v8/test/mjsunit/compiler/materialize-mutable-heap-number.js

23 lines
496 B
JavaScript
Raw Normal View History

Reland "[deoptimizer] Staged materialization of objects." This relands commit e71b802279ccc474820068af7f63218e71a5a48a. This can now back in as the fix for chromium:787301 had enough time to be tested in Canary. Original change's description: > [deoptimizer] Staged materialization of objects. > > The existing object materialization in the deoptimizer has the following problems: > > - Objects do not necessarily verify during materialization (because during the > depth first walk we might have inconsistent objects). > > - Stack can overflow (because we just materialize using recursive calls). > > - We generalize object fields. > > > This CL re-implements the materialization algorithm to solve this problem. The > new implementation creates the objects in two steps: > > 1. We allocate space for all the objects. In general, we allocate ByteArrays > of the right size. For leaf objects that cannot participate in cycles, > we build and initialize the materialized objects completely. > > For JS objects, we insert markers into the byte array at the positions > where unboxed doubles are expected. > > 2. We initialize all the objects with the proper field values and change the > map from the ByteArray map to the correct map. This requires some sync > with the concurrent marker (Heap::NotifyObjectLayoutChange). > > When initializing the JS object fields, we make sure that we respect > the unboxed double marker. > > Bug: chromium:770106, v8:3836 > Change-Id: I1ec466a9d19db9538df4ba915516d4c3ca825632 > Reviewed-on: https://chromium-review.googlesource.com/777559 > Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Cr-Commit-Position: refs/heads/master@{#49821} Bug: chromium:770106, v8:3836 Change-Id: Ied6c4e0fbae52713e55ae6dc13794a7521dbb8a5 Reviewed-on: https://chromium-review.googlesource.com/817745 Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#49982}
2017-12-11 08:14:34 +00:00
// Copyright 2017 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --allow-natives-syntax
function C() {}
%CompleteInobjectSlackTracking(new C());
function f() {
// Create a non-escaping object.
var o = new C();
// Add an out-of-object double property.
o.x = 0.5;
%DeoptimizeNow();
return o.x + 0.25;
}
f();
f();
%OptimizeFunctionOnNextCall(f);
assertEquals(0.75, f());