Revision: 22683
Author: [email protected]
Date: Tue Jul 29 19:36:40 2014 UTC
Log: MIPS: CallIC customization stubs must accept that a vector slot
is cleared.
Port r22668 (7be1212)
Original commit message:
The CallIC Array custom IC stub read from the type vector, expecting
to get an AllocationSite. But there are paths in the system where a
type vector can be re-created with default values, even though we
currently grant an exception to clearing of vector slots with
AllocationSites in them at gc time.
BUG=392114
LOG=N
[email protected]
Review URL: https://codereview.chromium.org/420793003
http://code.google.com/p/v8/source/detail?r=22683
Modified:
/branches/bleeding_edge/src/mips/code-stubs-mips.cc
/branches/bleeding_edge/src/mips64/code-stubs-mips64.cc
=======================================
--- /branches/bleeding_edge/src/mips/code-stubs-mips.cc Fri Jul 25 21:54:12
2014 UTC
+++ /branches/bleeding_edge/src/mips/code-stubs-mips.cc Tue Jul 29 19:36:40
2014 UTC
@@ -3094,9 +3094,14 @@
__ li(a0, Operand(arg_count()));
__ sll(at, a3, kPointerSizeLog2 - kSmiTagSize);
__ Addu(at, a2, Operand(at));
- __ lw(a2, FieldMemOperand(at, FixedArray::kHeaderSize));
- // Verify that a2 contains an AllocationSite
- __ AssertUndefinedOrAllocationSite(a2, at);
+ __ lw(t0, FieldMemOperand(at, FixedArray::kHeaderSize));
+
+ // Verify that t0 contains an AllocationSite
+ __ lw(t1, FieldMemOperand(t0, HeapObject::kMapOffset));
+ __ LoadRoot(at, Heap::kAllocationSiteMapRootIndex);
+ __ Branch(&miss, ne, t1, Operand(at));
+
+ __ mov(a2, t0);
ArrayConstructorStub stub(masm->isolate(), arg_count());
__ TailCallStub(&stub);
@@ -3163,7 +3168,11 @@
__ Branch(&miss, eq, t0, Operand(at));
if (!FLAG_trace_ic) {
- // We are going megamorphic, and we don't want to visit the runtime.
+ // We are going megamorphic. If the feedback is a JSFunction, it is
fine
+ // to handle it here. More complex cases are dealt with in the runtime.
+ __ AssertNotSmi(t0);
+ __ GetObjectType(t0, t1, t1);
+ __ Branch(&miss, ne, t1, Operand(JS_FUNCTION_TYPE));
__ sll(t0, a3, kPointerSizeLog2 - kSmiTagSize);
__ Addu(t0, a2, Operand(t0));
__ LoadRoot(at, Heap::kMegamorphicSymbolRootIndex);
=======================================
--- /branches/bleeding_edge/src/mips64/code-stubs-mips64.cc Tue Jul 29
18:02:26 2014 UTC
+++ /branches/bleeding_edge/src/mips64/code-stubs-mips64.cc Tue Jul 29
19:36:40 2014 UTC
@@ -3182,9 +3182,14 @@
__ li(a0, Operand(arg_count()));
__ dsrl(at, a3, 32 - kPointerSizeLog2);
__ Daddu(at, a2, Operand(at));
- __ ld(a2, FieldMemOperand(at, FixedArray::kHeaderSize));
- // Verify that a2 contains an AllocationSite
- __ AssertUndefinedOrAllocationSite(a2, at);
+ __ ld(a4, FieldMemOperand(at, FixedArray::kHeaderSize));
+
+ // Verify that a4 contains an AllocationSite
+ __ ld(a5, FieldMemOperand(a4, HeapObject::kMapOffset));
+ __ LoadRoot(at, Heap::kAllocationSiteMapRootIndex);
+ __ Branch(&miss, ne, a5, Operand(at));
+
+ __ mov(a2, a4);
ArrayConstructorStub stub(masm->isolate(), arg_count());
__ TailCallStub(&stub);
@@ -3251,7 +3256,11 @@
__ Branch(&miss, eq, a4, Operand(at));
if (!FLAG_trace_ic) {
- // We are going megamorphic, and we don't want to visit the runtime.
+ // We are going megamorphic. If the feedback is a JSFunction, it is
fine
+ // to handle it here. More complex cases are dealt with in the runtime.
+ __ AssertNotSmi(a4);
+ __ GetObjectType(a4, a5, a5);
+ __ Branch(&miss, ne, a5, Operand(JS_FUNCTION_TYPE));
__ dsrl(a4, a3, 32 - kPointerSizeLog2);
__ Daddu(a4, a2, Operand(a4));
__ LoadRoot(at, Heap::kMegamorphicSymbolRootIndex);
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
