Chromium Code Reviews Chromium Code Reviews
Issue 12700006:
Replace ICStub for array.length with hydrogen stub (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge| Index: src/ic.cc |
| diff --git a/src/ic.cc b/src/ic.cc |
| index da2211b7b686abc9f28a586fcaba986f4b90eaec..c999e58cf42e76afcf4f123a8830743260449877 100644 |
| --- a/src/ic.cc |
| +++ b/src/ic.cc |
| @@ -855,28 +855,6 @@ MaybeObject* LoadIC::Load(State state, |
| return Smi::FromInt(String::cast(*string)->length()); |
| } |
| - // Use specialized code for getting the length of arrays. |
| - if (object->IsJSArray() && |
| - name->Equals(isolate()->heap()->length_string())) { |
| - Handle<Code> stub; |
| - if (state == UNINITIALIZED) { |
| - stub = pre_monomorphic_stub(); |
| - } else if (state == PREMONOMORPHIC) { |
| - ArrayLengthStub array_length_stub(kind()); |
| - stub = array_length_stub.GetCode(isolate()); |
| - } else if (state != MEGAMORPHIC) { |
| - ASSERT(state != GENERIC); |
| - stub = megamorphic_stub(); |
| - } |
| - if (!stub.is_null()) { |
| - set_target(*stub); |
| -#ifdef DEBUG |
| - if (FLAG_trace_ic) PrintF("[LoadIC : +#length /array]\n"); |
| -#endif |
| - } |
| - return JSArray::cast(*object)->length(); |
| - } |
| - |
| // Use specialized code for getting prototype of functions. |
| if (object->IsJSFunction() && |
| name->Equals(isolate()->heap()->prototype_string()) && |
| @@ -1052,6 +1030,34 @@ void IC::PatchCache(State state, |
| // Only move to megamorphic if the target changes. |
| if (target() != *code) { |
| if (target()->is_load_stub()) { |
| + bool is_map_transition = false; |
|
danno
2013/03/13 11:49:48
How about refactoring this code into a method "IsT
Dmitry Lomov (no reviews)
2013/03/13 16:14:31
Done.
|
| + { |
| + // Stay monomorpic if: |
| + // 1. Target handler is identical to a new handler |
| + // 2. New map can transition to a receiver map |
| + AssertNoAllocation no_allocation; |
| + Code* old_handler = target()->FindFirstCode(); |
| + if (old_handler == *code) { |
| + Map* old_map = target()->FindFirstMap(); |
| + Map* receiver_map = receiver->map(); |
| + ElementsKind receiver_elements_kind = |
| + receiver_map->elements_kind(); |
| + bool more_general_transition = |
| + IsMoreGeneralElementsKindTransition( |
| + old_map->elements_kind(), receiver_elements_kind); |
| + Map* transitioned_old_map = more_general_transition |
| + ? old_map->LookupElementsTransitionMap(receiver_elements_kind) |
| + : NULL; |
|
Toon Verwaest
2013/03/13 11:56:48
I think we could make this more generic by followi
|
| + |
| + if (transitioned_old_map == receiver_map) { |
| + is_map_transition = true; |
| + } |
| + } |
| + } |
| + if (is_map_transition) { |
| + UpdateMonomorphicIC(receiver, code, name); |
| + break; |
| + } |
| if (UpdatePolymorphicIC(state, strict_mode, receiver, name, code)) { |
| break; |
| } |
| @@ -1162,6 +1168,7 @@ void LoadIC::UpdateCaches(LookupResult* lookup, |
| if (code.is_null()) return; |
| } |
| + |
|
danno
2013/03/13 11:49:48
nit: remove extra whitespace
Dmitry Lomov (no reviews)
2013/03/13 16:14:31
Done.
|
| PatchCache(state, kNonStrictMode, receiver, name, code); |
| TRACE_IC("LoadIC", name, state, target()); |
| } |
| @@ -1223,6 +1230,12 @@ Handle<Code> LoadIC::ComputeLoadHandler(LookupResult* lookup, |
| if (!holder->HasFastProperties()) break; |
| return isolate()->stub_cache()->ComputeLoadViaGetter( |
| name, receiver, holder, Handle<JSFunction>::cast(getter)); |
| + } else if (receiver->IsJSArray() && |
| + name->Equals(isolate()->heap()->length_string())) { |
| + PropertyIndex lengthIndex = |
| + PropertyIndex::NewHeaderIndex(JSArray::kLengthOffset / kPointerSize); |
| + return isolate()->stub_cache()->ComputeLoadField( |
| + name, receiver, holder, lengthIndex); |
| } |
| // TODO(dcarney): Handle correctly. |
| if (callback->IsDeclaredAccessorInfo()) break; |
