| Index: src/x64/code-stubs-x64.cc
|
| diff --git a/src/x64/code-stubs-x64.cc b/src/x64/code-stubs-x64.cc
|
| index 5041d9424231961aa909bcddc5490eccc62d0924..2ba95bfb2780d00a8bb9111205934b40f6964f15 100644
|
| --- a/src/x64/code-stubs-x64.cc
|
| +++ b/src/x64/code-stubs-x64.cc
|
| @@ -2255,11 +2255,15 @@ void CallIC_ArrayStub::Generate(MacroAssembler* masm) {
|
| __ j(not_equal, &miss);
|
|
|
| __ movp(rax, Immediate(arg_count()));
|
| - __ movp(rbx, FieldOperand(rbx, rdx, times_pointer_size,
|
| + __ movp(rcx, FieldOperand(rbx, rdx, times_pointer_size,
|
| FixedArray::kHeaderSize));
|
| -
|
| // Verify that ecx contains an AllocationSite
|
| - __ AssertUndefinedOrAllocationSite(rbx);
|
| + Factory* factory = masm->isolate()->factory();
|
| + __ Cmp(FieldOperand(rcx, HeapObject::kMapOffset),
|
| + factory->allocation_site_map());
|
| + __ j(not_equal, &miss);
|
| +
|
| + __ movp(rbx, rcx);
|
| ArrayConstructorStub stub(masm->isolate(), arg_count());
|
| __ TailCallStub(&stub);
|
|
|
| @@ -2333,7 +2337,11 @@ void CallICStub::Generate(MacroAssembler* masm) {
|
| __ j(equal, &miss);
|
|
|
| if (!FLAG_trace_ic) {
|
| - // We are going megamorphic, and we don't want to visit the runtime.
|
| + // We are going megamorphic. If the feedback is a JSFunction, it is fine
|
| + // to handle it here. More complex cases are dealt with in the runtime.
|
| + __ AssertNotSmi(rcx);
|
| + __ CmpObjectType(rcx, JS_FUNCTION_TYPE, rcx);
|
| + __ j(not_equal, &miss);
|
| __ Move(FieldOperand(rbx, rdx, times_pointer_size,
|
| FixedArray::kHeaderSize),
|
| TypeFeedbackInfo::MegamorphicSentinel(isolate));
|
|
|
Chromium Code Reviews
Issue 418023002:
CallIC customization stubs must accept that a vector slot is cleared. (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge