ASSERT(object->HasFastProperties());
ASSERT(object->map()->unused_property_fields() == 0);
- // Expand the properties array.
- Handle<FixedArray> old_storage = handle(object->properties(), isolate);
- int new_unused = transition->unused_property_fields();
- int new_size = old_storage->length() + new_unused + 1;
-
- Handle<FixedArray> new_storage = FixedArray::CopySize(old_storage, new_size);
-
- Handle<Object> to_store = value;
-
- PropertyDetails details = transition->instance_descriptors()->GetDetails(
- transition->LastAdded());
- if (details.representation().IsDouble()) {
- to_store = isolate->factory()->NewHeapNumber(value->Number());
- }
-
- new_storage->set(old_storage->length(), *to_store);
-
- // Set the new property value and do the map transition.
- object->set_properties(*new_storage);
- object->set_map(*transition);
+ JSObject::MigrateToNewProperty(object, transition, value);
// Return the stored value.
return *value;
int total_size = number_of_fields + unused;
int external = total_size - inobject;
+
+ if ((old_map->unused_property_fields() == 0) &&
+ (new_map->GetBackPointer() == *old_map)) {
+ // This migration is a transition from a map that has run out out property
+ // space. Therefore it could be done by extending the backing store.
+ Handle<FixedArray> old_storage = handle(object->properties(), isolate);
+ Handle<FixedArray> new_storage =
+ FixedArray::CopySize(old_storage, external);
+
+ // Properly initialize newly added property.
+ PropertyDetails details = new_map->GetLastDescriptorDetails();
+ Handle<Object> value;
+ if (details.representation().IsDouble()) {
+ value = isolate->factory()->NewHeapNumber(0);
+ } else {
+ value = isolate->factory()->uninitialized_value();
+ }
+ ASSERT(details.type() == FIELD);
+ int target_index = details.field_index() - inobject;
+ ASSERT(target_index >= 0); // Must be a backing store index.
+ new_storage->set(target_index, *value);
+
+ // From here on we cannot fail and we shouldn't GC anymore.
+ DisallowHeapAllocation no_allocation;
+
+ // Set the new property value and do the map transition.
+ object->set_properties(*new_storage);
+ // Writing the new map here does not require synchronization since it does
+ // not change the actual object size.
+ object->set_map(*new_map);
+ return;
+ }
Handle<FixedArray> array = isolate->factory()->NewFixedArray(total_size);
Handle<DescriptorArray> old_descriptors(old_map->instance_descriptors());
Address address = object->address() + new_instance_size;
// The trimming is performed on a newly allocated object, which is on a
- // fresly allocated page or on an already swept page. Hence, the sweeper
+ // freshly allocated page or on an already swept page. Hence, the sweeper
// thread can not get confused with the filler creation. No synchronization
// needed.
isolate->heap()->CreateFillerObjectAt(address, instance_size_delta);
}
// The trimming is performed on a newly allocated object, which is on a
- // fresly allocated page or on an already swept page. Hence, the sweeper
+ // freshly allocated page or on an already swept page. Hence, the sweeper
// thread can not get confused with the filler creation. No synchronization
// needed.
object->set_map(*new_map);
Handle<Name> name,
Handle<Object> old_value);
+ static void MigrateToNewProperty(Handle<JSObject> object,
+ Handle<Map> transition,
+ Handle<Object> value);
+
private:
friend class DictionaryElementsAccessor;
friend class JSReceiver;
ValueType value_type,
TransitionFlag flag);
- static void MigrateToNewProperty(Handle<JSObject> object,
- Handle<Map> transition,
- Handle<Object> value);
-
// Add a property to a slow-case object.
static void AddSlowProperty(Handle<JSObject> object,
Handle<Name> name,
projects / platform / upstream / v8.git / commitdiff