| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/v8.h" | 5 #include "src/v8.h" |
| 6 | 6 |
| 7 #if V8_TARGET_ARCH_X64 | 7 #if V8_TARGET_ARCH_X64 |
| 8 | 8 |
| 9 #include "src/codegen.h" | 9 #include "src/codegen.h" |
| 10 #include "src/macro-assembler.h" | 10 #include "src/macro-assembler.h" |
| (...skipping 379 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 390 __ LoadRoot(rdi, Heap::kFixedArrayMapRootIndex); | 390 __ LoadRoot(rdi, Heap::kFixedArrayMapRootIndex); |
| 391 __ movp(FieldOperand(r11, HeapObject::kMapOffset), rdi); | 391 __ movp(FieldOperand(r11, HeapObject::kMapOffset), rdi); |
| 392 __ Integer32ToSmi(r14, r9); | 392 __ Integer32ToSmi(r14, r9); |
| 393 __ movp(FieldOperand(r11, FixedArray::kLengthOffset), r14); | 393 __ movp(FieldOperand(r11, FixedArray::kLengthOffset), r14); |
| 394 | 394 |
| 395 // Prepare for conversion loop. | 395 // Prepare for conversion loop. |
| 396 __ movq(rsi, bit_cast<int64_t, uint64_t>(kHoleNanInt64)); | 396 __ movq(rsi, bit_cast<int64_t, uint64_t>(kHoleNanInt64)); |
| 397 __ LoadRoot(rdi, Heap::kTheHoleValueRootIndex); | 397 __ LoadRoot(rdi, Heap::kTheHoleValueRootIndex); |
| 398 // rsi: the-hole NaN | 398 // rsi: the-hole NaN |
| 399 // rdi: pointer to the-hole | 399 // rdi: pointer to the-hole |
| 400 |
| 401 // Allocating heap numbers in the loop below can fail and cause a jump to |
| 402 // gc_required. We can't leave a partly initialized FixedArray behind, |
| 403 // so pessimistically fill it with holes now. |
| 404 Label initialization_loop, initialization_loop_entry; |
| 405 __ jmp(&initialization_loop_entry, Label::kNear); |
| 406 __ bind(&initialization_loop); |
| 407 __ movp(FieldOperand(r11, r9, times_pointer_size, FixedArray::kHeaderSize), |
| 408 rdi); |
| 409 __ bind(&initialization_loop_entry); |
| 410 __ decp(r9); |
| 411 __ j(not_sign, &initialization_loop); |
| 412 |
| 413 __ SmiToInteger32(r9, FieldOperand(r8, FixedDoubleArray::kLengthOffset)); |
| 400 __ jmp(&entry); | 414 __ jmp(&entry); |
| 401 | 415 |
| 402 // Call into runtime if GC is required. | 416 // Call into runtime if GC is required. |
| 403 __ bind(&gc_required); | 417 __ bind(&gc_required); |
| 404 __ Pop(rax); | 418 __ Pop(rax); |
| 405 __ movp(rsi, Operand(rbp, StandardFrameConstants::kContextOffset)); | 419 __ movp(rsi, Operand(rbp, StandardFrameConstants::kContextOffset)); |
| 406 __ jmp(fail); | 420 __ jmp(fail); |
| 407 | 421 |
| 408 // Box doubles into heap numbers. | 422 // Box doubles into heap numbers. |
| 409 __ bind(&loop); | 423 __ bind(&loop); |
| (...skipping 296 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 706 // argument_count_reg_ * times_pointer_size + (receiver - 1) * kPointerSize. | 720 // argument_count_reg_ * times_pointer_size + (receiver - 1) * kPointerSize. |
| 707 return Operand(base_reg_, argument_count_reg_, times_pointer_size, | 721 return Operand(base_reg_, argument_count_reg_, times_pointer_size, |
| 708 displacement_to_last_argument + (receiver - 1 - index) * kPointerSize); | 722 displacement_to_last_argument + (receiver - 1 - index) * kPointerSize); |
| 709 } | 723 } |
| 710 } | 724 } |
| 711 | 725 |
| 712 | 726 |
| 713 } } // namespace v8::internal | 727 } } // namespace v8::internal |
| 714 | 728 |
| 715 #endif // V8_TARGET_ARCH_X64 | 729 #endif // V8_TARGET_ARCH_X64 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 636313003:
Fix uninitialized FixedArray potentially being left behind by ElementsTransitionGenerator::Generate… (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge