Author: [EMAIL PROTECTED]
Date: Tue Oct 7 02:28:04 2008
New Revision: 455
Added:
branches/bleeding_edge/test/mjsunit/keyed-storage-extend.js (props
changed)
- copied unchanged from r452,
/branches/bleeding_edge/test/mjsunit/bugs/bug-109.js
Removed:
branches/bleeding_edge/test/mjsunit/bugs/bug-109.js
Modified:
branches/bleeding_edge/src/builtins.cc
branches/bleeding_edge/src/builtins.h
branches/bleeding_edge/src/ic-arm.cc
branches/bleeding_edge/src/ic-ia32.cc
branches/bleeding_edge/src/ic.cc
branches/bleeding_edge/src/ic.h
branches/bleeding_edge/src/stub-cache-arm.cc
branches/bleeding_edge/src/stub-cache-ia32.cc
branches/bleeding_edge/src/stub-cache.h
Log:
- Fixed Issue 3201: Embedded Google Calendar crashes the renderer
ExtendStorage did not work with keyed store IC.
- Reduced instructions generated when performing a tail call to
kSharedStoreIC_ExtendStorage
- Moved test/mjsunit/bugs/bug-109.js
to test/mjsunit/keyed-storage-extend.js
Review URL: http://codereview.chromium.org/6526
Modified: branches/bleeding_edge/src/builtins.cc
==============================================================================
--- branches/bleeding_edge/src/builtins.cc (original)
+++ branches/bleeding_edge/src/builtins.cc Tue Oct 7 02:28:04 2008
@@ -575,6 +575,11 @@
}
+static void Generate_KeyedStoreIC_ExtendStorage(MacroAssembler* masm) {
+ KeyedStoreIC::GenerateExtendStorage(masm);
+}
+
+
static void Generate_KeyedStoreIC_Miss(MacroAssembler* masm) {
KeyedStoreIC::GenerateMiss(masm);
}
Modified: branches/bleeding_edge/src/builtins.h
==============================================================================
--- branches/bleeding_edge/src/builtins.h (original)
+++ branches/bleeding_edge/src/builtins.h Tue Oct 7 02:28:04 2008
@@ -63,6 +63,7 @@
V(KeyedStoreIC_Miss, BUILTIN, UNINITIALIZED) \
\
V(StoreIC_ExtendStorage, BUILTIN, UNINITIALIZED) \
+ V(KeyedStoreIC_ExtendStorage, BUILTIN, UNINITIALIZED) \
\
V(LoadIC_Initialize, LOAD_IC, UNINITIALIZED) \
V(LoadIC_PreMonomorphic, LOAD_IC, PREMONOMORPHIC) \
Modified: branches/bleeding_edge/src/ic-arm.cc
==============================================================================
--- branches/bleeding_edge/src/ic-arm.cc (original)
+++ branches/bleeding_edge/src/ic-arm.cc Tue Oct 7 02:28:04 2008
@@ -539,6 +539,9 @@
void KeyedStoreIC::GenerateGeneric(MacroAssembler* masm) {
}
+void KeyedStoreIC::GenerateExtendStorage(MacroAssembler* masm) {
+}
+
void StoreIC::GenerateMegamorphic(MacroAssembler* masm) {
// ----------- S t a t e -------------
@@ -570,7 +573,8 @@
__ stm(db_w, sp, r0.bit() | r2.bit() | r3.bit());
// Perform tail call to the entry.
- __
TailCallRuntime(ExternalReference(IC_Utility(kStoreIC_ExtendStorage)), 3);
+ __ TailCallRuntime(
+ ExternalReference(IC_Utility(kSharedStoreIC_ExtendStorage)), 3);
}
Modified: branches/bleeding_edge/src/ic-ia32.cc
==============================================================================
--- branches/bleeding_edge/src/ic-ia32.cc (original)
+++ branches/bleeding_edge/src/ic-ia32.cc Tue Oct 7 02:28:04 2008
@@ -703,7 +703,8 @@
__ push(eax);
__ push(ebx);
// Perform tail call to the entry.
- __
TailCallRuntime(ExternalReference(IC_Utility(kStoreIC_ExtendStorage)), 3);
+ __ TailCallRuntime(
+ ExternalReference(IC_Utility(kSharedStoreIC_ExtendStorage)), 3);
}
@@ -749,6 +750,26 @@
__ TailCallRuntime(f, 3);
}
+
+void KeyedStoreIC::GenerateExtendStorage(MacroAssembler* masm) {
+ // ----------- S t a t e -------------
+ // -- eax : value
+ // -- esp[0] : return address
+ // -- esp[4] : key
+ // -- esp[8] : receiver
+ // -----------------------------------
+
+ // Move the return address below the arguments.
+ __ pop(ecx);
+ __ push(Operand(esp, 1 * kPointerSize));
+ __ push(Operand(esp, 1 * kPointerSize));
+ __ push(eax);
+ __ push(ecx);
+
+ // Do tail-call to runtime routine.
+ __ TailCallRuntime(
+ ExternalReference(IC_Utility(kSharedStoreIC_ExtendStorage)), 3);
+}
#undef __
Modified: branches/bleeding_edge/src/ic.cc
==============================================================================
--- branches/bleeding_edge/src/ic.cc (original)
+++ branches/bleeding_edge/src/ic.cc Tue Oct 7 02:28:04 2008
@@ -1115,7 +1115,7 @@
// Extend storage is called in a store inline cache when
// it is necessary to extend the properties array of a
// JSObject.
-Object* StoreIC_ExtendStorage(Arguments args) {
+Object* SharedStoreIC_ExtendStorage(Arguments args) {
NoHandleAllocation na;
ASSERT(args.length() == 3);
Modified: branches/bleeding_edge/src/ic.h
==============================================================================
--- branches/bleeding_edge/src/ic.h (original)
+++ branches/bleeding_edge/src/ic.h Tue Oct 7 02:28:04 2008
@@ -34,17 +34,17 @@
// IC_UTIL_LIST defines all utility functions called from generated
// inline caching code. The argument for the macro, ICU, is the function
name.
-#define IC_UTIL_LIST(ICU) \
- ICU(LoadIC_Miss) \
- ICU(KeyedLoadIC_Miss) \
- ICU(CallIC_Miss) \
- ICU(StoreIC_Miss) \
- ICU(StoreIC_ExtendStorage) \
- ICU(KeyedStoreIC_Miss) \
- /* Utilities for IC stubs. */ \
- ICU(LoadCallbackProperty) \
- ICU(StoreCallbackProperty) \
- ICU(LoadInterceptorProperty) \
+#define IC_UTIL_LIST(ICU) \
+ ICU(LoadIC_Miss) \
+ ICU(KeyedLoadIC_Miss) \
+ ICU(CallIC_Miss) \
+ ICU(StoreIC_Miss) \
+ ICU(SharedStoreIC_ExtendStorage) \
+ ICU(KeyedStoreIC_Miss) \
+ /* Utilities for IC stubs. */ \
+ ICU(LoadCallbackProperty) \
+ ICU(StoreCallbackProperty) \
+ ICU(LoadInterceptorProperty) \
ICU(StoreInterceptorProperty)
//
@@ -333,6 +333,7 @@
static void GenerateInitialize(MacroAssembler* masm);
static void GenerateMiss(MacroAssembler* masm);
static void GenerateGeneric(MacroAssembler* masm);
+ static void GenerateExtendStorage(MacroAssembler* masm);
private:
static void Generate(MacroAssembler* masm, const ExternalReference& f);
Modified: branches/bleeding_edge/src/stub-cache-arm.cc
==============================================================================
--- branches/bleeding_edge/src/stub-cache-arm.cc (original)
+++ branches/bleeding_edge/src/stub-cache-arm.cc Tue Oct 7 02:28:04 2008
@@ -411,41 +411,42 @@
// checks.
ASSERT(object->IsJSGlobalObject() || !object->IsAccessCheckNeeded());
- // Get the properties array
- __ ldr(r1, FieldMemOperand(r3, JSObject::kPropertiesOffset));
-
// Perform map transition for the receiver if necessary.
- if (transition != NULL) {
- if (object->map()->unused_property_fields() == 0) {
- // The properties must be extended before we can store the value.
- // We jump to a runtime call that extends the propeties array.
- __ mov(r2, Operand(Handle<Map>(transition)));
- Handle<Code> ic(Builtins::builtin(Builtins::StoreIC_ExtendStorage));
- __ Jump(ic, RelocInfo::CODE_TARGET);
- } else {
+ if ((transition != NULL) && (object->map()->unused_property_fields() ==
0)) {
+ // The properties must be extended before we can store the value.
+ // We jump to a runtime call that extends the propeties array.
+ __ mov(r2, Operand(Handle<Map>(transition)));
+ // Please note, if we implement keyed store for arm we need
+ // to call the Builtins::KeyedStoreIC_ExtendStorage.
+ Handle<Code> ic(Builtins::builtin(Builtins::StoreIC_ExtendStorage));
+ __ Jump(ic, RelocInfo::CODE_TARGET);
+ } else {
+ // Get the properties array
+ __ ldr(r1, FieldMemOperand(r3, JSObject::kPropertiesOffset));
+
+ if (transition != NULL) {
// Update the map of the object; no write barrier updating is
// needed because the map is never in new space.
__ mov(ip, Operand(Handle<Map>(transition)));
__ str(ip, FieldMemOperand(r3, HeapObject::kMapOffset));
}
- }
-
- // Write to the properties array.
- int offset = index * kPointerSize + Array::kHeaderSize;
- __ str(r0, FieldMemOperand(r1, offset));
-
- // Skip updating write barrier if storing a smi.
- __ tst(r0, Operand(kSmiTagMask));
- __ b(eq, &exit);
-
- // Update the write barrier for the array address.
- __ mov(r3, Operand(offset));
- __ RecordWrite(r1, r3, r2); // OK to clobber r2, since we return
-
- // Return the value (register r0).
- __ bind(&exit);
- __ Ret();
+ // Write to the properties array.
+ int offset = index * kPointerSize + Array::kHeaderSize;
+ __ str(r0, FieldMemOperand(r1, offset));
+
+ // Skip updating write barrier if storing a smi.
+ __ tst(r0, Operand(kSmiTagMask));
+ __ b(eq, &exit);
+
+ // Update the write barrier for the array address.
+ __ mov(r3, Operand(offset));
+ __ RecordWrite(r1, r3, r2); // OK to clobber r2, since we return
+
+ // Return the value (register r0).
+ __ bind(&exit);
+ __ Ret();
+ }
// Handle store cache miss.
__ bind(&miss);
__ mov(r2, Operand(Handle<String>(name))); // restore name
Modified: branches/bleeding_edge/src/stub-cache-ia32.cc
==============================================================================
--- branches/bleeding_edge/src/stub-cache-ia32.cc (original)
+++ branches/bleeding_edge/src/stub-cache-ia32.cc Tue Oct 7 02:28:04 2008
@@ -406,6 +406,7 @@
void StubCompiler::GenerateStoreField(MacroAssembler* masm,
+ Builtins::Name storage_extend,
JSObject* object,
int index,
Map* transition,
@@ -431,23 +432,23 @@
// checks.
ASSERT(object->IsJSGlobalObject() || !object->IsAccessCheckNeeded());
+ // Perform map transition for the receiver if necessary.
+ if ((transition != NULL) && (object->map()->unused_property_fields() ==
0)) {
+ // The properties must be extended before we can store the value.
+ // We jump to a runtime call that extends the propeties array.
+ __ mov(Operand(ecx), Immediate(Handle<Map>(transition)));
+ Handle<Code> ic(Builtins::builtin(storage_extend));
+ __ jmp(ic, RelocInfo::CODE_TARGET);
+ return;
+ }
+
// Get the properties array (optimistically).
__ mov(scratch, FieldOperand(receiver_reg, JSObject::kPropertiesOffset));
-
- // Perform map transition for the receiver if necessary.
if (transition != NULL) {
- if (object->map()->unused_property_fields() == 0) {
- // The properties must be extended before we can store the value.
- // We jump to a runtime call that extends the propeties array.
- __ mov(Operand(ecx), Immediate(Handle<Map>(transition)));
- Handle<Code> ic(Builtins::builtin(Builtins::StoreIC_ExtendStorage));
- __ jmp(ic, RelocInfo::CODE_TARGET);
- } else {
- // Update the map of the object; no write barrier updating is
- // needed because the map is never in new space.
- __ mov(FieldOperand(receiver_reg, HeapObject::kMapOffset),
- Immediate(Handle<Map>(transition)));
- }
+ // Update the map of the object; no write barrier updating is
+ // needed because the map is never in new space.
+ __ mov(FieldOperand(receiver_reg, HeapObject::kMapOffset),
+ Immediate(Handle<Map>(transition)));
}
// Write to the properties array.
@@ -737,7 +738,13 @@
__ mov(ebx, Operand(esp, 1 * kPointerSize));
// Generate store field code. Trashes the name register.
- GenerateStoreField(masm(), object, index, transition, ebx, ecx, edx,
&miss);
+ GenerateStoreField(masm(),
+ Builtins::StoreIC_ExtendStorage,
+ object,
+ index,
+ transition,
+ ebx, ecx, edx,
+ &miss);
// Handle store cache miss.
__ bind(&miss);
@@ -887,7 +894,13 @@
__ mov(ebx, Operand(esp, 2 * kPointerSize));
// Generate store field code. Trashes the name register.
- GenerateStoreField(masm(), object, index, transition, ebx, ecx, edx,
&miss);
+ GenerateStoreField(masm(),
+ Builtins::KeyedStoreIC_ExtendStorage,
+ object,
+ index,
+ transition,
+ ebx, ecx, edx,
+ &miss);
// Handle store cache miss.
__ bind(&miss);
Modified: branches/bleeding_edge/src/stub-cache.h
==============================================================================
--- branches/bleeding_edge/src/stub-cache.h (original)
+++ branches/bleeding_edge/src/stub-cache.h Tue Oct 7 02:28:04 2008
@@ -356,6 +356,7 @@
Register scratch2,
Label* miss_label);
static void GenerateStoreField(MacroAssembler* masm,
+ Builtins::Name storage_extend,
JSObject* object,
int index,
Map* transition,
--~--~---------~--~----~------------~-------~--~----~
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
-~----------~----~----~----~------~----~------~--~---
