| Index: src/ic/mips64/ic-mips64.cc
|
| diff --git a/src/ic/mips64/ic-mips64.cc b/src/ic/mips64/ic-mips64.cc
|
| index 5d1183cd240fce5dddb6cf6669b46f3de8831dc2..9d7bdc8e623b4c05708e8714dc8517cf8f084a06 100644
|
| --- a/src/ic/mips64/ic-mips64.cc
|
| +++ b/src/ic/mips64/ic-mips64.cc
|
| @@ -474,8 +474,12 @@ static void KeyedStoreGenerateMegamorphicHelper(
|
|
|
| // Fast case: Do the store, could be either Object or double.
|
| __ bind(fast_object);
|
| - Register scratch_value = a4;
|
| + Register scratch = a4;
|
| + Register scratch2 = t0;
|
| Register address = a5;
|
| + DCHECK(!AreAliased(value, key, receiver, receiver_map, elements_map, elements,
|
| + scratch, scratch2, address));
|
| +
|
| if (check_map == kCheckMap) {
|
| __ ld(elements_map, FieldMemOperand(elements, HeapObject::kMapOffset));
|
| __ Branch(fast_double, ne, elements_map,
|
| @@ -489,12 +493,11 @@ static void KeyedStoreGenerateMegamorphicHelper(
|
| __ Daddu(address, elements, FixedArray::kHeaderSize - kHeapObjectTag);
|
| __ SmiScale(at, key, kPointerSizeLog2);
|
| __ daddu(address, address, at);
|
| - __ ld(scratch_value, MemOperand(address));
|
| + __ ld(scratch, MemOperand(address));
|
|
|
| - __ Branch(&holecheck_passed1, ne, scratch_value,
|
| + __ Branch(&holecheck_passed1, ne, scratch,
|
| Operand(masm->isolate()->factory()->the_hole_value()));
|
| - __ JumpIfDictionaryInPrototypeChain(receiver, elements_map, scratch_value,
|
| - slow);
|
| + __ JumpIfDictionaryInPrototypeChain(receiver, elements_map, scratch, slow);
|
|
|
| __ bind(&holecheck_passed1);
|
|
|
| @@ -504,37 +507,36 @@ static void KeyedStoreGenerateMegamorphicHelper(
|
|
|
| if (increment_length == kIncrementLength) {
|
| // Add 1 to receiver->length.
|
| - __ Daddu(scratch_value, key, Operand(Smi::FromInt(1)));
|
| - __ sd(scratch_value, FieldMemOperand(receiver, JSArray::kLengthOffset));
|
| + __ Daddu(scratch, key, Operand(Smi::FromInt(1)));
|
| + __ sd(scratch, FieldMemOperand(receiver, JSArray::kLengthOffset));
|
| }
|
| // It's irrelevant whether array is smi-only or not when writing a smi.
|
| __ Daddu(address, elements,
|
| Operand(FixedArray::kHeaderSize - kHeapObjectTag));
|
| - __ SmiScale(scratch_value, key, kPointerSizeLog2);
|
| - __ Daddu(address, address, scratch_value);
|
| + __ SmiScale(scratch, key, kPointerSizeLog2);
|
| + __ Daddu(address, address, scratch);
|
| __ sd(value, MemOperand(address));
|
| __ Ret();
|
|
|
| __ bind(&non_smi_value);
|
| // Escape to elements kind transition case.
|
| - __ CheckFastObjectElements(receiver_map, scratch_value,
|
| - &transition_smi_elements);
|
| + __ CheckFastObjectElements(receiver_map, scratch, &transition_smi_elements);
|
|
|
| // Fast elements array, store the value to the elements backing store.
|
| __ bind(&finish_object_store);
|
| if (increment_length == kIncrementLength) {
|
| // Add 1 to receiver->length.
|
| - __ Daddu(scratch_value, key, Operand(Smi::FromInt(1)));
|
| - __ sd(scratch_value, FieldMemOperand(receiver, JSArray::kLengthOffset));
|
| + __ Daddu(scratch, key, Operand(Smi::FromInt(1)));
|
| + __ sd(scratch, FieldMemOperand(receiver, JSArray::kLengthOffset));
|
| }
|
| __ Daddu(address, elements,
|
| Operand(FixedArray::kHeaderSize - kHeapObjectTag));
|
| - __ SmiScale(scratch_value, key, kPointerSizeLog2);
|
| - __ Daddu(address, address, scratch_value);
|
| + __ SmiScale(scratch, key, kPointerSizeLog2);
|
| + __ Daddu(address, address, scratch);
|
| __ sd(value, MemOperand(address));
|
| // Update write barrier for the elements array address.
|
| - __ mov(scratch_value, value); // Preserve the value which is returned.
|
| - __ RecordWrite(elements, address, scratch_value, kRAHasNotBeenSaved,
|
| + __ mov(scratch, value); // Preserve the value which is returned.
|
| + __ RecordWrite(elements, address, scratch, kRAHasNotBeenSaved,
|
| kDontSaveFPRegs, EMIT_REMEMBERED_SET, OMIT_SMI_CHECK);
|
| __ Ret();
|
|
|
| @@ -554,34 +556,31 @@ static void KeyedStoreGenerateMegamorphicHelper(
|
| kHeapObjectTag));
|
| __ SmiScale(at, key, kPointerSizeLog2);
|
| __ daddu(address, address, at);
|
| - __ lw(scratch_value, MemOperand(address));
|
| - __ Branch(&fast_double_without_map_check, ne, scratch_value,
|
| + __ lw(scratch, MemOperand(address));
|
| + __ Branch(&fast_double_without_map_check, ne, scratch,
|
| Operand(static_cast<int32_t>(kHoleNanUpper32)));
|
| - __ JumpIfDictionaryInPrototypeChain(receiver, elements_map, scratch_value,
|
| - slow);
|
| + __ JumpIfDictionaryInPrototypeChain(receiver, elements_map, scratch, slow);
|
|
|
| __ bind(&fast_double_without_map_check);
|
| - __ StoreNumberToDoubleElements(value, key,
|
| - elements, // Overwritten.
|
| - a3, // Scratch regs...
|
| - a4, &transition_double_elements);
|
| + __ StoreNumberToDoubleElements(value, key, elements, scratch, scratch2,
|
| + &transition_double_elements);
|
| if (increment_length == kIncrementLength) {
|
| // Add 1 to receiver->length.
|
| - __ Daddu(scratch_value, key, Operand(Smi::FromInt(1)));
|
| - __ sd(scratch_value, FieldMemOperand(receiver, JSArray::kLengthOffset));
|
| + __ Daddu(scratch, key, Operand(Smi::FromInt(1)));
|
| + __ sd(scratch, FieldMemOperand(receiver, JSArray::kLengthOffset));
|
| }
|
| __ Ret();
|
|
|
| __ bind(&transition_smi_elements);
|
| // Transition the array appropriately depending on the value type.
|
| - __ ld(a4, FieldMemOperand(value, HeapObject::kMapOffset));
|
| + __ ld(scratch, FieldMemOperand(value, HeapObject::kMapOffset));
|
| __ LoadRoot(at, Heap::kHeapNumberMapRootIndex);
|
| - __ Branch(&non_double_value, ne, a4, Operand(at));
|
| + __ Branch(&non_double_value, ne, scratch, Operand(at));
|
|
|
| // Value is a double. Transition FAST_SMI_ELEMENTS ->
|
| // FAST_DOUBLE_ELEMENTS and complete the store.
|
| __ LoadTransitionedArrayMapConditional(
|
| - FAST_SMI_ELEMENTS, FAST_DOUBLE_ELEMENTS, receiver_map, a4, slow);
|
| + FAST_SMI_ELEMENTS, FAST_DOUBLE_ELEMENTS, receiver_map, scratch, slow);
|
| AllocationSiteMode mode =
|
| AllocationSite::GetMode(FAST_SMI_ELEMENTS, FAST_DOUBLE_ELEMENTS);
|
| ElementsTransitionGenerator::GenerateSmiToDouble(masm, receiver, key, value,
|
| @@ -592,7 +591,7 @@ static void KeyedStoreGenerateMegamorphicHelper(
|
| __ bind(&non_double_value);
|
| // Value is not a double, FAST_SMI_ELEMENTS -> FAST_ELEMENTS
|
| __ LoadTransitionedArrayMapConditional(FAST_SMI_ELEMENTS, FAST_ELEMENTS,
|
| - receiver_map, a4, slow);
|
| + receiver_map, scratch, slow);
|
| mode = AllocationSite::GetMode(FAST_SMI_ELEMENTS, FAST_ELEMENTS);
|
| ElementsTransitionGenerator::GenerateMapChangeElementsTransition(
|
| masm, receiver, key, value, receiver_map, mode, slow);
|
| @@ -604,7 +603,7 @@ static void KeyedStoreGenerateMegamorphicHelper(
|
| // HeapNumber. Make sure that the receiver is a Array with FAST_ELEMENTS and
|
| // transition array from FAST_DOUBLE_ELEMENTS to FAST_ELEMENTS
|
| __ LoadTransitionedArrayMapConditional(FAST_DOUBLE_ELEMENTS, FAST_ELEMENTS,
|
| - receiver_map, a4, slow);
|
| + receiver_map, scratch, slow);
|
| mode = AllocationSite::GetMode(FAST_DOUBLE_ELEMENTS, FAST_ELEMENTS);
|
| ElementsTransitionGenerator::GenerateDoubleToObject(
|
| masm, receiver, key, value, receiver_map, mode, slow);
|
|
|
Chromium Code Reviews
Issue 1546323002:
[ic] Fixed receiver_map register trashing in KeyedStoreIC megamorphic. (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master