src/arm/stub-cache-arm.cc - Issue 9310117: Implement KeyedStoreICs to grow arrays on out-of-bound stores.

Unified Diff: src/arm/stub-cache-arm.cc

Issue 9310117: Implement KeyedStoreICs to grow arrays on out-of-bound stores. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge

Patch Set: nits Created 8 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/arm/stub-cache-arm.cc

diff --git a/src/arm/stub-cache-arm.cc b/src/arm/stub-cache-arm.cc

index 15c5f4edef1c3696a76259deaab6e868e2d10a00..49317f92a1eeb6d22214bcc853486c65b4d01318 100644

--- a/src/arm/stub-cache-arm.cc

+++ b/src/arm/stub-cache-arm.cc

@@ -3054,7 +3054,7 @@ Handle<Code> KeyedStoreStubCompiler::CompileStoreElement(

ElementsKind elements_kind = receiver_map->elements_kind();

bool is_js_array = receiver_map->instance_type() == JS_ARRAY_TYPE;

Handle<Code> stub =

- KeyedStoreElementStub(is_js_array, elements_kind).GetCode();

+ KeyedStoreElementStub(is_js_array, elements_kind, grow_mode_).GetCode();

__ DispatchMap(r2, r3, receiver_map, stub, DO_SMI_CHECK);

@@ -4099,7 +4099,8 @@ void KeyedLoadStubCompiler::GenerateLoadFastDoubleElement(

void KeyedStoreStubCompiler::GenerateStoreFastElement(

MacroAssembler* masm,

bool is_js_array,

- ElementsKind elements_kind) {

+ ElementsKind elements_kind,

+ KeyedAccessGrowMode grow_mode) {

// ----------- S t a t e -------------

// -- r0 : value

// -- r1 : key

@@ -4108,13 +4109,16 @@ void KeyedStoreStubCompiler::GenerateStoreFastElement(

// -- r3 : scratch

// -- r4 : scratch (elements)

// -----------------------------------

- Label miss_force_generic, transition_elements_kind;

+ Label miss_force_generic, transition_elements_kind, grow, slow;

+ Label finish_store, check_capacity;

- Register scratch = r3;

- Register elements_reg = r4;

+ Register scratch = r4;

+ Register elements_reg = r3;

+ Register length_reg = r5;

+ Register scratch2 = r6;

// This stub is meant to be tail-jumped to, the receiver must already

// have been verified by the caller to not be a smi.

@@ -4122,16 +4126,13 @@ void KeyedStoreStubCompiler::GenerateStoreFastElement(

// Check that the key is a smi.

__ JumpIfNotSmi(key_reg, &miss_force_generic);

- // Get the elements array and make sure it is a fast element array, not 'cow'.

- __ ldr(elements_reg,

- FieldMemOperand(receiver_reg, JSObject::kElementsOffset));

- __ CheckMap(elements_reg,

- scratch,

- Heap::kFixedArrayMapRootIndex,

- &miss_force_generic,

- DONT_DO_SMI_CHECK);

+ if (elements_kind == FAST_SMI_ONLY_ELEMENTS) {

+ __ JumpIfNotSmi(value_reg, &transition_elements_kind);

+ }

// Check that the key is within bounds.

+ __ ldr(elements_reg,

+ FieldMemOperand(receiver_reg, JSObject::kElementsOffset));

if (is_js_array) {

__ ldr(scratch, FieldMemOperand(receiver_reg, JSArray::kLengthOffset));

} else {

@@ -4139,10 +4140,21 @@ void KeyedStoreStubCompiler::GenerateStoreFastElement(

}

// Compare smis.

__ cmp(key_reg, scratch);

- __ b(hs, &miss_force_generic);

+ if (is_js_array && grow_mode == ALLOW_JSARRAY_GROWTH) {

+ __ b(hs, &grow);

+ } else {

+ __ b(hs, &miss_force_generic);

+ }

+ // Make sure elements is a fast element array, not 'cow'.

+ __ CheckMap(elements_reg,

+ scratch,

+ Heap::kFixedArrayMapRootIndex,

+ &miss_force_generic,

+ DONT_DO_SMI_CHECK);

+ __ bind(&finish_store);

if (elements_kind == FAST_SMI_ONLY_ELEMENTS) {

- __ JumpIfNotSmi(value_reg, &transition_elements_kind);

__ add(scratch,

elements_reg,

Operand(FixedArray::kHeaderSize - kHeapObjectTag));

@@ -4180,12 +4192,84 @@ void KeyedStoreStubCompiler::GenerateStoreFastElement(

__ bind(&transition_elements_kind);

Handle<Code> ic_miss = masm->isolate()->builtins()->KeyedStoreIC_Miss();

__ Jump(ic_miss, RelocInfo::CODE_TARGET);

+ if (is_js_array && grow_mode == ALLOW_JSARRAY_GROWTH) {

+ // Grow the array by a single element if possible.

+ __ bind(&grow);

+ // Make sure the array is only growing by a single element, anything else

+ // must be handled by the runtime. Flags already set by previous compare.

+ __ b(ne, &miss_force_generic);

+ // Check for the empty array, and preallocate a small backing store if

+ // possible.

+ __ ldr(length_reg,

+ FieldMemOperand(receiver_reg, JSArray::kLengthOffset));

+ __ ldr(elements_reg,

+ FieldMemOperand(receiver_reg, JSObject::kElementsOffset));

+ __ LoadRoot(scratch, Heap::kHeapNumberMapRootIndex);

Vyacheslav Egorov (Chromium) 2012/02/10 00:19:18 CompareRoot? also root index is incorrect. shoul

danno 2012/02/10 12:25:34 Done.

+ __ cmp(elements_reg, scratch);

+ __ b(ne, &check_capacity);

+ int size = FixedArray::SizeFor(JSArray::kPreallocatedArrayElements);

+ __ AllocateInNewSpace(size,

+ elements_reg,

+ scratch,

+ scratch2,

+ &slow,

+ TAG_OBJECT);

+ __ LoadRoot(scratch, Heap::kFixedArrayMapRootIndex);

+ __ str(scratch, FieldMemOperand(elements_reg, JSObject::kMapOffset));

+ __ mov(scratch, Operand(Smi::FromInt(JSArray::kPreallocatedArrayElements)));

+ __ str(scratch, FieldMemOperand(elements_reg, FixedArray::kLengthOffset));

+ __ LoadRoot(scratch, Heap::kTheHoleValueRootIndex);

+ for (int i = 1; i < JSArray::kPreallocatedArrayElements; ++i) {

+ __ str(scratch, FieldMemOperand(elements_reg, FixedArray::SizeFor(i)));

+ }

+ // Store the element at index zero.

+ __ str(value_reg, FieldMemOperand(elements_reg, FixedArray::SizeFor(0)));

+ // Install the new backing store in the JSArray.

+ __ str(elements_reg,

+ FieldMemOperand(receiver_reg, JSObject::kElementsOffset));

+ __ RecordWriteField(receiver_reg, JSObject::kElementsOffset, elements_reg,

+ scratch, kLRHasNotBeenSaved, kDontSaveFPRegs,

+ EMIT_REMEMBERED_SET, OMIT_SMI_CHECK);

+ // Increment the length of the array.

+ __ add(length_reg, length_reg, Operand(Smi::FromInt(1)));

Vyacheslav Egorov (Chromium) 2012/02/10 00:19:18 can write directly 1 into the length field.

danno 2012/02/10 12:25:34 Done.

+ __ str(length_reg, FieldMemOperand(receiver_reg, JSArray::kLengthOffset));

+ __ Ret();

+ __ bind(&check_capacity);

+ __ CheckMap(elements_reg,

+ scratch,

+ Heap::kFixedArrayMapRootIndex,

+ &miss_force_generic,

+ DONT_DO_SMI_CHECK);

+ __ ldr(scratch, FieldMemOperand(elements_reg, FixedArray::kLengthOffset));

+ __ cmp(length_reg, scratch);

+ __ b(hs, &slow);

+ // Grow the array and finish the store.

+ __ add(length_reg, length_reg, Operand(Smi::FromInt(1)));

+ __ str(length_reg, FieldMemOperand(receiver_reg, JSArray::kLengthOffset));

+ __ jmp(&finish_store);

+ __ bind(&slow);

+ Handle<Code> ic_slow = masm->isolate()->builtins()->KeyedStoreIC_Slow();

+ __ Jump(ic_slow, RelocInfo::CODE_TARGET);

+ }

}

void KeyedStoreStubCompiler::GenerateStoreFastDoubleElement(

MacroAssembler* masm,

- bool is_js_array) {

+ bool is_js_array,

+ KeyedAccessGrowMode grow_mode) {

// ----------- S t a t e -------------

// -- r0 : value

// -- r1 : key

@@ -4195,7 +4279,8 @@ void KeyedStoreStubCompiler::GenerateStoreFastDoubleElement(

// -- r4 : scratch

// -- r5 : scratch

// -----------------------------------

- Label miss_force_generic, transition_elements_kind;

+ Label miss_force_generic, transition_elements_kind, grow, slow;

+ Label finish_store, check_capacity;

@@ -4205,6 +4290,7 @@ void KeyedStoreStubCompiler::GenerateStoreFastDoubleElement(

+ Register length_reg = r7;

// This stub is meant to be tail-jumped to, the receiver must already

// have been verified by the caller to not be a smi.

@@ -4223,8 +4309,13 @@ void KeyedStoreStubCompiler::GenerateStoreFastDoubleElement(

// Compare smis, unsigned compare catches both negative and out-of-bound

// indexes.

__ cmp(key_reg, scratch1);

- __ b(hs, &miss_force_generic);

+ if (grow_mode == ALLOW_JSARRAY_GROWTH) {

+ __ b(hs, &grow);

+ } else {

+ __ b(hs, &miss_force_generic);

+ }

+ __ bind(&finish_store);

__ StoreNumberToDoubleElements(value_reg,

key_reg,

receiver_reg,

@@ -4245,6 +4336,78 @@ void KeyedStoreStubCompiler::GenerateStoreFastDoubleElement(

__ bind(&transition_elements_kind);

Handle<Code> ic_miss = masm->isolate()->builtins()->KeyedStoreIC_Miss();

__ Jump(ic_miss, RelocInfo::CODE_TARGET);

+ if (is_js_array && grow_mode == ALLOW_JSARRAY_GROWTH) {

+ // Grow the array by a single element if possible.

+ __ bind(&grow);

+ // Make sure the array is only growing by a single element, anything else

+ // must be handled by the runtime. Flags already set by previous compare.

+ __ b(ne, &miss_force_generic);

+ // Transition on values that can't be stored in a FixedDoubleArray.

+ Label value_is_smi;

+ __ JumpIfSmi(value_reg, &value_is_smi);

+ __ ldr(scratch1, FieldMemOperand(value_reg, HeapObject::kMapOffset));

+ __ LoadRoot(scratch2, Heap::kHeapNumberMapRootIndex);

+ __ cmp(scratch1, scratch2);

Vyacheslav Egorov (Chromium) 2012/02/10 00:19:18 CompareRoot

danno 2012/02/10 12:25:34 Done.

+ __ b(ne, &transition_elements_kind);

+ __ bind(&value_is_smi);

+ // Check for the empty array, and preallocate a small backing store if

+ // possible.

+ __ ldr(length_reg,

+ FieldMemOperand(receiver_reg, JSArray::kLengthOffset));

+ __ ldr(elements_reg,

+ FieldMemOperand(receiver_reg, JSObject::kElementsOffset));

+ __ LoadRoot(scratch1, Heap::kHeapNumberMapRootIndex);

+ __ cmp(elements_reg, scratch1);

Vyacheslav Egorov (Chromium) 2012/02/10 00:19:18 CompareRoot also root index is incorrect. should

danno 2012/02/10 12:25:34 Done.

+ __ b(ne, &check_capacity);

+ int size = FixedDoubleArray::SizeFor(JSArray::kPreallocatedArrayElements);

+ __ AllocateInNewSpace(size,

+ elements_reg,

+ scratch1,

+ scratch2,

+ &slow,

+ TAG_OBJECT);

+ // Initialize the new FixedDoubleArray.

+ __ LoadRoot(scratch1, Heap::kFixedDoubleArrayMapRootIndex);

+ __ str(scratch1, FieldMemOperand(elements_reg, JSObject::kMapOffset));

+ __ mov(scratch1,

+ Operand(Smi::FromInt(JSArray::kPreallocatedArrayElements)));

+ __ str(scratch1,

+ FieldMemOperand(elements_reg, FixedDoubleArray::kLengthOffset));

+ // Install the new backing store in the JSArray.

+ __ str(elements_reg,

Vyacheslav Egorov (Chromium) 2012/02/10 00:19:18 elements of the backing store are completely unini

danno 2012/02/10 12:25:34 Done.

+ FieldMemOperand(receiver_reg, JSObject::kElementsOffset));

+ __ RecordWriteField(receiver_reg, JSObject::kElementsOffset, elements_reg,

+ scratch1, kLRHasNotBeenSaved, kDontSaveFPRegs,

+ EMIT_REMEMBERED_SET, OMIT_SMI_CHECK);

+ // Increment the length of the array.

+ __ add(length_reg, length_reg, Operand(Smi::FromInt(1)));

Vyacheslav Egorov (Chromium) 2012/02/10 00:19:18 store 1 directly without addition.

danno 2012/02/10 12:25:34 Done.

+ __ str(length_reg, FieldMemOperand(receiver_reg, JSArray::kLengthOffset));

+ __ jmp(&finish_store);

+ __ bind(&check_capacity);

+ // Make sure that the backing store can hold additional elements.

+ __ ldr(scratch1,

+ FieldMemOperand(elements_reg, FixedDoubleArray::kLengthOffset));

+ __ cmp(length_reg, scratch1);

+ __ b(hs, &slow);

+ // Grow the array and finish the store.

+ __ add(length_reg, length_reg, Operand(Smi::FromInt(1)));

+ __ str(length_reg, FieldMemOperand(receiver_reg, JSArray::kLengthOffset));

+ __ jmp(&finish_store);

+ __ bind(&slow);

+ Handle<Code> ic_slow = masm->isolate()->builtins()->KeyedStoreIC_Slow();

+ __ Jump(ic_slow, RelocInfo::CODE_TARGET);

+ }

}

« src/arm/codegen-arm.cc ('K') | « src/arm/codegen-arm.cc ('k') | src/code-stubs.h » ('j') | src/code-stubs.h » ('J')