Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(621)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/compiler/js-native-context-specialization.cc

Issue 2504163002: [turbofan] Don't check for neutered array buffers eagerly. (Closed)
Patch Set: Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/compiler/js-builtin-reducer.cc ('k') | src/heap/heap.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 the V8 project authors. All rights reserved. 1 // Copyright 2015 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/compiler/js-native-context-specialization.h" 5 #include "src/compiler/js-native-context-specialization.h"
6 6
7 #include "src/accessors.h" 7 #include "src/accessors.h"
8 #include "src/code-factory.h" 8 #include "src/code-factory.h"
9 #include "src/compilation-dependencies.h" 9 #include "src/compilation-dependencies.h"
10 #include "src/compiler/access-builder.h" 10 #include "src/compiler/access-builder.h"
(...skipping 1195 matching lines...) Expand 10 before | Expand all | Expand 10 after
1206 base_pointer = effect = graph()->NewNode( 1206 base_pointer = effect = graph()->NewNode(
1207 simplified()->LoadField( 1207 simplified()->LoadField(
1208 AccessBuilder::ForFixedTypedArrayBaseBasePointer()), 1208 AccessBuilder::ForFixedTypedArrayBaseBasePointer()),
1209 elements, effect, control); 1209 elements, effect, control);
1210 external_pointer = effect = graph()->NewNode( 1210 external_pointer = effect = graph()->NewNode(
1211 simplified()->LoadField( 1211 simplified()->LoadField(
1212 AccessBuilder::ForFixedTypedArrayBaseExternalPointer()), 1212 AccessBuilder::ForFixedTypedArrayBaseExternalPointer()),
1213 elements, effect, control); 1213 elements, effect, control);
1214 } 1214 }
1215 1215
1216 // Default to zero if the {receiver}s buffer was neutered. 1216 // See if we can skip the neutering check.
1217 Node* check = effect = graph()->NewNode( 1217 if (isolate()->IsArrayBufferNeuteringIntact()) {
1218 simplified()->ArrayBufferWasNeutered(), buffer, effect, control); 1218 // Add a code dependency so we are deoptimized in case an ArrayBuffer
1219 length = graph()->NewNode( 1219 // gets neutered.
1220 common()->Select(MachineRepresentation::kTagged, BranchHint::kFalse), 1220 dependencies()->AssumePropertyCell(
1221 check, jsgraph()->ZeroConstant(), length); 1221 factory()->array_buffer_neutering_protector());
1222 } else {
1223 // Default to zero if the {receiver}s buffer was neutered.
1224 Node* check = effect = graph()->NewNode(
1225 simplified()->ArrayBufferWasNeutered(), buffer, effect, control);
1226 length = graph()->NewNode(
1227 common()->Select(MachineRepresentation::kTagged, BranchHint::kFalse),
1228 check, jsgraph()->ZeroConstant(), length);
1229 }
1222 1230
1223 if (store_mode == STORE_NO_TRANSITION_IGNORE_OUT_OF_BOUNDS) { 1231 if (store_mode == STORE_NO_TRANSITION_IGNORE_OUT_OF_BOUNDS) {
1224 // Check that the {index} is a valid array index, we do the actual 1232 // Check that the {index} is a valid array index, we do the actual
1225 // bounds check below and just skip the store below if it's out of 1233 // bounds check below and just skip the store below if it's out of
1226 // bounds for the {receiver}. 1234 // bounds for the {receiver}.
1227 index = effect = graph()->NewNode(simplified()->CheckBounds(), index, 1235 index = effect = graph()->NewNode(simplified()->CheckBounds(), index,
1228 jsgraph()->Constant(Smi::kMaxValue), 1236 jsgraph()->Constant(Smi::kMaxValue),
1229 effect, control); 1237 effect, control);
1230 } else { 1238 } else {
1231 // Check that the {index} is in the valid range for the {receiver}. 1239 // Check that the {index} is in the valid range for the {receiver}.
(...skipping 475 matching lines...) Expand 10 before | Expand all | Expand 10 after
1707 return jsgraph()->javascript(); 1715 return jsgraph()->javascript();
1708 } 1716 }
1709 1717
1710 SimplifiedOperatorBuilder* JSNativeContextSpecialization::simplified() const { 1718 SimplifiedOperatorBuilder* JSNativeContextSpecialization::simplified() const {
1711 return jsgraph()->simplified(); 1719 return jsgraph()->simplified();
1712 } 1720 }
1713 1721
1714 } // namespace compiler 1722 } // namespace compiler
1715 } // namespace internal 1723 } // namespace internal
1716 } // namespace v8 1724 } // namespace v8
OLDNEW
« no previous file with comments | « src/compiler/js-builtin-reducer.cc ('k') | src/heap/heap.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698