| Index: src/arm/code-stubs-arm.cc
|
| diff --git a/src/arm/code-stubs-arm.cc b/src/arm/code-stubs-arm.cc
|
| index 51f490f56359d1f858385a03c00ccd41be82370c..c9c8ac7d30d031d250dcd366d5e6c38caec2dc83 100644
|
| --- a/src/arm/code-stubs-arm.cc
|
| +++ b/src/arm/code-stubs-arm.cc
|
| @@ -916,6 +916,7 @@ void CodeStub::GenerateStubsAheadOfTime(Isolate* isolate) {
|
| StubFailureTrampolineStub::GenerateAheadOfTime(isolate);
|
| ArrayConstructorStubBase::GenerateStubsAheadOfTime(isolate);
|
| CreateAllocationSiteStub::GenerateAheadOfTime(isolate);
|
| + CreateWeakCellStub::GenerateAheadOfTime(isolate);
|
| BinaryOpICStub::GenerateAheadOfTime(isolate);
|
| BinaryOpICWithAllocationSiteStub::GenerateAheadOfTime(isolate);
|
| }
|
| @@ -2657,9 +2658,29 @@ void CallICStub::Generate(MacroAssembler* masm) {
|
| // The checks. First, does r1 match the recorded monomorphic target?
|
| __ add(r4, r2, Operand::PointerOffsetFromSmiKey(r3));
|
| __ ldr(r4, FieldMemOperand(r4, FixedArray::kHeaderSize));
|
| - __ cmp(r1, r4);
|
| +
|
| + // We don't know that we have a weak cell. We might have a private symbol
|
| + // or an AllocationSite, but the memory is safe to examine.
|
| + // AllocationSite::kTransitionInfoOffset - contains a Smi or pointer to
|
| + // FixedArray.
|
| + // WeakCell::kValueOffset - contains a JSFunction or Smi(0)
|
| + // Symbol::kHashFieldSlot - if the low bit is 1, then the hash is not
|
| + // computed, meaning that it can't appear to be a pointer. If the low bit is
|
| + // 0, then hash is computed, but the 0 bit prevents the field from appearing
|
| + // to be a pointer.
|
| + STATIC_ASSERT(WeakCell::kSize >= kPointerSize);
|
| + STATIC_ASSERT(AllocationSite::kTransitionInfoOffset ==
|
| + WeakCell::kValueOffset &&
|
| + WeakCell::kValueOffset == Symbol::kHashFieldSlot);
|
| +
|
| + __ ldr(r5, FieldMemOperand(r4, WeakCell::kValueOffset));
|
| + __ cmp(r1, r5);
|
| __ b(ne, &extra_checks_or_miss);
|
|
|
| + // The compare above could have been a SMI/SMI comparison. Guard against this
|
| + // convincing us that we have a monomorphic JSFunction.
|
| + __ JumpIfSmi(r1, &extra_checks_or_miss);
|
| +
|
| __ bind(&have_js_function);
|
| if (CallAsMethod()) {
|
| EmitContinueIfStrictOrNative(masm, &cont);
|
| @@ -2735,15 +2756,18 @@ void CallICStub::Generate(MacroAssembler* masm) {
|
| __ add(r4, r4, Operand(Smi::FromInt(1)));
|
| __ str(r4, FieldMemOperand(r2, with_types_offset));
|
|
|
| - // Store the function.
|
| - __ add(r4, r2, Operand::PointerOffsetFromSmiKey(r3));
|
| - __ add(r4, r4, Operand(FixedArray::kHeaderSize - kHeapObjectTag));
|
| - __ str(r1, MemOperand(r4, 0));
|
| + // Store the function. Use a stub since we need a frame for allocation.
|
| + // r2 - vector
|
| + // r3 - slot
|
| + // r1 - function
|
| + {
|
| + FrameScope scope(masm, StackFrame::INTERNAL);
|
| + CreateWeakCellStub create_stub(masm->isolate());
|
| + __ Push(r1);
|
| + __ CallStub(&create_stub);
|
| + __ Pop(r1);
|
| + }
|
|
|
| - // Update the write barrier.
|
| - __ mov(r5, r1);
|
| - __ RecordWrite(r2, r4, r5, kLRHasNotBeenSaved, kDontSaveFPRegs,
|
| - EMIT_REMEMBERED_SET, OMIT_SMI_CHECK);
|
| __ jmp(&have_js_function);
|
|
|
| // We are here because tracing is on or we encountered a MISS case we can't
|
|
|
Chromium Code Reviews
Issue 866493003:
Retry "Use a WeakCell in the CallIC type vector." (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master