Reviewers: Mads Ager, Description: Fix ARM and x64 tests in debug mode after r3477.
[email protected] Please review this at http://codereview.chromium.org/500090 SVN Base: http://v8.googlecode.com/svn/branches/bleeding_edge/ Affected files: M bleeding_edge/src/arm/stub-cache-arm.cc M bleeding_edge/src/ia32/codegen-ia32.cc M bleeding_edge/src/objects.h M bleeding_edge/src/x64/stub-cache-x64.cc Index: bleeding_edge/src/ia32/codegen-ia32.cc =================================================================== --- bleeding_edge/src/ia32/codegen-ia32.cc (revision 3479) +++ bleeding_edge/src/ia32/codegen-ia32.cc (working copy) @@ -3595,7 +3595,7 @@ void CodeGenerator::InstantiateBoilerplate(Handle<JSFunction> boilerplate) { ASSERT(boilerplate->IsBoilerplate()); - // Use the fast case closure allocation code that allocated in new + // Use the fast case closure allocation code that allocates in new // space for nested functions that don't need literals cloning. if (scope()->is_function_scope() && boilerplate->NumberOfLiterals() == 0) { FastNewClosureStub stub; Index: bleeding_edge/src/objects.h =================================================================== --- bleeding_edge/src/objects.h (revision 3479) +++ bleeding_edge/src/objects.h (working copy) @@ -1804,7 +1804,7 @@ } static int ToDetailsIndex(int descriptor_number) { - return( descriptor_number << 1) + 1; + return (descriptor_number << 1) + 1; } static int ToValueIndex(int descriptor_number) { Index: bleeding_edge/src/x64/stub-cache-x64.cc =================================================================== --- bleeding_edge/src/x64/stub-cache-x64.cc (revision 3479) +++ bleeding_edge/src/x64/stub-cache-x64.cc (working copy) @@ -956,9 +956,25 @@ __ movq(rdi, FieldOperand(rdi, JSGlobalPropertyCell::kValueOffset)); // Check that the cell contains the same function. - __ Cmp(rdi, Handle<JSFunction>(function)); - __ j(not_equal, &miss); + if (Heap::InNewSpace(function)) { + // We can't embed a pointer to a function in new space so we have + // to verify that the shared function info is unchanged. This has + // the nice side effect that multiple closures based on the same + // function can all use this call IC. Before we load through the + // function, we have to verify that it still is a function. + __ JumpIfSmi(rdi, &miss); + __ CmpObjectType(rdi, JS_FUNCTION_TYPE, rcx); + __ j(not_equal, &miss); + // Check the shared function info. Make sure it hasn't changed. + __ cmpq(FieldOperand(rdi, JSFunction::kSharedFunctionInfoOffset), + Handle<SharedFunctionInfo>(function->shared())); + __ j(not_equal, &miss); + } else { + __ Cmp(rdi, Handle<JSFunction>(function)); + __ j(not_equal, &miss); + } + // Patch the receiver on the stack with the global proxy. if (object->IsGlobalObject()) { __ movq(rdx, FieldOperand(rdx, GlobalObject::kGlobalReceiverOffset)); Index: bleeding_edge/src/arm/stub-cache-arm.cc =================================================================== --- bleeding_edge/src/arm/stub-cache-arm.cc (revision 3479) +++ bleeding_edge/src/arm/stub-cache-arm.cc (working copy) @@ -777,9 +777,27 @@ __ ldr(r1, FieldMemOperand(r3, JSGlobalPropertyCell::kValueOffset)); // Check that the cell contains the same function. - __ cmp(r1, Operand(Handle<JSFunction>(function))); - __ b(ne, &miss); + if (Heap::InNewSpace(function)) { + // We can't embed a pointer to a function in new space so we have + // to verify that the shared function info is unchanged. This has + // the nice side effect that multiple closures based on the same + // function can all use this call IC. Before we load through the + // function, we have to verify that it still is a function. + __ tst(r1, Operand(kSmiTagMask)); + __ b(eq, &miss); + __ CompareObjectType(r1, r3, r3, JS_FUNCTION_TYPE); + __ b(ne, &miss); + // Check the shared function info. Make sure it hasn't changed. + __ mov(r3, Operand(Handle<SharedFunctionInfo>(function->shared()))); + __ ldr(r2, FieldMemOperand(r1, JSFunction::kSharedFunctionInfoOffset)); + __ cmp(r2, r3); + __ b(ne, &miss); + } else { + __ cmp(r1, Operand(Handle<JSFunction>(function))); + __ b(ne, &miss); + } + // Patch the receiver on the stack with the global proxy if // necessary. if (object->IsGlobalObject()) { -- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev
