[v8-dev] [v8] r22693 committed - X87: CallIC customization stubs must accept that a vector slot is clea...

[codesite-noreply via v8-dev]

Revision: 22693
Author:   weiliang....@intel.com
Date:     Wed Jul 30 08:21:42 2014 UTC
Log:      X87: CallIC customization stubs must accept that a vector slot is  
cleared.

port r22668.

original commit message:
  CallIC customization stubs must accept that a vector slot is cleared.

  The CallIC Array custom IC stub read from the type vector, expecting
  to get an AllocationSite. But there are paths in the system where a type
  vector can be re-created with default values, even though we currently
  grant an exception to clearing of vector slots with AllocationSites in
  them at gc time.

BUG=
R=weiliang....@intel.com

Review URL: https://codereview.chromium.org/426203002

Patch from Chunyang Dai <chunyang....@intel.com>.
http://code.google.com/p/v8/source/detail?r=22693

Modified:
 /branches/bleeding_edge/src/x87/code-stubs-x87.cc

=======================================
--- /branches/bleeding_edge/src/x87/code-stubs-x87.cc	Tue Jul 29 07:54:38  
2014 UTC
+++ /branches/bleeding_edge/src/x87/code-stubs-x87.cc	Wed Jul 30 08:21:42  
2014 UTC
@@ -2049,10 +2049,16 @@
   __ j(not_equal, &miss);

   __ mov(eax, arg_count());
-  __ mov(ebx, FieldOperand(ebx, edx, times_half_pointer_size,
+  __ mov(ecx, FieldOperand(ebx, edx, times_half_pointer_size,
                            FixedArray::kHeaderSize));
+
   // Verify that ecx contains an AllocationSite
-  __ AssertUndefinedOrAllocationSite(ebx);
+  Factory* factory = masm->isolate()->factory();
+  __ cmp(FieldOperand(ecx, HeapObject::kMapOffset),
+         factory->allocation_site_map());
+  __ j(not_equal, &miss);
+
+  __ mov(ebx, ecx);
   ArrayConstructorStub stub(masm->isolate(), arg_count());
   __ TailCallStub(&stub);

@@ -2123,7 +2129,11 @@
   __ j(equal, &miss);

   if (!FLAG_trace_ic) {
-    // We are going megamorphic, and we don't want to visit the runtime.
+    // We are going megamorphic. If the feedback is a JSFunction, it is  
fine
+    // to handle it here. More complex cases are dealt with in the runtime.
+    __ AssertNotSmi(ecx);
+    __ CmpObjectType(ecx, JS_FUNCTION_TYPE, ecx);
+    __ j(not_equal, &miss);
     __ mov(FieldOperand(ebx, edx, times_half_pointer_size,
                         FixedArray::kHeaderSize),
            Immediate(TypeFeedbackInfo::MegamorphicSentinel(isolate)));

--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
--- 
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.