Cardmarking writebarrier.

src/arm/ic-arm.cc

 // Copyright 2006-2008 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 143 matching lines @@
                                          Register key,
                                          Register t0,
                                          Register t1,
                                          Register t2) {
   // Register use:
   //
   // elements - holds the slow-case elements of the receiver and is unchanged.
   //
   // key      - holds the smi key on entry and is unchanged if a branch is
   //            performed to the miss label.
+  //            Holds the result on exit if the load succeeded.
   //
   // Scratch registers:
   //
   // t0 - holds the untagged key on entry and holds the hash once computed.
-  //      Holds the result on exit if the load succeeded.
   //
   // t1 - used to hold the capacity mask of the dictionary
   //
   // t2 - used for the index into the dictionary.
   Label done;
 
   // Compute the hash code from the untagged key.  This must be kept in sync
   // with ComputeIntegerHash in utils.h.
   //
   // hash = ~hash + (hash << 15);
@@ skipping 47 matching lines @@
   // t2: elements + (index * kPointerSize)
   const int kDetailsOffset =
       NumberDictionary::kElementsStartOffset + 2 * kPointerSize;
   __ ldr(t1, FieldMemOperand(t2, kDetailsOffset));
   __ tst(t1, Operand(Smi::FromInt(PropertyDetails::TypeField::mask())));
   __ b(ne, miss);
 
   // Get the value at the masked, scaled index and return.
   const int kValueOffset =
       NumberDictionary::kElementsStartOffset + kPointerSize;
-  __ ldr(t0, FieldMemOperand(t2, kValueOffset));
+  __ ldr(key, FieldMemOperand(t2, kValueOffset));
 }
 
 
 void LoadIC::GenerateArrayLength(MacroAssembler* masm) {
   // ----------- S t a t e -------------
   //  -- r2    : name
   //  -- lr    : return address
   //  -- r0    : receiver
   //  -- sp[0] : receiver
   // -----------------------------------
@@ skipping 485 matching lines @@
   // In the case that the object is a value-wrapper object,
   // we enter the runtime system to make sure that indexing into string
   // objects work as intended.
   ASSERT(JS_OBJECT_TYPE > JS_VALUE_TYPE);
   __ ldrb(r2, FieldMemOperand(r2, Map::kInstanceTypeOffset));
   __ cmp(r2, Operand(JS_OBJECT_TYPE));
   __ b(lt, &slow);
 
   // Check that the key is a smi.
   __ BranchOnNotSmi(key, &slow);
-  // Untag key into r2..
-  __ mov(r2, Operand(key, ASR, kSmiTagSize));
-
   // Get the elements array of the object.
   __ ldr(r4, FieldMemOperand(receiver, JSObject::kElementsOffset));
   // Check that the object is in fast mode (not dictionary).
   __ ldr(r3, FieldMemOperand(r4, HeapObject::kMapOffset));
   __ LoadRoot(ip, Heap::kFixedArrayMapRootIndex);
   __ cmp(r3, ip);
   __ b(ne, &check_pixel_array);
   // Check that the key (index) is within bounds.
-  __ ldr(r3, FieldMemOperand(r4, Array::kLengthOffset));
-  __ cmp(r2, r3);
+  __ ldr(r3, FieldMemOperand(r4, FixedArray::kLengthOffset));
+  __ cmp(key, Operand(r3));
   __ b(hs, &slow);
   // Fast case: Do the load.
   __ add(r3, r4, Operand(FixedArray::kHeaderSize - kHeapObjectTag));
-  __ ldr(r2, MemOperand(r3, r2, LSL, kPointerSizeLog2));
+  // The key is a smi.
+  ASSERT(kSmiTag == 0 && kSmiTagSize < kPointerSizeLog2);
+  __ ldr(r2, MemOperand(r3, key, LSL, kPointerSizeLog2 - kSmiTagSize));
   __ LoadRoot(ip, Heap::kTheHoleValueRootIndex);
   __ cmp(r2, ip);
   // In case the loaded value is the_hole we have to consult GetProperty
   // to ensure the prototype chain is searched.
   __ b(eq, &slow);
   __ mov(r0, r2);
   __ Ret();
 
   // Check whether the elements is a pixel array.
   // r0: key
-  // r2: untagged index
   // r3: elements map
   // r4: elements
   __ bind(&check_pixel_array);
   __ LoadRoot(ip, Heap::kPixelArrayMapRootIndex);
   __ cmp(r3, ip);
   __ b(ne, &check_number_dictionary);
   __ ldr(ip, FieldMemOperand(r4, PixelArray::kLengthOffset));
+  __ mov(r2, Operand(key, ASR, kSmiTagSize));
   __ cmp(r2, ip);
   __ b(hs, &slow);
   __ ldr(ip, FieldMemOperand(r4, PixelArray::kExternalPointerOffset));
   __ ldrb(r2, MemOperand(ip, r2));
   __ mov(r0, Operand(r2, LSL, kSmiTagSize));  // Tag result as smi.
   __ Ret();
 
   __ bind(&check_number_dictionary);
   // Check whether the elements is a number dictionary.
   // r0: key
-  // r2: untagged index
   // r3: elements map
   // r4: elements
   __ LoadRoot(ip, Heap::kHashTableMapRootIndex);
   __ cmp(r3, ip);
   __ b(ne, &slow);
+  __ mov(r2, Operand(r0, ASR, kSmiTagSize));
   GenerateNumberDictionaryLoad(masm, &slow, r4, r0, r2, r3, r5);
-  __ mov(r0, r2);
   __ Ret();
 
   // Slow case, key and receiver still in r0 and r1.
   __ bind(&slow);
   __ IncrementCounter(&Counters::keyed_load_generic_slow, 1, r2, r3);
   GenerateRuntimeGetProperty(masm);
 }
 
 
 void KeyedLoadIC::GenerateString(MacroAssembler* masm) {
@@ skipping 463 matching lines @@
   __ b(lt, &slow);
 
 
   // Object case: Check key against length in the elements array.
   __ ldr(r3, FieldMemOperand(r3, JSObject::kElementsOffset));
   // Check that the object is in fast mode (not dictionary).
   __ ldr(r2, FieldMemOperand(r3, HeapObject::kMapOffset));
   __ LoadRoot(ip, Heap::kFixedArrayMapRootIndex);
   __ cmp(r2, ip);
   __ b(ne, &check_pixel_array);
-  // Untag the key (for checking against untagged length in the fixed array).
-  __ mov(r1, Operand(r1, ASR, kSmiTagSize));
   // Compute address to store into and check array bounds.
   __ add(r2, r3, Operand(FixedArray::kHeaderSize - kHeapObjectTag));
-  __ add(r2, r2, Operand(r1, LSL, kPointerSizeLog2));
+  // The key is a smi.  Assert we can shift left by 1 to use it as a
+  // byte offset.
+  ASSERT(kSmiTag == 0 && kSmiTagSize < kPointerSizeLog2);
+  __ add(r2, r2, Operand(r1, LSL, kPointerSizeLog2 - kSmiTagSize));
   __ ldr(ip, FieldMemOperand(r3, FixedArray::kLengthOffset));
   __ cmp(r1, Operand(ip));
   __ b(lo, &fast);
 
 
   // Slow case:
   __ bind(&slow);
   GenerateRuntimeSetProperty(masm);
 
   // Check whether the elements is a pixel array.
@@ skipping 26 matching lines @@
   __ mov(r0, Operand(r4));  // Return the original value.
   __ Ret();
 
 
   // Extra capacity case: Check if there is extra capacity to
   // perform the store and update the length. Used for adding one
   // element to the array by writing to array[array.length].
   // r0 == value, r1 == key, r2 == elements, r3 == object
   __ bind(&extra);
   __ b(ne, &slow);  // do not leave holes in the array
-  __ mov(r1, Operand(r1, ASR, kSmiTagSize));  // untag
-  __ ldr(ip, FieldMemOperand(r2, Array::kLengthOffset));
+  __ ldr(ip, FieldMemOperand(r2, FixedArray::kLengthOffset));
   __ cmp(r1, Operand(ip));
   __ b(hs, &slow);
-  __ mov(r1, Operand(r1, LSL, kSmiTagSize));  // restore tag
-  __ add(r1, r1, Operand(1 << kSmiTagSize));  // and increment
+  // Increment the key to get the new length.
+  __ add(r1, r1, Operand(Smi::FromInt(1)));
   __ str(r1, FieldMemOperand(r3, JSArray::kLengthOffset));
   __ mov(r3, Operand(r2));
   // NOTE: Computing the address to store into must take the fact
   // that the key has been incremented into account.
   int displacement = FixedArray::kHeaderSize - kHeapObjectTag -
       ((1 << kSmiTagSize) * 2);
   __ add(r2, r2, Operand(displacement));
+  // The key is a smi.  Assert we can shift left by 1 to use it as a
+  // byte offset.
+  ASSERT(kSmiTag == 0 && kSmiTagSize < kPointerSizeLog2);
   __ add(r2, r2, Operand(r1, LSL, kPointerSizeLog2 - kSmiTagSize));
   __ b(&fast);
 
 
   // Array case: Get the length and the elements array from the JS
   // array. Check that the array is in fast mode; if it is the
   // length is always a smi.
   // r0 == value, r3 == object
   __ bind(&array);
   __ ldr(r2, FieldMemOperand(r3, JSObject::kElementsOffset));
   __ ldr(r1, FieldMemOperand(r2, HeapObject::kMapOffset));
   __ LoadRoot(ip, Heap::kFixedArrayMapRootIndex);
   __ cmp(r1, ip);
   __ b(ne, &slow);
 
   // Check the key against the length in the array, compute the
   // address to store into and fall through to fast case.
   __ ldr(r1, MemOperand(sp));  // restore key
   // r0 == value, r1 == key, r2 == elements, r3 == object.
   __ ldr(ip, FieldMemOperand(r3, JSArray::kLengthOffset));
   __ cmp(r1, Operand(ip));
   __ b(hs, &extra);
   __ mov(r3, Operand(r2));
   __ add(r2, r2, Operand(FixedArray::kHeaderSize - kHeapObjectTag));
+  // The key is a smi.  Assert we can shift left by 1 to use it as a
+  // byte offset.
+  ASSERT(kSmiTag == 0 && kSmiTagSize < kPointerSizeLog2);
   __ add(r2, r2, Operand(r1, LSL, kPointerSizeLog2 - kSmiTagSize));
 
 
   // Fast case: Do the store.
   // r0 == value, r2 == address to store into, r3 == elements
   __ bind(&fast);
   __ str(r0, MemOperand(r2));
   // Skip write barrier if the written value is a smi.
   __ tst(r0, Operand(kSmiTagMask));
   __ b(eq, &exit);
@@ skipping 458 matching lines @@
   __ bind(&miss);
 
   GenerateMiss(masm);
 }
 
 
 #undef __
 
 
 } }  // namespace v8::internal