| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/v8.h" | 5 #include "src/v8.h" |
| 6 | 6 |
| 7 #if V8_TARGET_ARCH_X87 | 7 #if V8_TARGET_ARCH_X87 |
| 8 | 8 |
| 9 #include "src/codegen.h" | 9 #include "src/codegen.h" |
| 10 #include "src/heap/heap.h" | 10 #include "src/heap/heap.h" |
| (...skipping 362 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 373 __ lea(edi, Operand(ebx, times_2, FixedArray::kHeaderSize)); | 373 __ lea(edi, Operand(ebx, times_2, FixedArray::kHeaderSize)); |
| 374 __ Allocate(edi, eax, esi, no_reg, &gc_required, TAG_OBJECT); | 374 __ Allocate(edi, eax, esi, no_reg, &gc_required, TAG_OBJECT); |
| 375 | 375 |
| 376 // eax: destination FixedArray | 376 // eax: destination FixedArray |
| 377 // ebx: number of elements | 377 // ebx: number of elements |
| 378 __ mov(FieldOperand(eax, HeapObject::kMapOffset), | 378 __ mov(FieldOperand(eax, HeapObject::kMapOffset), |
| 379 Immediate(masm->isolate()->factory()->fixed_array_map())); | 379 Immediate(masm->isolate()->factory()->fixed_array_map())); |
| 380 __ mov(FieldOperand(eax, FixedArray::kLengthOffset), ebx); | 380 __ mov(FieldOperand(eax, FixedArray::kLengthOffset), ebx); |
| 381 __ mov(edi, FieldOperand(edx, JSObject::kElementsOffset)); | 381 __ mov(edi, FieldOperand(edx, JSObject::kElementsOffset)); |
| 382 | 382 |
| 383 // Allocating heap numbers in the loop below can fail and cause a jump to |
| 384 // gc_required. We can't leave a partly initialized FixedArray behind, |
| 385 // so pessimistically fill it with holes now. |
| 386 Label initialization_loop, initialization_loop_entry; |
| 387 __ jmp(&initialization_loop_entry, Label::kNear); |
| 388 __ bind(&initialization_loop); |
| 389 __ mov(FieldOperand(eax, ebx, times_2, FixedArray::kHeaderSize), |
| 390 masm->isolate()->factory()->the_hole_value()); |
| 391 __ bind(&initialization_loop_entry); |
| 392 __ sub(ebx, Immediate(Smi::FromInt(1))); |
| 393 __ j(not_sign, &initialization_loop); |
| 394 |
| 395 __ mov(ebx, FieldOperand(edi, FixedDoubleArray::kLengthOffset)); |
| 383 __ jmp(&entry); | 396 __ jmp(&entry); |
| 384 | 397 |
| 385 // ebx: target map | 398 // ebx: target map |
| 386 // edx: receiver | 399 // edx: receiver |
| 387 // Set transitioned map. | 400 // Set transitioned map. |
| 388 __ bind(&only_change_map); | 401 __ bind(&only_change_map); |
| 389 __ mov(FieldOperand(edx, HeapObject::kMapOffset), ebx); | 402 __ mov(FieldOperand(edx, HeapObject::kMapOffset), ebx); |
| 390 __ RecordWriteField(edx, HeapObject::kMapOffset, ebx, edi, kDontSaveFPRegs, | 403 __ RecordWriteField(edx, HeapObject::kMapOffset, ebx, edi, kDontSaveFPRegs, |
| 391 OMIT_REMEMBERED_SET, OMIT_SMI_CHECK); | 404 OMIT_REMEMBERED_SET, OMIT_SMI_CHECK); |
| 392 __ jmp(&success); | 405 __ jmp(&success); |
| (...skipping 216 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 609 Code* stub = GetCodeAgeStub(isolate, age, parity); | 622 Code* stub = GetCodeAgeStub(isolate, age, parity); |
| 610 CodePatcher patcher(sequence, young_length); | 623 CodePatcher patcher(sequence, young_length); |
| 611 patcher.masm()->call(stub->instruction_start(), RelocInfo::NONE32); | 624 patcher.masm()->call(stub->instruction_start(), RelocInfo::NONE32); |
| 612 } | 625 } |
| 613 } | 626 } |
| 614 | 627 |
| 615 | 628 |
| 616 } } // namespace v8::internal | 629 } } // namespace v8::internal |
| 617 | 630 |
| 618 #endif // V8_TARGET_ARCH_X87 | 631 #endif // V8_TARGET_ARCH_X87 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 643793002:
X87: Fix uninitialized FixedArray potentially being left behind by ElementsTransitionGenerator::Gen… (Closed)
Base URL: https://chromium.googlesource.com/external/v8.git@bleeding_edge