Reviewers: Vyacheslav Egorov,
Description:
Filter out maps from different global context when collecting type feedback.
This avoid leaking memory because optimized code may hold on to maps
from different tabs otherwise.
BUG=v8:1823, 102895
Please review this at http://codereview.chromium.org/8892002/
SVN Base: http://v8.googlecode.com/svn/branches/bleeding_edge/
Affected files:
M src/stub-cache.h
M src/stub-cache.cc
M src/type-info.h
M src/type-info.cc
Index: src/stub-cache.cc
===================================================================
--- src/stub-cache.cc (revision 10237)
+++ src/stub-cache.cc (working copy)
@@ -877,7 +877,8 @@
void StubCache::CollectMatchingMaps(SmallMapList* types,
String* name,
- Code::Flags flags) {
+ Code::Flags flags,
+ Handle<Context> global_context) {
for (int i = 0; i < kPrimaryTableSize; i++) {
if (primary_[i].key == name) {
Map* map = primary_[i].value->FindFirstMap();
@@ -886,7 +887,8 @@
if (map == NULL) continue;
int offset = PrimaryOffset(name, flags, map);
- if (entry(primary_, offset) == &primary_[i]) {
+ if (entry(primary_, offset) == &primary_[i] &&
+ TypeFeedbackOracle::InSameContext(Handle<Map>(map),
global_context)) {
types->Add(Handle<Map>(map));
}
}
@@ -909,7 +911,8 @@
// Lookup in secondary table and add matches.
int offset = SecondaryOffset(name, flags, primary_offset);
- if (entry(secondary_, offset) == &secondary_[i]) {
+ if (entry(secondary_, offset) == &secondary_[i] &&
+ TypeFeedbackOracle::InSameContext(Handle<Map>(map),
global_context)) {
types->Add(Handle<Map>(map));
}
}
Index: src/stub-cache.h
===================================================================
--- src/stub-cache.h (revision 10237)
+++ src/stub-cache.h (working copy)
@@ -248,7 +248,8 @@
// Collect all maps that match the name and flags.
void CollectMatchingMaps(SmallMapList* types,
String* name,
- Code::Flags flags);
+ Code::Flags flags,
+ Handle<Context> global_context);
// Generate code for probing the stub cache table.
// Arguments extra and extra2 may be used to pass additional scratch
Index: src/type-info.cc
===================================================================
--- src/type-info.cc (revision 10237)
+++ src/type-info.cc (working copy)
@@ -438,11 +438,24 @@
Handle<Code>::cast(object)->ic_state() == MEGAMORPHIC) {
types->Reserve(4);
ASSERT(object->IsCode());
- isolate_->stub_cache()->CollectMatchingMaps(types, *name, flags);
+ isolate_->stub_cache()->CollectMatchingMaps(types,
+ *name,
+ flags,
+ global_context_);
}
}
+bool TypeFeedbackOracle::InSameContext(Handle<Map> map,
+ Handle<Context> global_context) {
+ Handle<Object> constructor(map->constructor());
+ if (constructor.is_null()) return true;
+ if (!constructor->IsJSFunction()) return true;
+ Handle<JSFunction> function = Handle<JSFunction>::cast(constructor);
+ return function->context()->global() == global_context->global()
+ || function->context()->global() == global_context->builtins();
+}
+
static void AddMapIfMissing(Handle<Map> map, SmallMapList* list) {
for (int i = 0; i < list->length(); ++i) {
if (list->at(i).is_identical_to(map)) return;
@@ -539,7 +552,12 @@
SetInfo(ast_id, Smi::FromInt(target->check_type()));
} else {
Object* map = target->FindFirstMap();
- SetInfo(ast_id, map == NULL ? static_cast<Object*>(target) :
map);
+ if (map == NULL) {
+ SetInfo(ast_id, static_cast<Object*>(target));
+ } else if (InSameContext(Handle<Map>(Map::cast(map)),
+ global_context_)) {
+ SetInfo(ast_id, map);
+ }
}
} else if (target->ic_state() == MEGAMORPHIC) {
SetInfo(ast_id, target);
Index: src/type-info.h
===================================================================
--- src/type-info.h (revision 10237)
+++ src/type-info.h (working copy)
@@ -256,6 +256,8 @@
void CollectKeyedReceiverTypes(unsigned ast_id,
SmallMapList* types);
+ static bool InSameContext(Handle<Map> map, Handle<Context>
global_context);
+
CheckType GetCallCheckType(Call* expr);
Handle<JSObject> GetPrototypeForPrimitiveCheck(CheckType check);
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
