ia32: Fuse map and type checks in call ICs for API functions.

src/ia32/macro-assembler-ia32.cc

 // Copyright 2006-2009 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 520 matching lines @@
 void MacroAssembler::PopTryHandler() {
   ASSERT_EQ(0, StackHandlerConstants::kNextOffset);
   pop(Operand::StaticVariable(ExternalReference(Top::k_handler_address)));
   add(Operand(esp), Immediate(StackHandlerConstants::kSize - kPointerSize));
 }
 
 
 Register MacroAssembler::CheckMaps(JSObject* object, Register object_reg,
                                    JSObject* holder, Register holder_reg,
                                    Register scratch,
+                                   int save_at_depth,
                                    Label* miss) {
   // Make sure there's no overlap between scratch and the other
   // registers.
   ASSERT(!scratch.is(object_reg) && !scratch.is(holder_reg));
 
   // Keep track of the current object in register reg.
   Register reg = object_reg;
-  int depth = 1;
+  int depth = 0;
+
+  if (save_at_depth == depth) {
+    mov(Operand(esp, kPointerSize), object_reg);
+  }
 
   // Check the maps in the prototype chain.
   // Traverse the prototype chain from the object and do map checks.
   while (object != holder) {
     depth++;
 
     // Only global objects and objects that do not require access
     // checks are allowed in stubs.
     ASSERT(object->IsJSGlobalProxy() || !object->IsAccessCheckNeeded());
 
@@ skipping 11 matching lines @@
         CheckAccessGlobalProxy(reg, scratch, miss);
 
         // Restore scratch register to be the map of the object.
         // We load the prototype from the map in the scratch register.
         mov(scratch, FieldOperand(reg, HeapObject::kMapOffset));
       }
       // The prototype is in new space; we cannot store a reference
       // to it in the code. Load it from the map.
       reg = holder_reg;  // from now the object is in holder_reg
       mov(reg, FieldOperand(scratch, Map::kPrototypeOffset));
-
     } else {
       // Check the map of the current object.
       cmp(FieldOperand(reg, HeapObject::kMapOffset),
           Immediate(Handle<Map>(object->map())));
       // Branch on the result of the map check.
       j(not_equal, miss, not_taken);
       // Check access rights to the global object.  This has to happen
       // after the map check so that we know that the object is
       // actually a global object.
       if (object->IsJSGlobalProxy()) {
         CheckAccessGlobalProxy(reg, scratch, miss);
       }
       // The prototype is in old space; load it directly.
       reg = holder_reg;  // from now the object is in holder_reg
       mov(reg, Handle<JSObject>(prototype));
     }
 
+    if (save_at_depth == depth) {
+      mov(Operand(esp, kPointerSize), reg);
+    }
+
     // Go to the next object in the prototype chain.
     object = prototype;
   }
 
   // Check the holder map.
   cmp(FieldOperand(reg, HeapObject::kMapOffset),
       Immediate(Handle<Map>(holder->map())));
   j(not_equal, miss, not_taken);
 
   // Log the check depth.
-  LOG(IntEvent("check-maps-depth", depth));
+  LOG(IntEvent("check-maps-depth", depth + 1));
 
   // Perform security check for access to the global object and return
   // the holder register.
   ASSERT(object == holder);
   ASSERT(object->IsJSGlobalProxy() || !object->IsAccessCheckNeeded());
   if (object->IsJSGlobalProxy()) {
     CheckAccessGlobalProxy(reg, scratch, miss);
   }
   return reg;
 }
@@ skipping 972 matching lines @@
   // Indicate that code has changed.
   CPU::FlushICache(address_, size_);
 
   // Check that the code was patched as expected.
   ASSERT(masm_.pc_ == address_ + size_);
   ASSERT(masm_.reloc_info_writer.pos() == address_ + size_ + Assembler::kGap);
 }
 
 
 } }  // namespace v8::internal