Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(711)

Unified Diff: src/x87/builtins-x87.cc

Issue 1506713002: X87: Fix inobject slack tracking for both subclassing and non-subclassing cases. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/x87/builtins-x87.cc
diff --git a/src/x87/builtins-x87.cc b/src/x87/builtins-x87.cc
index 94071d19fb58fdadd10ffbed6e79c5f0df329ce2..d76ba572c38b90de3a56b7a4a2a6a0d46b1fa9b2 100644
--- a/src/x87/builtins-x87.cc
+++ b/src/x87/builtins-x87.cc
@@ -166,37 +166,6 @@ static void Generate_JSConstructStubHelper(MacroAssembler* masm,
__ CmpInstanceType(eax, JS_FUNCTION_TYPE);
__ j(equal, &rt_call);
- if (!is_api_function) {
- Label allocate;
- // The code below relies on these assumptions.
- STATIC_ASSERT(Map::Counter::kShift + Map::Counter::kSize == 32);
- // Check if slack tracking is enabled.
- __ mov(esi, FieldOperand(eax, Map::kBitField3Offset));
- __ shr(esi, Map::Counter::kShift);
- __ cmp(esi, Map::kSlackTrackingCounterEnd);
- __ j(less, &allocate);
- // Decrease generous allocation count.
- __ sub(FieldOperand(eax, Map::kBitField3Offset),
- Immediate(1 << Map::Counter::kShift));
-
- __ cmp(esi, Map::kSlackTrackingCounterEnd);
- __ j(not_equal, &allocate);
-
- __ push(eax);
- __ push(edx);
- __ push(edi);
-
- __ push(eax); // initial map
- __ CallRuntime(Runtime::kFinalizeInstanceSize, 1);
-
- __ pop(edi);
- __ pop(edx);
- __ pop(eax);
- __ mov(esi, Map::kSlackTrackingCounterEnd - 1);
-
- __ bind(&allocate);
- }
-
// Now allocate the JSObject on the heap.
// edi: constructor
// eax: initial map
@@ -209,25 +178,37 @@ static void Generate_JSConstructStubHelper(MacroAssembler* masm,
// Allocated the JSObject, now initialize the fields.
// eax: initial map
- // ebx: JSObject
+ // ebx: JSObject (not HeapObject tagged - the actual address).
// edi: start of next object
__ mov(Operand(ebx, JSObject::kMapOffset), eax);
__ mov(ecx, factory->empty_fixed_array());
__ mov(Operand(ebx, JSObject::kPropertiesOffset), ecx);
__ mov(Operand(ebx, JSObject::kElementsOffset), ecx);
- // Set extra fields in the newly allocated object.
- // eax: initial map
- // ebx: JSObject
- // edi: start of next object
- // esi: slack tracking counter (non-API function case)
- __ mov(edx, factory->undefined_value());
__ lea(ecx, Operand(ebx, JSObject::kHeaderSize));
+
+ // Add the object tag to make the JSObject real, so that we can continue
+ // and jump into the continuation code at any time from now on.
+ __ or_(ebx, Immediate(kHeapObjectTag));
+
+ // Fill all the in-object properties with the appropriate filler.
+ // ebx: JSObject (tagged)
+ // ecx: First in-object property of JSObject (not tagged)
+ __ mov(edx, factory->undefined_value());
+
if (!is_api_function) {
Label no_inobject_slack_tracking;
+ // The code below relies on these assumptions.
+ STATIC_ASSERT(Map::Counter::kShift + Map::Counter::kSize == 32);
// Check if slack tracking is enabled.
+ __ mov(esi, FieldOperand(eax, Map::kBitField3Offset));
+ __ shr(esi, Map::Counter::kShift);
__ cmp(esi, Map::kSlackTrackingCounterEnd);
__ j(less, &no_inobject_slack_tracking);
+ __ push(esi); // Save allocation count value.
+ // Decrease generous allocation count.
+ __ sub(FieldOperand(eax, Map::kBitField3Offset),
+ Immediate(1 << Map::Counter::kShift));
// Allocate object with a slack.
__ movzx_b(esi, FieldOperand(eax, Map::kUnusedPropertyFieldsOffset));
@@ -244,17 +225,28 @@ static void Generate_JSConstructStubHelper(MacroAssembler* masm,
// To allow truncation fill the remaining fields with one pointer
// filler map.
__ mov(edx, factory->one_pointer_filler_map());
+ __ InitializeFieldsWithFiller(ecx, edi, edx);
+
+ __ pop(esi); // Restore allocation count value before decreasing.
+ __ cmp(esi, Map::kSlackTrackingCounterEnd);
+ __ j(not_equal, &allocated);
+
+ // Push the object to the stack, and then the initial map as
+ // an argument to the runtime call.
+ __ push(ebx);
+ __ push(eax); // initial map
+ __ CallRuntime(Runtime::kFinalizeInstanceSize, 1);
+ __ pop(ebx);
+
+ // Continue with JSObject being successfully allocated
+ // ebx: JSObject (tagged)
+ __ jmp(&allocated);
__ bind(&no_inobject_slack_tracking);
}
__ InitializeFieldsWithFiller(ecx, edi, edx);
- // Add the object tag to make the JSObject real, so that we can continue
- // and jump into the continuation code at any time from now on.
- // ebx: JSObject (untagged)
- __ or_(ebx, Immediate(kHeapObjectTag));
-
// Continue with JSObject being successfully allocated
// ebx: JSObject (tagged)
__ jmp(&allocated);
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698