The existing object materialization in the deoptimizer has the following problems:
- Objects do not necessarily verify during materialization (because during the
depth first walk we might have inconsistent objects).
- Stack can overflow (because we just materialize using recursive calls).
- We generalize object fields.
This CL re-implements the materialization algorithm to solve this problem. The
new implementation creates the objects in two steps:
1. We allocate space for all the objects. In general, we allocate ByteArrays
of the right size. For leaf objects that cannot participate in cycles,
we build and initialize the materialized objects completely.
For JS objects, we insert markers into the byte array at the positions
where unboxed doubles are expected.
2. We initialize all the objects with the proper field values and change the
map from the ByteArray map to the correct map. This requires some sync
with the concurrent marker (Heap::NotifyObjectLayoutChange).
When initializing the JS object fields, we make sure that we respect
the unboxed double marker.
Bug: chromium:770106, v8:3836
Change-Id: I1ec466a9d19db9538df4ba915516d4c3ca825632
Reviewed-on: https://chromium-review.googlesource.com/777559
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49821}
e71b802279