From 883d9c4b1cc85eaa19ad46d9b7f285c48dd37d28 Mon Sep 17 00:00:00 2001 From: "mstarzinger@chromium.org" Date: Mon, 13 May 2013 10:59:00 +0000 Subject: [PATCH] Prevent flushing of code that was set with %SetCode. This makes sure that shared function infos that break the one-to-one mapping to code are marked as un-flushable. Otherwise enqueuing through the GC meta-data field in the code object doesn't work. R=rossberg@chromium.org TEST=cctest/test-api/Threading4 Review URL: https://codereview.chromium.org/14710015 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14635 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/bootstrapper.cc | 5 ++--- src/objects-inl.h | 1 + src/objects-visiting-inl.h | 8 ++++---- src/objects.h | 4 ++++ src/runtime.cc | 7 +++++++ src/v8natives.js | 1 + 6 files changed, 19 insertions(+), 7 deletions(-) diff --git a/src/bootstrapper.cc b/src/bootstrapper.cc index 6d22ab2..beb3cb5 100644 --- a/src/bootstrapper.cc +++ b/src/bootstrapper.cc @@ -455,9 +455,8 @@ Handle Genesis::CreateEmptyFunction(Isolate* isolate) { function_map_writable_prototype_ = CreateFunctionMap(ADD_WRITEABLE_PROTOTYPE); Factory* factory = isolate->factory(); - Heap* heap = isolate->heap(); - Handle object_name = Handle(heap->Object_string()); + Handle object_name = factory->Object_string(); { // --- O b j e c t --- Handle object_fun = @@ -834,7 +833,7 @@ bool Genesis::InitializeGlobal(Handle inner_global, Factory* factory = isolate->factory(); Heap* heap = isolate->heap(); - Handle object_name = Handle(heap->Object_string()); + Handle object_name = factory->Object_string(); CHECK_NOT_EMPTY_HANDLE(isolate, JSObject::SetLocalPropertyIgnoreAttributes( inner_global, object_name, diff --git a/src/objects-inl.h b/src/objects-inl.h index a922222..5b45cba 100644 --- a/src/objects-inl.h +++ b/src/objects-inl.h @@ -4672,6 +4672,7 @@ BOOL_ACCESSORS(SharedFunctionInfo, compiler_hints, dont_optimize, kDontOptimize) BOOL_ACCESSORS(SharedFunctionInfo, compiler_hints, dont_inline, kDontInline) BOOL_ACCESSORS(SharedFunctionInfo, compiler_hints, dont_cache, kDontCache) +BOOL_ACCESSORS(SharedFunctionInfo, compiler_hints, dont_flush, kDontFlush) BOOL_ACCESSORS(SharedFunctionInfo, compiler_hints, is_generator, kIsGenerator) void SharedFunctionInfo::BeforeVisitingPointers() { diff --git a/src/objects-visiting-inl.h b/src/objects-visiting-inl.h index add247e..9b39bef 100644 --- a/src/objects-visiting-inl.h +++ b/src/objects-visiting-inl.h @@ -566,14 +566,14 @@ bool StaticMarkingVisitor::IsFlushable( return false; } - // If this is a full script wrapped in a function we do no flush the code. + // If this is a full script wrapped in a function we do not flush the code. if (shared_info->is_toplevel()) { return false; } - // If this is a native function we do not flush the code because %SetCode - // breaks the one-to-one relation between SharedFunctionInfo and Code. - if (shared_info->native()) { + // If this is a function initialized with %SetCode then the one-to-one + // relation between SharedFunctionInfo and Code is broken. + if (shared_info->dont_flush()) { return false; } diff --git a/src/objects.h b/src/objects.h index 71cf9f3..b671558 100644 --- a/src/objects.h +++ b/src/objects.h @@ -6125,6 +6125,9 @@ class SharedFunctionInfo: public HeapObject { // Indicates that code for this function cannot be cached. DECL_BOOLEAN_ACCESSORS(dont_cache) + // Indicates that code for this function cannot be flushed. + DECL_BOOLEAN_ACCESSORS(dont_flush) + // Indicates that this function is a generator. DECL_BOOLEAN_ACCESSORS(is_generator) @@ -6354,6 +6357,7 @@ class SharedFunctionInfo: public HeapObject { kDontOptimize, kDontInline, kDontCache, + kDontFlush, kIsGenerator, kCompilerHintsCount // Pseudo entry }; diff --git a/src/runtime.cc b/src/runtime.cc index 792a142..774e961 100644 --- a/src/runtime.cc +++ b/src/runtime.cc @@ -2498,6 +2498,13 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_SetCode) { return Failure::Exception(); } + // Mark both, the source and the target, as un-flushable because the + // shared unoptimized code makes them impossible to enqueue in a list. + ASSERT(target_shared->code()->gc_metadata() == NULL); + ASSERT(source_shared->code()->gc_metadata() == NULL); + target_shared->set_dont_flush(true); + source_shared->set_dont_flush(true); + // Set the code, scope info, formal parameter count, and the length // of the target shared function info. Set the source code of the // target function to undefined. SetCode is only used for built-in diff --git a/src/v8natives.js b/src/v8natives.js index fd8b7f2..db92132 100644 --- a/src/v8natives.js +++ b/src/v8natives.js @@ -1356,6 +1356,7 @@ function ObjectConstructor(x) { function SetUpObject() { %CheckIsBootstrapping(); + %SetNativeFlag($Object); %SetCode($Object, ObjectConstructor); %FunctionSetName(ObjectPoisonProto, "__proto__"); %FunctionRemovePrototype(ObjectPoisonProto); -- 2.7.4