| Index: src/x64/ic-x64.cc
|
| ===================================================================
|
| --- src/x64/ic-x64.cc (revision 9531)
|
| +++ src/x64/ic-x64.cc (working copy)
|
| @@ -221,7 +221,7 @@
|
|
|
| // Update write barrier. Make sure not to clobber the value.
|
| __ movq(scratch0, value);
|
| - __ RecordWrite(elements, scratch1, scratch0);
|
| + __ RecordWrite(elements, scratch1, scratch0, kDontSaveFPRegs);
|
| }
|
|
|
|
|
| @@ -606,45 +606,40 @@
|
| // -- rdx : receiver
|
| // -- rsp[0] : return address
|
| // -----------------------------------
|
| - Label slow, slow_with_tagged_index, fast, array, extra;
|
| + Label slow, slow_with_tagged_index, fast, array, extra, check_extra_double;
|
| + Label fast_object_with_map_check, fast_object_without_map_check;
|
| + Label fast_double_with_map_check, fast_double_without_map_check;
|
|
|
| // Check that the object isn't a smi.
|
| __ JumpIfSmi(rdx, &slow_with_tagged_index);
|
| // Get the map from the receiver.
|
| - __ movq(rbx, FieldOperand(rdx, HeapObject::kMapOffset));
|
| + __ movq(r9, FieldOperand(rdx, HeapObject::kMapOffset));
|
| // Check that the receiver does not require access checks. We need
|
| // to do this because this generic stub does not perform map checks.
|
| - __ testb(FieldOperand(rbx, Map::kBitFieldOffset),
|
| + __ testb(FieldOperand(r9, Map::kBitFieldOffset),
|
| Immediate(1 << Map::kIsAccessCheckNeeded));
|
| __ j(not_zero, &slow_with_tagged_index);
|
| // Check that the key is a smi.
|
| __ JumpIfNotSmi(rcx, &slow_with_tagged_index);
|
| __ SmiToInteger32(rcx, rcx);
|
|
|
| - __ CmpInstanceType(rbx, JS_ARRAY_TYPE);
|
| + __ CmpInstanceType(r9, JS_ARRAY_TYPE);
|
| __ j(equal, &array);
|
| // Check that the object is some kind of JSObject.
|
| - __ CmpInstanceType(rbx, FIRST_JS_RECEIVER_TYPE);
|
| + __ CmpInstanceType(r9, FIRST_JS_OBJECT_TYPE);
|
| __ j(below, &slow);
|
| - __ CmpInstanceType(rbx, JS_PROXY_TYPE);
|
| - __ j(equal, &slow);
|
| - __ CmpInstanceType(rbx, JS_FUNCTION_PROXY_TYPE);
|
| - __ j(equal, &slow);
|
|
|
| // Object case: Check key against length in the elements array.
|
| // rax: value
|
| // rdx: JSObject
|
| // rcx: index
|
| __ movq(rbx, FieldOperand(rdx, JSObject::kElementsOffset));
|
| - // Check that the object is in fast mode and writable.
|
| - __ CompareRoot(FieldOperand(rbx, HeapObject::kMapOffset),
|
| - Heap::kFixedArrayMapRootIndex);
|
| - __ j(not_equal, &slow);
|
| + // Check array bounds.
|
| __ SmiCompareInteger32(FieldOperand(rbx, FixedArray::kLengthOffset), rcx);
|
| // rax: value
|
| // rbx: FixedArray
|
| // rcx: index
|
| - __ j(above, &fast);
|
| + __ j(above, &fast_object_with_map_check);
|
|
|
| // Slow case: call runtime.
|
| __ bind(&slow);
|
| @@ -666,10 +661,21 @@
|
| __ SmiCompareInteger32(FieldOperand(rbx, FixedArray::kLengthOffset), rcx);
|
| __ j(below_equal, &slow);
|
| // Increment index to get new length.
|
| + __ movq(rdi, FieldOperand(rbx, HeapObject::kMapOffset));
|
| + __ CompareRoot(rdi, Heap::kFixedArrayMapRootIndex);
|
| + __ j(not_equal, &check_extra_double);
|
| __ leal(rdi, Operand(rcx, 1));
|
| __ Integer32ToSmiField(FieldOperand(rdx, JSArray::kLengthOffset), rdi);
|
| - __ jmp(&fast);
|
| + __ jmp(&fast_object_without_map_check);
|
|
|
| + __ bind(&check_extra_double);
|
| + // rdi: elements array's map
|
| + __ CompareRoot(rdi, Heap::kFixedDoubleArrayMapRootIndex);
|
| + __ j(not_equal, &slow);
|
| + __ leal(rdi, Operand(rcx, 1));
|
| + __ Integer32ToSmiField(FieldOperand(rdx, JSArray::kLengthOffset), rdi);
|
| + __ jmp(&fast_double_without_map_check);
|
| +
|
| // Array case: Get the length and the elements array from the JS
|
| // array. Check that the array is in fast mode (and writable); if it
|
| // is the length is always a smi.
|
| @@ -678,9 +684,6 @@
|
| // rdx: receiver (a JSArray)
|
| // rcx: index
|
| __ movq(rbx, FieldOperand(rdx, JSObject::kElementsOffset));
|
| - __ CompareRoot(FieldOperand(rbx, HeapObject::kMapOffset),
|
| - Heap::kFixedArrayMapRootIndex);
|
| - __ j(not_equal, &slow);
|
|
|
| // Check the key against the length in the array, compute the
|
| // address to store into and fall through to fast case.
|
| @@ -688,21 +691,48 @@
|
| __ j(below_equal, &extra);
|
|
|
| // Fast case: Do the store.
|
| - __ bind(&fast);
|
| + __ bind(&fast_object_with_map_check);
|
| // rax: value
|
| // rbx: receiver's elements array (a FixedArray)
|
| // rcx: index
|
| + // rdx: receiver (a JSArray)
|
| + __ movq(rdi, FieldOperand(rbx, HeapObject::kMapOffset));
|
| + __ CompareRoot(rdi, Heap::kFixedArrayMapRootIndex);
|
| + __ j(not_equal, &fast_double_with_map_check);
|
| + __ bind(&fast_object_without_map_check);
|
| + // Smi stores don't require further checks.
|
| Label non_smi_value;
|
| + __ JumpIfNotSmi(rax, &non_smi_value);
|
| + // It's irrelevant whether array is smi-only or not when writing a smi.
|
| __ movq(FieldOperand(rbx, rcx, times_pointer_size, FixedArray::kHeaderSize),
|
| rax);
|
| - __ JumpIfNotSmi(rax, &non_smi_value, Label::kNear);
|
| __ ret(0);
|
| +
|
| __ bind(&non_smi_value);
|
| - // Slow case that needs to retain rcx for use by RecordWrite.
|
| - // Update write barrier for the elements array address.
|
| + if (FLAG_smi_only_arrays) {
|
| + // Writing a non-smi, check whether array allows non-smi elements.
|
| + // r9: receiver's map
|
| + __ CheckFastObjectElements(r9, &slow, Label::kNear);
|
| + }
|
| + __ lea(rcx,
|
| + FieldOperand(rbx, rcx, times_pointer_size, FixedArray::kHeaderSize));
|
| + __ movq(Operand(rcx, 0), rax);
|
| __ movq(rdx, rax);
|
| - __ RecordWriteNonSmi(rbx, 0, rdx, rcx);
|
| + __ RecordWrite(
|
| + rbx, rcx, rdx, kDontSaveFPRegs, EMIT_REMEMBERED_SET, OMIT_SMI_CHECK);
|
| __ ret(0);
|
| +
|
| + __ bind(&fast_double_with_map_check);
|
| + // Check for fast double array case. If this fails, call through to the
|
| + // runtime.
|
| + // rdi: elements array's map
|
| + __ CompareRoot(rdi, Heap::kFixedDoubleArrayMapRootIndex);
|
| + __ j(not_equal, &slow);
|
| + __ bind(&fast_double_without_map_check);
|
| + // If the value is a number, store it as a double in the FastDoubleElements
|
| + // array.
|
| + __ StoreNumberToDoubleElements(rax, rbx, rcx, xmm0, &slow);
|
| + __ ret(0);
|
| }
|
|
|
|
|
| @@ -846,21 +876,22 @@
|
| __ movq(rdx, Operand(rsp, (argc + 1) * kPointerSize));
|
|
|
| // Enter an internal frame.
|
| - __ EnterInternalFrame();
|
| + {
|
| + FrameScope scope(masm, StackFrame::INTERNAL);
|
|
|
| - // Push the receiver and the name of the function.
|
| - __ push(rdx);
|
| - __ push(rcx);
|
| + // Push the receiver and the name of the function.
|
| + __ push(rdx);
|
| + __ push(rcx);
|
|
|
| - // Call the entry.
|
| - CEntryStub stub(1);
|
| - __ Set(rax, 2);
|
| - __ LoadAddress(rbx, ExternalReference(IC_Utility(id), masm->isolate()));
|
| - __ CallStub(&stub);
|
| + // Call the entry.
|
| + CEntryStub stub(1);
|
| + __ Set(rax, 2);
|
| + __ LoadAddress(rbx, ExternalReference(IC_Utility(id), masm->isolate()));
|
| + __ CallStub(&stub);
|
|
|
| - // Move result to rdi and exit the internal frame.
|
| - __ movq(rdi, rax);
|
| - __ LeaveInternalFrame();
|
| + // Move result to rdi and exit the internal frame.
|
| + __ movq(rdi, rax);
|
| + }
|
|
|
| // Check if the receiver is a global object of some sort.
|
| // This can happen only for regular CallIC but not KeyedCallIC.
|
| @@ -1002,13 +1033,14 @@
|
| // This branch is taken when calling KeyedCallIC_Miss is neither required
|
| // nor beneficial.
|
| __ IncrementCounter(counters->keyed_call_generic_slow_load(), 1);
|
| - __ EnterInternalFrame();
|
| - __ push(rcx); // save the key
|
| - __ push(rdx); // pass the receiver
|
| - __ push(rcx); // pass the key
|
| - __ CallRuntime(Runtime::kKeyedGetProperty, 2);
|
| - __ pop(rcx); // restore the key
|
| - __ LeaveInternalFrame();
|
| + {
|
| + FrameScope scope(masm, StackFrame::INTERNAL);
|
| + __ push(rcx); // save the key
|
| + __ push(rdx); // pass the receiver
|
| + __ push(rcx); // pass the key
|
| + __ CallRuntime(Runtime::kKeyedGetProperty, 2);
|
| + __ pop(rcx); // restore the key
|
| + }
|
| __ movq(rdi, rax);
|
| __ jmp(&do_call);
|
|
|
| @@ -1212,7 +1244,12 @@
|
| __ movq(mapped_location, rax);
|
| __ lea(r9, mapped_location);
|
| __ movq(r8, rax);
|
| - __ RecordWrite(rbx, r9, r8);
|
| + __ RecordWrite(rbx,
|
| + r9,
|
| + r8,
|
| + kDontSaveFPRegs,
|
| + EMIT_REMEMBERED_SET,
|
| + INLINE_SMI_CHECK);
|
| __ Ret();
|
| __ bind(¬in);
|
| // The unmapped lookup expects that the parameter map is in rbx.
|
| @@ -1221,7 +1258,12 @@
|
| __ movq(unmapped_location, rax);
|
| __ lea(r9, unmapped_location);
|
| __ movq(r8, rax);
|
| - __ RecordWrite(rbx, r9, r8);
|
| + __ RecordWrite(rbx,
|
| + r9,
|
| + r8,
|
| + kDontSaveFPRegs,
|
| + EMIT_REMEMBERED_SET,
|
| + INLINE_SMI_CHECK);
|
| __ Ret();
|
| __ bind(&slow);
|
| GenerateMiss(masm, false);
|
|
|
Chromium Code Reviews
