• Ross McIlroy's avatar
    [Runtime] Ensure template objects are retained if bytecode is flushed. · ec9aef3d
    Ross McIlroy authored
    Template objects should be cached after they are first created and reused on
    subsiquent calls to tag functions. Currently these cached objects are stored
    on the feedback vector, which has appropriate lifetime, however with bytecode
    flushing the feedback vector could be cleared when the bytecode is flushed,
    causing the template object to be dropped.
    
    In order to retain the cached template objects in the face of bytecode flushing,
    this CL adds a weakmap for each native context that is (weakly) keyed by
    shared function info, and holds a linked list of cached template objects
    associated with that shared function info, indexed by feedback vector slot id.
    Misses will check this weakmap, and if no entry is found, a new template object
    is created and added into this weakmap alongside the feedback vector.
    
    BUG=v8:8799,v8:8799,v8:8395
    
    Change-Id: Ia95d5cfc394ce58dc9fe6a1e49780f05299acc17
    Reviewed-on: https://chromium-review.googlesource.com/c/1477746
    Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
    Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
    Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#59818}
    ec9aef3d
template-objects-inl.h 1.16 KB