| Index: src/stub-cache-ia32.cc
|
| ===================================================================
|
| --- src/stub-cache-ia32.cc (revision 500)
|
| +++ src/stub-cache-ia32.cc (working copy)
|
| @@ -254,12 +254,19 @@
|
| Register reg =
|
| __ CheckMaps(object, receiver, holder, scratch1, scratch2, miss_label);
|
|
|
| - // Get the properties array of the holder.
|
| - __ mov(scratch1, FieldOperand(reg, JSObject::kPropertiesOffset));
|
| -
|
| - // Return the value from the properties array.
|
| - int offset = index * kPointerSize + Array::kHeaderSize;
|
| - __ mov(eax, FieldOperand(scratch1, offset));
|
| + // Adjust for the number of properties stored in the holder.
|
| + index -= holder->map()->inobject_properties();
|
| + if (index < 0) {
|
| + // Get the property straight out of the holder.
|
| + int offset = holder->map()->instance_size() + (index * kPointerSize);
|
| + __ mov(eax, FieldOperand(reg, offset));
|
| + } else {
|
| + // Get the properties array of the holder.
|
| + __ mov(scratch1, FieldOperand(reg, JSObject::kPropertiesOffset));
|
| + // Return the value from the properties array.
|
| + int offset = index * kPointerSize + Array::kHeaderSize;
|
| + __ mov(eax, FieldOperand(scratch1, offset));
|
| + }
|
| __ ret(0);
|
| }
|
|
|
| @@ -399,8 +406,16 @@
|
| return;
|
| }
|
|
|
| - // Get the properties array (optimistically).
|
| - __ mov(scratch, FieldOperand(receiver_reg, JSObject::kPropertiesOffset));
|
| + // Adjust for the number of properties stored in the object. Even in the
|
| + // face of a transition we can use the old map here because the size of the
|
| + // object and the number of in-object properties is not going to change.
|
| + index -= object->map()->inobject_properties();
|
| +
|
| + if (index >= 0) {
|
| + // Get the properties array (optimistically).
|
| + __ mov(scratch, FieldOperand(receiver_reg, JSObject::kPropertiesOffset));
|
| + }
|
| +
|
| if (transition != NULL) {
|
| // Update the map of the object; no write barrier updating is
|
| // needed because the map is never in new space.
|
| @@ -408,15 +423,26 @@
|
| Immediate(Handle<Map>(transition)));
|
| }
|
|
|
| - // Write to the properties array.
|
| - int offset = index * kPointerSize + Array::kHeaderSize;
|
| - __ mov(FieldOperand(scratch, offset), eax);
|
| + if (index < 0) {
|
| + // Set the property straight into the object.
|
| + int offset = object->map()->instance_size() + (index * kPointerSize);
|
| + __ mov(FieldOperand(receiver_reg, offset), eax);
|
|
|
| - // Update the write barrier for the array address.
|
| - // Pass the value being stored in the now unused name_reg.
|
| - __ mov(name_reg, Operand(eax));
|
| - __ RecordWrite(scratch, offset, name_reg, receiver_reg);
|
| + // Update the write barrier for the array address.
|
| + // Pass the value being stored in the now unused name_reg.
|
| + __ mov(name_reg, Operand(eax));
|
| + __ RecordWrite(receiver_reg, offset, name_reg, scratch);
|
| + } else {
|
| + // Write to the properties array.
|
| + int offset = index * kPointerSize + Array::kHeaderSize;
|
| + __ mov(FieldOperand(scratch, offset), eax);
|
|
|
| + // Update the write barrier for the array address.
|
| + // Pass the value being stored in the now unused name_reg.
|
| + __ mov(name_reg, Operand(eax));
|
| + __ RecordWrite(scratch, offset, name_reg, receiver_reg);
|
| + }
|
| +
|
| // Return the value (register eax).
|
| __ ret(0);
|
| }
|
|
|
Chromium Code Reviews
Issue 7341:
Allocate room for expected number of properties based on the... (Closed)
Base URL: http://v8.googlecode.com/svn/branches/bleeding_edge/