Remove unused byte from Map::instance_sizes field.

src/x64/builtins-x64.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/v8.h"
 
 #if V8_TARGET_ARCH_X64
 
 #include "src/code-factory.h"
 #include "src/codegen.h"
@@ skipping 155 matching lines @@
     __ cmpp(rdx, rdi);
     __ j(equal, &normal_new);
 
     Generate_Runtime_NewObject(masm, create_memento, rdx, &count_incremented,
                                &allocated);
 
     __ bind(&normal_new);
     // Try to allocate the object without transitioning into C code. If any of
     // the preconditions is not met, the code bails out to the runtime call.
     if (FLAG_inline_new) {
-      Label undo_allocation;
-
       ExternalReference debug_step_in_fp =
           ExternalReference::debug_step_in_fp_address(masm->isolate());
       __ Move(kScratchRegister, debug_step_in_fp);
       __ cmpp(Operand(kScratchRegister, 0), Immediate(0));
       __ j(not_equal, &rt_call);
 
       // Verified that the constructor is a JSFunction.
       // Load the initial map and verify that it is in fact a map.
       // rdi: constructor
       __ movp(rax, FieldOperand(rdi, JSFunction::kPrototypeOrInitialMapOffset));
@@ skipping 71 matching lines @@
       __ leap(rcx, Operand(rbx, JSObject::kHeaderSize));
       __ LoadRoot(rdx, Heap::kUndefinedValueRootIndex);
       if (!is_api_function) {
         Label no_inobject_slack_tracking;
 
         // Check if slack tracking is enabled.
         __ cmpl(rsi, Immediate(Map::kSlackTrackingCounterEnd));
         __ j(less, &no_inobject_slack_tracking);
 
         // Allocate object with a slack.
-        __ movzxbp(rsi,
-                   FieldOperand(rax, Map::kPreAllocatedPropertyFieldsOffset));
+        __ movzxbp(rsi, FieldOperand(rax, Map::kInObjectPropertiesOffset));
+        __ movzxbp(rax, FieldOperand(rax, Map::kUnusedPropertyFieldsOffset));
+        __ subp(rsi, rax);
         __ leap(rsi,
                Operand(rbx, rsi, times_pointer_size, JSObject::kHeaderSize));
         // rsi: offset of first field after pre-allocated fields
         if (FLAG_debug_code) {
           __ cmpp(rsi, rdi);
           __ Assert(less_equal,
                     kUnexpectedNumberOfPreAllocatedPropertyFields);
         }
         __ InitializeFieldsWithFiller(rcx, rsi, rdx);
         __ LoadRoot(rdx, Heap::kOnePointerFillerMapRootIndex);
@@ skipping 10 matching lines @@
         __ Move(Operand(rsi, AllocationMemento::kMapOffset),
                 factory->allocation_memento_map());
         // Get the cell or undefined.
         __ movp(rdx, Operand(rsp, kPointerSize*2));
         __ movp(Operand(rsi, AllocationMemento::kAllocationSiteOffset), rdx);
       } else {
         __ InitializeFieldsWithFiller(rcx, rdi, rdx);
       }
 
       // Add the object tag to make the JSObject real, so that we can continue
-      // and jump into the continuation code at any time from now on. Any
-      // failures need to undo the allocation, so that the heap is in a
-      // consistent state and verifiable.
-      // rax: initial map
-      // rbx: JSObject
-      // rdi: start of next object
+      // and jump into the continuation code at any time from now on.
+      // rbx: JSObject (untagged)
       __ orp(rbx, Immediate(kHeapObjectTag));
 
-      // Check if a non-empty properties array is needed.
-      // Allocate and initialize a FixedArray if it is.
-      // rax: initial map
-      // rbx: JSObject
-      // rdi: start of next object
-      // Calculate total properties described map.
-      __ movzxbp(rdx, FieldOperand(rax, Map::kUnusedPropertyFieldsOffset));
-      __ movzxbp(rcx,
-                 FieldOperand(rax, Map::kPreAllocatedPropertyFieldsOffset));
-      __ addp(rdx, rcx);
-      // Calculate unused properties past the end of the in-object properties.
-      __ movzxbp(rcx, FieldOperand(rax, Map::kInObjectPropertiesOffset));
-      __ subp(rdx, rcx);
-      // Done if no extra properties are to be allocated.
-      __ j(zero, &allocated);
-      __ Assert(positive, kPropertyAllocationCountFailed);
-
-      // Scale the number of elements by pointer size and add the header for
-      // FixedArrays to the start of the next object calculation from above.
-      // rbx: JSObject
-      // rdi: start of next object (will be start of FixedArray)
-      // rdx: number of elements in properties array
-      __ Allocate(FixedArray::kHeaderSize,
-                  times_pointer_size,
-                  rdx,
-                  rdi,
-                  rax,
-                  no_reg,
-                  &undo_allocation,
-                  RESULT_CONTAINS_TOP);
-
-      // Initialize the FixedArray.
-      // rbx: JSObject
-      // rdi: FixedArray
-      // rdx: number of elements
-      // rax: start of next object
-      __ LoadRoot(rcx, Heap::kFixedArrayMapRootIndex);
-      __ movp(Operand(rdi, HeapObject::kMapOffset), rcx);  // setup the map
-      __ Integer32ToSmi(rdx, rdx);
-      __ movp(Operand(rdi, FixedArray::kLengthOffset), rdx);  // and length
-
-      // Initialize the fields to undefined.
-      // rbx: JSObject
-      // rdi: FixedArray
-      // rax: start of next object
-      // rdx: number of elements
-      __ LoadRoot(rdx, Heap::kUndefinedValueRootIndex);
-      __ leap(rcx, Operand(rdi, FixedArray::kHeaderSize));
-      __ InitializeFieldsWithFiller(rcx, rax, rdx);
-
-      // Store the initialized FixedArray into the properties field of
-      // the JSObject
-      // rbx: JSObject
-      // rdi: FixedArray
-      __ orp(rdi, Immediate(kHeapObjectTag));  // add the heap tag
-      __ movp(FieldOperand(rbx, JSObject::kPropertiesOffset), rdi);
-
-
       // Continue with JSObject being successfully allocated
-      // rbx: JSObject
+      // rbx: JSObject (tagged)
       __ jmp(&allocated);
-
-      // Undo the setting of the new top so that the heap is verifiable. For
-      // example, the map's unused properties potentially do not match the
-      // allocated objects unused properties.
-      // rbx: JSObject (previous new top)
-      __ bind(&undo_allocation);
-      __ UndoAllocationInNewSpace(rbx);
     }
 
     // Allocate the new receiver object using the runtime call.
     // rdi: function (constructor)
     __ bind(&rt_call);
     Generate_Runtime_NewObject(masm, create_memento, rdi, &count_incremented,
                                &allocated);
 
     // New object allocated.
     // rbx: newly allocated object
@@ skipping 1402 matching lines @@
   __ ret(0);
 }
 
 
 #undef __
 
 }  // namespace internal
 }  // namespace v8
 
 #endif  // V8_TARGET_ARCH_X64