Reviewers: ,
Message:
Committed patchset #1 manually as r20310 (tree was closed).
Description:
Revert "Fix property enum cache creation to include only own properties"
This reverts commit 4cf47a20b4846cf050ea4844433e9c57654da34e.
BUG=
Committed: https://code.google.com/p/v8/source/detail?r=20310
Please review this at https://codereview.chromium.org/214893002/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files (+23, -42 lines):
M src/handles.cc
D test/mjsunit/regress/regress-enum-prop-keys-cache-size.js
Index: test/mjsunit/regress/regress-enum-prop-keys-cache-size.js
diff --git a/test/mjsunit/regress/regress-enum-prop-keys-cache-size.js
b/test/mjsunit/regress/regress-enum-prop-keys-cache-size.js
deleted file mode 100644
index
1227500eeaf45b7b696ab6b6f3a7e87275569a27..0000000000000000000000000000000000000000
--- a/test/mjsunit/regress/regress-enum-prop-keys-cache-size.js
+++ /dev/null
@@ -1,19 +0,0 @@
-// Copyright 2014 the V8 project authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// Flags: --allow-natives-syntax --stress-compaction
-
-%SetAllocationTimeout(100000, 100000);
-
-var x = {};
-x.a = 1;
-x.b = 2;
-x = {};
-
-var y = {};
-y.a = 1;
-
-%SetAllocationTimeout(100000, 0);
-
-for (var z in y) { }
Index: src/handles.cc
diff --git a/src/handles.cc b/src/handles.cc
index
c30153739ac027cf281bd035b0734f7b80d69aae..398a68265cdf1c65d2b98a4d459ab972bbe34cef
100644
--- a/src/handles.cc
+++ b/src/handles.cc
@@ -627,21 +627,20 @@ Handle<FixedArray>
GetEnumPropertyKeys(Handle<JSObject> object,
bool cache_result) {
Isolate* isolate = object->GetIsolate();
if (object->HasFastProperties()) {
- int own_property_count = object->map()->EnumLength();
- // If the enum length of the given map is set to kInvalidEnumCache,
this
- // means that the map itself has never used the present enum cache. The
- // first step to using the cache is to set the enum length of the map
by
- // counting the number of own descriptors that are not DONT_ENUM or
- // SYMBOLIC.
- if (own_property_count == kInvalidEnumCacheSentinel) {
- own_property_count = object->map()->NumberOfDescribedProperties(
- OWN_DESCRIPTORS, DONT_SHOW);
- } else {
- ASSERT(own_property_count ==
object->map()->NumberOfDescribedProperties(
- OWN_DESCRIPTORS, DONT_SHOW));
- }
-
if (object->map()->instance_descriptors()->HasEnumCache()) {
+ int own_property_count = object->map()->EnumLength();
+ // If we have an enum cache, but the enum length of the given map is
set
+ // to kInvalidEnumCache, this means that the map itself has never
used the
+ // present enum cache. The first step to using the cache is to set
the
+ // enum length of the map by counting the number of own descriptors
that
+ // are not DONT_ENUM or SYMBOLIC.
+ if (own_property_count == kInvalidEnumCacheSentinel) {
+ own_property_count = object->map()->NumberOfDescribedProperties(
+ OWN_DESCRIPTORS, DONT_SHOW);
+
+ if (cache_result) object->map()->SetEnumLength(own_property_count);
+ }
+
DescriptorArray* desc = object->map()->instance_descriptors();
Handle<FixedArray> keys(desc->GetEnumCache(), isolate);
@@ -650,7 +649,6 @@ Handle<FixedArray> GetEnumPropertyKeys(Handle<JSObject>
object,
// enum cache was generated for a previous (smaller) version of the
// Descriptor Array. In that case we regenerate the enum cache.
if (own_property_count <= keys->length()) {
- if (cache_result) object->map()->SetEnumLength(own_property_count);
isolate->counters()->enum_cache_hits()->Increment();
return ReduceFixedArrayTo(keys, own_property_count);
}
@@ -665,22 +663,23 @@ Handle<FixedArray>
GetEnumPropertyKeys(Handle<JSObject> object,
}
isolate->counters()->enum_cache_misses()->Increment();
+ int num_enum = map->NumberOfDescribedProperties(ALL_DESCRIPTORS,
DONT_SHOW);
- Handle<FixedArray> storage = isolate->factory()->NewFixedArray(
- own_property_count);
- Handle<FixedArray> indices = isolate->factory()->NewFixedArray(
- own_property_count);
+ Handle<FixedArray> storage =
isolate->factory()->NewFixedArray(num_enum);
+ Handle<FixedArray> indices =
isolate->factory()->NewFixedArray(num_enum);
Handle<DescriptorArray> descs =
Handle<DescriptorArray>(object->map()->instance_descriptors(),
isolate);
- int size = map->NumberOfOwnDescriptors();
+ int real_size = map->NumberOfOwnDescriptors();
+ int enum_size = 0;
int index = 0;
- for (int i = 0; i < size; i++) {
+ for (int i = 0; i < descs->number_of_descriptors(); i++) {
PropertyDetails details = descs->GetDetails(i);
Object* key = descs->GetKey(i);
if (!(details.IsDontEnum() || key->IsSymbol())) {
+ if (i < real_size) ++enum_size;
storage->set(index, key);
if (!indices.is_null()) {
if (details.type() != FIELD) {
@@ -707,9 +706,10 @@ Handle<FixedArray>
GetEnumPropertyKeys(Handle<JSObject> object,
indices.is_null() ? Object::cast(Smi::FromInt(0))
: Object::cast(*indices));
if (cache_result) {
- object->map()->SetEnumLength(own_property_count);
+ object->map()->SetEnumLength(enum_size);
}
- return storage;
+
+ return ReduceFixedArrayTo(storage, enum_size);
} else {
Handle<NameDictionary> dictionary(object->property_dictionary());
int length = dictionary->NumberOfEnumElements();
--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
