Array constructor expects AllocationSite or undefined as feedback.

src/a64/code-stubs-a64.cc

 // Copyright 2013 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 3288 matching lines @@
 
   if (NeedsChecks()) {
     // Check that the function is really a JavaScript function.
     __ JumpIfSmi(function, &non_function);
 
     // Goto slow case if we do not have a function.
     __ JumpIfNotObjectType(function, x10, type, JS_FUNCTION_TYPE, &slow);
 
     if (RecordCallTarget()) {
       GenerateRecordCallTarget(masm, x0, function, cache_cell, slot, x4, x5);
+      // Type information was updated. Because we may call Array, which
+      // expects either undefined or an AllocationSite in ebx we need
+      // to set ebx to undefined.
+      __ LoadRoot(cache_cell, Heap::kUndefinedValueRootIndex);
     }
   }
 
   // Fast-case: Invoke the function now.
   // x1  function  pushed function
   ParameterCount actual(argc_);
 
   if (CallAsMethod()) {
     if (NeedsChecks()) {
       // Do not transform the receiver for strict mode functions.
@@ skipping 84 matching lines @@
   Label slow, non_function_call;
 
   // Check that the function is not a smi.
   __ JumpIfSmi(function, &non_function_call);
   // Check that the function is a JSFunction.
   Register object_type = x10;
   __ JumpIfNotObjectType(function, object_type, object_type, JS_FUNCTION_TYPE,
                          &slow);
 
   if (RecordCallTarget()) {
+    Label feedback_register_initialized;
     GenerateRecordCallTarget(masm, x0, function, x2, x3, x4, x5);
+
+    // Put the AllocationSite from the feedback vector into x2, or undefined.
+    __ Add(x5, x2, Operand::UntagSmiAndScale(x3, kPointerSizeLog2));
+    __ Ldr(x2, FieldMemOperand(x5, FixedArray::kHeaderSize));
+    __ Ldr(x5, FieldMemOperand(x2, AllocationSite::kMapOffset));
+    __ JumpIfRoot(x5, Heap::kAllocationSiteMapRootIndex,
+                  &feedback_register_initialized);
+    __ LoadRoot(x2, Heap::kUndefinedValueRootIndex);
+    __ bind(&feedback_register_initialized);
+    __ AssertUndefinedOrAllocationSite(x2, x5);
   }
 
   // Jump to the function-specific construct stub.
   Register jump_reg = x4;
   Register shared_func_info = jump_reg;
   Register cons_stub = jump_reg;
   Register cons_stub_code = jump_reg;
   __ Ldr(shared_func_info,
          FieldMemOperand(function, JSFunction::kSharedFunctionInfoOffset));
   __ Ldr(cons_stub,
@@ skipping 1974 matching lines @@
     UNREACHABLE();
   }
 }
 
 
 void ArrayConstructorStub::Generate(MacroAssembler* masm) {
   ASM_LOCATION("ArrayConstructorStub::Generate");
   // ----------- S t a t e -------------
   //  -- x0 : argc (only if argument_count_ == ANY)
   //  -- x1 : constructor
-  //  -- x2 : feedback vector (fixed array or the megamorphic symbol)
-  //  -- x3 : slot index (if x2 is fixed array)
+  //  -- x2 : AllocationSite or undefined
   //  -- sp[0] : return address
   //  -- sp[4] : last argument
   // -----------------------------------
   Register constructor = x1;
-  Register feedback_vector = x2;
-  Register slot_index = x3;
-
-  ASSERT_EQ(*TypeFeedbackInfo::MegamorphicSentinel(masm->isolate()),
-            masm->isolate()->heap()->megamorphic_symbol());
+  Register allocation_site = x2;
 
   if (FLAG_debug_code) {
     // The array construct code is only set for the global and natives
     // builtin Array functions which always have maps.
 
     Label unexpected_map, map_ok;
     // Initial map for the builtin Array function should be a map.
     __ Ldr(x10, FieldMemOperand(constructor,
                                 JSFunction::kPrototypeOrInitialMapOffset));
     // Will both indicate a NULL and a Smi.
     __ JumpIfSmi(x10, &unexpected_map);
     __ JumpIfObjectType(x10, x10, x11, MAP_TYPE, &map_ok);
     __ Bind(&unexpected_map);
     __ Abort(kUnexpectedInitialMapForArrayFunction);
     __ Bind(&map_ok);
 
-    // In feedback_vector, we expect either the megamorphic symbol or a valid
-    // fixed array.
-    Label okay_here;
-    Handle<Map> fixed_array_map = masm->isolate()->factory()->fixed_array_map();
-    __ JumpIfRoot(feedback_vector, Heap::kMegamorphicSymbolRootIndex,
-                  &okay_here);
-    __ Ldr(x10, FieldMemOperand(feedback_vector, FixedArray::kMapOffset));
-    __ Cmp(x10, Operand(fixed_array_map));
-    __ Assert(eq, kExpectedFixedArrayInFeedbackVector);
-
-    // slot_index should be a smi if we don't have undefined in feedback_vector.
-    __ AssertSmi(slot_index);
-
-    __ Bind(&okay_here);
+    // We should either have undefined in the allocation_site register or a
+    // valid AllocationSite.
+    __ AssertUndefinedOrAllocationSite(allocation_site, x10);
   }
 
-  Register allocation_site = x2;  // Overwrites feedback_vector.
   Register kind = x3;
   Label no_info;
   // Get the elements kind and case on that.
-  __ JumpIfRoot(feedback_vector, Heap::kMegamorphicSymbolRootIndex, &no_info);
-  __ Add(feedback_vector, feedback_vector,
-         Operand::UntagSmiAndScale(slot_index, kPointerSizeLog2));
-  __ Ldr(allocation_site, FieldMemOperand(feedback_vector,
-                                          FixedArray::kHeaderSize));
-
-  // If the feedback vector is the megamorphic symbol, or contains anything
-  // other than an AllocationSite, call an array constructor that doesn't
-  // use AllocationSites.
-  __ Ldr(x10, FieldMemOperand(allocation_site, AllocationSite::kMapOffset));
-  __ JumpIfNotRoot(x10, Heap::kAllocationSiteMapRootIndex, &no_info);
+  __ JumpIfRoot(allocation_site, Heap::kUndefinedValueRootIndex, &no_info);
 
   __ Ldrsw(kind,
            UntagSmiFieldMemOperand(allocation_site,
                                    AllocationSite::kTransitionInfoOffset));
   __ And(kind, kind, AllocationSite::ElementsKindBits::kMask);
   GenerateDispatchToArrayStub(masm, DONT_OVERRIDE);
 
   __ Bind(&no_info);
   GenerateDispatchToArrayStub(masm, DISABLE_ALLOCATION_SITES);
 }
@@ skipping 246 matching lines @@
                               MemOperand(fp, 6 * kPointerSize),
                               NULL);
 }
 
 
 #undef __
 
 } }  // namespace v8::internal
 
 #endif  // V8_TARGET_ARCH_A64