| Index: src/ia32/code-stubs-ia32.cc
|
| diff --git a/src/ia32/code-stubs-ia32.cc b/src/ia32/code-stubs-ia32.cc
|
| index 77269429821307466e85c9c87554e810808700ee..78e3a79e7924c7675165f97c54ec298cfa4981cb 100644
|
| --- a/src/ia32/code-stubs-ia32.cc
|
| +++ b/src/ia32/code-stubs-ia32.cc
|
| @@ -2245,10 +2245,30 @@ void CallICStub::Generate(MacroAssembler* masm) {
|
| ParameterCount actual(argc);
|
|
|
| // The checks. First, does edi match the recorded monomorphic target?
|
| - __ cmp(edi, FieldOperand(ebx, edx, times_half_pointer_size,
|
| + __ mov(ecx, FieldOperand(ebx, edx, times_half_pointer_size,
|
| FixedArray::kHeaderSize));
|
| +
|
| + // We don't know that we have a weak cell. We might have a private symbol
|
| + // or an AllocationSite, but the memory is safe to examine.
|
| + // AllocationSite::kTransitionInfoOffset - contains a Smi or pointer to
|
| + // FixedArray.
|
| + // WeakCell::kValueOffset - contains a JSFunction or Smi(0)
|
| + // Symbol::kHashFieldSlot - if the low bit is 1, then the hash is not
|
| + // computed, meaning that it can't appear to be a pointer. If the low bit is
|
| + // 0, then hash is computed, but the 0 bit prevents the field from appearing
|
| + // to be a pointer.
|
| + STATIC_ASSERT(WeakCell::kSize >= kPointerSize);
|
| + STATIC_ASSERT(AllocationSite::kTransitionInfoOffset ==
|
| + WeakCell::kValueOffset &&
|
| + WeakCell::kValueOffset == Symbol::kHashFieldSlot);
|
| +
|
| + __ cmp(edi, FieldOperand(ecx, WeakCell::kValueOffset));
|
| __ j(not_equal, &extra_checks_or_miss);
|
|
|
| + // The compare above could have been a SMI/SMI comparison. Guard against this
|
| + // convincing us that we have a monomorphic JSFunction.
|
| + __ JumpIfSmi(edi, &extra_checks_or_miss);
|
| +
|
| __ bind(&have_js_function);
|
| if (CallAsMethod()) {
|
| EmitContinueIfStrictOrNative(masm, &cont);
|
| @@ -2277,8 +2297,6 @@ void CallICStub::Generate(MacroAssembler* masm) {
|
| __ bind(&extra_checks_or_miss);
|
| Label uninitialized, miss;
|
|
|
| - __ mov(ecx, FieldOperand(ebx, edx, times_half_pointer_size,
|
| - FixedArray::kHeaderSize));
|
| __ cmp(ecx, Immediate(TypeFeedbackVector::MegamorphicSentinel(isolate)));
|
| __ j(equal, &slow_start);
|
|
|
| @@ -2322,15 +2340,18 @@ void CallICStub::Generate(MacroAssembler* masm) {
|
| // Update stats.
|
| __ add(FieldOperand(ebx, with_types_offset), Immediate(Smi::FromInt(1)));
|
|
|
| - // Store the function.
|
| - __ mov(
|
| - FieldOperand(ebx, edx, times_half_pointer_size, FixedArray::kHeaderSize),
|
| - edi);
|
| + // Store the function. Use a stub since we need a frame for allocation.
|
| + // ebx - vector
|
| + // edx - slot
|
| + // edi - function
|
| + {
|
| + FrameScope scope(masm, StackFrame::INTERNAL);
|
| + CreateWeakCellStub create_stub(isolate);
|
| + __ push(edi);
|
| + __ CallStub(&create_stub);
|
| + __ pop(edi);
|
| + }
|
|
|
| - // Update the write barrier.
|
| - __ mov(eax, edi);
|
| - __ RecordWriteArray(ebx, eax, edx, kDontSaveFPRegs, EMIT_REMEMBERED_SET,
|
| - OMIT_SMI_CHECK);
|
| __ jmp(&have_js_function);
|
|
|
| // We are here because tracing is on or we encountered a MISS case we can't
|
| @@ -2393,6 +2414,7 @@ void CodeStub::GenerateStubsAheadOfTime(Isolate* isolate) {
|
| // It is important that the store buffer overflow stubs are generated first.
|
| ArrayConstructorStubBase::GenerateStubsAheadOfTime(isolate);
|
| CreateAllocationSiteStub::GenerateAheadOfTime(isolate);
|
| + CreateWeakCellStub::GenerateAheadOfTime(isolate);
|
| BinaryOpICStub::GenerateAheadOfTime(isolate);
|
| BinaryOpICWithAllocationSiteStub::GenerateAheadOfTime(isolate);
|
| }
|
|
|
Chromium Code Reviews
Issue 866493003:
Retry "Use a WeakCell in the CallIC type vector." (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master