Pretenure code generation corner case with new space COW arrays.

When advised to pretenure in crankshaft, and the boilerplate is a cow array, move the elements to old space if it's not already there to avoid overflowing the store buffer. R=hpayer@chromium.org Review URL: https://codereview.chromium.org/197473004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19995 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Pretenure code generation corner case with new space COW arrays.
When advised to pretenure in crankshaft, and the boilerplate is a cow array, move the elements to old space if it's not already there to avoid overflowing the store buffer. R=hpayer@chromium.org Review URL: https://codereview.chromium.org/197473004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19995 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
3daaba09 · mvstanton@chromium.org · 6cf32b13 · 3daaba09 · 3daaba09 · 3daaba09
Commit 3daaba09 authored Mar 17, 2014 by mvstanton@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 56 additions and 0 deletions

factory.cc src/factory.cc +9 -0

factory.h src/factory.h +4 -0

heap.cc src/heap.cc +27 -0

heap.h src/heap.h +4 -0

hydrogen.cc src/hydrogen.cc +12 -0

No files found.
--- a/src/factory.cc
+++ b/src/factory.cc
@@ -889,6 +889,15 @@ Handle<FixedArray> Factory::CopyFixedArray(Handle<FixedArray> array) {
 }


+Handle<FixedArray> Factory::CopyAndTenureFixedCOWArray(
+    Handle<FixedArray> array) {
+  ASSERT(isolate()->heap()->InNewSpace(*array));
+  CALL_HEAP_FUNCTION(isolate(),
+                     isolate()->heap()->CopyAndTenureFixedCOWArray(*array),
+                     FixedArray);
+}
+
+
 Handle<FixedArray> Factory::CopySizeFixedArray(Handle<FixedArray> array,
                                               int new_length,
                                               PretenureFlag pretenure) {

--- a/src/factory.h
+++ b/src/factory.h
@@ -290,6 +290,10 @@ class Factory {

  Handle<FixedArray> CopyFixedArray(Handle<FixedArray> array);

+  // This method expects a COW array in new space, and creates a copy
+  // of it in old space.
+  Handle<FixedArray> CopyAndTenureFixedCOWArray(Handle<FixedArray> array);
+
  Handle<FixedArray> CopySizeFixedArray(Handle<FixedArray> array,
                                        int new_length,
                                        PretenureFlag pretenure = NOT_TENURED);

--- a/src/heap.cc
+++ b/src/heap.cc
@@ -5047,6 +5047,33 @@ MaybeObject* Heap::AllocateEmptyExternalArray(ExternalArrayType array_type) {
 }


+MaybeObject* Heap::CopyAndTenureFixedCOWArray(FixedArray* src) {
+  if (!InNewSpace(src)) {
+    return src;
+  }
+
+  int len = src->length();
+  Object* obj;
+  { MaybeObject* maybe_obj = AllocateRawFixedArray(len, TENURED);
+    if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+  }
+  HeapObject::cast(obj)->set_map_no_write_barrier(fixed_array_map());
+  FixedArray* result = FixedArray::cast(obj);
+  result->set_length(len);
+
+  // Copy the content
+  DisallowHeapAllocation no_gc;
+  WriteBarrierMode mode = result->GetWriteBarrierMode(no_gc);
+  for (int i = 0; i < len; i++) result->set(i, src->get(i), mode);
+
+  // TODO(mvstanton): The map is set twice because of protection against calling
+  // set() on a COW FixedArray. Issue v8:3221 created to track this, and
+  // we might then be able to remove this whole method.
+  HeapObject::cast(obj)->set_map_no_write_barrier(fixed_cow_array_map());
+  return result;
+}
+
+
 MaybeObject* Heap::CopyFixedArrayWithMap(FixedArray* src, Map* map) {
  int len = src->length();
  Object* obj;

--- a/src/heap.h
+++ b/src/heap.h
@@ -975,6 +975,10 @@ class Heap {
  // Failure::RetryAfterGC(requested_bytes, space) if the allocation failed.
  MUST_USE_RESULT inline MaybeObject* CopyFixedArray(FixedArray* src);

+  // Make a copy of src and return it. Returns
+  // Failure::RetryAfterGC(requested_bytes, space) if the allocation failed.
+  MUST_USE_RESULT MaybeObject* CopyAndTenureFixedCOWArray(FixedArray* src);
+
  // Make a copy of src, set the map, and return the copy. Returns
  // Failure::RetryAfterGC(requested_bytes, space) if the allocation failed.
  MUST_USE_RESULT MaybeObject* CopyFixedArrayWithMap(FixedArray* src, Map* map);

--- a/src/hydrogen.cc
+++ b/src/hydrogen.cc
@@ -9757,6 +9757,18 @@ HInstruction* HOptimizedGraphBuilder::BuildFastLiteral(
      elements->map() != isolate()->heap()->fixed_cow_array_map()) ?
          elements->Size() : 0;

+  if (pretenure_flag == TENURED &&
+      elements->map() == isolate()->heap()->fixed_cow_array_map() &&
+      isolate()->heap()->InNewSpace(*elements)) {
+    // If we would like to pretenure a fixed cow array, we must ensure that the
+    // array is already in old space, otherwise we'll create too many old-to-
+    // new-space pointers (overflowing the store buffer).
+    elements = Handle<FixedArrayBase>(
+        isolate()->factory()->CopyAndTenureFixedCOWArray(
+            Handle<FixedArray>::cast(elements)));
+    boilerplate_object->set_elements(*elements);
+  }
+
  HInstruction* object_elements = NULL;
  if (elements_size > 0) {
    HValue* object_elements_size = Add<HConstant>(elements_size);