Author: [EMAIL PROTECTED]
Date: Wed Oct 15 00:48:45 2008
New Revision: 503
Modified:
branches/bleeding_edge/src/stub-cache-arm.cc
branches/bleeding_edge/src/stub-cache-ia32.cc
Log:
Fix CALL_IC to read properties out of the object in the presence
of in-object properties instead of always going to read out of
the properties array.
TBR=ager
Review URL: http://codereview.chromium.org/6607
Modified: branches/bleeding_edge/src/stub-cache-arm.cc
==============================================================================
--- branches/bleeding_edge/src/stub-cache-arm.cc (original)
+++ branches/bleeding_edge/src/stub-cache-arm.cc Wed Oct 15 00:48:45 2008
@@ -209,10 +209,19 @@
Register reg =
__ CheckMaps(JSObject::cast(object), r1, holder, r3, r2, &miss);
- // Get the properties array of the holder and get the function from the
field.
- int offset = index * kPointerSize + Array::kHeaderSize;
- __ ldr(r1, FieldMemOperand(reg, JSObject::kPropertiesOffset));
- __ ldr(r1, FieldMemOperand(r1, offset));
+ // Adjust for the number of properties stored in the holder.
+ index -= holder->map()->inobject_properties();
+ if (index < 0) {
+ // Get the property straight out of the holder.
+ int offset = holder->map()->instance_size() + (index * kPointerSize);
+ __ ldr(r1, FieldMemOperand(reg, offset));
+ } else {
+ // Get the properties array of the holder and get the function from
+ // the field.
+ int offset = index * kPointerSize + Array::kHeaderSize;
+ __ ldr(r1, FieldMemOperand(reg, JSObject::kPropertiesOffset));
+ __ ldr(r1, FieldMemOperand(r1, offset));
+ }
// Check that the function really is a function.
__ tst(r1, Operand(kSmiTagMask));
Modified: branches/bleeding_edge/src/stub-cache-ia32.cc
==============================================================================
--- branches/bleeding_edge/src/stub-cache-ia32.cc (original)
+++ branches/bleeding_edge/src/stub-cache-ia32.cc Wed Oct 15 00:48:45 2008
@@ -499,10 +499,19 @@
Register reg =
__ CheckMaps(JSObject::cast(object), edx, holder, ebx, ecx, &miss);
- // Get the properties array of the holder and get the function from the
field.
- int offset = index * kPointerSize + Array::kHeaderSize;
- __ mov(edi, FieldOperand(reg, JSObject::kPropertiesOffset));
- __ mov(edi, FieldOperand(edi, offset));
+ // Adjust for the number of properties stored in the holder.
+ index -= holder->map()->inobject_properties();
+ if (index < 0) {
+ // Get the property straight out of the holder.
+ int offset = holder->map()->instance_size() + (index * kPointerSize);
+ __ mov(edi, FieldOperand(reg, offset));
+ } else {
+ // Get the properties array of the holder and get the function from
+ // the field.
+ int offset = index * kPointerSize + Array::kHeaderSize;
+ __ mov(edi, FieldOperand(reg, JSObject::kPropertiesOffset));
+ __ mov(edi, FieldOperand(edi, offset));
+ }
// Check that the function really is a function.
__ test(edi, Immediate(kSmiTagMask));
--~--~---------~--~----~------------~-------~--~----~
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
-~----------~----~----~----~------~----~------~--~---
