| Index: src/arm/code-stubs-arm.cc
|
| diff --git a/src/arm/code-stubs-arm.cc b/src/arm/code-stubs-arm.cc
|
| index b68fe7deeff7c6f1f946d7941873b1edbd71f1f2..7622503cb53f2294e5ef681f5deac8fcdd4e38f9 100644
|
| --- a/src/arm/code-stubs-arm.cc
|
| +++ b/src/arm/code-stubs-arm.cc
|
| @@ -75,6 +75,10 @@ void TransitionElementsKindStub::InitializeInterfaceDescriptor(
|
|
|
| static void InitializeArrayConstructorDescriptor(Isolate* isolate,
|
| CodeStubInterfaceDescriptor* descriptor) {
|
| + // register state
|
| + // r1 -- constructor function
|
| + // r2 -- type info cell with elements kind
|
| + // r0 -- number of arguments to the constructor function
|
| static Register registers[] = { r1, r2 };
|
| descriptor->register_param_count_ = 2;
|
| // stack param count needs (constructor pointer, and single argument)
|
| @@ -5579,12 +5583,53 @@ void RegExpConstructResultStub::Generate(MacroAssembler* masm) {
|
| }
|
|
|
|
|
| +static void GenerateRecordCallTargetNoArray(MacroAssembler* masm) {
|
| + // Cache the called function in a global property cell. Cache states
|
| + // are uninitialized, monomorphic (indicated by a JSFunction), and
|
| + // megamorphic.
|
| + // r1 : the function to call
|
| + // r2 : cache cell for call target
|
| + ASSERT(!FLAG_optimize_constructed_arrays);
|
| + Label done;
|
| +
|
| + ASSERT_EQ(*TypeFeedbackCells::MegamorphicSentinel(masm->isolate()),
|
| + masm->isolate()->heap()->undefined_value());
|
| + ASSERT_EQ(*TypeFeedbackCells::UninitializedSentinel(masm->isolate()),
|
| + masm->isolate()->heap()->the_hole_value());
|
| +
|
| + // Load the cache state into r3.
|
| + __ ldr(r3, FieldMemOperand(r2, JSGlobalPropertyCell::kValueOffset));
|
| +
|
| + // A monomorphic cache hit or an already megamorphic state: invoke the
|
| + // function without changing the state.
|
| + __ cmp(r3, r1);
|
| + __ b(eq, &done);
|
| + __ CompareRoot(r3, Heap::kUndefinedValueRootIndex);
|
| + __ b(eq, &done);
|
| +
|
| + // A monomorphic miss (i.e, here the cache is not uninitialized) goes
|
| + // megamorphic.
|
| + __ CompareRoot(r3, Heap::kTheHoleValueRootIndex);
|
| + // MegamorphicSentinel is an immortal immovable object (undefined) so no
|
| + // write-barrier is needed.
|
| + __ LoadRoot(ip, Heap::kUndefinedValueRootIndex, ne);
|
| + __ str(ip, FieldMemOperand(r2, JSGlobalPropertyCell::kValueOffset), ne);
|
| +
|
| + // An uninitialized cache is patched with the function.
|
| + __ str(r1, FieldMemOperand(r2, JSGlobalPropertyCell::kValueOffset), eq);
|
| + // No need for a write barrier here - cells are rescanned.
|
| +
|
| + __ bind(&done);
|
| +}
|
| +
|
| +
|
| static void GenerateRecordCallTarget(MacroAssembler* masm) {
|
| // Cache the called function in a global property cell. Cache states
|
| // are uninitialized, monomorphic (indicated by a JSFunction), and
|
| // megamorphic.
|
| // r1 : the function to call
|
| // r2 : cache cell for call target
|
| + ASSERT(FLAG_optimize_constructed_arrays);
|
| Label initialize, done, miss, megamorphic, not_array_function;
|
|
|
| ASSERT_EQ(*TypeFeedbackCells::MegamorphicSentinel(masm->isolate()),
|
| @@ -5606,23 +5651,16 @@ static void GenerateRecordCallTarget(MacroAssembler* masm) {
|
| // monomorphic Array function but the initial ElementsKind with special
|
| // sentinels
|
| Handle<Object> terminal_kind_sentinel =
|
| - TypeFeedbackCells::MonomorphicArraySentinel(LAST_FAST_ELEMENTS_KIND);
|
| + TypeFeedbackCells::MonomorphicArraySentinel(masm->isolate(),
|
| + LAST_FAST_ELEMENTS_KIND);
|
| __ cmp(r3, Operand(terminal_kind_sentinel));
|
| __ b(ne, &miss);
|
| - // Load the global or builtins object from the current context
|
| - __ ldr(r3, MemOperand(cp, Context::SlotOffset(Context::GLOBAL_OBJECT_INDEX)));
|
| - __ ldr(r3, FieldMemOperand(r3, GlobalObject::kGlobalContextOffset));
|
| // Make sure the function is the Array() function
|
| - __ ldr(r3,
|
| - MemOperand(r3, Context::SlotOffset(Context::ARRAY_FUNCTION_INDEX)));
|
| + __ LoadArrayFunction(r3);
|
| __ cmp(r1, r3);
|
| - Label megamorphic_pre;
|
| - __ b(ne, &megamorphic_pre);
|
| + __ b(ne, &megamorphic);
|
| __ jmp(&done);
|
|
|
| - __ bind(&megamorphic_pre);
|
| - __ jmp(&megamorphic);
|
| -
|
| __ bind(&miss);
|
|
|
| // A monomorphic miss (i.e, here the cache is not uninitialized) goes
|
| @@ -5638,11 +5676,8 @@ static void GenerateRecordCallTarget(MacroAssembler* masm) {
|
| // An uninitialized cache is patched with the function or sentinel to
|
| // indicate the ElementsKind if function is the Array constructor.
|
| __ bind(&initialize);
|
| - __ ldr(r3, MemOperand(cp, Context::SlotOffset(Context::GLOBAL_OBJECT_INDEX)));
|
| - __ ldr(r3, FieldMemOperand(r3, GlobalObject::kGlobalContextOffset));
|
| - __ ldr(r3,
|
| - MemOperand(r3, Context::SlotOffset(Context::ARRAY_FUNCTION_INDEX)));
|
| // Make sure the function is the Array() function
|
| + __ LoadArrayFunction(r3);
|
| __ cmp(r1, r3);
|
| __ b(ne, ¬_array_function);
|
|
|
| @@ -5650,7 +5685,7 @@ static void GenerateRecordCallTarget(MacroAssembler* masm) {
|
| // the constructor's type info cell that will track the initial ElementsKind
|
| // that should be used for the array when its constructed.
|
| Handle<Object> initial_kind_sentinel =
|
| - TypeFeedbackCells::MonomorphicArraySentinel(
|
| + TypeFeedbackCells::MonomorphicArraySentinel(masm->isolate(),
|
| GetInitialFastElementsKind());
|
| __ mov(r3, Operand(initial_kind_sentinel));
|
| __ str(r3, FieldMemOperand(r2, JSGlobalPropertyCell::kValueOffset));
|
| @@ -5696,7 +5731,11 @@ void CallFunctionStub::Generate(MacroAssembler* masm) {
|
| __ b(ne, &slow);
|
|
|
| if (RecordCallTarget()) {
|
| - GenerateRecordCallTarget(masm);
|
| + if (FLAG_optimize_constructed_arrays) {
|
| + GenerateRecordCallTarget(masm);
|
| + } else {
|
| + GenerateRecordCallTargetNoArray(masm);
|
| + }
|
| }
|
|
|
| // Fast-case: Invoke the function now.
|
| @@ -5771,13 +5810,19 @@ void CallConstructStub::Generate(MacroAssembler* masm) {
|
| __ b(ne, &slow);
|
|
|
| if (RecordCallTarget()) {
|
| - GenerateRecordCallTarget(masm);
|
| + if (FLAG_optimize_constructed_arrays) {
|
| + GenerateRecordCallTarget(masm);
|
| + } else {
|
| + GenerateRecordCallTargetNoArray(masm);
|
| + }
|
| }
|
|
|
| // Jump to the function-specific construct stub.
|
| - __ ldr(r3, FieldMemOperand(r1, JSFunction::kSharedFunctionInfoOffset));
|
| - __ ldr(r3, FieldMemOperand(r3, SharedFunctionInfo::kConstructStubOffset));
|
| - __ add(pc, r3, Operand(Code::kHeaderSize - kHeapObjectTag));
|
| + Register jmp_reg = FLAG_optimize_constructed_arrays ? r3 : r2;
|
| + __ ldr(jmp_reg, FieldMemOperand(r1, JSFunction::kSharedFunctionInfoOffset));
|
| + __ ldr(jmp_reg, FieldMemOperand(jmp_reg,
|
| + SharedFunctionInfo::kConstructStubOffset));
|
| + __ add(pc, jmp_reg, Operand(Code::kHeaderSize - kHeapObjectTag));
|
|
|
| // r0: number of arguments
|
| // r1: called object
|
|
|
Chromium Code Reviews
Issue 11818021:
Allocation Info Tracking, continued. (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge