Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(258)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/code-stub-assembler.cc

Issue 2487943005: [stubs] Fix CodeStubAssembler::TrapAllocationMemento (Closed)
Patch Set: use a bigger hammer Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | test/mjsunit/regress/regress-trap-allocation-memento.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 the V8 project authors. All rights reserved. 1 // Copyright 2016 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 #include "src/code-stub-assembler.h" 4 #include "src/code-stub-assembler.h"
5 #include "src/code-factory.h" 5 #include "src/code-factory.h"
6 #include "src/frames-inl.h" 6 #include "src/frames-inl.h"
7 #include "src/frames.h" 7 #include "src/frames.h"
8 #include "src/ic/handler-configuration.h" 8 #include "src/ic/handler-configuration.h"
9 #include "src/ic/stub-cache.h" 9 #include "src/ic/stub-cache.h"
10 10
(...skipping 6869 matching lines...) Expand 10 before | Expand all | Expand 10 after
6880 } 6880 }
6881 6881
6882 void CodeStubAssembler::TrapAllocationMemento(Node* object, 6882 void CodeStubAssembler::TrapAllocationMemento(Node* object,
6883 Label* memento_found) { 6883 Label* memento_found) {
6884 Comment("[ TrapAllocationMemento"); 6884 Comment("[ TrapAllocationMemento");
6885 Label no_memento_found(this); 6885 Label no_memento_found(this);
6886 Label top_check(this), map_check(this); 6886 Label top_check(this), map_check(this);
6887 6887
6888 Node* new_space_top_address = ExternalConstant( 6888 Node* new_space_top_address = ExternalConstant(
6889 ExternalReference::new_space_allocation_top_address(isolate())); 6889 ExternalReference::new_space_allocation_top_address(isolate()));
6890 const int kMementoMapOffset = JSArray::kSize - kHeapObjectTag; 6890 const int kMementoMapOffset = JSArray::kSize;
6891 const int kMementoLastWordOffset = 6891 const int kMementoLastWordOffset =
6892 kMementoMapOffset + AllocationMemento::kSize - kPointerSize; 6892 kMementoMapOffset + AllocationMemento::kSize - kPointerSize;
6893 6893
6894 // Bail out if the object is not in new space. 6894 // Bail out if the object is not in new space.
6895 Node* object_page = PageFromAddress(object); 6895 Node* object_page = PageFromAddress(object);
6896 { 6896 {
6897 const int mask = 6897 Node* page_flags = Load(MachineType::IntPtr(), object_page,
6898 (1 << MemoryChunk::IN_FROM_SPACE) | (1 << MemoryChunk::IN_TO_SPACE); 6898 IntPtrConstant(Page::kFlagsOffset));
6899 Node* page_flags = Load(MachineType::IntPtr(), object_page); 6899 GotoIf(WordEqual(WordAnd(page_flags,
6900 GotoIf( 6900 IntPtrConstant(MemoryChunk::kIsInNewSpaceMask)),
6901 WordEqual(WordAnd(page_flags, IntPtrConstant(mask)), IntPtrConstant(0)), 6901 IntPtrConstant(0)),
6902 &no_memento_found); 6902 &no_memento_found);
6903 } 6903 }
6904 6904
6905 Node* memento_last_word = 6905 Node* memento_last_word = IntPtrAdd(
6906 IntPtrAdd(object, IntPtrConstant(kMementoLastWordOffset)); 6906 object, IntPtrConstant(kMementoLastWordOffset - kHeapObjectTag));
6907 Node* memento_last_word_page = PageFromAddress(memento_last_word); 6907 Node* memento_last_word_page = PageFromAddress(memento_last_word);
6908 6908
6909 Node* new_space_top = Load(MachineType::Pointer(), new_space_top_address); 6909 Node* new_space_top = Load(MachineType::Pointer(), new_space_top_address);
6910 Node* new_space_top_page = PageFromAddress(new_space_top); 6910 Node* new_space_top_page = PageFromAddress(new_space_top);
6911 6911
6912 // If the object is in new space, we need to check whether respective 6912 // If the object is in new space, we need to check whether respective
6913 // potential memento object is on the same page as the current top. 6913 // potential memento object is on the same page as the current top.
6914 GotoIf(WordEqual(memento_last_word_page, new_space_top_page), &top_check); 6914 GotoIf(WordEqual(memento_last_word_page, new_space_top_page), &top_check);
6915 6915
6916 // The object is on a different page than allocation top. Bail out if the 6916 // The object is on a different page than allocation top. Bail out if the
(...skipping 1996 matching lines...) Expand 10 before | Expand all | Expand 10 after
8913 } 8913 }
8914 8914
8915 void CodeStubArguments::PopAndReturn(compiler::Node* value) { 8915 void CodeStubArguments::PopAndReturn(compiler::Node* value) {
8916 assembler_->PopAndReturn( 8916 assembler_->PopAndReturn(
8917 assembler_->IntPtrAddFoldConstants(argc_, assembler_->IntPtrConstant(1)), 8917 assembler_->IntPtrAddFoldConstants(argc_, assembler_->IntPtrConstant(1)),
8918 value); 8918 value);
8919 } 8919 }
8920 8920
8921 } // namespace internal 8921 } // namespace internal
8922 } // namespace v8 8922 } // namespace v8
OLDNEW
« no previous file with comments | « no previous file | test/mjsunit/regress/regress-trap-allocation-memento.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698