| Index: src/x64/full-codegen-x64.cc
|
| diff --git a/src/x64/full-codegen-x64.cc b/src/x64/full-codegen-x64.cc
|
| index 1949c316cb1d9de1dfedeff644ad81417106aa2b..78e1dec51358f5aa40ff2854ffdd989452d0608f 100644
|
| --- a/src/x64/full-codegen-x64.cc
|
| +++ b/src/x64/full-codegen-x64.cc
|
| @@ -2118,15 +2118,37 @@ void FullCodeGenerator::EmitNamedPropertyAssignment(Assignment* expr) {
|
| ASSERT(prop != NULL);
|
| ASSERT(prop->key()->AsLiteral() != NULL);
|
|
|
| + // If the assignment starts a block of assignments to the same object,
|
| + // change to slow case to avoid the quadratic behavior of repeatedly
|
| + // adding fast properties.
|
| + if (expr->starts_initialization_block()) {
|
| + __ push(result_register());
|
| + __ push(Operand(rsp, kPointerSize)); // Receiver is now under value.
|
| + __ CallRuntime(Runtime::kToSlowProperties, 1);
|
| + __ pop(result_register());
|
| + }
|
| +
|
| // Record source code position before IC call.
|
| SetSourcePosition(expr->position());
|
| __ Move(rcx, prop->key()->AsLiteral()->handle());
|
| - __ pop(rdx);
|
| + if (expr->ends_initialization_block()) {
|
| + __ movq(rdx, Operand(rsp, 0));
|
| + } else {
|
| + __ pop(rdx);
|
| + }
|
| Handle<Code> ic = is_classic_mode()
|
| ? isolate()->builtins()->StoreIC_Initialize()
|
| : isolate()->builtins()->StoreIC_Initialize_Strict();
|
| CallIC(ic, RelocInfo::CODE_TARGET, expr->AssignmentFeedbackId());
|
|
|
| + // If the assignment ends an initialization block, revert to fast case.
|
| + if (expr->ends_initialization_block()) {
|
| + __ push(rax); // Result of assignment, saved even if not needed.
|
| + __ push(Operand(rsp, kPointerSize)); // Receiver is under value.
|
| + __ CallRuntime(Runtime::kToFastProperties, 1);
|
| + __ pop(rax);
|
| + __ Drop(1);
|
| + }
|
| PrepareForBailoutForId(expr->AssignmentId(), TOS_REG);
|
| context()->Plug(rax);
|
| }
|
| @@ -2135,8 +2157,23 @@ void FullCodeGenerator::EmitNamedPropertyAssignment(Assignment* expr) {
|
| void FullCodeGenerator::EmitKeyedPropertyAssignment(Assignment* expr) {
|
| // Assignment to a property, using a keyed store IC.
|
|
|
| + // If the assignment starts a block of assignments to the same object,
|
| + // change to slow case to avoid the quadratic behavior of repeatedly
|
| + // adding fast properties.
|
| + if (expr->starts_initialization_block()) {
|
| + __ push(result_register());
|
| + // Receiver is now under the key and value.
|
| + __ push(Operand(rsp, 2 * kPointerSize));
|
| + __ CallRuntime(Runtime::kToSlowProperties, 1);
|
| + __ pop(result_register());
|
| + }
|
| +
|
| __ pop(rcx);
|
| - __ pop(rdx);
|
| + if (expr->ends_initialization_block()) {
|
| + __ movq(rdx, Operand(rsp, 0)); // Leave receiver on the stack for later.
|
| + } else {
|
| + __ pop(rdx);
|
| + }
|
| // Record source code position before IC call.
|
| SetSourcePosition(expr->position());
|
| Handle<Code> ic = is_classic_mode()
|
| @@ -2144,6 +2181,15 @@ void FullCodeGenerator::EmitKeyedPropertyAssignment(Assignment* expr) {
|
| : isolate()->builtins()->KeyedStoreIC_Initialize_Strict();
|
| CallIC(ic, RelocInfo::CODE_TARGET, expr->AssignmentFeedbackId());
|
|
|
| + // If the assignment ends an initialization block, revert to fast case.
|
| + if (expr->ends_initialization_block()) {
|
| + __ pop(rdx);
|
| + __ push(rax); // Result of assignment, saved even if not needed.
|
| + __ push(rdx);
|
| + __ CallRuntime(Runtime::kToFastProperties, 1);
|
| + __ pop(rax);
|
| + }
|
| +
|
| PrepareForBailoutForId(expr->AssignmentId(), TOS_REG);
|
| context()->Plug(rax);
|
| }
|
| @@ -2596,28 +2642,22 @@ void FullCodeGenerator::EmitIsStringWrapperSafeForDefaultValueOf(
|
| __ j(equal, if_false);
|
|
|
| // Look for valueOf symbol in the descriptor array, and indicate false if
|
| - // found. Since we omit an enumeration index check, if it is added via a
|
| - // transition that shares its descriptor array, this is a false positive.
|
| - Label entry, loop, done;
|
| -
|
| - // Skip loop if no descriptors are valid.
|
| - __ NumberOfOwnDescriptors(rcx, rbx);
|
| - __ cmpq(rcx, Immediate(0));
|
| - __ j(equal, &done);
|
| -
|
| + // found. The type is not checked, so if it is a transition it is a false
|
| + // negative.
|
| __ LoadInstanceDescriptors(rbx, rbx);
|
| - // rbx: descriptor array.
|
| - // rcx: valid entries in the descriptor array.
|
| + __ movq(rcx, FieldOperand(rbx, FixedArray::kLengthOffset));
|
| + // rbx: descriptor array
|
| + // rcx: length of descriptor array
|
| // Calculate the end of the descriptor array.
|
| - __ imul(rcx, rcx, Immediate(DescriptorArray::kDescriptorSize));
|
| SmiIndex index = masm_->SmiToIndex(rdx, rcx, kPointerSizeLog2);
|
| __ lea(rcx,
|
| Operand(
|
| - rbx, index.reg, index.scale, DescriptorArray::kFirstOffset));
|
| + rbx, index.reg, index.scale, FixedArray::kHeaderSize));
|
| // Calculate location of the first key name.
|
| __ addq(rbx, Immediate(DescriptorArray::kFirstOffset));
|
| // Loop through all the keys in the descriptor array. If one of these is the
|
| // symbol valueOf the result is false.
|
| + Label entry, loop;
|
| __ jmp(&entry);
|
| __ bind(&loop);
|
| __ movq(rdx, FieldOperand(rbx, 0));
|
| @@ -2628,11 +2668,10 @@ void FullCodeGenerator::EmitIsStringWrapperSafeForDefaultValueOf(
|
| __ cmpq(rbx, rcx);
|
| __ j(not_equal, &loop);
|
|
|
| - __ bind(&done);
|
| // Reload map as register rbx was used as temporary above.
|
| __ movq(rbx, FieldOperand(rax, HeapObject::kMapOffset));
|
|
|
| - // If a valueOf property is not found on the object check that its
|
| + // If a valueOf property is not found on the object check that it's
|
| // prototype is the un-modified String prototype. If not result is false.
|
| __ movq(rcx, FieldOperand(rbx, Map::kPrototypeOffset));
|
| __ testq(rcx, Immediate(kSmiTagMask));
|
|
|
Chromium Code Reviews
Issue 11028027:
Revert trunk to bleeding_edge at r12484 (Closed)
Base URL: https://v8.googlecode.com/svn/trunk