Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(82)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/builtins.cc

Issue 14846017: Becuase of cross-context calls, hydrogen-based Array constructor needs to ensure (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Enable optimize_constructed_arrays Created 7 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « src/arm/code-stubs-arm.cc ('k') | src/code-stubs.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 176 matching lines...) Expand 10 before | Expand all | Expand 10 after
187 UNREACHABLE(); 187 UNREACHABLE();
188 return isolate->heap()->undefined_value(); // Make compiler happy. 188 return isolate->heap()->undefined_value(); // Make compiler happy.
189 } 189 }
190 190
191 191
192 BUILTIN(EmptyFunction) { 192 BUILTIN(EmptyFunction) {
193 return isolate->heap()->undefined_value(); 193 return isolate->heap()->undefined_value();
194 } 194 }
195 195
196 196
197 #define CONVERT_ARG_STUB_CALLER_ARGS(name) \ 197 RUNTIME_FUNCTION(MaybeObject*, ArrayConstructor_StubFailure) {
198 Arguments* name = reinterpret_cast<Arguments*>(args[0]); 198 // If we get 2 arguments then they are the stub parameters (constructor, type
199 // info). If we get 3, then the first one is a pointer to the arguments
200 // passed by the caller.
201 Arguments empty_args(0, NULL);
202 bool no_caller_args = args.length() == 2;
203 ASSERT(no_caller_args || args.length() == 3);
204 int parameters_start = no_caller_args ? 0 : 1;
205 Arguments* caller_args = no_caller_args
206 ? &empty_args
207 : reinterpret_cast<Arguments*>(args[0]);
208 Handle<JSFunction> constructor = args.at<JSFunction>(parameters_start);
209 Handle<Object> type_info = args.at<Object>(parameters_start + 1);
199 210
200
201 RUNTIME_FUNCTION(MaybeObject*, ArrayConstructor_StubFailure) {
202 CONVERT_ARG_STUB_CALLER_ARGS(caller_args);
203 ASSERT(args.length() == 2);
204 Handle<Object> type_info = args.at<Object>(1);
205
206 JSArray* array = NULL;
207 bool holey = false; 211 bool holey = false;
208 if (caller_args->length() == 1 && (*caller_args)[0]->IsSmi()) { 212 if (caller_args->length() == 1 && (*caller_args)[0]->IsSmi()) {
209 int value = Smi::cast((*caller_args)[0])->value(); 213 int value = Smi::cast((*caller_args)[0])->value();
210 holey = (value > 0 && value < JSObject::kInitialMaxFastElementArray); 214 holey = (value > 0 && value < JSObject::kInitialMaxFastElementArray);
211 } 215 }
212 216
217 JSArray* array;
213 MaybeObject* maybe_array; 218 MaybeObject* maybe_array;
214 if (*type_info != isolate->heap()->undefined_value()) { 219 if (*type_info != isolate->heap()->undefined_value() &&
220 JSGlobalPropertyCell::cast(*type_info)->value()->IsSmi()) {
215 JSGlobalPropertyCell* cell = JSGlobalPropertyCell::cast(*type_info); 221 JSGlobalPropertyCell* cell = JSGlobalPropertyCell::cast(*type_info);
216 if (cell->value()->IsSmi()) { 222 Smi* smi = Smi::cast(cell->value());
217 Smi* smi = Smi::cast(cell->value()); 223 ElementsKind to_kind = static_cast<ElementsKind>(smi->value());
218 ElementsKind to_kind = static_cast<ElementsKind>(smi->value()); 224 if (holey && !IsFastHoleyElementsKind(to_kind)) {
219 if (holey && !IsFastHoleyElementsKind(to_kind)) { 225 to_kind = GetHoleyElementsKind(to_kind);
220 to_kind = GetHoleyElementsKind(to_kind); 226 // Update the allocation site info to reflect the advice alteration.
221 // Update the allocation site info to reflect the advice alteration. 227 cell->set_value(Smi::FromInt(to_kind));
222 cell->set_value(Smi::FromInt(to_kind)); 228 }
223 }
224 229
225 AllocationSiteMode mode = AllocationSiteInfo::GetMode(to_kind); 230 maybe_array = isolate->heap()->AllocateJSObjectWithAllocationSite(
226 if (mode == TRACK_ALLOCATION_SITE) { 231 *constructor, type_info);
227 maybe_array = isolate->heap()->AllocateEmptyJSArrayWithAllocationSite( 232 if (!maybe_array->To(&array)) return maybe_array;
228 to_kind, type_info); 233 } else {
229 } else { 234 ElementsKind kind = constructor->initial_map()->elements_kind();
230 maybe_array = isolate->heap()->AllocateEmptyJSArray(to_kind); 235 ASSERT(kind == GetInitialFastElementsKind());
231 } 236 maybe_array = isolate->heap()->AllocateJSObject(*constructor);
232 if (!maybe_array->To(&array)) return maybe_array; 237 if (!maybe_array->To(&array)) return maybe_array;
238 // We might need to transition to holey
239 if (holey) {
240 kind = GetHoleyElementsKind(kind);
241 maybe_array = array->TransitionElementsKind(kind);
242 if (maybe_array->IsFailure()) return maybe_array;
233 } 243 }
234 } 244 }
235 245
236 ElementsKind kind = GetInitialFastElementsKind(); 246 maybe_array = isolate->heap()->AllocateJSArrayStorage(array, 0, 0,
237 if (holey) { 247 DONT_INITIALIZE_ARRAY_ELEMENTS);
238 kind = GetHoleyElementsKind(kind); 248 if (maybe_array->IsFailure()) return maybe_array;
239 }
240
241 if (array == NULL) {
242 maybe_array = isolate->heap()->AllocateEmptyJSArray(kind);
243 if (!maybe_array->To(&array)) return maybe_array;
244 }
245
246 maybe_array = ArrayConstructInitializeElements(array, caller_args); 249 maybe_array = ArrayConstructInitializeElements(array, caller_args);
247 if (maybe_array->IsFailure()) return maybe_array; 250 if (maybe_array->IsFailure()) return maybe_array;
248 return array; 251 return array;
249 } 252 }
250 253
251 254
252 static MaybeObject* ArrayCodeGenericCommon(Arguments* args, 255 static MaybeObject* ArrayCodeGenericCommon(Arguments* args,
253 Isolate* isolate, 256 Isolate* isolate,
254 JSFunction* constructor) { 257 JSFunction* constructor) {
255 ASSERT(args->length() >= 1); 258 ASSERT(args->length() >= 1);
(...skipping 1622 matching lines...) Expand 10 before | Expand all | Expand 10 after
1878 return Handle<Code>(code_address); \ 1881 return Handle<Code>(code_address); \
1879 } 1882 }
1880 BUILTIN_LIST_C(DEFINE_BUILTIN_ACCESSOR_C) 1883 BUILTIN_LIST_C(DEFINE_BUILTIN_ACCESSOR_C)
1881 BUILTIN_LIST_A(DEFINE_BUILTIN_ACCESSOR_A) 1884 BUILTIN_LIST_A(DEFINE_BUILTIN_ACCESSOR_A)
1882 BUILTIN_LIST_DEBUG_A(DEFINE_BUILTIN_ACCESSOR_A) 1885 BUILTIN_LIST_DEBUG_A(DEFINE_BUILTIN_ACCESSOR_A)
1883 #undef DEFINE_BUILTIN_ACCESSOR_C 1886 #undef DEFINE_BUILTIN_ACCESSOR_C
1884 #undef DEFINE_BUILTIN_ACCESSOR_A 1887 #undef DEFINE_BUILTIN_ACCESSOR_A
1885 1888
1886 1889
1887 } } // namespace v8::internal 1890 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « src/arm/code-stubs-arm.cc ('k') | src/code-stubs.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698