Track allocation info

src/ia32/builtins-ia32.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 912 matching lines @@
 }
 
 
 // Allocate an empty JSArray. The allocated array is put into the result
 // register. If the parameter initial_capacity is larger than zero an elements
 // backing store is allocated with this size and filled with the hole values.
 // Otherwise the elements backing store is set to the empty FixedArray.
 static void AllocateEmptyJSArray(MacroAssembler* masm,
                                  Register array_function,
                                  Register result,
-                                 Register scratch1,
+                                 Register type_info_cell,
                                  Register scratch2,
                                  Register scratch3,
                                  Label* gc_required) {
-  const int initial_capacity = JSArray::kPreallocatedArrayElements;
-  STATIC_ASSERT(initial_capacity >= 0);
+  Label with_alloc_info, no_alloc_info, common_init, empty_double;
+  Label no_known_elements_kind, init_js_array;
+  Register scratch1 = type_info_cell;
 
-  __ LoadInitialArrayMap(array_function, scratch2, scratch1, false);
+  // If no type info cell is provided, then there's no point in tracking
+  // site allocation info.
+  Handle<Object> undefined_value(masm->isolate()->heap()->undefined_value());
+  __ cmp(type_info_cell, Immediate(undefined_value));
+  __ j(equal, &no_known_elements_kind);
 
+  // If there is a type info cell provided, only track information about the
+  // allocation site if the no ElementsKind transition has been detected.
+  __ mov(scratch3, FieldOperand(type_info_cell,
+                                JSGlobalPropertyCell::kValueOffset));
+  __ JumpIfNotSmi(scratch3, &no_known_elements_kind);
+  __ cmp(scratch3, Immediate(Smi::FromInt(GetInitialFastElementsKind())));
+  __ j(equal, &with_alloc_info);
+
+  STATIC_ASSERT(FAST_SMI_ELEMENTS == 0);
+  STATIC_ASSERT(FAST_HOLEY_SMI_ELEMENTS == 1);
+  STATIC_ASSERT(FAST_ELEMENTS == 2);
+  STATIC_ASSERT(FAST_HOLEY_ELEMENTS == 3);
+  __ cmp(scratch3, Immediate(Smi::FromInt(FAST_HOLEY_ELEMENTS)));
+  __ j(above, gc_required);
+
+  __ LoadInitialArrayMap(array_function, scratch3, scratch2);
+  __ jmp(&no_alloc_info);
+  
   // Allocate the JSArray object together with space for a fixed array with the
-  // requested elements.
+  // requested elements and an AllocationSiteInfo object to later be able to
+  // feed back array transition information to the allocation site.
+  __ bind(&with_alloc_info);
   int size = JSArray::kSize;
-  if (initial_capacity > 0) {
-    size += FixedArray::SizeFor(initial_capacity);
-  }
+  int allocation_info_start = size;
+  int elements_offset = size;
+  size += AllocationSiteInfo::kSize;
+  elements_offset = size;
+  size += FixedArray::SizeFor(JSArray::kPreallocatedArrayElements);
   __ AllocateInNewSpace(size,
                         result,
                         scratch2,
                         scratch3,
                         gc_required,
-                        TAG_OBJECT);
-
-  // Allocated the JSArray. Now initialize the fields except for the elements
-  // array.
-  // result: JSObject
-  // scratch1: initial map
-  // scratch2: start of next object
-  __ mov(FieldOperand(result, JSObject::kMapOffset), scratch1);
-  Factory* factory = masm->isolate()->factory();
-  __ mov(FieldOperand(result, JSArray::kPropertiesOffset),
-         factory->empty_fixed_array());
-  // Field JSArray::kElementsOffset is initialized later.
-  __ mov(FieldOperand(result, JSArray::kLengthOffset), Immediate(0));
-
-  // If no storage is requested for the elements array just set the empty
-  // fixed array.
-  if (initial_capacity == 0) {
-    __ mov(FieldOperand(result, JSArray::kElementsOffset),
-           factory->empty_fixed_array());
-    return;
-  }
+                        TAG_OBJECT);  
+  
+  // Track information about the allocation site
+  __ mov(FieldOperand(result, allocation_info_start),
+         Immediate(Handle<Map>(masm->isolate()->heap()->
+                               allocation_site_info_map())));
+  __ mov(FieldOperand(result, allocation_info_start + kPointerSize),
+         type_info_cell);  // No write barrier because it's a cell.
 
   // Calculate the location of the elements array and set elements array member
   // of the JSArray.
-  // result: JSObject
-  // scratch2: start of next object
-  __ lea(scratch1, Operand(result, JSArray::kSize));
-  __ mov(FieldOperand(result, JSArray::kElementsOffset), scratch1);
+  // result: JSArray
+  __ LoadInitialArrayMap(array_function, GetInitialFastElementsKind(), scratch2);
+  __ lea(scratch1, Operand(result, elements_offset));
+  __ jmp(&common_init);
 
+  __ bind(&no_known_elements_kind);
+  __ LoadInitialArrayMap(array_function, GetInitialFastElementsKind(), scratch2);
+  
+  // Allocate the JSArray object together with space for a fixed array with the
+  // requested elements.
+  __ bind(&no_alloc_info);
+  size = JSArray::kSize;
+  elements_offset = size;
+  size += FixedArray::SizeFor(JSArray::kPreallocatedArrayElements);
+  __ AllocateInNewSpace(size,
+                        result,
+                        scratch1,
+                        scratch3,
+                        gc_required,
+                        TAG_OBJECT);
+  // Calculate the location of the elements array and set elements array member
+  // of the JSArray.
+  // result: JSArray
+  __ lea(scratch1, Operand(result, elements_offset));
+  
+  __ bind(&common_init);
   // Initialize the FixedArray and fill it with holes. FixedArray length is
   // stored as a smi.
   // result: JSObject
   // scratch1: elements array
-  // scratch2: start of next object
+  Factory* factory = masm->isolate()->factory();
   __ mov(FieldOperand(scratch1, FixedArray::kMapOffset),
          factory->fixed_array_map());
   __ mov(FieldOperand(scratch1, FixedArray::kLengthOffset),
-         Immediate(Smi::FromInt(initial_capacity)));
+         Immediate(Smi::FromInt(JSArray::kPreallocatedArrayElements)));
 
   // Fill the FixedArray with the hole value. Inline the code if short.
   // Reconsider loop unfolding if kPreallocatedArrayElements gets changed.
   static const int kLoopUnfoldLimit = 4;
-  if (initial_capacity <= kLoopUnfoldLimit) {
+  if (JSArray::kPreallocatedArrayElements <= kLoopUnfoldLimit) {
     // Use a scratch register here to have only one reloc info when unfolding
     // the loop.
     __ mov(scratch3, factory->the_hole_value());
-    for (int i = 0; i < initial_capacity; i++) {
+    for (int i = 0; i < JSArray::kPreallocatedArrayElements; i++) {
       __ mov(FieldOperand(scratch1,
                           FixedArray::kHeaderSize + i * kPointerSize),
              scratch3);
     }
   } else {
     Label loop, entry;
-    __ mov(scratch2, Immediate(initial_capacity));
+    __ mov(scratch3, Immediate(JSArray::kPreallocatedArrayElements));
     __ jmp(&entry);
     __ bind(&loop);
     __ mov(FieldOperand(scratch1,
-                        scratch2,
+                        scratch3,
                         times_pointer_size,
                         FixedArray::kHeaderSize),
            factory->the_hole_value());
     __ bind(&entry);
-    __ dec(scratch2);
+    __ dec(scratch3);
     __ j(not_sign, &loop);
   }
+
+  __ bind(&init_js_array);
+  // Initialize the fields of the JSArray
+  // result: JSArray
+  // scratch1: elements array
+  // scratch2: map for Array
+  __ mov(FieldOperand(result, JSArray::kElementsOffset), scratch1);
+  __ mov(FieldOperand(result, JSObject::kMapOffset), scratch2);
+  __ mov(FieldOperand(result, JSArray::kPropertiesOffset),
+         factory->empty_fixed_array());
+  __ mov(FieldOperand(result, JSArray::kLengthOffset), Immediate(0));
 }
 
 
 // Allocate a JSArray with the number of elements stored in a register. The
 // register array_function holds the built-in Array function and the register
 // array_size holds the size of the array as a smi. The allocated array is put
 // into the result register and beginning and end of the FixedArray elements
 // storage is put into registers elements_array and elements_array_end  (see
 // below for when that is not the case). If the parameter fill_with_holes is
 // true the allocated elements backing store is filled with the hole values
@@ skipping 11 matching lines @@
   ASSERT(scratch.is(edi));  // rep stos destination
   ASSERT(!fill_with_hole || array_size.is(ecx));  // rep stos count
   ASSERT(!fill_with_hole || !result.is(eax));  // result is never eax
 
   __ LoadInitialArrayMap(array_function, scratch,
                          elements_array, fill_with_hole);
 
   // Allocate the JSArray object together with space for a FixedArray with the
   // requested elements.
   STATIC_ASSERT(kSmiTagSize == 1 && kSmiTag == 0);
-  __ AllocateInNewSpace(JSArray::kSize + FixedArray::kHeaderSize,
+
+  int fixed_size = JSArray::kSize + FixedArray::kHeaderSize +
+      AllocationSiteInfo::kSize;
+  __ AllocateInNewSpace(fixed_size,
                         times_half_pointer_size,  // array_size is a smi.
                         array_size,
                         result,
                         elements_array_end,
                         scratch,
                         gc_required,
                         TAG_OBJECT);
+  __ sub(elements_array_end, Immediate(AllocationSiteInfo::kSize));
 
   // Allocated the JSArray. Now initialize the fields except for the elements
   // array.
   // result: JSObject
   // elements_array: initial map
   // elements_array_end: start of next object
   // array_size: size of array (smi)
   __ mov(FieldOperand(result, JSObject::kMapOffset), elements_array);
   Factory* factory = masm->isolate()->factory();
   __ mov(elements_array, factory->empty_fixed_array());
@@ skipping 37 matching lines @@
     __ j(below, &loop);  // Note: ecx > 0.
     __ rep_stos();
     __ jmp(&done);
     __ bind(&loop);
     __ stos();
     __ bind(&entry);
     __ cmp(edi, elements_array_end);
     __ j(below, &loop);
     __ bind(&done);
   }
+
+  // Track information about the allocation site
+  __ mov(Operand(elements_array_end, 0),
+         Immediate(Handle<Map>(masm->isolate()->heap()->
+                               allocation_site_info_map())));
+  __ mov(Operand(elements_array_end, kPointerSize),
+         Immediate(Handle<HeapObject>(masm->isolate()->heap()->null_value())));
 }
 
 
 // Create a new array for the built-in Array function. This function allocates
 // the JSArray object and the FixedArray elements array and initializes these.
 // If the Array cannot be constructed in native code the runtime is called. This
 // function assumes the following state:
 //   edi: constructor (built-in Array function)
 //   eax: argc
+//   ebx: cell containing type feedback cell for Array's ElementsKind
 //   esp[0]: return address
 //   esp[4]: last argument
 // This function is used for both construct and normal calls of Array. Whether
 // it is a construct call or not is indicated by the construct_call parameter.
 // The only difference between handling a construct call and a normal call is
 // that for a construct call the constructor function in edi needs to be
 // preserved for entering the generic code. In both cases argc in eax needs to
 // be preserved.
 static void ArrayNativeCode(MacroAssembler* masm,
                             bool construct_call,
@@ skipping 15 matching lines @@
   __ test(eax, eax);
   __ j(not_zero, &argc_one_or_more);
 
   __ bind(&empty_array);
   // Handle construction of an empty array.
   AllocateEmptyJSArray(masm,
                        edi,
                        eax,
                        ebx,
                        ecx,
-                       edi,
+                       edx,
                        &prepare_generic_code_call);
   __ IncrementCounter(masm->isolate()->counters()->array_function_native(), 1);
   __ pop(ebx);
   if (construct_call) {
     __ pop(edi);
   }
   __ ret(kPointerSize);
 
   // Check for one argument. Bail out if argument is not smi or if it is
   // negative.
@@ skipping 185 matching lines @@
   //  -- esp[0] : return address
   //  -- esp[4] : last argument
   // -----------------------------------
   Label generic_array_code;
 
   // Get the InternalArray function.
   __ LoadGlobalFunction(Context::INTERNAL_ARRAY_FUNCTION_INDEX, edi);
 
   if (FLAG_debug_code) {
     // Initial map for the builtin InternalArray function should be a map.
-    __ mov(ebx, FieldOperand(edi, JSFunction::kPrototypeOrInitialMapOffset));
+    __ mov(ecx, FieldOperand(edi, JSFunction::kPrototypeOrInitialMapOffset));
     // Will both indicate a NULL and a Smi.
-    __ test(ebx, Immediate(kSmiTagMask));
+    __ test(ecx, Immediate(kSmiTagMask));
     __ Assert(not_zero, "Unexpected initial map for InternalArray function");
-    __ CmpObjectType(ebx, MAP_TYPE, ecx);
+    __ CmpObjectType(ecx, MAP_TYPE, ecx);
     __ Assert(equal, "Unexpected initial map for InternalArray function");
   }
 
+  // No type feedback cell is available
+  Handle<Object> undefined_sentinel(masm->isolate()->heap()->undefined_value());
+  __ mov(ebx, Immediate(undefined_sentinel));
+
   // Run the native code for the InternalArray function called as a normal
   // function.
   ArrayNativeCode(masm, false, &generic_array_code);
 
   // Jump to the generic internal array code in case the specialized code cannot
   // handle the construction.
   __ bind(&generic_array_code);
   Handle<Code> array_code =
       masm->isolate()->builtins()->InternalArrayCodeGeneric();
   __ jmp(array_code, RelocInfo::CODE_TARGET);
 }
 
 
 void Builtins::Generate_ArrayCode(MacroAssembler* masm) {
   // ----------- S t a t e -------------
   //  -- eax : argc
   //  -- esp[0] : return address
   //  -- esp[4] : last argument
   // -----------------------------------
   Label generic_array_code;
 
   // Get the Array function.
   __ LoadGlobalFunction(Context::ARRAY_FUNCTION_INDEX, edi);
 
   if (FLAG_debug_code) {
     // Initial map for the builtin Array function should be a map.
-    __ mov(ebx, FieldOperand(edi, JSFunction::kPrototypeOrInitialMapOffset));
+    __ mov(ecx, FieldOperand(edi, JSFunction::kPrototypeOrInitialMapOffset));
     // Will both indicate a NULL and a Smi.
-    __ test(ebx, Immediate(kSmiTagMask));
+    __ test(ecx, Immediate(kSmiTagMask));
     __ Assert(not_zero, "Unexpected initial map for Array function");
-    __ CmpObjectType(ebx, MAP_TYPE, ecx);
+    __ CmpObjectType(ecx, MAP_TYPE, ecx);
     __ Assert(equal, "Unexpected initial map for Array function");
   }
 
+  // No type feedback cell is available
+  Handle<Object> undefined_sentinel(masm->isolate()->heap()->undefined_value());
+  __ mov(ebx, Immediate(undefined_sentinel));
+  
   // Run the native code for the Array function called as a normal function.
   ArrayNativeCode(masm, false, &generic_array_code);
 
   // Jump to the generic array code in case the specialized code cannot handle
   // the construction.
   __ bind(&generic_array_code);
   Handle<Code> array_code =
       masm->isolate()->builtins()->ArrayCodeGeneric();
   __ jmp(array_code, RelocInfo::CODE_TARGET);
 }
 
 
 void Builtins::Generate_ArrayConstructCode(MacroAssembler* masm) {
   // ----------- S t a t e -------------
   //  -- eax : argc
   //  -- edi : constructor
   //  -- esp[0] : return address
   //  -- esp[4] : last argument
   // -----------------------------------
   Label generic_constructor;
 
   if (FLAG_debug_code) {
     // The array construct code is only set for the global and natives
     // builtin Array functions which always have maps.
 
     // Initial map for the builtin Array function should be a map.
-    __ mov(ebx, FieldOperand(edi, JSFunction::kPrototypeOrInitialMapOffset));
+    __ mov(ecx, FieldOperand(edi, JSFunction::kPrototypeOrInitialMapOffset));
     // Will both indicate a NULL and a Smi.
-    __ test(ebx, Immediate(kSmiTagMask));
+    __ test(ecx, Immediate(kSmiTagMask));
     __ Assert(not_zero, "Unexpected initial map for Array function");
-    __ CmpObjectType(ebx, MAP_TYPE, ecx);
+    __ CmpObjectType(ecx, MAP_TYPE, ecx);
     __ Assert(equal, "Unexpected initial map for Array function");
   }
 
   // Run the native code for the Array function called as constructor.
   ArrayNativeCode(masm, true, &generic_constructor);
 
   // Jump to the generic construct code in case the specialized code cannot
   // handle the construction.
   __ bind(&generic_constructor);
   Handle<Code> generic_construct_stub =
@@ skipping 320 matching lines @@
   Deoptimizer::EntryGenerator generator(masm, Deoptimizer::OSR);
   generator.Generate();
 }
 
 
 #undef __
 }
 }  // namespace v8::internal
 
 #endif  // V8_TARGET_ARCH_IA32