Initialize pre-allocated fields of JSObject with undefined.

src/ia32/builtins-ia32.cc

Index: src/ia32/builtins-ia32.cc
diff --git a/src/ia32/builtins-ia32.cc b/src/ia32/builtins-ia32.cc
index b8f43111aa77a104e24c0526ec5980e5c1f18f25..f41a07422f8f0361d019fe8621ea93556eca172f 100644
--- a/src/ia32/builtins-ia32.cc
+++ b/src/ia32/builtins-ia32.cc
@@ -204,19 +204,29 @@ static void Generate_JSConstructStubHelper(MacroAssembler* masm,
       // eax: initial map
       // ebx: JSObject
       // edi: start of next object
-      { Label loop, entry;
+      { Label loop, entry, load_one_pointer_filler, continue_loop;
         // To allow for truncation.
+        __ lea(ecx, Operand(ebx, JSObject::kHeaderSize));
+        __ mov(edx, factory->undefined_value());
         if (count_constructions) {
+          __ movzx_b(esi,
+                     FieldOperand(eax, Map::kPreAllocatedPropertyFieldsOffset));
+          __ inc(esi);
+          __ jmp(&entry);
+          __ bind(&load_one_pointer_filler);
           __ mov(edx, factory->one_pointer_filler_map());
-        } else {
-          __ mov(edx, factory->undefined_value());
+          __ jmp(&continue_loop);
         }
-        __ lea(ecx, Operand(ebx, JSObject::kHeaderSize));
         __ jmp(&entry);
         __ bind(&loop);
         __ mov(Operand(ecx, 0), edx);
         __ add(Operand(ecx), Immediate(kPointerSize));
         __ bind(&entry);
+        if (count_constructions) {
+          __ dec(esi);
+          __ j(zero, &load_one_pointer_filler);
+          __ bind(&continue_loop);
+        }

[Vyacheslav Egorov (Chromium), 2011/09/16 15:33:05]

The control flow here looks too complicated.

Consider refactoring into: make function that generates loop code to fill memory
from [ecx, reg) with value of the edx. 
Load into esi = ecx + kPointerSize * esi
Call function twice with esi then with edx.

         __ cmp(ecx, Operand(edi));
         __ j(less, &loop);
       }