| Index: src/x64/lithium-codegen-x64.cc
|
| diff --git a/src/x64/lithium-codegen-x64.cc b/src/x64/lithium-codegen-x64.cc
|
| index e10cebd084d4acacc7c746455029d76c89a6b31f..b054d7a206bcf315ae1d5cbae86949552a600bdf 100644
|
| --- a/src/x64/lithium-codegen-x64.cc
|
| +++ b/src/x64/lithium-codegen-x64.cc
|
| @@ -4917,12 +4917,17 @@ void LCodeGen::DoArrayLiteral(LArrayLiteral* instr) {
|
| DeoptimizeIf(not_equal, instr->environment());
|
| }
|
|
|
| + int flags = allocation_site_mode == TRACK_ALLOCATION_SITE
|
| + ? ArrayLiteral::kAllocationSiteInfoAllowed
|
| + : ArrayLiteral::kNoFlags;
|
| +
|
| // Set up the parameters to the stub/runtime call.
|
| __ PushHeapObject(literals);
|
| __ Push(Smi::FromInt(instr->hydrogen()->literal_index()));
|
| // Boilerplate already exists, constant elements are never accessed.
|
| // Pass an empty fixed array.
|
| __ Push(isolate()->factory()->empty_fixed_array());
|
| + __ Push(Smi::FromInt(flags));
|
|
|
| // Pick the right runtime function or stub to call.
|
| int length = instr->hydrogen()->length();
|
| @@ -4933,9 +4938,9 @@ void LCodeGen::DoArrayLiteral(LArrayLiteral* instr) {
|
| FastCloneShallowArrayStub stub(mode, DONT_TRACK_ALLOCATION_SITE, length);
|
| CallCode(stub.GetCode(), RelocInfo::CODE_TARGET, instr);
|
| } else if (instr->hydrogen()->depth() > 1) {
|
| - CallRuntime(Runtime::kCreateArrayLiteral, 3, instr);
|
| + CallRuntime(Runtime::kCreateArrayLiteral, 4, instr);
|
| } else if (length > FastCloneShallowArrayStub::kMaximumClonedLength) {
|
| - CallRuntime(Runtime::kCreateArrayLiteralShallow, 3, instr);
|
| + CallRuntime(Runtime::kCreateArrayLiteralShallow, 4, instr);
|
| } else {
|
| FastCloneShallowArrayStub::Mode mode =
|
| boilerplate_elements_kind == FAST_DOUBLE_ELEMENTS
|
| @@ -4948,6 +4953,7 @@ void LCodeGen::DoArrayLiteral(LArrayLiteral* instr) {
|
|
|
|
|
| void LCodeGen::EmitDeepCopy(Handle<JSObject> object,
|
| + Handle<JSObject> original_object,
|
| Register result,
|
| Register source,
|
| int* offset,
|
| @@ -4955,11 +4961,18 @@ void LCodeGen::EmitDeepCopy(Handle<JSObject> object,
|
| ASSERT(!source.is(rcx));
|
| ASSERT(!result.is(rcx));
|
|
|
| + // Should we track allocation info for *this* object in the tree?
|
| bool create_allocation_site_info = mode == TRACK_ALLOCATION_SITE &&
|
| object->map()->CanTrackAllocationSite();
|
|
|
| + if (create_allocation_site_info && object->IsJSArray()) {
|
| + create_allocation_site_info = AllocationSiteInfo::GetMode(
|
| + object->GetElementsKind()) == TRACK_ALLOCATION_SITE;
|
| + }
|
| +
|
| // Only elements backing stores for non-COW arrays need to be copied.
|
| Handle<FixedArrayBase> elements(object->elements());
|
| + Handle<FixedArrayBase> original_elements(original_object->elements());
|
| bool has_elements = elements->length() > 0 &&
|
| elements->map() != isolate()->heap()->fixed_cow_array_map();
|
|
|
| @@ -4995,11 +5008,14 @@ void LCodeGen::EmitDeepCopy(Handle<JSObject> object,
|
| Handle<Object> value = Handle<Object>(object->InObjectPropertyAt(i));
|
| if (value->IsJSObject()) {
|
| Handle<JSObject> value_object = Handle<JSObject>::cast(value);
|
| + Handle<JSObject> original_value_object = Handle<JSObject>::cast(
|
| + Handle<Object>(original_object->InObjectPropertyAt(i)));
|
| +
|
| __ lea(rcx, Operand(result, *offset));
|
| __ movq(FieldOperand(result, total_offset), rcx);
|
| __ LoadHeapObject(source, value_object);
|
| - EmitDeepCopy(value_object, result, source, offset,
|
| - DONT_TRACK_ALLOCATION_SITE);
|
| + EmitDeepCopy(value_object, original_value_object, result, source,
|
| + offset, mode);
|
| } else if (value->IsHeapObject()) {
|
| __ LoadHeapObject(rcx, Handle<HeapObject>::cast(value));
|
| __ movq(FieldOperand(result, total_offset), rcx);
|
| @@ -5012,8 +5028,10 @@ void LCodeGen::EmitDeepCopy(Handle<JSObject> object,
|
| // Build Allocation Site Info if desired
|
| if (create_allocation_site_info) {
|
| __ LoadRoot(kScratchRegister, Heap::kAllocationSiteInfoMapRootIndex);
|
| - __ movq(FieldOperand(result, object_size), kScratchRegister);
|
| - __ movq(FieldOperand(result, object_size + kPointerSize), source);
|
| + __ movq(FieldOperand(result, object_size + object_offset), kScratchRegister);
|
| + __ LoadHeapObject(rcx, original_object);
|
| + __ movq(FieldOperand(result, object_size + object_offset + kPointerSize),
|
| + rcx);
|
| }
|
|
|
| if (has_elements) {
|
| @@ -5038,16 +5056,26 @@ void LCodeGen::EmitDeepCopy(Handle<JSObject> object,
|
| }
|
| } else if (elements->IsFixedArray()) {
|
| Handle<FixedArray> fast_elements = Handle<FixedArray>::cast(elements);
|
| + Handle<FixedArray> original_fast_elements =
|
| + Handle<FixedArray>::cast(original_elements);
|
| for (int i = 0; i < elements_length; i++) {
|
| int total_offset = elements_offset + FixedArray::OffsetOfElementAt(i);
|
| Handle<Object> value(fast_elements->get(i));
|
| if (value->IsJSObject()) {
|
| Handle<JSObject> value_object = Handle<JSObject>::cast(value);
|
| + Handle<JSObject> original_value_object = Handle<JSObject>::cast(
|
| + Handle<Object>(original_fast_elements->get(i)));
|
| __ lea(rcx, Operand(result, *offset));
|
| __ movq(FieldOperand(result, total_offset), rcx);
|
| __ LoadHeapObject(source, value_object);
|
| - EmitDeepCopy(value_object, result, source, offset,
|
| - DONT_TRACK_ALLOCATION_SITE);
|
| +
|
| + // TODO(mvstanton): do we have to worry that the original object
|
| + // changed from a fixed array to a fixeddoublearray? If that happened
|
| + // then the original_value_object expression might point to garbage
|
| + // memory, right?
|
| + ASSERT(!value_object.is_identical_to(original_value_object));
|
| + EmitDeepCopy(value_object, original_value_object, result, source,
|
| + offset, mode);
|
| } else if (value->IsHeapObject()) {
|
| __ LoadHeapObject(rcx, Handle<HeapObject>::cast(value));
|
| __ movq(FieldOperand(result, total_offset), rcx);
|
| @@ -5065,24 +5093,6 @@ void LCodeGen::EmitDeepCopy(Handle<JSObject> object,
|
|
|
| void LCodeGen::DoFastLiteral(LFastLiteral* instr) {
|
| int size = instr->hydrogen()->total_size();
|
| - ElementsKind boilerplate_elements_kind =
|
| - instr->hydrogen()->boilerplate()->GetElementsKind();
|
| -
|
| - // Deopt if the array literal boilerplate ElementsKind is of a type different
|
| - // than the expected one. The check isn't necessary if the boilerplate has
|
| - // already been converted to TERMINAL_FAST_ELEMENTS_KIND.
|
| - if (CanTransitionToMoreGeneralFastElementsKind(
|
| - boilerplate_elements_kind, true)) {
|
| - __ LoadHeapObject(rbx, instr->hydrogen()->boilerplate());
|
| - __ movq(rcx, FieldOperand(rbx, HeapObject::kMapOffset));
|
| - // Load the map's "bit field 2".
|
| - __ movb(rcx, FieldOperand(rcx, Map::kBitField2Offset));
|
| - // Retrieve elements_kind from bit field 2.
|
| - __ and_(rcx, Immediate(Map::kElementsKindMask));
|
| - __ cmpb(rcx, Immediate(boilerplate_elements_kind <<
|
| - Map::kElementsKindShift));
|
| - DeoptimizeIf(not_equal, instr->environment());
|
| - }
|
|
|
| // Allocate all objects that are part of the literal in one big
|
| // allocation. This avoids multiple limit checks.
|
| @@ -5097,7 +5107,9 @@ void LCodeGen::DoFastLiteral(LFastLiteral* instr) {
|
| __ bind(&allocated);
|
| int offset = 0;
|
| __ LoadHeapObject(rbx, instr->hydrogen()->boilerplate());
|
| - EmitDeepCopy(instr->hydrogen()->boilerplate(), rax, rbx, &offset,
|
| + EmitDeepCopy(instr->hydrogen()->boilerplate(),
|
| + instr->hydrogen()->original_boilerplate(),
|
| + rax, rbx, &offset,
|
| instr->hydrogen()->allocation_site_mode());
|
| ASSERT_EQ(size, offset);
|
| }
|
| @@ -5118,6 +5130,11 @@ void LCodeGen::DoObjectLiteral(LObjectLiteral* instr) {
|
| flags |= instr->hydrogen()->has_function()
|
| ? ObjectLiteral::kHasFunction
|
| : ObjectLiteral::kNoFlags;
|
| +
|
| + if (instr->hydrogen()->allocation_site_mode() == TRACK_ALLOCATION_SITE) {
|
| + flags |= ObjectLiteral::kAllocationSiteInfoAllowed;
|
| + }
|
| +
|
| __ Push(Smi::FromInt(flags));
|
|
|
| // Pick the right runtime function or stub to call.
|
|
|
Chromium Code Reviews
Issue 12114054:
Supporting AllocationSiteInfo for Nested arrays (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge