Revert of [elements] Minor hardening and cleanup of concat (patchset #7...

Revert of [elements] Minor hardening and cleanup of concat (patchset #7 id:120001 of https://codereview.chromium.org/1812753004/ ) Reason for revert: [Sheriff] Something seems to leak: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20ASAN/builds/10838 I don't see the direct connection to this CL though... Original issue's description: > [elements] Minor hardening and cleanup of concat > > BUG= > > Committed: https://crrev.com/b98b3fbbe3dd14548cb356339f52403c07ef33f4 > Cr-Commit-Position: refs/heads/master@{#35027} TBR=jkummerow@chromium.org,cbruni@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= Review URL: https://codereview.chromium.org/1825363002 Cr-Commit-Position: refs/heads/master@{#35028}

Revert of [elements] Minor hardening and cleanup of concat (patchset #7...
Revert of [elements] Minor hardening and cleanup of concat (patchset #7 id:120001 of https://codereview.chromium.org/1812753004/ ) Reason for revert: [Sheriff] Something seems to leak: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20ASAN/builds/10838 I don't see the direct connection to this CL though... Original issue's description: > [elements] Minor hardening and cleanup of concat > > BUG= > > Committed: https://crrev.com/b98b3fbbe3dd14548cb356339f52403c07ef33f4 > Cr-Commit-Position: refs/heads/master@{#35027} TBR=jkummerow@chromium.org,cbruni@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= Review URL: https://codereview.chromium.org/1825363002 Cr-Commit-Position: refs/heads/master@{#35028}
d30d861a · machenbach · Commit bot · b98b3fbb · d30d861a
Commit d30d861a authored Mar 23, 2016 by machenbach Committed by Commit bot Mar 23, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 24 additions and 28 deletions

elements.cc src/elements.cc +24 -28

No files found.
--- a/src/elements.cc
+++ b/src/elements.cc
@@ -2880,18 +2880,17 @@ void ElementsAccessor::TearDown() {

 Handle<JSArray> ElementsAccessor::Concat(Isolate* isolate, Arguments* args,
                                         uint32_t concat_size) {
-  uint32_t result_len = 0;
-  bool has_raw_doubles = false;
-  ElementsKind result_elements_kind = GetInitialFastElementsKind();
+  int result_len = 0;
+  ElementsKind elements_kind = GetInitialFastElementsKind();
+  bool has_double = false;
  {
    DisallowHeapAllocation no_gc;
-    bool is_holey = false;
    // Iterate through all the arguments performing checks
    // and calculating total length.
+    bool is_holey = false;
    for (uint32_t i = 0; i < concat_size; i++) {
-      JSArray* array = JSArray::cast((*args)[i]);
-      uint32_t len = 0;
-      array->length()->ToArrayLength(&len);
+      Object* arg = (*args)[i];
+      int len = Smi::cast(JSArray::cast(arg)->length())->value();

      // We shouldn't overflow when adding another len.
      const int kHalfOfMaxInt = 1 << (kBitsPerInt - 2);
@@ -2901,45 +2900,42 @@ Handle<JSArray> ElementsAccessor::Concat(Isolate* isolate, Arguments* args,
      DCHECK(0 <= result_len);
      DCHECK(result_len <= FixedDoubleArray::kMaxLength);

-      ElementsKind arg_kind = array->GetElementsKind();
-      has_raw_doubles = has_raw_doubles || IsFastDoubleElementsKind(arg_kind);
+      ElementsKind arg_kind = JSArray::cast(arg)->map()->elements_kind();
+      has_double = has_double || IsFastDoubleElementsKind(arg_kind);
      is_holey = is_holey || IsFastHoleyElementsKind(arg_kind);
-      result_elements_kind =
-          GetMoreGeneralElementsKind(result_elements_kind, arg_kind);
+      elements_kind = GetMoreGeneralElementsKind(elements_kind, arg_kind);
    }
    if (is_holey) {
-      result_elements_kind = GetHoleyElementsKind(result_elements_kind);
+      elements_kind = GetHoleyElementsKind(elements_kind);
    }
  }

  // If a double array is concatted into a fast elements array, the fast
  // elements array needs to be initialized to contain proper holes, since
  // boxing doubles may cause incremental marking.
-  bool requires_double_boxing =
-      has_raw_doubles && !IsFastDoubleElementsKind(result_elements_kind);
-  ArrayStorageAllocationMode mode = requires_double_boxing
-                                        ? INITIALIZE_ARRAY_ELEMENTS_WITH_HOLE
-                                        : DONT_INITIALIZE_ARRAY_ELEMENTS;
+  ArrayStorageAllocationMode mode =
+      has_double && IsFastObjectElementsKind(elements_kind)
+          ? INITIALIZE_ARRAY_ELEMENTS_WITH_HOLE
+          : DONT_INITIALIZE_ARRAY_ELEMENTS;
  Handle<JSArray> result_array = isolate->factory()->NewJSArray(
-      result_elements_kind, result_len, result_len, mode);
+      elements_kind, result_len, result_len, mode);
  if (result_len == 0) return result_array;
-
-  uint32_t insertion_index = 0;
+  int j = 0;
  Handle<FixedArrayBase> storage(result_array->elements(), isolate);
-  ElementsAccessor* accessor = ElementsAccessor::ForKind(result_elements_kind);
+  ElementsAccessor* accessor = ElementsAccessor::ForKind(elements_kind);
  for (uint32_t i = 0; i < concat_size; i++) {
    // It is crucial to keep |array| in a raw pointer form to avoid
    // performance degradation.
    JSArray* array = JSArray::cast((*args)[i]);
-    uint32_t len = 0;
-    array->length()->ToArrayLength(&len);
-    if (len == 0) continue;
-    ElementsKind from_kind = array->GetElementsKind();
-    accessor->CopyElements(array, 0, from_kind, storage, insertion_index, len);
-    insertion_index += len;
+    int len = Smi::cast(array->length())->value();
+    if (len > 0) {
+      ElementsKind from_kind = array->GetElementsKind();
+      accessor->CopyElements(array, 0, from_kind, storage, j, len);
+      j += len;
+    }
  }

-  DCHECK_EQ(insertion_index, result_len);
+  DCHECK(j == result_len);
  return result_array;
 }