From e758a36b0255bba192d35cc14d2ffbedc019e029 Mon Sep 17 00:00:00 2001 From: verwaest Date: Thu, 19 Feb 2015 05:01:52 -0800 Subject: [PATCH] Clear Map::constructor to object_function from the same context for prototype maps. This avoids keeping small pockets of memory alive for the common pattern where prototypes are used to emulate classes: function inherit(parent, child) { function p() {} p.prototype = parent.prototype; child.prototype = new p(); } Otherwise child.prototype[constructor] keeps alive p, p's context, the initial map attached to p, and the (now empty) transition array of the initial map. BUG= Review URL: https://codereview.chromium.org/942493002 Cr-Commit-Position: refs/heads/master@{#26747} --- src/objects.cc | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/objects.cc b/src/objects.cc index 598c638f5c..5d210bd571 100644 --- a/src/objects.cc +++ b/src/objects.cc @@ -9976,6 +9976,19 @@ void JSObject::OptimizeAsPrototype(Handle object, Handle new_map = Map::Copy(handle(object->map()), "CopyAsPrototype"); JSObject::MigrateToMap(object, new_map); } + if (object->map()->constructor()->IsJSFunction()) { + JSFunction* constructor = JSFunction::cast(object->map()->constructor()); + // Replace the pointer to the exact constructor with the Object function + // from the same context if undetectable from JS. This is to avoid keeping + // memory alive unnecessarily. + if (!constructor->shared()->IsApiFunction() && + object->class_name() == + object->GetIsolate()->heap()->Object_string()) { + Context* context = constructor->context()->native_context(); + JSFunction* object_function = context->object_function(); + object->map()->set_constructor(object_function); + } + } object->map()->set_is_prototype_map(true); } }