| OLD | NEW |
|---|
| 1 // Copyright 2013 the V8 project authors. All rights reserved. | 1 // Copyright 2013 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/hydrogen.h" | 5 #include "src/hydrogen.h" |
| 6 | 6 |
| 7 #include <sstream> | 7 #include <sstream> |
| 8 | 8 |
| 9 #include "src/v8.h" | 9 #include "src/v8.h" |
| 10 | 10 |
| (...skipping 8337 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 8348 Drop(2); // Receiver and function. | 8348 Drop(2); // Receiver and function. |
| 8349 HInstruction* result = HMul::NewImul(zone(), context(), left, right); | 8349 HInstruction* result = HMul::NewImul(zone(), context(), left, right); |
| 8350 ast_context()->ReturnInstruction(result, expr->id()); | 8350 ast_context()->ReturnInstruction(result, expr->id()); |
| 8351 return true; | 8351 return true; |
| 8352 } | 8352 } |
| 8353 break; | 8353 break; |
| 8354 case kArrayPop: { | 8354 case kArrayPop: { |
| 8355 if (receiver_map.is_null()) return false; | 8355 if (receiver_map.is_null()) return false; |
| 8356 if (receiver_map->instance_type() != JS_ARRAY_TYPE) return false; | 8356 if (receiver_map->instance_type() != JS_ARRAY_TYPE) return false; |
| 8357 ElementsKind elements_kind = receiver_map->elements_kind(); | 8357 ElementsKind elements_kind = receiver_map->elements_kind(); |
| 8358 if (JSArray::IsReadOnlyLengthDescriptor(receiver_map)) return false; |
| 8358 if (!IsFastElementsKind(elements_kind)) return false; | 8359 if (!IsFastElementsKind(elements_kind)) return false; |
| 8359 if (receiver_map->is_observed()) return false; | 8360 if (receiver_map->is_observed()) return false; |
| 8360 if (!receiver_map->is_extensible()) return false; | 8361 if (!receiver_map->is_extensible()) return false; |
| 8361 | 8362 |
| 8362 Drop(args_count_no_receiver); | 8363 Drop(args_count_no_receiver); |
| 8363 HValue* result; | 8364 HValue* result; |
| 8364 HValue* reduced_length; | 8365 HValue* reduced_length; |
| 8365 HValue* receiver = Pop(); | 8366 HValue* receiver = Pop(); |
| 8366 | 8367 |
| 8367 HValue* checked_object = AddCheckMap(receiver, receiver_map); | 8368 HValue* checked_object = AddCheckMap(receiver, receiver_map); |
| (...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 8465 if (!ast_context()->IsEffect()) Drop(1); | 8466 if (!ast_context()->IsEffect()) Drop(1); |
| 8466 } | 8467 } |
| 8467 | 8468 |
| 8468 ast_context()->ReturnValue(new_size); | 8469 ast_context()->ReturnValue(new_size); |
| 8469 return true; | 8470 return true; |
| 8470 } | 8471 } |
| 8471 case kArrayShift: { | 8472 case kArrayShift: { |
| 8472 if (receiver_map.is_null()) return false; | 8473 if (receiver_map.is_null()) return false; |
| 8473 if (receiver_map->instance_type() != JS_ARRAY_TYPE) return false; | 8474 if (receiver_map->instance_type() != JS_ARRAY_TYPE) return false; |
| 8474 ElementsKind kind = receiver_map->elements_kind(); | 8475 ElementsKind kind = receiver_map->elements_kind(); |
| 8476 if (JSArray::IsReadOnlyLengthDescriptor(receiver_map)) return false; |
| 8475 if (!IsFastElementsKind(kind)) return false; | 8477 if (!IsFastElementsKind(kind)) return false; |
| 8476 if (receiver_map->is_observed()) return false; | 8478 if (receiver_map->is_observed()) return false; |
| 8477 if (!receiver_map->is_extensible()) return false; | 8479 if (!receiver_map->is_extensible()) return false; |
| 8478 | 8480 |
| 8479 // If there may be elements accessors in the prototype chain, the fast | 8481 // If there may be elements accessors in the prototype chain, the fast |
| 8480 // inlined version can't be used. | 8482 // inlined version can't be used. |
| 8481 if (receiver_map->DictionaryElementsInPrototypeChainOnly()) return false; | 8483 if (receiver_map->DictionaryElementsInPrototypeChainOnly()) return false; |
| 8482 | 8484 |
| 8483 // If there currently can be no elements accessors on the prototype chain, | 8485 // If there currently can be no elements accessors on the prototype chain, |
| 8484 // it doesn't mean that there won't be any later. Install a full prototype | 8486 // it doesn't mean that there won't be any later. Install a full prototype |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 8537 length, graph()->GetConstant1()); | 8539 length, graph()->GetConstant1()); |
| 8538 new_length->ClearFlag(HValue::kCanOverflow); | 8540 new_length->ClearFlag(HValue::kCanOverflow); |
| 8539 | 8541 |
| 8540 // Copy the remaining elements. | 8542 // Copy the remaining elements. |
| 8541 LoopBuilder loop(this, context(), LoopBuilder::kPostIncrement); | 8543 LoopBuilder loop(this, context(), LoopBuilder::kPostIncrement); |
| 8542 { | 8544 { |
| 8543 HValue* new_key = loop.BeginBody( | 8545 HValue* new_key = loop.BeginBody( |
| 8544 graph()->GetConstant0(), new_length, Token::LT); | 8546 graph()->GetConstant0(), new_length, Token::LT); |
| 8545 HValue* key = AddUncasted<HAdd>(new_key, graph()->GetConstant1()); | 8547 HValue* key = AddUncasted<HAdd>(new_key, graph()->GetConstant1()); |
| 8546 key->ClearFlag(HValue::kCanOverflow); | 8548 key->ClearFlag(HValue::kCanOverflow); |
| 8549 ElementsKind copy_kind = |
| 8550 kind == FAST_HOLEY_SMI_ELEMENTS ? FAST_HOLEY_ELEMENTS : kind; |
| 8547 HValue* element = AddUncasted<HLoadKeyed>( | 8551 HValue* element = AddUncasted<HLoadKeyed>( |
| 8548 elements, key, lengthiszero, kind, ALLOW_RETURN_HOLE); | 8552 elements, key, lengthiszero, copy_kind, ALLOW_RETURN_HOLE); |
| 8549 HStoreKeyed* store = Add<HStoreKeyed>( | 8553 HStoreKeyed* store = |
| 8550 elements, new_key, element, kind); | 8554 Add<HStoreKeyed>(elements, new_key, element, copy_kind); |
| 8551 store->SetFlag(HValue::kAllowUndefinedAsNaN); | 8555 store->SetFlag(HValue::kAllowUndefinedAsNaN); |
| 8552 } | 8556 } |
| 8553 loop.EndBody(); | 8557 loop.EndBody(); |
| 8554 | 8558 |
| 8555 // Put a hole at the end. | 8559 // Put a hole at the end. |
| 8556 HValue* hole = IsFastSmiOrObjectElementsKind(kind) | 8560 HValue* hole = IsFastSmiOrObjectElementsKind(kind) |
| 8557 ? Add<HConstant>(isolate()->factory()->the_hole_value()) | 8561 ? Add<HConstant>(isolate()->factory()->the_hole_value()) |
| 8558 : Add<HConstant>(FixedDoubleArray::hole_nan_as_double()); | 8562 : Add<HConstant>(FixedDoubleArray::hole_nan_as_double()); |
| 8559 if (IsFastSmiOrObjectElementsKind(kind)) kind = FAST_HOLEY_ELEMENTS; | 8563 if (IsFastSmiOrObjectElementsKind(kind)) kind = FAST_HOLEY_ELEMENTS; |
| 8560 Add<HStoreKeyed>( | 8564 Add<HStoreKeyed>( |
| (...skipping 2807 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 11368 Handle<Object> value(fast_elements->get(i), isolate()); | 11372 Handle<Object> value(fast_elements->get(i), isolate()); |
| 11369 HValue* key_constant = Add<HConstant>(i); | 11373 HValue* key_constant = Add<HConstant>(i); |
| 11370 if (value->IsJSObject()) { | 11374 if (value->IsJSObject()) { |
| 11371 Handle<JSObject> value_object = Handle<JSObject>::cast(value); | 11375 Handle<JSObject> value_object = Handle<JSObject>::cast(value); |
| 11372 Handle<AllocationSite> current_site = site_context->EnterNewScope(); | 11376 Handle<AllocationSite> current_site = site_context->EnterNewScope(); |
| 11373 HInstruction* result = | 11377 HInstruction* result = |
| 11374 BuildFastLiteral(value_object, site_context); | 11378 BuildFastLiteral(value_object, site_context); |
| 11375 site_context->ExitScope(current_site, value_object); | 11379 site_context->ExitScope(current_site, value_object); |
| 11376 Add<HStoreKeyed>(object_elements, key_constant, result, kind); | 11380 Add<HStoreKeyed>(object_elements, key_constant, result, kind); |
| 11377 } else { | 11381 } else { |
| 11378 HInstruction* value_instruction = | 11382 ElementsKind copy_kind = |
| 11379 Add<HLoadKeyed>(boilerplate_elements, key_constant, | 11383 kind == FAST_HOLEY_SMI_ELEMENTS ? FAST_HOLEY_ELEMENTS : kind; |
| 11380 static_cast<HValue*>(NULL), kind, | 11384 HInstruction* value_instruction = Add<HLoadKeyed>( |
| 11381 ALLOW_RETURN_HOLE); | 11385 boilerplate_elements, key_constant, static_cast<HValue*>(NULL), |
| 11382 Add<HStoreKeyed>(object_elements, key_constant, value_instruction, kind); | 11386 copy_kind, ALLOW_RETURN_HOLE); |
| 11387 Add<HStoreKeyed>(object_elements, key_constant, value_instruction, |
| 11388 copy_kind); |
| 11383 } | 11389 } |
| 11384 } | 11390 } |
| 11385 } | 11391 } |
| 11386 | 11392 |
| 11387 | 11393 |
| 11388 void HOptimizedGraphBuilder::VisitThisFunction(ThisFunction* expr) { | 11394 void HOptimizedGraphBuilder::VisitThisFunction(ThisFunction* expr) { |
| 11389 DCHECK(!HasStackOverflow()); | 11395 DCHECK(!HasStackOverflow()); |
| 11390 DCHECK(current_block() != NULL); | 11396 DCHECK(current_block() != NULL); |
| 11391 DCHECK(current_block()->HasPredecessor()); | 11397 DCHECK(current_block()->HasPredecessor()); |
| 11392 HInstruction* instr = BuildThisFunction(); | 11398 HInstruction* instr = BuildThisFunction(); |
| (...skipping 1340 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 12733 if (ShouldProduceTraceOutput()) { | 12739 if (ShouldProduceTraceOutput()) { |
| 12734 isolate()->GetHTracer()->TraceHydrogen(name(), graph_); | 12740 isolate()->GetHTracer()->TraceHydrogen(name(), graph_); |
| 12735 } | 12741 } |
| 12736 | 12742 |
| 12737 #ifdef DEBUG | 12743 #ifdef DEBUG |
| 12738 graph_->Verify(false); // No full verify. | 12744 graph_->Verify(false); // No full verify. |
| 12739 #endif | 12745 #endif |
| 12740 } | 12746 } |
| 12741 | 12747 |
| 12742 } } // namespace v8::internal | 12748 } } // namespace v8::internal |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 737383002:
Fix for 435073: CHECK failure in CHECK(p->IsSmi()) failed. (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master