Fix bug in X64 RSet code. Optimize IA32 version.

src/x64/macro-assembler-x64.cc

 // Copyright 2009 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 53 matching lines @@
   masm->shr(addr, Immediate(kPointerSizeLog2));
 
   // If the bit offset lies beyond the normal remembered set range, it is in
   // the extra remembered set area of a large object.
   masm->cmpq(addr, Immediate(Page::kPageSize / kPointerSize));
   masm->j(less, &fast);
 
   // Adjust 'addr' to be relative to the start of the extra remembered set
   // and the page address in 'object' to be the address of the extra
   // remembered set.
-  masm->subq(addr, Immediate(Page::kPageSize / kPointerSize));
+
   // Load the array length into 'scratch'.
   masm->movl(scratch,
              Operand(object,
                      Page::kObjectStartOffset + FixedArray::kLengthOffset));
   // Extra remembered set starts right after FixedArray.
-  // Add the page header, array header, and array body size
-  // (length * pointer size) to the page address to find the extra remembered
-  // set start.
+  // The RSet extension area lies after the FixedArray, i.e.,
+  // at
+  //   object + kObjectStartOffset + FixedArray::kHeaderSize + 8 * scratch
+  // Make object point to (size of normal RSet + kRSetOffset) before that,
+  // so that we can address the bit directly with addr.
   masm->lea(object,
             Operand(object, scratch, times_pointer_size,
-                    Page::kObjectStartOffset + FixedArray::kHeaderSize));
+                    Page::kObjectStartOffset + FixedArray::kHeaderSize
+                        - Page::kRSetEndOffset));
 
   // NOTE: For now, we use the bit-test-and-set (bts) x86 instruction
   // to limit code size. We should probably evaluate this decision by
   // measuring the performance of an equivalent implementation using
   // "simpler" instructions
   masm->bind(&fast);
   masm->bts(Operand(object, Page::kRSetOffset), addr);
 }
 
 
@@ skipping 78 matching lines @@
     // measuring the performance of an equivalent implementation using
     // "simpler" instructions
     bts(Operand(object, Page::kRSetOffset), value);
   } else {
     Register dst = scratch;
     if (offset != 0) {
       lea(dst, Operand(object, offset));
     } else {
       // array access: calculate the destination address in the same manner as
       // KeyedStoreIC::GenerateGeneric.  Multiply a smi by 4 to get an offset
-      // into an array of words.
+      // into an array of pointers.
       lea(dst, Operand(object, dst, times_half_pointer_size,
                        FixedArray::kHeaderSize - kHeapObjectTag));
     }
     // If we are already generating a shared stub, not inlining the
     // record write code isn't going to save us any memory.
     if (generating_stub()) {
       RecordWriteHelper(this, object, dst, value);
     } else {
       RecordWriteStub stub(object, dst, value);
       CallStub(&stub);
@@ skipping 996 matching lines @@
                      Context::SECURITY_TOKEN_INDEX * kPointerSize;
   movq(scratch, FieldOperand(scratch, token_offset));
   cmpq(scratch, FieldOperand(kScratchRegister, token_offset));
   j(not_equal, miss);
 
   bind(&same_contexts);
 }
 
 
 } }  // namespace v8::internal