eab2f2e654
The only empty PropertyArray is the empty_property_array object on the isolate. Allowing empty PropertyArrays causes the turbofan to ignore the existing hash when growing the backing store again. We currently only end up with the empty PropertyArray when following back transitions. Bug: chromium:781218, chromium:783713 Change-Id: If41dd09b965cdc8d957b9ca50ba3c8a7f4254769 Reviewed-on: https://chromium-review.googlesource.com/763230 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#49318}
44 lines
908 B
JavaScript
44 lines
908 B
JavaScript
// Copyright 2017 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --allow-natives-syntax
|
|
|
|
var m = new Map();
|
|
|
|
function C() { }
|
|
|
|
// Make sure slack tracking kicks in and shrinks the default size to prevent
|
|
// any further in-object properties.
|
|
%CompleteInobjectSlackTracking(new C());
|
|
|
|
function f(o) {
|
|
o.x = true;
|
|
}
|
|
|
|
// Warm up {f}.
|
|
f(new C());
|
|
f(new C());
|
|
|
|
|
|
var o = new C();
|
|
%HeapObjectVerify(o);
|
|
|
|
m.set(o, 1); // This creates hash code on o.
|
|
|
|
// Add an out-of-object property.
|
|
o.x = true;
|
|
%HeapObjectVerify(o);
|
|
// Delete the property (so we have no out-of-object properties).
|
|
delete o.x;
|
|
%HeapObjectVerify(o);
|
|
|
|
|
|
// Ensure that growing the properties backing store in optimized code preserves
|
|
// the hash.
|
|
%OptimizeFunctionOnNextCall(f);
|
|
f(o);
|
|
|
|
%HeapObjectVerify(o);
|
|
assertEquals(1, m.get(o));
|