AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

[GC] Align behavior of JSProxy with JSObject when embedded in optimized code

Browse Source 
With --harmony-proxies enabled, embedded pointers in optimized code can point to
a JSProxy (via a cell). Since JSProxy can morph into JSObject we need to align
the expectations of weak vs strong refs.

With this patch we also treat JSPRoxy as weak ref (like JSObject) and therefore
properly record a dependency on it, so that once the cell pointing to it becomes
unreachable we deoptimize the corresponding code.

BUG=v8:4359
LOG=N

Review URL: https://codereview.chromium.org/1270393003

Cr-Commit-Position: refs/heads/master@{#30067}
This commit is contained in:
mlippautz 2015-08-07 05:54:49 -07:00 committed by Commit bot
parent 07c3e41680
commit a039ff2930
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/objects-inl.h
View File

@ -4735,7 +4735,8 @@ bool Code::IsWeakObjectInOptimizedCode(Object* object) {
} else if (object->IsPropertyCell()) { } else if (object->IsPropertyCell()) {
object = PropertyCell::cast(object)->value(); object = PropertyCell::cast(object)->value();
} }
if (object->IsJSObject()) { if (object->IsJSObject() || object->IsJSProxy()) {
// JSProxy is handled like JSObject because it can morph into one.
return FLAG_weak_embedded_objects_in_optimized_code; return FLAG_weak_embedded_objects_in_optimized_code;
} }
if (object->IsFixedArray()) { if (object->IsFixedArray()) {