| Index: src/x64/code-stubs-x64.cc
|
| diff --git a/src/x64/code-stubs-x64.cc b/src/x64/code-stubs-x64.cc
|
| index 181ceb79ad876d08219d12a8c06925d6d86fae8b..4b3d02841b28341dc8332c9d1568034a787f8773 100644
|
| --- a/src/x64/code-stubs-x64.cc
|
| +++ b/src/x64/code-stubs-x64.cc
|
| @@ -4464,6 +4464,139 @@ void InternalArrayConstructorStub::Generate(MacroAssembler* masm) {
|
| }
|
|
|
|
|
| +void FastNewObjectStub::Generate(MacroAssembler* masm) {
|
| + // ----------- S t a t e -------------
|
| + // -- rdi : target
|
| + // -- rdx : new target
|
| + // -- rsi : context
|
| + // -- rsp[0] : return address
|
| + // -----------------------------------
|
| + __ AssertFunction(rdi);
|
| + __ AssertReceiver(rdx);
|
| +
|
| + // Verify that the new target is a JSFunction.
|
| + Label new_object;
|
| + __ CmpObjectType(rdx, JS_FUNCTION_TYPE, rbx);
|
| + __ j(not_equal, &new_object);
|
| +
|
| + // Load the initial map and verify that it's in fact a map.
|
| + __ movp(rcx, FieldOperand(rdx, JSFunction::kPrototypeOrInitialMapOffset));
|
| + __ JumpIfSmi(rcx, &new_object);
|
| + __ CmpObjectType(rcx, MAP_TYPE, rbx);
|
| + __ j(not_equal, &new_object);
|
| +
|
| + // Fall back to runtime if the target differs from the new target's
|
| + // initial map constructor.
|
| + __ cmpp(rdi, FieldOperand(rcx, Map::kConstructorOrBackPointerOffset));
|
| + __ j(not_equal, &new_object);
|
| +
|
| + // Allocate the JSObject on the heap.
|
| + Label allocate, done_allocate;
|
| + __ movzxbl(rbx, FieldOperand(rcx, Map::kInstanceSizeOffset));
|
| + __ leal(rbx, Operand(rbx, times_pointer_size, 0));
|
| + __ Allocate(rbx, rax, rdi, no_reg, &allocate, NO_ALLOCATION_FLAGS);
|
| + __ bind(&done_allocate);
|
| +
|
| + // Initialize the JSObject fields.
|
| + __ movp(Operand(rax, JSObject::kMapOffset), rcx);
|
| + __ LoadRoot(rbx, Heap::kEmptyFixedArrayRootIndex);
|
| + __ movp(Operand(rax, JSObject::kPropertiesOffset), rbx);
|
| + __ movp(Operand(rax, JSObject::kElementsOffset), rbx);
|
| + STATIC_ASSERT(JSObject::kHeaderSize == 3 * kPointerSize);
|
| + __ leap(rbx, Operand(rax, JSObject::kHeaderSize));
|
| +
|
| + // ----------- S t a t e -------------
|
| + // -- rax : result (untagged)
|
| + // -- rbx : result fields (untagged)
|
| + // -- rdi : result end (untagged)
|
| + // -- rcx : initial map
|
| + // -- rsi : context
|
| + // -- rsp[0] : return address
|
| + // -----------------------------------
|
| +
|
| + // Perform in-object slack tracking if requested.
|
| + Label slack_tracking;
|
| + STATIC_ASSERT(Map::kNoSlackTracking == 0);
|
| + __ LoadRoot(r11, Heap::kUndefinedValueRootIndex);
|
| + __ testl(FieldOperand(rcx, Map::kBitField3Offset),
|
| + Immediate(Map::ConstructionCounter::kMask));
|
| + __ j(not_zero, &slack_tracking, Label::kNear);
|
| + {
|
| + // Initialize all in-object fields with undefined.
|
| + __ InitializeFieldsWithFiller(rbx, rdi, r11);
|
| +
|
| + // Add the object tag to make the JSObject real.
|
| + STATIC_ASSERT(kHeapObjectTag == 1);
|
| + __ incp(rax);
|
| + __ Ret();
|
| + }
|
| + __ bind(&slack_tracking);
|
| + {
|
| + // Decrease generous allocation count.
|
| + STATIC_ASSERT(Map::ConstructionCounter::kNext == 32);
|
| + __ subl(FieldOperand(rcx, Map::kBitField3Offset),
|
| + Immediate(1 << Map::ConstructionCounter::kShift));
|
| +
|
| + // Initialize the in-object fields with undefined.
|
| + __ movzxbl(rdx, FieldOperand(rcx, Map::kUnusedPropertyFieldsOffset));
|
| + __ negp(rdx);
|
| + __ leap(rdx, Operand(rdi, rdx, times_pointer_size, 0));
|
| + __ InitializeFieldsWithFiller(rbx, rdx, r11);
|
| +
|
| + // Initialize the remaining (reserved) fields with one pointer filler map.
|
| + __ LoadRoot(r11, Heap::kOnePointerFillerMapRootIndex);
|
| + __ InitializeFieldsWithFiller(rdx, rdi, r11);
|
| +
|
| + // Add the object tag to make the JSObject real.
|
| + STATIC_ASSERT(kHeapObjectTag == 1);
|
| + __ incp(rax);
|
| +
|
| + // Check if we can finalize the instance size.
|
| + Label finalize;
|
| + STATIC_ASSERT(Map::kSlackTrackingCounterEnd == 1);
|
| + __ testl(FieldOperand(rcx, Map::kBitField3Offset),
|
| + Immediate(Map::ConstructionCounter::kMask));
|
| + __ j(zero, &finalize, Label::kNear);
|
| + __ Ret();
|
| +
|
| + // Finalize the instance size.
|
| + __ bind(&finalize);
|
| + {
|
| + FrameScope scope(masm, StackFrame::INTERNAL);
|
| + __ Push(rax);
|
| + __ Push(rcx);
|
| + __ CallRuntime(Runtime::kFinalizeInstanceSize);
|
| + __ Pop(rax);
|
| + }
|
| + __ Ret();
|
| + }
|
| +
|
| + // Fall back to %AllocateInNewSpace.
|
| + __ bind(&allocate);
|
| + {
|
| + FrameScope scope(masm, StackFrame::INTERNAL);
|
| + __ Integer32ToSmi(rbx, rbx);
|
| + __ Push(rcx);
|
| + __ Push(rbx);
|
| + __ CallRuntime(Runtime::kAllocateInNewSpace);
|
| + __ Pop(rcx);
|
| + }
|
| + STATIC_ASSERT(kHeapObjectTag == 1);
|
| + __ decp(rax);
|
| + __ movzxbl(rbx, FieldOperand(rcx, Map::kInstanceSizeOffset));
|
| + __ leap(rdi, Operand(rax, rbx, times_pointer_size, 0));
|
| + __ jmp(&done_allocate);
|
| +
|
| + // Fall back to %NewObject.
|
| + __ bind(&new_object);
|
| + __ PopReturnAddressTo(rcx);
|
| + __ Push(rdi);
|
| + __ Push(rdx);
|
| + __ PushReturnAddressFrom(rcx);
|
| + __ TailCallRuntime(Runtime::kNewObject);
|
| +}
|
| +
|
| +
|
| void FastNewRestParameterStub::Generate(MacroAssembler* masm) {
|
| // ----------- S t a t e -------------
|
| // -- rdi : function
|
|
|
Chromium Code Reviews
Issue 1708313002:
[stubs] Introduce a dedicated FastNewObjectStub. (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master