v8:3539 - hold constructor feedback in weak cells

src/arm/code-stubs-arm.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/v8.h"
 
 #if V8_TARGET_ARCH_ARM
 
 #include "src/base/bits.h"
 #include "src/bootstrapper.h"
@@ skipping 2349 matching lines @@
   // (9) Sliced string.  Replace subject with parent.  Go to (4).
   // Load offset into r9 and replace subject string with parent.
   __ ldr(r9, FieldMemOperand(subject, SlicedString::kOffsetOffset));
   __ SmiUntag(r9);
   __ ldr(subject, FieldMemOperand(subject, SlicedString::kParentOffset));
   __ jmp(&check_underlying);  // Go to (4).
 #endif  // V8_INTERPRETED_REGEXP
 }
 
 
+static void CallStubInRecordCallTarget(MacroAssembler* masm, CodeStub* stub) {
+  // r0 : number of arguments to the construct function
+  // r2 : Feedback vector
+  // r3 : slot in feedback vector (Smi)
+  // r1 : the function to call
+  FrameAndConstantPoolScope scope(masm, StackFrame::INTERNAL);
+
+  // Arguments register must be smi-tagged to call out.

[Erik Corry, 2015/04/02 12:54:11]

Comment clarification propopsal:
Arguments register -> Number-of-arguments register

+  __ SmiTag(r0);
+  __ Push(r3, r2, r1, r0);
+
+  __ CallStub(stub);
+
+  __ Pop(r3, r2, r1, r0);
+  __ SmiUntag(r0);
+}
+
+
 static void GenerateRecordCallTarget(MacroAssembler* masm) {
   // Cache the called function in a feedback vector slot.  Cache states
   // are uninitialized, monomorphic (indicated by a JSFunction), and
   // megamorphic.
   // r0 : number of arguments to the construct function
   // r1 : the function to call
   // r2 : Feedback vector
   // r3 : slot in feedback vector (Smi)
   Label initialize, done, miss, megamorphic, not_array_function;
 
   DCHECK_EQ(*TypeFeedbackVector::MegamorphicSentinel(masm->isolate()),
             masm->isolate()->heap()->megamorphic_symbol());
   DCHECK_EQ(*TypeFeedbackVector::UninitializedSentinel(masm->isolate()),
             masm->isolate()->heap()->uninitialized_symbol());
 
   // Load the cache state into r4.
   __ add(r4, r2, Operand::PointerOffsetFromSmiKey(r3));
   __ ldr(r4, FieldMemOperand(r4, FixedArray::kHeaderSize));
 
   // A monomorphic cache hit or an already megamorphic state: invoke the
   // function without changing the state.
-  __ cmp(r4, r1);
+  Label check_allocation_site;
+  Register feedback_map = r5;
+  Register weak_value = r8;
+  __ ldr(weak_value, FieldMemOperand(r4, WeakCell::kValueOffset));
+  __ cmp(r1, weak_value);
   __ b(eq, &done);
+  __ CompareRoot(r4, Heap::kmegamorphic_symbolRootIndex);

[Erik Corry, 2015/04/02 12:54:11]

We just treated r4 as a weak cell (3 lines up), now we are comparing it with a
symbol. Does that mean we just loaded some random field from a symbol and
compared it with a function?

[mvstanton, 2015/04/02 14:00:38]

Correct, but it's not random. It's a performance optimization to tolerate
ambiguity in what we've loaded and only discover whether it's a WeakCell or
Symbol later. It's safe to examine field offset +kPointerSize, and the continued
safety of this optimization is protected with static asserts in
type-feedback-vector.h (also in this CL).

+  __ b(eq, &done);
+  __ ldr(feedback_map, FieldMemOperand(r4, 0));

[Erik Corry, 2015/04/02 12:54:11]

HeapObject::kMapOffset would be better than 0

+  __ CompareRoot(feedback_map, Heap::kWeakCellMapRootIndex);
+  __ b(ne, FLAG_pretenuring_call_new ? &miss : &check_allocation_site);
+
+  // If r1 is not equal to the weak cell value, and the weak cell value is

[Erik Corry, 2015/04/02 12:54:11]

Comment clarification suggestion:
r1 -> function

+  // cleared, we have a new chance to become monomorphic.
+  __ JumpIfSmi(weak_value, &initialize);
+  __ jmp(&megamorphic);
 
   if (!FLAG_pretenuring_call_new) {
+    __ bind(&check_allocation_site);
     // If we came here, we need to see if we are the array function.
     // If we didn't have a matching function, and we didn't find the megamorph
     // sentinel, then we have in the slot either some other function or an
     // AllocationSite. Do a map check on the object in ecx.

[Erik Corry, 2015/04/02 12:54:11]

ecx? :-)

-    __ ldr(r5, FieldMemOperand(r4, 0));
-    __ CompareRoot(r5, Heap::kAllocationSiteMapRootIndex);
+    __ CompareRoot(feedback_map, Heap::kAllocationSiteMapRootIndex);
     __ b(ne, &miss);
 
     // Make sure the function is the Array() function
     __ LoadGlobalFunction(Context::ARRAY_FUNCTION_INDEX, r4);
     __ cmp(r1, r4);
     __ b(ne, &megamorphic);
     __ jmp(&done);
   }
 
   __ bind(&miss);
@@ skipping 15 matching lines @@
 
   if (!FLAG_pretenuring_call_new) {
     // Make sure the function is the Array() function
     __ LoadGlobalFunction(Context::ARRAY_FUNCTION_INDEX, r4);
     __ cmp(r1, r4);
     __ b(ne, &not_array_function);
 
     // The target function is the Array constructor,
     // Create an AllocationSite if we don't already have it, store it in the
     // slot.
-    {
-      FrameAndConstantPoolScope scope(masm, StackFrame::INTERNAL);
-
-      // Arguments register must be smi-tagged to call out.
-      __ SmiTag(r0);
-      __ Push(r3, r2, r1, r0);
-
-      CreateAllocationSiteStub create_stub(masm->isolate());
-      __ CallStub(&create_stub);
-
-      __ Pop(r3, r2, r1, r0);
-      __ SmiUntag(r0);
-    }
+    CreateAllocationSiteStub create_stub(masm->isolate());
+    CallStubInRecordCallTarget(masm, &create_stub);
     __ b(&done);
 
     __ bind(&not_array_function);
   }
 
-  __ add(r4, r2, Operand::PointerOffsetFromSmiKey(r3));
-  __ add(r4, r4, Operand(FixedArray::kHeaderSize - kHeapObjectTag));
-  __ str(r1, MemOperand(r4, 0));
-
-  __ Push(r4, r2, r1);
-  __ RecordWrite(r2, r4, r1, kLRHasNotBeenSaved, kDontSaveFPRegs,
-                 EMIT_REMEMBERED_SET, OMIT_SMI_CHECK);
-  __ Pop(r4, r2, r1);
-
+  CreateWeakCellStub create_stub(masm->isolate());
+  CallStubInRecordCallTarget(masm, &create_stub);
   __ bind(&done);
 }
 
 
 static void EmitContinueIfStrictOrNative(MacroAssembler* masm, Label* cont) {
   // Do not transform the receiver for strict mode functions.
   __ ldr(r3, FieldMemOperand(r1, JSFunction::kSharedFunctionInfoOffset));
   __ ldr(r4, FieldMemOperand(r3, SharedFunctionInfo::kCompilerHintsOffset));
   __ tst(r4, Operand(1 << (SharedFunctionInfo::kStrictModeFunction +
                            kSmiTagSize)));
@@ skipping 2811 matching lines @@
                            kStackUnwindSpace, NULL,
                            MemOperand(fp, 6 * kPointerSize), NULL);
 }
 
 
 #undef __
 
 } }  // namespace v8::internal
 
 #endif  // V8_TARGET_ARCH_ARM