v8.git / commitdiff