1 // Copyright 2017 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "src/objects/map-updater.h"
6
7 #include <queue>
8
9 #include "src/base/platform/mutex.h"
10 #include "src/execution/frames.h"
11 #include "src/execution/isolate.h"
12 #include "src/handles/handles.h"
13 #include "src/objects/field-type.h"
14 #include "src/objects/objects-inl.h"
15 #include "src/objects/objects.h"
16 #include "src/objects/property-details.h"
17 #include "src/objects/transitions.h"
18
19 namespace v8 {
20 namespace internal {
21
22 namespace {
23
EqualImmutableValues(Object obj1,Object obj2)24 inline bool EqualImmutableValues(Object obj1, Object obj2) {
25 if (obj1 == obj2) return true; // Valid for both kData and kAccessor kinds.
26 // TODO(ishell): compare AccessorPairs.
27 return false;
28 }
29
GeneralizeFieldType(Representation rep1,Handle<FieldType> type1,Representation rep2,Handle<FieldType> type2,Isolate * isolate)30 V8_WARN_UNUSED_RESULT Handle<FieldType> GeneralizeFieldType(
31 Representation rep1, Handle<FieldType> type1, Representation rep2,
32 Handle<FieldType> type2, Isolate* isolate) {
33 // Cleared field types need special treatment. They represent lost knowledge,
34 // so we must be conservative, so their generalization with any other type
35 // is "Any".
36 if (Map::FieldTypeIsCleared(rep1, *type1) ||
37 Map::FieldTypeIsCleared(rep2, *type2)) {
38 return FieldType::Any(isolate);
39 }
40 if (type1->NowIs(type2)) return type2;
41 if (type2->NowIs(type1)) return type1;
42 return FieldType::Any(isolate);
43 }
44
PrintGeneralization(Isolate * isolate,Handle<Map> map,FILE * file,const char * reason,InternalIndex modify_index,int split,int descriptors,bool descriptor_to_field,Representation old_representation,Representation new_representation,PropertyConstness old_constness,PropertyConstness new_constness,MaybeHandle<FieldType> old_field_type,MaybeHandle<Object> old_value,MaybeHandle<FieldType> new_field_type,MaybeHandle<Object> new_value)45 void PrintGeneralization(
46 Isolate* isolate, Handle<Map> map, FILE* file, const char* reason,
47 InternalIndex modify_index, int split, int descriptors,
48 bool descriptor_to_field, Representation old_representation,
49 Representation new_representation, PropertyConstness old_constness,
50 PropertyConstness new_constness, MaybeHandle<FieldType> old_field_type,
51 MaybeHandle<Object> old_value, MaybeHandle<FieldType> new_field_type,
52 MaybeHandle<Object> new_value) {
53 OFStream os(file);
54 os << "[generalizing]";
55 Name name = map->instance_descriptors(isolate).GetKey(modify_index);
56 if (name.IsString()) {
57 String::cast(name).PrintOn(file);
58 } else {
59 os << "{symbol " << reinterpret_cast<void*>(name.ptr()) << "}";
60 }
61 os << ":";
62 if (descriptor_to_field) {
63 os << "c";
64 } else {
65 os << old_representation.Mnemonic() << "{";
66 if (old_field_type.is_null()) {
67 os << Brief(*(old_value.ToHandleChecked()));
68 } else {
69 old_field_type.ToHandleChecked()->PrintTo(os);
70 }
71 os << ";" << old_constness << "}";
72 }
73 os << "->" << new_representation.Mnemonic() << "{";
74 if (new_field_type.is_null()) {
75 os << Brief(*(new_value.ToHandleChecked()));
76 } else {
77 new_field_type.ToHandleChecked()->PrintTo(os);
78 }
79 os << ";" << new_constness << "} (";
80 if (strlen(reason) > 0) {
81 os << reason;
82 } else {
83 os << "+" << (descriptors - split) << " maps";
84 }
85 os << ") [";
86 JavaScriptFrame::PrintTop(isolate, file, false, true);
87 os << "]\n";
88 }
89
90 } // namespace
91
MapUpdater(Isolate * isolate,Handle<Map> old_map)92 MapUpdater::MapUpdater(Isolate* isolate, Handle<Map> old_map)
93 : isolate_(isolate),
94 old_map_(old_map),
95 old_descriptors_(old_map->instance_descriptors(isolate), isolate_),
96 old_nof_(old_map_->NumberOfOwnDescriptors()),
97 new_elements_kind_(old_map_->elements_kind()),
98 is_transitionable_fast_elements_kind_(
99 IsTransitionableFastElementsKind(new_elements_kind_)) {
100 // We shouldn't try to update remote objects.
101 DCHECK(
102 !old_map->FindRootMap(isolate).GetConstructor().IsFunctionTemplateInfo());
103 }
104
GetKey(InternalIndex descriptor) const105 Name MapUpdater::GetKey(InternalIndex descriptor) const {
106 return old_descriptors_->GetKey(descriptor);
107 }
108
GetDetails(InternalIndex descriptor) const109 PropertyDetails MapUpdater::GetDetails(InternalIndex descriptor) const {
110 DCHECK(descriptor.is_found());
111 if (descriptor == modified_descriptor_) {
112 PropertyAttributes attributes = new_attributes_;
113 // If the original map was sealed or frozen, let's use the old
114 // attributes so that we follow the same transition path as before.
115 // Note that the user could not have changed the attributes because
116 // both seal and freeze make the properties non-configurable. An exception
117 // is transitioning from [[Writable]] = true to [[Writable]] = false (this
118 // is allowed for frozen and sealed objects). To support it, we use the new
119 // attributes if they have [[Writable]] == false.
120 if ((integrity_level_ == SEALED || integrity_level_ == FROZEN) &&
121 !(new_attributes_ & READ_ONLY)) {
122 attributes = old_descriptors_->GetDetails(descriptor).attributes();
123 }
124 return PropertyDetails(new_kind_, attributes, new_location_, new_constness_,
125 new_representation_);
126 }
127 return old_descriptors_->GetDetails(descriptor);
128 }
129
GetValue(InternalIndex descriptor) const130 Object MapUpdater::GetValue(InternalIndex descriptor) const {
131 DCHECK(descriptor.is_found());
132 if (descriptor == modified_descriptor_) {
133 DCHECK_EQ(PropertyLocation::kDescriptor, new_location_);
134 return *new_value_;
135 }
136 DCHECK_EQ(PropertyLocation::kDescriptor, GetDetails(descriptor).location());
137 return old_descriptors_->GetStrongValue(descriptor);
138 }
139
GetFieldType(InternalIndex descriptor) const140 FieldType MapUpdater::GetFieldType(InternalIndex descriptor) const {
141 DCHECK(descriptor.is_found());
142 if (descriptor == modified_descriptor_) {
143 DCHECK_EQ(PropertyLocation::kField, new_location_);
144 return *new_field_type_;
145 }
146 DCHECK_EQ(PropertyLocation::kField, GetDetails(descriptor).location());
147 return old_descriptors_->GetFieldType(descriptor);
148 }
149
GetOrComputeFieldType(InternalIndex descriptor,PropertyLocation location,Representation representation) const150 Handle<FieldType> MapUpdater::GetOrComputeFieldType(
151 InternalIndex descriptor, PropertyLocation location,
152 Representation representation) const {
153 DCHECK(descriptor.is_found());
154 // |location| is just a pre-fetched GetDetails(descriptor).location().
155 DCHECK_EQ(location, GetDetails(descriptor).location());
156 if (location == PropertyLocation::kField) {
157 return handle(GetFieldType(descriptor), isolate_);
158 } else {
159 return GetValue(descriptor).OptimalType(isolate_, representation);
160 }
161 }
162
GetOrComputeFieldType(Handle<DescriptorArray> descriptors,InternalIndex descriptor,PropertyLocation location,Representation representation)163 Handle<FieldType> MapUpdater::GetOrComputeFieldType(
164 Handle<DescriptorArray> descriptors, InternalIndex descriptor,
165 PropertyLocation location, Representation representation) {
166 // |location| is just a pre-fetched GetDetails(descriptor).location().
167 DCHECK_EQ(descriptors->GetDetails(descriptor).location(), location);
168 if (location == PropertyLocation::kField) {
169 return handle(descriptors->GetFieldType(descriptor), isolate_);
170 } else {
171 return descriptors->GetStrongValue(descriptor)
172 .OptimalType(isolate_, representation);
173 }
174 }
175
ReconfigureToDataField(InternalIndex descriptor,PropertyAttributes attributes,PropertyConstness constness,Representation representation,Handle<FieldType> field_type)176 Handle<Map> MapUpdater::ReconfigureToDataField(InternalIndex descriptor,
177 PropertyAttributes attributes,
178 PropertyConstness constness,
179 Representation representation,
180 Handle<FieldType> field_type) {
181 DCHECK_EQ(kInitialized, state_);
182 DCHECK(descriptor.is_found());
183 DCHECK(!old_map_->is_dictionary_map());
184
185 base::SharedMutexGuard<base::kExclusive> mutex_guard(
186 isolate_->map_updater_access());
187
188 modified_descriptor_ = descriptor;
189 new_kind_ = PropertyKind::kData;
190 new_attributes_ = attributes;
191 new_location_ = PropertyLocation::kField;
192
193 PropertyDetails old_details =
194 old_descriptors_->GetDetails(modified_descriptor_);
195
196 // If property kind is not reconfigured merge the result with
197 // representation/field type from the old descriptor.
198 if (old_details.kind() == new_kind_) {
199 new_constness_ = GeneralizeConstness(constness, old_details.constness());
200
201 Representation old_representation = old_details.representation();
202 new_representation_ = representation.generalize(old_representation);
203
204 Handle<FieldType> old_field_type =
205 GetOrComputeFieldType(old_descriptors_, modified_descriptor_,
206 old_details.location(), new_representation_);
207
208 new_field_type_ =
209 GeneralizeFieldType(old_representation, old_field_type,
210 new_representation_, field_type, isolate_);
211 } else {
212 // We don't know if this is a first property kind reconfiguration
213 // and we don't know which value was in this property previously
214 // therefore we can't treat such a property as constant.
215 new_constness_ = PropertyConstness::kMutable;
216 new_representation_ = representation;
217 new_field_type_ = field_type;
218 }
219
220 Map::GeneralizeIfCanHaveTransitionableFastElementsKind(
221 isolate_, old_map_->instance_type(), &new_representation_,
222 &new_field_type_);
223
224 if (TryReconfigureToDataFieldInplace() == kEnd) return result_map_;
225 if (FindRootMap() == kEnd) return result_map_;
226 if (FindTargetMap() == kEnd) return result_map_;
227 if (ConstructNewMap() == kAtIntegrityLevelSource) {
228 ConstructNewMapWithIntegrityLevelTransition();
229 }
230 DCHECK_EQ(kEnd, state_);
231 return result_map_;
232 }
233
ReconfigureElementsKind(ElementsKind elements_kind)234 Handle<Map> MapUpdater::ReconfigureElementsKind(ElementsKind elements_kind) {
235 DCHECK_EQ(kInitialized, state_);
236
237 base::SharedMutexGuard<base::kExclusive> mutex_guard(
238 isolate_->map_updater_access());
239
240 new_elements_kind_ = elements_kind;
241 is_transitionable_fast_elements_kind_ =
242 IsTransitionableFastElementsKind(new_elements_kind_);
243
244 if (FindRootMap() == kEnd) return result_map_;
245 if (FindTargetMap() == kEnd) return result_map_;
246 if (ConstructNewMap() == kAtIntegrityLevelSource) {
247 ConstructNewMapWithIntegrityLevelTransition();
248 }
249 DCHECK_EQ(kEnd, state_);
250 return result_map_;
251 }
252
253 // static
UpdateMapNoLock(Isolate * isolate,Handle<Map> map)254 Handle<Map> MapUpdater::UpdateMapNoLock(Isolate* isolate, Handle<Map> map) {
255 if (!map->is_deprecated()) return map;
256 // TODO(ishell): support fast map updating if we enable it.
257 CHECK(!FLAG_fast_map_update);
258 MapUpdater mu(isolate, map);
259 // Update map without locking the Isolate::map_updater_access mutex.
260 return mu.UpdateImpl();
261 }
262
Update()263 Handle<Map> MapUpdater::Update() {
264 base::SharedMutexGuard<base::kExclusive> mutex_guard(
265 isolate_->map_updater_access());
266 return UpdateImpl();
267 }
268
UpdateImpl()269 Handle<Map> MapUpdater::UpdateImpl() {
270 DCHECK_EQ(kInitialized, state_);
271 DCHECK(old_map_->is_deprecated());
272
273 if (FindRootMap() == kEnd) return result_map_;
274 if (FindTargetMap() == kEnd) return result_map_;
275 if (ConstructNewMap() == kAtIntegrityLevelSource) {
276 ConstructNewMapWithIntegrityLevelTransition();
277 }
278 DCHECK_EQ(kEnd, state_);
279 if (FLAG_fast_map_update) {
280 TransitionsAccessor::SetMigrationTarget(isolate_, old_map_, *result_map_);
281 }
282 return result_map_;
283 }
284
285 namespace {
286
287 struct IntegrityLevelTransitionInfo {
IntegrityLevelTransitionInfov8::internal::__anon457d41f40211::IntegrityLevelTransitionInfo288 explicit IntegrityLevelTransitionInfo(Map map)
289 : integrity_level_source_map(map) {}
290
291 bool has_integrity_level_transition = false;
292 PropertyAttributes integrity_level = NONE;
293 Map integrity_level_source_map;
294 Symbol integrity_level_symbol;
295 };
296
DetectIntegrityLevelTransitions(Map map,Isolate * isolate,DisallowGarbageCollection * no_gc,ConcurrencyMode cmode)297 IntegrityLevelTransitionInfo DetectIntegrityLevelTransitions(
298 Map map, Isolate* isolate, DisallowGarbageCollection* no_gc,
299 ConcurrencyMode cmode) {
300 IntegrityLevelTransitionInfo info(map);
301
302 // Figure out the most restrictive integrity level transition (it should
303 // be the last one in the transition tree).
304 DCHECK(!map.is_extensible());
305 Map previous = Map::cast(map.GetBackPointer(isolate));
306 TransitionsAccessor last_transitions(isolate, previous, IsConcurrent(cmode));
307 if (!last_transitions.HasIntegrityLevelTransitionTo(
308 map, &info.integrity_level_symbol, &info.integrity_level)) {
309 // The last transition was not integrity level transition - just bail out.
310 // This can happen in the following cases:
311 // - there are private symbol transitions following the integrity level
312 // transitions (see crbug.com/v8/8854).
313 // - there is a getter added in addition to an existing setter (or a setter
314 // in addition to an existing getter).
315 return info;
316 }
317
318 Map source_map = previous;
319 // Now walk up the back pointer chain and skip all integrity level
320 // transitions. If we encounter any non-integrity level transition interleaved
321 // with integrity level transitions, just bail out.
322 while (!source_map.is_extensible()) {
323 previous = Map::cast(source_map.GetBackPointer(isolate));
324 TransitionsAccessor transitions(isolate, previous, IsConcurrent(cmode));
325 if (!transitions.HasIntegrityLevelTransitionTo(source_map)) {
326 return info;
327 }
328 source_map = previous;
329 }
330
331 // Integrity-level transitions never change number of descriptors.
332 CHECK_EQ(map.NumberOfOwnDescriptors(), source_map.NumberOfOwnDescriptors());
333
334 info.has_integrity_level_transition = true;
335 info.integrity_level_source_map = source_map;
336 return info;
337 }
338
339 } // namespace
340
341 // static
TryUpdateNoLock(Isolate * isolate,Map old_map,ConcurrencyMode cmode)342 base::Optional<Map> MapUpdater::TryUpdateNoLock(Isolate* isolate, Map old_map,
343 ConcurrencyMode cmode) {
344 DisallowGarbageCollection no_gc;
345
346 // Check the state of the root map.
347 Map root_map = old_map.FindRootMap(isolate);
348 if (root_map.is_deprecated()) {
349 JSFunction constructor = JSFunction::cast(root_map.GetConstructor());
350 DCHECK(constructor.has_initial_map());
351 DCHECK(constructor.initial_map().is_dictionary_map());
352 if (constructor.initial_map().elements_kind() != old_map.elements_kind()) {
353 return {};
354 }
355 return constructor.initial_map();
356 }
357 if (!old_map.EquivalentToForTransition(root_map, cmode)) return {};
358
359 ElementsKind from_kind = root_map.elements_kind();
360 ElementsKind to_kind = old_map.elements_kind();
361
362 IntegrityLevelTransitionInfo info(old_map);
363 if (root_map.is_extensible() != old_map.is_extensible()) {
364 DCHECK(!old_map.is_extensible());
365 DCHECK(root_map.is_extensible());
366 info = DetectIntegrityLevelTransitions(old_map, isolate, &no_gc, cmode);
367 // Bail out if there were some private symbol transitions mixed up
368 // with the integrity level transitions.
369 if (!info.has_integrity_level_transition) return Map();
370 // Make sure to replay the original elements kind transitions, before
371 // the integrity level transition sets the elements to dictionary mode.
372 DCHECK(to_kind == DICTIONARY_ELEMENTS ||
373 to_kind == SLOW_STRING_WRAPPER_ELEMENTS ||
374 IsTypedArrayElementsKind(to_kind) ||
375 IsAnyHoleyNonextensibleElementsKind(to_kind));
376 to_kind = info.integrity_level_source_map.elements_kind();
377 }
378 if (from_kind != to_kind) {
379 // Try to follow existing elements kind transitions.
380 root_map = root_map.LookupElementsTransitionMap(isolate, to_kind, cmode);
381 if (root_map.is_null()) return {};
382 // From here on, use the map with correct elements kind as root map.
383 }
384
385 // Replay the transitions as they were before the integrity level transition.
386 Map result = root_map.TryReplayPropertyTransitions(
387 isolate, info.integrity_level_source_map, cmode);
388 if (result.is_null()) return {};
389
390 if (info.has_integrity_level_transition) {
391 // Now replay the integrity level transition.
392 result = TransitionsAccessor(isolate, result, IsConcurrent(cmode))
393 .SearchSpecial(info.integrity_level_symbol);
394 }
395 if (result.is_null()) return {};
396
397 DCHECK_EQ(old_map.elements_kind(), result.elements_kind());
398 DCHECK_EQ(old_map.instance_type(), result.instance_type());
399 return result;
400 }
401
GeneralizeField(Handle<Map> map,InternalIndex modify_index,PropertyConstness new_constness,Representation new_representation,Handle<FieldType> new_field_type)402 void MapUpdater::GeneralizeField(Handle<Map> map, InternalIndex modify_index,
403 PropertyConstness new_constness,
404 Representation new_representation,
405 Handle<FieldType> new_field_type) {
406 GeneralizeField(isolate_, map, modify_index, new_constness,
407 new_representation, new_field_type);
408
409 DCHECK(*old_descriptors_ == old_map_->instance_descriptors(isolate_) ||
410 *old_descriptors_ ==
411 integrity_source_map_->instance_descriptors(isolate_));
412 }
413
Normalize(const char * reason)414 MapUpdater::State MapUpdater::Normalize(const char* reason) {
415 result_map_ = Map::Normalize(isolate_, old_map_, new_elements_kind_,
416 CLEAR_INOBJECT_PROPERTIES, reason);
417 state_ = kEnd;
418 return state_; // Done.
419 }
420
421 // static
CompleteInobjectSlackTracking(Isolate * isolate,Map initial_map)422 void MapUpdater::CompleteInobjectSlackTracking(Isolate* isolate,
423 Map initial_map) {
424 // Has to be an initial map.
425 DCHECK(initial_map.GetBackPointer().IsUndefined(isolate));
426
427 const int slack = initial_map.ComputeMinObjectSlack(isolate);
428 DCHECK_GE(slack, 0);
429
430 TransitionsAccessor transitions(isolate, initial_map);
431 TransitionsAccessor::TraverseCallback callback;
432 if (slack != 0) {
433 // Resize the initial map and all maps in its transition tree.
434 callback = [slack](Map map) {
435 #ifdef DEBUG
436 int old_visitor_id = Map::GetVisitorId(map);
437 int new_unused = map.UnusedPropertyFields() - slack;
438 #endif
439 map.set_instance_size(map.InstanceSizeFromSlack(slack));
440 map.set_construction_counter(Map::kNoSlackTracking);
441 DCHECK_EQ(old_visitor_id, Map::GetVisitorId(map));
442 DCHECK_EQ(new_unused, map.UnusedPropertyFields());
443 };
444 } else {
445 // Stop slack tracking for this map.
446 callback = [](Map map) {
447 map.set_construction_counter(Map::kNoSlackTracking);
448 };
449 }
450
451 {
452 // The map_updater_access lock is taken here to guarantee atomicity of all
453 // related map changes (instead of guaranteeing only atomicity of each
454 // single map change). This is needed e.g. by InstancesNeedsRewriting,
455 // which expects certain relations between maps to hold.
456 //
457 // Note: Avoid locking the full_transition_array_access lock inside this
458 // call to TraverseTransitionTree to prevent dependencies between the two
459 // locks.
460 base::SharedMutexGuard<base::kExclusive> mutex_guard(
461 isolate->map_updater_access());
462 transitions.TraverseTransitionTree(callback);
463 }
464 }
465
TryReconfigureToDataFieldInplace()466 MapUpdater::State MapUpdater::TryReconfigureToDataFieldInplace() {
467 // Updating deprecated maps in-place doesn't make sense.
468 if (old_map_->is_deprecated()) return state_;
469
470 if (new_representation_.IsNone()) return state_; // Not done yet.
471
472 PropertyDetails old_details =
473 old_descriptors_->GetDetails(modified_descriptor_);
474
475 if (old_details.attributes() != new_attributes_ ||
476 old_details.kind() != new_kind_ ||
477 old_details.location() != new_location_) {
478 // These changes can't be done in-place.
479 return state_; // Not done yet.
480 }
481
482 Representation old_representation = old_details.representation();
483 if (!old_representation.CanBeInPlaceChangedTo(new_representation_)) {
484 return state_; // Not done yet.
485 }
486
487 DCHECK_EQ(new_kind_, old_details.kind());
488 DCHECK_EQ(new_attributes_, old_details.attributes());
489 DCHECK_EQ(PropertyLocation::kField, old_details.location());
490 if (FLAG_trace_generalization) {
491 PrintGeneralization(
492 isolate_, old_map_, stdout, "uninitialized field", modified_descriptor_,
493 old_nof_, old_nof_, false, old_representation, new_representation_,
494 old_details.constness(), new_constness_,
495 handle(old_descriptors_->GetFieldType(modified_descriptor_), isolate_),
496 MaybeHandle<Object>(), new_field_type_, MaybeHandle<Object>());
497 }
498 GeneralizeField(old_map_, modified_descriptor_, new_constness_,
499 new_representation_, new_field_type_);
500 // Check that the descriptor array was updated.
501 DCHECK(old_descriptors_->GetDetails(modified_descriptor_)
502 .representation()
503 .Equals(new_representation_));
504 DCHECK(old_descriptors_->GetFieldType(modified_descriptor_)
505 .NowIs(new_field_type_));
506
507 result_map_ = old_map_;
508 state_ = kEnd;
509 return state_; // Done.
510 }
511
TrySaveIntegrityLevelTransitions()512 bool MapUpdater::TrySaveIntegrityLevelTransitions() {
513 // Figure out the most restrictive integrity level transition (it should
514 // be the last one in the transition tree).
515 Handle<Map> previous =
516 handle(Map::cast(old_map_->GetBackPointer()), isolate_);
517 Symbol integrity_level_symbol;
518 TransitionsAccessor last_transitions(isolate_, *previous);
519 if (!last_transitions.HasIntegrityLevelTransitionTo(
520 *old_map_, &integrity_level_symbol, &integrity_level_)) {
521 // The last transition was not integrity level transition - just bail out.
522 // This can happen in the following cases:
523 // - there are private symbol transitions following the integrity level
524 // transitions (see crbug.com/v8/8854).
525 // - there is a getter added in addition to an existing setter (or a setter
526 // in addition to an existing getter).
527 return false;
528 }
529 integrity_level_symbol_ = handle(integrity_level_symbol, isolate_);
530 integrity_source_map_ = previous;
531
532 // Now walk up the back pointer chain and skip all integrity level
533 // transitions. If we encounter any non-integrity level transition interleaved
534 // with integrity level transitions, just bail out.
535 while (!integrity_source_map_->is_extensible()) {
536 previous =
537 handle(Map::cast(integrity_source_map_->GetBackPointer()), isolate_);
538 TransitionsAccessor transitions(isolate_, *previous);
539 if (!transitions.HasIntegrityLevelTransitionTo(*integrity_source_map_)) {
540 return false;
541 }
542 integrity_source_map_ = previous;
543 }
544
545 // Integrity-level transitions never change number of descriptors.
546 CHECK_EQ(old_map_->NumberOfOwnDescriptors(),
547 integrity_source_map_->NumberOfOwnDescriptors());
548
549 has_integrity_level_transition_ = true;
550 old_descriptors_ =
551 handle(integrity_source_map_->instance_descriptors(isolate_), isolate_);
552 return true;
553 }
554
FindRootMap()555 MapUpdater::State MapUpdater::FindRootMap() {
556 DCHECK_EQ(kInitialized, state_);
557 // Check the state of the root map.
558 root_map_ = handle(old_map_->FindRootMap(isolate_), isolate_);
559 ElementsKind from_kind = root_map_->elements_kind();
560 ElementsKind to_kind = new_elements_kind_;
561
562 if (root_map_->is_deprecated()) {
563 state_ = kEnd;
564 result_map_ = handle(
565 JSFunction::cast(root_map_->GetConstructor()).initial_map(), isolate_);
566 result_map_ = Map::AsElementsKind(isolate_, result_map_, to_kind);
567 DCHECK(result_map_->is_dictionary_map());
568 return state_;
569 }
570
571 if (!old_map_->EquivalentToForTransition(*root_map_,
572 ConcurrencyMode::kSynchronous)) {
573 return Normalize("Normalize_NotEquivalent");
574 } else if (old_map_->is_extensible() != root_map_->is_extensible()) {
575 DCHECK(!old_map_->is_extensible());
576 DCHECK(root_map_->is_extensible());
577 // We have an integrity level transition in the tree, let us make a note
578 // of that transition to be able to replay it later.
579 if (!TrySaveIntegrityLevelTransitions()) {
580 return Normalize("Normalize_PrivateSymbolsOnNonExtensible");
581 }
582
583 // We want to build transitions to the original element kind (before
584 // the seal transitions), so change {to_kind} accordingly.
585 DCHECK(to_kind == DICTIONARY_ELEMENTS ||
586 to_kind == SLOW_STRING_WRAPPER_ELEMENTS ||
587 IsTypedArrayElementsKind(to_kind) ||
588 IsAnyNonextensibleElementsKind(to_kind));
589 to_kind = integrity_source_map_->elements_kind();
590 }
591
592 // TODO(ishell): Add a test for SLOW_SLOPPY_ARGUMENTS_ELEMENTS.
593 if (from_kind != to_kind && to_kind != DICTIONARY_ELEMENTS &&
594 to_kind != SLOW_STRING_WRAPPER_ELEMENTS &&
595 to_kind != SLOW_SLOPPY_ARGUMENTS_ELEMENTS &&
596 !(IsTransitionableFastElementsKind(from_kind) &&
597 IsMoreGeneralElementsKindTransition(from_kind, to_kind))) {
598 return Normalize("Normalize_InvalidElementsTransition");
599 }
600
601 int root_nof = root_map_->NumberOfOwnDescriptors();
602 if (modified_descriptor_.is_found() &&
603 modified_descriptor_.as_int() < root_nof) {
604 PropertyDetails old_details =
605 old_descriptors_->GetDetails(modified_descriptor_);
606 if (old_details.kind() != new_kind_ ||
607 old_details.attributes() != new_attributes_) {
608 return Normalize("Normalize_RootModification1");
609 }
610 if (old_details.location() != PropertyLocation::kField) {
611 return Normalize("Normalize_RootModification2");
612 }
613 if (!new_representation_.fits_into(old_details.representation())) {
614 return Normalize("Normalize_RootModification4");
615 }
616
617 DCHECK_EQ(PropertyKind::kData, old_details.kind());
618 DCHECK_EQ(PropertyKind::kData, new_kind_);
619 DCHECK_EQ(PropertyLocation::kField, new_location_);
620
621 // Modify root map in-place. The GeneralizeField method is a no-op
622 // if the {old_map_} is already general enough to hold the requested
623 // {new_constness_} and {new_field_type_}.
624 GeneralizeField(old_map_, modified_descriptor_, new_constness_,
625 old_details.representation(), new_field_type_);
626 }
627
628 // From here on, use the map with correct elements kind as root map.
629 root_map_ = Map::AsElementsKind(isolate_, root_map_, to_kind);
630 state_ = kAtRootMap;
631 return state_; // Not done yet.
632 }
633
FindTargetMap()634 MapUpdater::State MapUpdater::FindTargetMap() {
635 DCHECK_EQ(kAtRootMap, state_);
636 target_map_ = root_map_;
637
638 int root_nof = root_map_->NumberOfOwnDescriptors();
639 for (InternalIndex i : InternalIndex::Range(root_nof, old_nof_)) {
640 PropertyDetails old_details = GetDetails(i);
641 Handle<Map> tmp_map;
642 MaybeHandle<Map> maybe_tmp_map = TransitionsAccessor::SearchTransition(
643 isolate_, target_map_, GetKey(i), old_details.kind(),
644 old_details.attributes());
645 if (!maybe_tmp_map.ToHandle(&tmp_map)) break;
646 Handle<DescriptorArray> tmp_descriptors(
647 tmp_map->instance_descriptors(isolate_), isolate_);
648
649 // Check if target map is incompatible.
650 PropertyDetails tmp_details = tmp_descriptors->GetDetails(i);
651 DCHECK_EQ(old_details.kind(), tmp_details.kind());
652 DCHECK_EQ(old_details.attributes(), tmp_details.attributes());
653 if (old_details.kind() == PropertyKind::kAccessor &&
654 !EqualImmutableValues(GetValue(i),
655 tmp_descriptors->GetStrongValue(i))) {
656 // TODO(ishell): mutable accessors are not implemented yet.
657 return Normalize("Normalize_Incompatible");
658 }
659 if (!IsGeneralizableTo(old_details.location(), tmp_details.location())) {
660 break;
661 }
662 Representation tmp_representation = tmp_details.representation();
663 if (!old_details.representation().fits_into(tmp_representation)) {
664 // Try updating the field in-place to a generalized type.
665 Representation generalized =
666 tmp_representation.generalize(old_details.representation());
667 if (!tmp_representation.CanBeInPlaceChangedTo(generalized)) {
668 break;
669 }
670 tmp_representation = generalized;
671 }
672
673 if (tmp_details.location() == PropertyLocation::kField) {
674 Handle<FieldType> old_field_type =
675 GetOrComputeFieldType(i, old_details.location(), tmp_representation);
676 GeneralizeField(tmp_map, i, old_details.constness(), tmp_representation,
677 old_field_type);
678 } else {
679 // kDescriptor: Check that the value matches.
680 if (!EqualImmutableValues(GetValue(i),
681 tmp_descriptors->GetStrongValue(i))) {
682 break;
683 }
684 }
685 DCHECK(!tmp_map->is_deprecated());
686 target_map_ = tmp_map;
687 }
688
689 // Directly change the map if the target map is more general.
690 int target_nof = target_map_->NumberOfOwnDescriptors();
691 if (target_nof == old_nof_) {
692 #ifdef DEBUG
693 if (modified_descriptor_.is_found()) {
694 DescriptorArray target_descriptors =
695 target_map_->instance_descriptors(isolate_);
696 PropertyDetails details =
697 target_descriptors.GetDetails(modified_descriptor_);
698 DCHECK_EQ(new_kind_, details.kind());
699 DCHECK_EQ(GetDetails(modified_descriptor_).attributes(),
700 details.attributes());
701 DCHECK(IsGeneralizableTo(new_constness_, details.constness()));
702 DCHECK_EQ(new_location_, details.location());
703 DCHECK(new_representation_.fits_into(details.representation()));
704 if (new_location_ == PropertyLocation::kField) {
705 DCHECK_EQ(PropertyLocation::kField, details.location());
706 DCHECK(new_field_type_->NowIs(
707 target_descriptors.GetFieldType(modified_descriptor_)));
708 } else {
709 DCHECK(details.location() == PropertyLocation::kField ||
710 EqualImmutableValues(
711 *new_value_,
712 target_descriptors.GetStrongValue(modified_descriptor_)));
713 }
714 }
715 #endif
716 if (*target_map_ != *old_map_) {
717 old_map_->NotifyLeafMapLayoutChange(isolate_);
718 }
719 if (!has_integrity_level_transition_) {
720 result_map_ = target_map_;
721 state_ = kEnd;
722 return state_; // Done.
723 }
724
725 // We try to replay the integrity level transition here.
726 MaybeHandle<Map> maybe_transition = TransitionsAccessor::SearchSpecial(
727 isolate_, target_map_, *integrity_level_symbol_);
728 if (maybe_transition.ToHandle(&result_map_)) {
729 state_ = kEnd;
730 return state_; // Done.
731 }
732 }
733
734 // Find the last compatible target map in the transition tree.
735 for (InternalIndex i : InternalIndex::Range(target_nof, old_nof_)) {
736 PropertyDetails old_details = GetDetails(i);
737 Handle<Map> tmp_map;
738 MaybeHandle<Map> maybe_tmp_map = TransitionsAccessor::SearchTransition(
739 isolate_, target_map_, GetKey(i), old_details.kind(),
740 old_details.attributes());
741 if (!maybe_tmp_map.ToHandle(&tmp_map)) break;
742 Handle<DescriptorArray> tmp_descriptors(
743 tmp_map->instance_descriptors(isolate_), isolate_);
744 #ifdef DEBUG
745 // Check that target map is compatible.
746 PropertyDetails tmp_details = tmp_descriptors->GetDetails(i);
747 DCHECK_EQ(old_details.kind(), tmp_details.kind());
748 DCHECK_EQ(old_details.attributes(), tmp_details.attributes());
749 #endif
750 if (old_details.kind() == PropertyKind::kAccessor &&
751 !EqualImmutableValues(GetValue(i),
752 tmp_descriptors->GetStrongValue(i))) {
753 return Normalize("Normalize_Incompatible");
754 }
755 DCHECK(!tmp_map->is_deprecated());
756 target_map_ = tmp_map;
757 }
758
759 state_ = kAtTargetMap;
760 return state_; // Not done yet.
761 }
762
BuildDescriptorArray()763 Handle<DescriptorArray> MapUpdater::BuildDescriptorArray() {
764 InstanceType instance_type = old_map_->instance_type();
765 int target_nof = target_map_->NumberOfOwnDescriptors();
766 Handle<DescriptorArray> target_descriptors(
767 target_map_->instance_descriptors(isolate_), isolate_);
768
769 // Allocate a new descriptor array large enough to hold the required
770 // descriptors, with minimally the exact same size as the old descriptor
771 // array.
772 int new_slack =
773 std::max<int>(old_nof_, old_descriptors_->number_of_descriptors()) -
774 old_nof_;
775 Handle<DescriptorArray> new_descriptors =
776 DescriptorArray::Allocate(isolate_, old_nof_, new_slack);
777 DCHECK(new_descriptors->number_of_all_descriptors() >
778 target_descriptors->number_of_all_descriptors() ||
779 new_descriptors->number_of_slack_descriptors() > 0 ||
780 new_descriptors->number_of_descriptors() ==
781 old_descriptors_->number_of_descriptors());
782 DCHECK(new_descriptors->number_of_descriptors() == old_nof_);
783
784 int root_nof = root_map_->NumberOfOwnDescriptors();
785
786 // Given that we passed root modification check in FindRootMap() so
787 // the root descriptors are either not modified at all or already more
788 // general than we requested. Take |root_nof| entries as is.
789 // 0 -> |root_nof|
790 int current_offset = 0;
791 for (InternalIndex i : InternalIndex::Range(root_nof)) {
792 PropertyDetails old_details = old_descriptors_->GetDetails(i);
793 if (old_details.location() == PropertyLocation::kField) {
794 current_offset += old_details.field_width_in_words();
795 }
796 Descriptor d(handle(GetKey(i), isolate_),
797 MaybeObjectHandle(old_descriptors_->GetValue(i), isolate_),
798 old_details);
799 new_descriptors->Set(i, &d);
800 }
801
802 // Merge "updated" old_descriptor entries with target_descriptor entries.
803 // |root_nof| -> |target_nof|
804 for (InternalIndex i : InternalIndex::Range(root_nof, target_nof)) {
805 Handle<Name> key(GetKey(i), isolate_);
806 PropertyDetails old_details = GetDetails(i);
807 PropertyDetails target_details = target_descriptors->GetDetails(i);
808
809 PropertyKind next_kind = old_details.kind();
810 PropertyAttributes next_attributes = old_details.attributes();
811 DCHECK_EQ(next_kind, target_details.kind());
812 DCHECK_EQ(next_attributes, target_details.attributes());
813
814 PropertyConstness next_constness = GeneralizeConstness(
815 old_details.constness(), target_details.constness());
816
817 // Note: failed values equality check does not invalidate per-object
818 // property constness.
819 PropertyLocation next_location =
820 old_details.location() == PropertyLocation::kField ||
821 target_details.location() == PropertyLocation::kField ||
822 !EqualImmutableValues(target_descriptors->GetStrongValue(i),
823 GetValue(i))
824 ? PropertyLocation::kField
825 : PropertyLocation::kDescriptor;
826
827 // Ensure that mutable values are stored in fields.
828 DCHECK_IMPLIES(next_constness == PropertyConstness::kMutable,
829 next_location == PropertyLocation::kField);
830
831 Representation next_representation =
832 old_details.representation().generalize(
833 target_details.representation());
834
835 if (next_location == PropertyLocation::kField) {
836 Handle<FieldType> old_field_type =
837 GetOrComputeFieldType(i, old_details.location(), next_representation);
838
839 Handle<FieldType> target_field_type =
840 GetOrComputeFieldType(target_descriptors, i,
841 target_details.location(), next_representation);
842
843 Handle<FieldType> next_field_type =
844 GeneralizeFieldType(old_details.representation(), old_field_type,
845 next_representation, target_field_type, isolate_);
846
847 Map::GeneralizeIfCanHaveTransitionableFastElementsKind(
848 isolate_, instance_type, &next_representation, &next_field_type);
849
850 MaybeObjectHandle wrapped_type(
851 Map::WrapFieldType(isolate_, next_field_type));
852 Descriptor d;
853 if (next_kind == PropertyKind::kData) {
854 d = Descriptor::DataField(key, current_offset, next_attributes,
855 next_constness, next_representation,
856 wrapped_type);
857 } else {
858 // TODO(ishell): mutable accessors are not implemented yet.
859 UNIMPLEMENTED();
860 }
861 current_offset += d.GetDetails().field_width_in_words();
862 new_descriptors->Set(i, &d);
863 } else {
864 DCHECK_EQ(PropertyLocation::kDescriptor, next_location);
865 DCHECK_EQ(PropertyConstness::kConst, next_constness);
866
867 Handle<Object> value(GetValue(i), isolate_);
868 DCHECK_EQ(PropertyKind::kAccessor, next_kind);
869 Descriptor d = Descriptor::AccessorConstant(key, value, next_attributes);
870 new_descriptors->Set(i, &d);
871 }
872 }
873
874 // Take "updated" old_descriptor entries.
875 // |target_nof| -> |old_nof|
876 for (InternalIndex i : InternalIndex::Range(target_nof, old_nof_)) {
877 PropertyDetails old_details = GetDetails(i);
878 Handle<Name> key(GetKey(i), isolate_);
879
880 PropertyKind next_kind = old_details.kind();
881 PropertyAttributes next_attributes = old_details.attributes();
882 PropertyConstness next_constness = old_details.constness();
883 PropertyLocation next_location = old_details.location();
884 Representation next_representation = old_details.representation();
885
886 if (next_location == PropertyLocation::kField) {
887 Handle<FieldType> next_field_type =
888 GetOrComputeFieldType(i, old_details.location(), next_representation);
889
890 // If the |new_elements_kind_| is still transitionable then the old map's
891 // elements kind is also transitionable and therefore the old descriptors
892 // array must already have generalized field type.
893 CHECK_IMPLIES(
894 is_transitionable_fast_elements_kind_,
895 Map::IsMostGeneralFieldType(next_representation, *next_field_type));
896
897 MaybeObjectHandle wrapped_type(
898 Map::WrapFieldType(isolate_, next_field_type));
899 Descriptor d;
900 if (next_kind == PropertyKind::kData) {
901 d = Descriptor::DataField(key, current_offset, next_attributes,
902 next_constness, next_representation,
903 wrapped_type);
904 } else {
905 // TODO(ishell): mutable accessors are not implemented yet.
906 UNIMPLEMENTED();
907 }
908 current_offset += d.GetDetails().field_width_in_words();
909 new_descriptors->Set(i, &d);
910 } else {
911 DCHECK_EQ(PropertyLocation::kDescriptor, next_location);
912 DCHECK_EQ(PropertyConstness::kConst, next_constness);
913
914 Handle<Object> value(GetValue(i), isolate_);
915 Descriptor d;
916 if (next_kind == PropertyKind::kData) {
917 d = Descriptor::DataConstant(key, value, next_attributes);
918 } else {
919 DCHECK_EQ(PropertyKind::kAccessor, next_kind);
920 d = Descriptor::AccessorConstant(key, value, next_attributes);
921 }
922 new_descriptors->Set(i, &d);
923 }
924 }
925
926 new_descriptors->Sort();
927 return new_descriptors;
928 }
929
FindSplitMap(Handle<DescriptorArray> descriptors)930 Handle<Map> MapUpdater::FindSplitMap(Handle<DescriptorArray> descriptors) {
931 int root_nof = root_map_->NumberOfOwnDescriptors();
932 Map current = *root_map_;
933 for (InternalIndex i : InternalIndex::Range(root_nof, old_nof_)) {
934 Name name = descriptors->GetKey(i);
935 PropertyDetails details = descriptors->GetDetails(i);
936 Map next =
937 TransitionsAccessor(isolate_, current)
938 .SearchTransition(name, details.kind(), details.attributes());
939 if (next.is_null()) break;
940 DescriptorArray next_descriptors = next.instance_descriptors(isolate_);
941
942 PropertyDetails next_details = next_descriptors.GetDetails(i);
943 DCHECK_EQ(details.kind(), next_details.kind());
944 DCHECK_EQ(details.attributes(), next_details.attributes());
945 if (details.constness() != next_details.constness()) break;
946 if (details.location() != next_details.location()) break;
947 if (!details.representation().Equals(next_details.representation())) break;
948
949 if (next_details.location() == PropertyLocation::kField) {
950 FieldType next_field_type = next_descriptors.GetFieldType(i);
951 if (!descriptors->GetFieldType(i).NowIs(next_field_type)) {
952 break;
953 }
954 } else {
955 if (!EqualImmutableValues(descriptors->GetStrongValue(i),
956 next_descriptors.GetStrongValue(i))) {
957 break;
958 }
959 }
960 current = next;
961 }
962 return handle(current, isolate_);
963 }
964
ConstructNewMap()965 MapUpdater::State MapUpdater::ConstructNewMap() {
966 Handle<DescriptorArray> new_descriptors = BuildDescriptorArray();
967
968 Handle<Map> split_map = FindSplitMap(new_descriptors);
969 int split_nof = split_map->NumberOfOwnDescriptors();
970 if (old_nof_ == split_nof) {
971 CHECK(has_integrity_level_transition_);
972 state_ = kAtIntegrityLevelSource;
973 return state_;
974 }
975 InternalIndex split_index(split_nof);
976 PropertyDetails split_details = GetDetails(split_index);
977
978 // Invalidate a transition target at |key|.
979 MaybeHandle<Map> maybe_transition = TransitionsAccessor::SearchTransition(
980 isolate_, split_map, GetKey(split_index), split_details.kind(),
981 split_details.attributes());
982 if (!maybe_transition.is_null()) {
983 maybe_transition.ToHandleChecked()->DeprecateTransitionTree(isolate_);
984 }
985
986 // If |maybe_transition| is not nullptr then the transition array already
987 // contains entry for given descriptor. This means that the transition
988 // could be inserted regardless of whether transitions array is full or not.
989 if (maybe_transition.is_null() &&
990 !TransitionsAccessor::CanHaveMoreTransitions(isolate_, split_map)) {
991 return Normalize("Normalize_CantHaveMoreTransitions");
992 }
993
994 old_map_->NotifyLeafMapLayoutChange(isolate_);
995
996 if (FLAG_trace_generalization && modified_descriptor_.is_found()) {
997 PropertyDetails old_details =
998 old_descriptors_->GetDetails(modified_descriptor_);
999 PropertyDetails new_details =
1000 new_descriptors->GetDetails(modified_descriptor_);
1001 MaybeHandle<FieldType> old_field_type;
1002 MaybeHandle<FieldType> new_field_type;
1003 MaybeHandle<Object> old_value;
1004 MaybeHandle<Object> new_value;
1005 if (old_details.location() == PropertyLocation::kField) {
1006 old_field_type = handle(
1007 old_descriptors_->GetFieldType(modified_descriptor_), isolate_);
1008 } else {
1009 old_value = handle(old_descriptors_->GetStrongValue(modified_descriptor_),
1010 isolate_);
1011 }
1012 if (new_details.location() == PropertyLocation::kField) {
1013 new_field_type =
1014 handle(new_descriptors->GetFieldType(modified_descriptor_), isolate_);
1015 } else {
1016 new_value = handle(new_descriptors->GetStrongValue(modified_descriptor_),
1017 isolate_);
1018 }
1019
1020 PrintGeneralization(
1021 isolate_, old_map_, stdout, "", modified_descriptor_, split_nof,
1022 old_nof_,
1023 old_details.location() == PropertyLocation::kDescriptor &&
1024 new_location_ == PropertyLocation::kField,
1025 old_details.representation(), new_details.representation(),
1026 old_details.constness(), new_details.constness(), old_field_type,
1027 old_value, new_field_type, new_value);
1028 }
1029
1030 Handle<Map> new_map =
1031 Map::AddMissingTransitions(isolate_, split_map, new_descriptors);
1032
1033 // Deprecated part of the transition tree is no longer reachable, so replace
1034 // current instance descriptors in the "survived" part of the tree with
1035 // the new descriptors to maintain descriptors sharing invariant.
1036 split_map->ReplaceDescriptors(isolate_, *new_descriptors);
1037
1038 if (has_integrity_level_transition_) {
1039 target_map_ = new_map;
1040 state_ = kAtIntegrityLevelSource;
1041 } else {
1042 result_map_ = new_map;
1043 state_ = kEnd;
1044 }
1045 return state_; // Done.
1046 }
1047
ConstructNewMapWithIntegrityLevelTransition()1048 MapUpdater::State MapUpdater::ConstructNewMapWithIntegrityLevelTransition() {
1049 DCHECK_EQ(kAtIntegrityLevelSource, state_);
1050
1051 if (!TransitionsAccessor::CanHaveMoreTransitions(isolate_, target_map_)) {
1052 return Normalize("Normalize_CantHaveMoreTransitions");
1053 }
1054
1055 result_map_ = Map::CopyForPreventExtensions(
1056 isolate_, target_map_, integrity_level_, integrity_level_symbol_,
1057 "CopyForPreventExtensions",
1058 old_map_->elements_kind() == DICTIONARY_ELEMENTS);
1059 DCHECK_IMPLIES(old_map_->elements_kind() == DICTIONARY_ELEMENTS,
1060 result_map_->elements_kind() == DICTIONARY_ELEMENTS);
1061
1062 state_ = kEnd;
1063 return state_;
1064 }
1065
1066 namespace {
1067
PrintReconfiguration(Isolate * isolate,Handle<Map> map,FILE * file,InternalIndex modify_index,PropertyKind kind,PropertyAttributes attributes)1068 void PrintReconfiguration(Isolate* isolate, Handle<Map> map, FILE* file,
1069 InternalIndex modify_index, PropertyKind kind,
1070 PropertyAttributes attributes) {
1071 OFStream os(file);
1072 os << "[reconfiguring]";
1073 Name name = map->instance_descriptors(isolate).GetKey(modify_index);
1074 if (name.IsString()) {
1075 String::cast(name).PrintOn(file);
1076 } else {
1077 os << "{symbol " << reinterpret_cast<void*>(name.ptr()) << "}";
1078 }
1079 os << ": " << (kind == PropertyKind::kData ? "kData" : "ACCESSORS")
1080 << ", attrs: ";
1081 os << attributes << " [";
1082 JavaScriptFrame::PrintTop(isolate, file, false, true);
1083 os << "]\n";
1084 }
1085
1086 } // namespace
1087
1088 // static
ReconfigureExistingProperty(Isolate * isolate,Handle<Map> map,InternalIndex descriptor,PropertyKind kind,PropertyAttributes attributes,PropertyConstness constness)1089 Handle<Map> MapUpdater::ReconfigureExistingProperty(
1090 Isolate* isolate, Handle<Map> map, InternalIndex descriptor,
1091 PropertyKind kind, PropertyAttributes attributes,
1092 PropertyConstness constness) {
1093 // Dictionaries have to be reconfigured in-place.
1094 DCHECK(!map->is_dictionary_map());
1095 DCHECK_EQ(PropertyKind::kData, kind); // Only kData case is supported so far.
1096
1097 if (!map->GetBackPointer().IsMap()) {
1098 // There is no benefit from reconstructing transition tree for maps without
1099 // back pointers, normalize and try to hit the map cache instead.
1100 return Map::Normalize(isolate, map, CLEAR_INOBJECT_PROPERTIES,
1101 "Normalize_AttributesMismatchProtoMap");
1102 }
1103
1104 if (FLAG_trace_generalization) {
1105 PrintReconfiguration(isolate, map, stdout, descriptor, kind, attributes);
1106 }
1107
1108 return MapUpdater{isolate, map}.ReconfigureToDataField(
1109 descriptor, attributes, constness, Representation::None(),
1110 FieldType::None(isolate));
1111 }
1112
1113 // static
UpdateFieldType(Isolate * isolate,Handle<Map> map,InternalIndex descriptor,Handle<Name> name,PropertyConstness new_constness,Representation new_representation,const MaybeObjectHandle & new_wrapped_type)1114 void MapUpdater::UpdateFieldType(Isolate* isolate, Handle<Map> map,
1115 InternalIndex descriptor, Handle<Name> name,
1116 PropertyConstness new_constness,
1117 Representation new_representation,
1118 const MaybeObjectHandle& new_wrapped_type) {
1119 DCHECK(new_wrapped_type->IsSmi() || new_wrapped_type->IsWeak());
1120 // We store raw pointers in the queue, so no allocations are allowed.
1121 PropertyDetails details =
1122 map->instance_descriptors(isolate).GetDetails(descriptor);
1123 if (details.location() != PropertyLocation::kField) return;
1124 DCHECK_EQ(PropertyKind::kData, details.kind());
1125
1126 if (new_constness != details.constness() && map->is_prototype_map()) {
1127 JSObject::InvalidatePrototypeChains(*map);
1128 }
1129
1130 std::queue<Map> backlog;
1131 backlog.push(*map);
1132
1133 while (!backlog.empty()) {
1134 Map current = backlog.front();
1135 backlog.pop();
1136
1137 TransitionsAccessor transitions(isolate, current);
1138 int num_transitions = transitions.NumberOfTransitions();
1139 for (int i = 0; i < num_transitions; ++i) {
1140 Map target = transitions.GetTarget(i);
1141 backlog.push(target);
1142 }
1143 DescriptorArray descriptors = current.instance_descriptors(isolate);
1144 details = descriptors.GetDetails(descriptor);
1145
1146 // It is allowed to change representation here only from None
1147 // to something or from Smi or HeapObject to Tagged.
1148 DCHECK(details.representation().Equals(new_representation) ||
1149 details.representation().CanBeInPlaceChangedTo(new_representation));
1150
1151 // Skip if already updated the shared descriptor.
1152 if (new_constness != details.constness() ||
1153 !new_representation.Equals(details.representation()) ||
1154 descriptors.GetFieldType(descriptor) != *new_wrapped_type.object()) {
1155 Descriptor d = Descriptor::DataField(
1156 name, descriptors.GetFieldIndex(descriptor), details.attributes(),
1157 new_constness, new_representation, new_wrapped_type);
1158 descriptors.Replace(descriptor, &d);
1159 }
1160 }
1161 }
1162
1163 // TODO(jgruber): Lock the map-updater mutex.
1164 // static
GeneralizeField(Isolate * isolate,Handle<Map> map,InternalIndex modify_index,PropertyConstness new_constness,Representation new_representation,Handle<FieldType> new_field_type)1165 void MapUpdater::GeneralizeField(Isolate* isolate, Handle<Map> map,
1166 InternalIndex modify_index,
1167 PropertyConstness new_constness,
1168 Representation new_representation,
1169 Handle<FieldType> new_field_type) {
1170 DCHECK(!map->is_deprecated());
1171
1172 // Check if we actually need to generalize the field type at all.
1173 Handle<DescriptorArray> old_descriptors(map->instance_descriptors(isolate),
1174 isolate);
1175 PropertyDetails old_details = old_descriptors->GetDetails(modify_index);
1176 PropertyConstness old_constness = old_details.constness();
1177 Representation old_representation = old_details.representation();
1178 Handle<FieldType> old_field_type(old_descriptors->GetFieldType(modify_index),
1179 isolate);
1180
1181 // Return if the current map is general enough to hold requested constness and
1182 // representation/field type.
1183 if (IsGeneralizableTo(new_constness, old_constness) &&
1184 old_representation.Equals(new_representation) &&
1185 !Map::FieldTypeIsCleared(new_representation, *new_field_type) &&
1186 // Checking old_field_type for being cleared is not necessary because
1187 // the NowIs check below would fail anyway in that case.
1188 new_field_type->NowIs(old_field_type)) {
1189 DCHECK(GeneralizeFieldType(old_representation, old_field_type,
1190 new_representation, new_field_type, isolate)
1191 ->NowIs(old_field_type));
1192 return;
1193 }
1194
1195 // Determine the field owner.
1196 Handle<Map> field_owner(map->FindFieldOwner(isolate, modify_index), isolate);
1197 Handle<DescriptorArray> descriptors(
1198 field_owner->instance_descriptors(isolate), isolate);
1199 DCHECK_EQ(*old_field_type, descriptors->GetFieldType(modify_index));
1200
1201 new_field_type =
1202 GeneralizeFieldType(old_representation, old_field_type,
1203 new_representation, new_field_type, isolate);
1204
1205 new_constness = GeneralizeConstness(old_constness, new_constness);
1206
1207 PropertyDetails details = descriptors->GetDetails(modify_index);
1208 Handle<Name> name(descriptors->GetKey(modify_index), isolate);
1209
1210 MaybeObjectHandle wrapped_type(Map::WrapFieldType(isolate, new_field_type));
1211 UpdateFieldType(isolate, field_owner, modify_index, name, new_constness,
1212 new_representation, wrapped_type);
1213
1214 DependentCode::DependencyGroups dep_groups;
1215 if (new_constness != old_constness) {
1216 dep_groups |= DependentCode::kFieldConstGroup;
1217 }
1218 if (!new_field_type->Equals(*old_field_type)) {
1219 dep_groups |= DependentCode::kFieldTypeGroup;
1220 }
1221 if (!new_representation.Equals(old_representation)) {
1222 dep_groups |= DependentCode::kFieldRepresentationGroup;
1223 }
1224
1225 field_owner->dependent_code().DeoptimizeDependentCodeGroup(isolate,
1226 dep_groups);
1227
1228 if (FLAG_trace_generalization) {
1229 PrintGeneralization(
1230 isolate, map, stdout, "field type generalization", modify_index,
1231 map->NumberOfOwnDescriptors(), map->NumberOfOwnDescriptors(), false,
1232 details.representation(),
1233 descriptors->GetDetails(modify_index).representation(), old_constness,
1234 new_constness, old_field_type, MaybeHandle<Object>(), new_field_type,
1235 MaybeHandle<Object>());
1236 }
1237 }
1238
1239 } // namespace internal
1240 } // namespace v8
1241