From 9a340d1fffe089147c873c63dea0e0f50af42707 Mon Sep 17 00:00:00 2001 From: "ishell@chromium.org" Date: Mon, 17 Mar 2014 15:01:45 +0000 Subject: [PATCH] Handlification of ArrayConstructorCommon(). R=yangguo@chromium.org Review URL: https://codereview.chromium.org/200213003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20001 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/elements.cc | 9 +++++++++ src/elements.h | 3 +++ src/factory.cc | 26 +++++++++++++++++++++---- src/factory.h | 14 +++++++++++--- src/objects.cc | 9 +++++++++ src/objects.h | 1 + src/runtime.cc | 50 +++++++++++++++++++++++-------------------------- 7 files changed, 78 insertions(+), 34 deletions(-) diff --git a/src/elements.cc b/src/elements.cc index 7123bca12..aca5685ae 100644 --- a/src/elements.cc +++ b/src/elements.cc @@ -1910,6 +1910,15 @@ MUST_USE_RESULT MaybeObject* ElementsAccessorBase ArrayConstructInitializeElements(Handle array, + Arguments* args) { + CALL_HEAP_FUNCTION(array->GetIsolate(), + ArrayConstructInitializeElements(*array, args), + Object); +} + + MUST_USE_RESULT MaybeObject* ArrayConstructInitializeElements( JSArray* array, Arguments* args) { Heap* heap = array->GetIsolate()->heap(); diff --git a/src/elements.h b/src/elements.h index 9351598c4..065750e0a 100644 --- a/src/elements.h +++ b/src/elements.h @@ -200,6 +200,9 @@ class ElementsAccessor { void CheckArrayAbuse(JSObject* obj, const char* op, uint32_t key, bool allow_appending = false); +Handle ArrayConstructInitializeElements(Handle array, + Arguments* args); + MUST_USE_RESULT MaybeObject* ArrayConstructInitializeElements( JSArray* array, Arguments* args); diff --git a/src/factory.cc b/src/factory.cc index ce123b414..7e66a569a 100644 --- a/src/factory.cc +++ b/src/factory.cc @@ -1408,12 +1408,18 @@ Handle Factory::NewGlobalObject(Handle constructor) { } -Handle Factory::NewJSObjectFromMap(Handle map, - PretenureFlag pretenure, - bool alloc_props) { +Handle Factory::NewJSObjectFromMap( + Handle map, + PretenureFlag pretenure, + bool alloc_props, + Handle allocation_site) { CALL_HEAP_FUNCTION( isolate(), - isolate()->heap()->AllocateJSObjectFromMap(*map, pretenure, alloc_props), + isolate()->heap()->AllocateJSObjectFromMap( + *map, + pretenure, + alloc_props, + allocation_site.is_null() ? NULL : *allocation_site), JSObject); } @@ -1448,6 +1454,18 @@ Handle Factory::NewJSArrayWithElements(Handle elements, } +void Factory::NewJSArrayStorage(Handle array, + int length, + int capacity, + ArrayStorageAllocationMode mode) { + CALL_HEAP_FUNCTION_VOID(isolate(), + isolate()->heap()->AllocateJSArrayStorage(*array, + length, + capacity, + mode)); +} + + void Factory::SetElementsCapacityAndLength(Handle array, int capacity, int length) { diff --git a/src/factory.h b/src/factory.h index d1103acd2..3f77d45a6 100644 --- a/src/factory.h +++ b/src/factory.h @@ -334,9 +334,11 @@ class Factory { // JS objects are pretenured when allocated by the bootstrapper and // runtime. - Handle NewJSObjectFromMap(Handle map, - PretenureFlag pretenure = NOT_TENURED, - bool allocate_properties = true); + Handle NewJSObjectFromMap( + Handle map, + PretenureFlag pretenure = NOT_TENURED, + bool allocate_properties = true, + Handle allocation_site = Handle::null()); Handle NewJSObjectFromMapForDeoptimizer( Handle map, PretenureFlag pretenure = NOT_TENURED); @@ -356,6 +358,12 @@ class Factory { ElementsKind elements_kind = TERMINAL_FAST_ELEMENTS_KIND, PretenureFlag pretenure = NOT_TENURED); + void NewJSArrayStorage( + Handle array, + int length, + int capacity, + ArrayStorageAllocationMode mode = DONT_INITIALIZE_ARRAY_ELEMENTS); + void SetElementsCapacityAndLength(Handle array, int capacity, int length); diff --git a/src/objects.cc b/src/objects.cc index b1251e11c..787b6d82b 100644 --- a/src/objects.cc +++ b/src/objects.cc @@ -3362,6 +3362,15 @@ MaybeObject* JSObject::GetElementsTransitionMapSlow(ElementsKind to_kind) { } +// TODO(ishell): Temporary wrapper until handlified. +// static +Handle Map::AsElementsKind(Handle map, ElementsKind kind) { + CALL_HEAP_FUNCTION(map->GetIsolate(), + map->AsElementsKind(kind), + Map); +} + + MaybeObject* Map::AsElementsKind(ElementsKind kind) { Map* closest_map = FindClosestElementsTransition(this, kind); diff --git a/src/objects.h b/src/objects.h index ea2786607..d097e1ad3 100644 --- a/src/objects.h +++ b/src/objects.h @@ -6222,6 +6222,7 @@ class Map: public HeapObject { Descriptor* descriptor, int index, TransitionFlag flag); + static Handle AsElementsKind(Handle map, ElementsKind kind); MUST_USE_RESULT MaybeObject* AsElementsKind(ElementsKind kind); MUST_USE_RESULT MaybeObject* CopyAsElementsKind(ElementsKind kind, diff --git a/src/runtime.cc b/src/runtime.cc index 4bca2c70c..1f1813fb7 100644 --- a/src/runtime.cc +++ b/src/runtime.cc @@ -14749,12 +14749,14 @@ static MaybeObject* ArrayConstructorCommon(Isolate* isolate, Handle constructor, Handle site, Arguments* caller_args) { + Factory* factory = isolate->factory(); + bool holey = false; bool can_use_type_feedback = true; if (caller_args->length() == 1) { - Object* argument_one = (*caller_args)[0]; + Handle argument_one = caller_args->at(0); if (argument_one->IsSmi()) { - int value = Smi::cast(argument_one)->value(); + int value = Handle::cast(argument_one)->value(); if (value < 0 || value >= JSObject::kInitialMaxFastElementArray) { // the array is a dictionary in this case. can_use_type_feedback = false; @@ -14767,8 +14769,7 @@ static MaybeObject* ArrayConstructorCommon(Isolate* isolate, } } - JSArray* array; - MaybeObject* maybe_array; + Handle array; if (!site.is_null() && can_use_type_feedback) { ElementsKind to_kind = site->GetElementsKind(); if (holey && !IsFastHoleyElementsKind(to_kind)) { @@ -14780,42 +14781,37 @@ static MaybeObject* ArrayConstructorCommon(Isolate* isolate, // We should allocate with an initial map that reflects the allocation site // advice. Therefore we use AllocateJSObjectFromMap instead of passing // the constructor. - Map* initial_map = constructor->initial_map(); + Handle initial_map(constructor->initial_map(), isolate); if (to_kind != initial_map->elements_kind()) { - MaybeObject* maybe_new_map = initial_map->AsElementsKind(to_kind); - if (!maybe_new_map->To(&initial_map)) return maybe_new_map; + initial_map = Map::AsElementsKind(initial_map, to_kind); + RETURN_IF_EMPTY_HANDLE(isolate, initial_map); } // If we don't care to track arrays of to_kind ElementsKind, then // don't emit a memento for them. - AllocationSite* allocation_site = - (AllocationSite::GetMode(to_kind) == TRACK_ALLOCATION_SITE) - ? *site - : NULL; - - maybe_array = isolate->heap()->AllocateJSObjectFromMap(initial_map, - NOT_TENURED, - true, - allocation_site); - if (!maybe_array->To(&array)) return maybe_array; + Handle allocation_site; + if (AllocationSite::GetMode(to_kind) == TRACK_ALLOCATION_SITE) { + allocation_site = site; + } + + array = Handle::cast(factory->NewJSObjectFromMap( + initial_map, NOT_TENURED, true, allocation_site)); } else { - maybe_array = isolate->heap()->AllocateJSObject(*constructor); - if (!maybe_array->To(&array)) return maybe_array; + array = Handle::cast(factory->NewJSObject(constructor)); + // We might need to transition to holey ElementsKind kind = constructor->initial_map()->elements_kind(); if (holey && !IsFastHoleyElementsKind(kind)) { kind = GetHoleyElementsKind(kind); - maybe_array = array->TransitionElementsKind(kind); - if (maybe_array->IsFailure()) return maybe_array; + JSObject::TransitionElementsKind(array, kind); } } - maybe_array = isolate->heap()->AllocateJSArrayStorage(array, 0, 0, - DONT_INITIALIZE_ARRAY_ELEMENTS); - if (maybe_array->IsFailure()) return maybe_array; + factory->NewJSArrayStorage(array, 0, 0, DONT_INITIALIZE_ARRAY_ELEMENTS); + ElementsKind old_kind = array->GetElementsKind(); - maybe_array = ArrayConstructInitializeElements(array, caller_args); - if (maybe_array->IsFailure()) return maybe_array; + RETURN_IF_EMPTY_HANDLE(isolate, + ArrayConstructInitializeElements(array, caller_args)); if (!site.is_null() && (old_kind != array->GetElementsKind() || !can_use_type_feedback)) { @@ -14824,7 +14820,7 @@ static MaybeObject* ArrayConstructorCommon(Isolate* isolate, // We must mark the allocationsite as un-inlinable. site->SetDoNotInlineCall(); } - return array; + return *array; } -- 2.34.1