Reviewers: Jakob,
Message:
PTAL. Only ia32 is implemented for now; and the CL includes a temporary fix
for
the debugger/lazy compilation problem that has to be disabled before the CL
lands.
Description:
Sharing of descriptor arrays.
This CL adds multiple things:
Transition arrays do not directly point at their descriptor array anymore,
but
rather do so via an indirect pointer (a JSGlobalPropertyCell).
An ownership bit is added to maps indicating whether it owns its own
descriptor
array or not.
Maps owning a descriptor array can pass on ownership if a transition from
that
map is generated; but only if the descriptor array stays exactly the same;
or if
a descriptor is added.
Maps that don't have ownership get ownership back if their direct child to
which
ownership was passed is cleared in ClearNonLiveTransitions.
To detect which descriptors in an array are valid, each map knows its own
NumberOfOwnDescriptors. Since the descriptors are sorted in order of
addition,
if we search and find a descriptor with index bigger than this number, it
is not
valid for the given map.
We currently still build up an enumeration cache (although this may
disappear).
The enumeration cache is always built for the entire descriptor array, even
if
not all descriptors are owned by the map. Once a descriptor array has an
enumeration cache for a given map; this invariant will always be true, even
if
the descriptor array was extended. The extended array will inherit the
enumeration cache from the smaller descriptor array. If a map with more
descriptors needs an enumeration cache, it's EnumLength will still be set to
invalid, so it will have to recompute the enumeration cache. This new cache
will
also be valid for smaller maps since they have their own enumlength; and use
this to loop over the cache. If the EnumLength is still invalid, but there
is
already a cache present that is big enough; we just initialize the
EnumLength
field for the map.
When we apply ClearNonLiveTransitions and descriptor ownership is passed
back to
a parent map, the descriptor array is trimmed in-place and resorted. At the
same
time, the enumeration cache is trimmed in-place.
Only transition arrays contain descriptor arrays. If we transition to a map
and
pass ownership of the descriptor array along, the child map will not store
the
descriptor array it owns. Rather its parent will keep the pointer. So for
every
leaf-map, we find the descriptor array by following the back pointer,
reading
out the transition array, and fetching the descriptor array from the
JSGlobalPropertyCell. If a map has a transition array, we fetch it from
there.
If a map has undefined as its back-pointer and has no transition array; it
is
considered to have an empty descriptor array.
When we modify properties, we cannot share the descriptor array. To
accommodate
this, the child map will get its own transition array; even if there are not
necessarily any transitions leaving from the child map. This is necessary
since
it's the only way to store its own descriptor array.
Please review this at https://chromiumcodereview.appspot.com/10909007/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files:
M src/bootstrapper.cc
M src/handles.h
M src/handles.cc
M src/heap.h
M src/heap.cc
M src/ia32/full-codegen-ia32.cc
M src/ia32/macro-assembler-ia32.h
M src/ia32/macro-assembler-ia32.cc
M src/mark-compact.cc
M src/objects-debug.cc
M src/objects-inl.h
M src/objects.h
M src/objects.cc
M src/profile-generator.cc
M src/property.h
M src/runtime.cc
M src/string-stream.cc
M src/transitions-inl.h
M src/transitions.h
M src/transitions.cc
M test/cctest/test-heap-profiler.cc
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
