[runtime] Allow generic allocation of sloppy arguments.

This allows sloppy arguments objects to be allocated by the generic Heap::AllocateJSObjectFromMap allocation function. An empty elements backing store for such objects is provided. This is needed in order to materialize such objects without access to a specific native context. R=bmeurer@chromium.org TEST=mjsunit/regress/regress-crbug-613919 BUG=chromium:613919 Review-Url: https://codereview.chromium.org/2014343004 Cr-Commit-Position: refs/heads/master@{#36547}

[runtime] Allow generic allocation of sloppy arguments.
This allows sloppy arguments objects to be allocated by the generic Heap::AllocateJSObjectFromMap allocation function. An empty elements backing store for such objects is provided. This is needed in order to materialize such objects without access to a specific native context. R=bmeurer@chromium.org TEST=mjsunit/regress/regress-crbug-613919 BUG=chromium:613919 Review-Url: https://codereview.chromium.org/2014343004 Cr-Commit-Position: refs/heads/master@{#36547}
addfd00a · mstarzinger · Commit bot · fd2ccd74 · addfd00a · addfd00a
Commit addfd00a authored May 27, 2016 by mstarzinger Committed by Commit bot May 27, 2016
Showing with 24 additions and 14 deletions

deoptimizer.cc src/deoptimizer.cc +2 -6

heap.cc src/heap/heap.cc +9 -1

heap.h src/heap/heap.h +1 -0

objects-inl.h src/objects-inl.h +11 -7

objects.h src/objects.h +1 -0

No files found.
--- a/src/deoptimizer.cc
+++ b/src/deoptimizer.cc
@@ -3685,15 +3685,11 @@ Handle<Object> TranslatedState::MaterializeAt(int frame_index,
          return object;
        }
        case JS_OBJECT_TYPE: {
-          Handle<JSObject> object = isolate_->factory()->NewJSObjectFromMap(
-              map->has_sloppy_arguments_elements()
-                  ? isolate()->sloppy_arguments_map()
-                  : map,
-              NOT_TENURED);
+          Handle<JSObject> object =
+              isolate_->factory()->NewJSObjectFromMap(map, NOT_TENURED);
          slot->value_ = object;
          Handle<Object> properties = MaterializeAt(frame_index, value_index);
          Handle<Object> elements = MaterializeAt(frame_index, value_index);
-          object->set_map(*map);  // Correct elements kind for sloppy arguments.
          object->set_properties(FixedArray::cast(*properties));
          object->set_elements(FixedArrayBase::cast(*elements));
          for (int i = 0; i < length - 3; ++i) {

--- a/src/heap/heap.cc
+++ b/src/heap/heap.cc
@@ -2814,6 +2814,13 @@ void Heap::CreateInitialObjects() {
    set_empty_literals_array(*empty_literals_array);
  }

+  {
+    Handle<FixedArray> empty_sloppy_arguments_elements =
+        factory->NewFixedArray(2, TENURED);
+    empty_sloppy_arguments_elements->set_map(sloppy_arguments_elements_map());
+    set_empty_sloppy_arguments_elements(*empty_sloppy_arguments_elements);
+  }
+
  {
    Handle<WeakCell> cell = factory->NewWeakCell(factory->undefined_value());
    set_empty_weak_cell(*cell);
@@ -3555,7 +3562,8 @@ AllocationResult Heap::AllocateJSObjectFromMap(
  // Initialize the JSObject.
  InitializeJSObjectFromMap(js_obj, properties, map);
  DCHECK(js_obj->HasFastElements() || js_obj->HasFixedTypedArrayElements() ||
-         js_obj->HasFastStringWrapperElements());
+         js_obj->HasFastStringWrapperElements() ||
+         js_obj->HasFastArgumentsElements());
  return js_obj;
 }


--- a/src/heap/heap.h
+++ b/src/heap/heap.h
@@ -184,6 +184,7 @@ using v8::MemoryPressureLevel;
  V(FixedArray, microtask_queue, MicrotaskQueue)                               \
  V(TypeFeedbackVector, dummy_vector, DummyVector)                             \
  V(FixedArray, empty_literals_array, EmptyLiteralsArray)                      \
+  V(FixedArray, empty_sloppy_arguments_elements, EmptySloppyArgumentsElements) \
  V(FixedArray, cleared_optimized_code_map, ClearedOptimizedCodeMap)           \
  V(FixedArray, detached_contexts, DetachedContexts)                           \
  V(ArrayList, retained_maps, RetainedMaps)                                    \

--- a/src/objects-inl.h
+++ b/src/objects-inl.h
@@ -2796,18 +2796,18 @@ void Map::SetEnumLength(int length) {


 FixedArrayBase* Map::GetInitialElements() {
+  FixedArrayBase* result = nullptr;
  if (has_fast_elements() || has_fast_string_wrapper_elements()) {
-    DCHECK(!GetHeap()->InNewSpace(GetHeap()->empty_fixed_array()));
-    return GetHeap()->empty_fixed_array();
+    result = GetHeap()->empty_fixed_array();
+  } else if (has_fast_sloppy_arguments_elements()) {
+    result = GetHeap()->empty_sloppy_arguments_elements();
  } else if (has_fixed_typed_array_elements()) {
-    FixedTypedArrayBase* empty_array =
-        GetHeap()->EmptyFixedTypedArrayForMap(this);
-    DCHECK(!GetHeap()->InNewSpace(empty_array));
-    return empty_array;
+    result = GetHeap()->EmptyFixedTypedArrayForMap(this);
  } else {
    UNREACHABLE();
  }
-  return NULL;
+  DCHECK(!GetHeap()->InNewSpace(result));
+  return result;
 }


@@ -4573,6 +4573,10 @@ bool Map::has_sloppy_arguments_elements() {
  return IsSloppyArgumentsElements(elements_kind());
 }

+bool Map::has_fast_sloppy_arguments_elements() {
+  return elements_kind() == FAST_SLOPPY_ARGUMENTS_ELEMENTS;
+}
+
 bool Map::has_fast_string_wrapper_elements() {
  return elements_kind() == FAST_STRING_WRAPPER_ELEMENTS;
 }

--- a/src/objects.h
+++ b/src/objects.h
@@ -5708,6 +5708,7 @@ class Map: public HeapObject {
  inline bool has_fast_double_elements();
  inline bool has_fast_elements();
  inline bool has_sloppy_arguments_elements();
+  inline bool has_fast_sloppy_arguments_elements();
  inline bool has_fast_string_wrapper_elements();
  inline bool has_fixed_typed_array_elements();
  inline bool has_dictionary_elements();