Revision: 6614
Author: [email protected]
Date: Thu Feb 3 04:50:50 2011
Log: Create specialized code stubs for PixelArray loads.
Review URL: http://codereview.chromium.org/6287030
http://code.google.com/p/v8/source/detail?r=6614
Modified:
/branches/bleeding_edge/src/arm/code-stubs-arm.cc
/branches/bleeding_edge/src/arm/code-stubs-arm.h
/branches/bleeding_edge/src/arm/ic-arm.cc
/branches/bleeding_edge/src/arm/stub-cache-arm.cc
/branches/bleeding_edge/src/heap.h
/branches/bleeding_edge/src/ia32/code-stubs-ia32.cc
/branches/bleeding_edge/src/ia32/code-stubs-ia32.h
/branches/bleeding_edge/src/ia32/ic-ia32.cc
/branches/bleeding_edge/src/ia32/macro-assembler-ia32.h
/branches/bleeding_edge/src/ia32/stub-cache-ia32.cc
/branches/bleeding_edge/src/ic.cc
/branches/bleeding_edge/src/runtime.cc
/branches/bleeding_edge/src/stub-cache.cc
/branches/bleeding_edge/src/stub-cache.h
/branches/bleeding_edge/src/x64/code-stubs-x64.cc
/branches/bleeding_edge/src/x64/code-stubs-x64.h
/branches/bleeding_edge/src/x64/ic-x64.cc
/branches/bleeding_edge/src/x64/stub-cache-x64.cc
/branches/bleeding_edge/test/cctest/test-api.cc
/branches/bleeding_edge/test/mjsunit/regress/regress-900966.js
=======================================
--- /branches/bleeding_edge/src/arm/code-stubs-arm.cc Wed Feb 2 02:30:41
2011
+++ /branches/bleeding_edge/src/arm/code-stubs-arm.cc Thu Feb 3 04:50:50
2011
@@ -5732,6 +5732,73 @@
__ pop(r1);
__ Jump(r2);
}
+
+
+void GenerateFastPixelArrayLoad(MacroAssembler* masm,
+ Register receiver,
+ Register key,
+ Register elements_map,
+ Register elements,
+ Register scratch1,
+ Register scratch2,
+ Register result,
+ Label* not_pixel_array,
+ Label* key_not_smi,
+ Label* out_of_range) {
+ // Register use:
+ //
+ // receiver - holds the receiver on entry.
+ // Unchanged unless 'result' is the same register.
+ //
+ // key - holds the smi key on entry.
+ // Unchanged unless 'result' is the same register.
+ //
+ // elements - set to be the receiver's elements on exit.
+ //
+ // elements_map - set to be the map of the receiver's elements
+ // on exit.
+ //
+ // result - holds the result of the pixel array load on exit,
+ // tagged as a smi if successful.
+ //
+ // Scratch registers:
+ //
+ // scratch1 - used a scratch register in map check, if map
+ // check is successful, contains the length of the
+ // pixel array, the pointer to external elements and
+ // the untagged result.
+ //
+ // scratch2 - holds the untaged key.
+
+ // Some callers already have verified that the key is a smi.
key_not_smi is
+ // set to NULL as a sentinel for that case. Otherwise, add an explicit
check
+ // to ensure the key is a smi must be added.
+ if (key_not_smi != NULL) {
+ __ JumpIfNotSmi(key, key_not_smi);
+ } else {
+ if (FLAG_debug_code) {
+ __ AbortIfNotSmi(key);
+ }
+ }
+ __ SmiUntag(scratch2, key);
+
+ // Verify that the receiver has pixel array elements.
+ __ ldr(elements, FieldMemOperand(receiver, JSObject::kElementsOffset));
+ __ CheckMap(elements, scratch1, Heap::kPixelArrayMapRootIndex,
+ not_pixel_array, true);
+
+ // Key must be in range of the pixel array.
+ __ ldr(scratch1, FieldMemOperand(elements, PixelArray::kLengthOffset));
+ __ cmp(scratch2, scratch1);
+ __ b(hs, out_of_range); // unsigned check handles negative keys.
+
+ // Perform the indexed load and tag the result as a smi.
+ __ ldr(scratch1,
+ FieldMemOperand(elements, PixelArray::kExternalPointerOffset));
+ __ ldrb(scratch1, MemOperand(scratch1, scratch2));
+ __ SmiTag(r0, scratch1);
+ __ Ret();
+}
#undef __
=======================================
--- /branches/bleeding_edge/src/arm/code-stubs-arm.h Wed Feb 2 02:30:41
2011
+++ /branches/bleeding_edge/src/arm/code-stubs-arm.h Thu Feb 3 04:50:50
2011
@@ -571,6 +571,27 @@
};
+// Generate code the to load an element from a pixel array. The receiver is
+// assumed to not be a smi and to have elements, the caller must guarantee
this
+// precondition. If the receiver does not have elements that are pixel
arrays,
+// the generated code jumps to not_pixel_array. If key is not a smi, then
the
+// generated code branches to key_not_smi. Callers can specify NULL for
+// key_not_smi to signal that a smi check has already been performed on
key so
+// that the smi check is not generated . If key is not a valid index
within the
+// bounds of the pixel array, the generated code jumps to out_of_range.
+void GenerateFastPixelArrayLoad(MacroAssembler* masm,
+ Register receiver,
+ Register key,
+ Register elements_map,
+ Register elements,
+ Register scratch1,
+ Register scratch2,
+ Register result,
+ Label* not_pixel_array,
+ Label* key_not_smi,
+ Label* out_of_range);
+
+
} } // namespace v8::internal
#endif // V8_ARM_CODE_STUBS_ARM_H_
=======================================
--- /branches/bleeding_edge/src/arm/ic-arm.cc Fri Jan 28 07:07:04 2011
+++ /branches/bleeding_edge/src/arm/ic-arm.cc Thu Feb 3 04:50:50 2011
@@ -1189,19 +1189,18 @@
// r0: key
// r1: receiver
__ bind(&check_pixel_array);
- __ ldr(r4, FieldMemOperand(r1, JSObject::kElementsOffset));
- __ ldr(r3, FieldMemOperand(r4, HeapObject::kMapOffset));
- __ LoadRoot(ip, Heap::kPixelArrayMapRootIndex);
- __ cmp(r3, ip);
- __ b(ne, &check_number_dictionary);
- __ ldr(ip, FieldMemOperand(r4, PixelArray::kLengthOffset));
- __ mov(r2, Operand(key, ASR, kSmiTagSize));
- __ cmp(r2, ip);
- __ b(hs, &slow);
- __ ldr(ip, FieldMemOperand(r4, PixelArray::kExternalPointerOffset));
- __ ldrb(r2, MemOperand(ip, r2));
- __ mov(r0, Operand(r2, LSL, kSmiTagSize)); // Tag result as smi.
- __ Ret();
+
+ GenerateFastPixelArrayLoad(masm,
+ r1,
+ r0,
+ r3,
+ r4,
+ r2,
+ r5,
+ r0,
+ &check_number_dictionary,
+ NULL,
+ &slow);
__ bind(&check_number_dictionary);
// Check whether the elements is a number dictionary.
=======================================
--- /branches/bleeding_edge/src/arm/stub-cache-arm.cc Thu Jan 27 00:35:39
2011
+++ /branches/bleeding_edge/src/arm/stub-cache-arm.cc Thu Feb 3 04:50:50
2011
@@ -3085,6 +3085,38 @@
// Return the generated code.
return GetCode(NORMAL, NULL);
}
+
+
+MaybeObject* KeyedLoadStubCompiler::CompileLoadPixelArray(JSObject*
receiver) {
+ // ----------- S t a t e -------------
+ // -- lr : return address
+ // -- r0 : key
+ // -- r1 : receiver
+ // -----------------------------------
+ Label miss;
+
+ // Check that the map matches.
+ __ CheckMap(r1, r2, Handle<Map>(receiver->map()), &miss, false);
+
+ GenerateFastPixelArrayLoad(masm(),
+ r1,
+ r0,
+ r2,
+ r3,
+ r4,
+ r5,
+ r0,
+ &miss,
+ &miss,
+ &miss);
+
+ __ bind(&miss);
+ Handle<Code> ic(Builtins::builtin(Builtins::KeyedLoadIC_Miss));
+ __ Jump(ic, RelocInfo::CODE_TARGET);
+
+ // Return the generated code.
+ return GetCode(NORMAL, NULL);
+}
MaybeObject* KeyedStoreStubCompiler::CompileStoreField(JSObject* object,
=======================================
--- /branches/bleeding_edge/src/heap.h Wed Feb 2 05:31:52 2011
+++ /branches/bleeding_edge/src/heap.h Thu Feb 3 04:50:50 2011
@@ -178,6 +178,7 @@
V(InitializeConstGlobal_symbol, "InitializeConstGlobal") \
V(KeyedLoadSpecialized_symbol, "KeyedLoadSpecialized") \
V(KeyedStoreSpecialized_symbol, "KeyedStoreSpecialized") \
+ V(KeyedLoadPixelArray_symbol, "KeyedLoadPixelArray") \
V(stack_overflow_symbol, "kStackOverflowBoilerplate") \
V(illegal_access_symbol, "illegal access") \
V(out_of_memory_symbol, "out-of-memory") \
=======================================
--- /branches/bleeding_edge/src/ia32/code-stubs-ia32.cc Wed Feb 2 04:54:58
2011
+++ /branches/bleeding_edge/src/ia32/code-stubs-ia32.cc Thu Feb 3 04:50:50
2011
@@ -6509,6 +6509,54 @@
// Do a tail call to the rewritten stub.
__ jmp(Operand(edi));
}
+
+
+// Loads a indexed element from a pixel array.
+void GenerateFastPixelArrayLoad(MacroAssembler* masm,
+ Register receiver,
+ Register key,
+ Register elements,
+ Register untagged_key,
+ Register result,
+ Label* not_pixel_array,
+ Label* key_not_smi,
+ Label* out_of_range) {
+ // Register use:
+ // receiver - holds the receiver and is unchanged.
+ // key - holds the key and is unchanged (must be a smi).
+ // elements - is set to the the receiver's element if
+ // the receiver doesn't have a pixel array or the
+ // key is not a smi, otherwise it's the elements'
+ // external pointer.
+ // untagged_key - is set to the untagged key
+
+ // Some callers already have verified that the key is a smi.
key_not_smi is
+ // set to NULL as a sentinel for that case. Otherwise, add an explicit
check
+ // to ensure the key is a smi must be added.
+ if (key_not_smi != NULL) {
+ __ JumpIfNotSmi(key, key_not_smi);
+ } else {
+ if (FLAG_debug_code) {
+ __ AbortIfNotSmi(key);
+ }
+ }
+ __ mov(untagged_key, key);
+ __ SmiUntag(untagged_key);
+
+ // Verify that the receiver has pixel array elements.
+ __ mov(elements, FieldOperand(receiver, JSObject::kElementsOffset));
+ __ CheckMap(elements, Factory::pixel_array_map(), not_pixel_array, true);
+
+ // Key must be in range.
+ __ cmp(untagged_key, FieldOperand(elements, PixelArray::kLengthOffset));
+ __ j(above_equal, out_of_range); // unsigned check handles negative
keys.
+
+ // Perform the indexed load and tag the result as a smi.
+ __ mov(elements, FieldOperand(elements,
PixelArray::kExternalPointerOffset));
+ __ movzx_b(result, Operand(elements, untagged_key, times_1, 0));
+ __ SmiTag(result);
+ __ ret(0);
+}
#undef __
=======================================
--- /branches/bleeding_edge/src/ia32/code-stubs-ia32.h Tue Jan 25 04:14:56
2011
+++ /branches/bleeding_edge/src/ia32/code-stubs-ia32.h Thu Feb 3 04:50:50
2011
@@ -490,6 +490,25 @@
};
+// Generate code the to load an element from a pixel array. The receiver is
+// assumed to not be a smi and to have elements, the caller must guarantee
this
+// precondition. If the receiver does not have elements that are pixel
arrays,
+// the generated code jumps to not_pixel_array. If key is not a smi, then
the
+// generated code branches to key_not_smi. Callers can specify NULL for
+// key_not_smi to signal that a smi check has already been performed on
key so
+// that the smi check is not generated . If key is not a valid index
within the
+// bounds of the pixel array, the generated code jumps to out_of_range.
+void GenerateFastPixelArrayLoad(MacroAssembler* masm,
+ Register receiver,
+ Register key,
+ Register elements,
+ Register untagged_key,
+ Register result,
+ Label* not_pixel_array,
+ Label* key_not_smi,
+ Label* out_of_range);
+
+
} } // namespace v8::internal
#endif // V8_IA32_CODE_STUBS_IA32_H_
=======================================
--- /branches/bleeding_edge/src/ia32/ic-ia32.cc Fri Jan 28 07:07:04 2011
+++ /branches/bleeding_edge/src/ia32/ic-ia32.cc Thu Feb 3 04:50:50 2011
@@ -556,19 +556,15 @@
__ ret(0);
__ bind(&check_pixel_array);
- // Check whether the elements is a pixel array.
- // edx: receiver
- // eax: key
- __ mov(ecx, FieldOperand(edx, JSObject::kElementsOffset));
- __ mov(ebx, eax);
- __ SmiUntag(ebx);
- __ CheckMap(ecx, Factory::pixel_array_map(), &check_number_dictionary,
true);
- __ cmp(ebx, FieldOperand(ecx, PixelArray::kLengthOffset));
- __ j(above_equal, &slow);
- __ mov(eax, FieldOperand(ecx, PixelArray::kExternalPointerOffset));
- __ movzx_b(eax, Operand(eax, ebx, times_1, 0));
- __ SmiTag(eax);
- __ ret(0);
+ GenerateFastPixelArrayLoad(masm,
+ edx,
+ eax,
+ ecx,
+ ebx,
+ eax,
+ &check_number_dictionary,
+ NULL,
+ &slow);
__ bind(&check_number_dictionary);
// Check whether the elements is a number dictionary.
=======================================
--- /branches/bleeding_edge/src/ia32/macro-assembler-ia32.h Fri Jan 14
02:57:49 2011
+++ /branches/bleeding_edge/src/ia32/macro-assembler-ia32.h Thu Feb 3
04:50:50 2011
@@ -257,6 +257,17 @@
ASSERT(kSmiTag == 0);
j(not_carry, is_smi);
}
+
+ // Jump the register contains a smi.
+ inline void JumpIfSmi(Register value, Label* smi_label) {
+ test(value, Immediate(kSmiTagMask));
+ j(zero, smi_label, not_taken);
+ }
+ // Jump if register contain a non-smi.
+ inline void JumpIfNotSmi(Register value, Label* not_smi_label) {
+ test(value, Immediate(kSmiTagMask));
+ j(not_zero, not_smi_label, not_taken);
+ }
// Assumes input is a heap object.
void JumpIfNotNumber(Register reg, TypeInfo info, Label* on_not_number);
=======================================
--- /branches/bleeding_edge/src/ia32/stub-cache-ia32.cc Thu Jan 27 00:35:39
2011
+++ /branches/bleeding_edge/src/ia32/stub-cache-ia32.cc Thu Feb 3 04:50:50
2011
@@ -3153,6 +3153,37 @@
// Return the generated code.
return GetCode(NORMAL, NULL);
}
+
+
+MaybeObject* KeyedLoadStubCompiler::CompileLoadPixelArray(JSObject*
receiver) {
+ // ----------- S t a t e -------------
+ // -- eax : key
+ // -- edx : receiver
+ // -- esp[0] : return address
+ // -----------------------------------
+ Label miss;
+
+ // Check that the map matches.
+ __ CheckMap(edx, Handle<Map>(receiver->map()), &miss, false);
+
+ GenerateFastPixelArrayLoad(masm(),
+ edx,
+ eax,
+ ecx,
+ ebx,
+ eax,
+ &miss,
+ &miss,
+ &miss);
+
+ // Handle load cache miss.
+ __ bind(&miss);
+ Handle<Code> ic(Builtins::builtin(Builtins::KeyedLoadIC_Miss));
+ __ jmp(ic, RelocInfo::CODE_TARGET);
+
+ // Return the generated code.
+ return GetCode(NORMAL, NULL);
+}
// Specialized stub for constructing objects from functions which only
have only
=======================================
--- /branches/bleeding_edge/src/ic.cc Fri Jan 28 07:07:04 2011
+++ /branches/bleeding_edge/src/ic.cc Thu Feb 3 04:50:50 2011
@@ -1204,23 +1204,31 @@
if (use_ic) {
Code* stub = generic_stub();
- if (object->IsString() && key->IsNumber()) {
- stub = string_stub();
- } else if (object->IsJSObject()) {
- Handle<JSObject> receiver = Handle<JSObject>::cast(object);
- if (receiver->HasExternalArrayElements()) {
- MaybeObject* probe =
- StubCache::ComputeKeyedLoadOrStoreExternalArray(*receiver,
false);
- stub =
- probe->IsFailure() ? NULL :
Code::cast(probe->ToObjectUnchecked());
- } else if (receiver->HasIndexedInterceptor()) {
- stub = indexed_interceptor_stub();
- } else if (state == UNINITIALIZED &&
- key->IsSmi() &&
- receiver->map()->has_fast_elements()) {
- MaybeObject* probe =
StubCache::ComputeKeyedLoadSpecialized(*receiver);
- stub =
- probe->IsFailure() ? NULL :
Code::cast(probe->ToObjectUnchecked());
+ if (state == UNINITIALIZED) {
+ if (object->IsString() && key->IsNumber()) {
+ stub = string_stub();
+ } else if (object->IsJSObject()) {
+ Handle<JSObject> receiver = Handle<JSObject>::cast(object);
+ if (receiver->HasExternalArrayElements()) {
+ MaybeObject* probe =
+ StubCache::ComputeKeyedLoadOrStoreExternalArray(*receiver,
+ false);
+ stub = probe->IsFailure() ?
+ NULL : Code::cast(probe->ToObjectUnchecked());
+ } else if (receiver->HasIndexedInterceptor()) {
+ stub = indexed_interceptor_stub();
+ } else if (receiver->HasPixelElements()) {
+ MaybeObject* probe =
+ StubCache::ComputeKeyedLoadPixelArray(*receiver);
+ stub = probe->IsFailure() ?
+ NULL : Code::cast(probe->ToObjectUnchecked());
+ } else if (key->IsSmi() &&
+ receiver->map()->has_fast_elements()) {
+ MaybeObject* probe =
+ StubCache::ComputeKeyedLoadSpecialized(*receiver);
+ stub = probe->IsFailure() ?
+ NULL : Code::cast(probe->ToObjectUnchecked());
+ }
}
}
if (stub != NULL) set_target(stub);
=======================================
--- /branches/bleeding_edge/src/runtime.cc Thu Feb 3 02:19:41 2011
+++ /branches/bleeding_edge/src/runtime.cc Thu Feb 3 04:50:50 2011
@@ -3574,8 +3574,10 @@
HandleScope scope;
Handle<String> str = args.at<String>(0);
int index = Smi::cast(args[1])->value();
- Handle<Object> result = GetCharAt(str, index);
- return *result;
+ if (index >= 0 && index < str->length()) {
+ Handle<Object> result = GetCharAt(str, index);
+ return *result;
+ }
}
// Fall back to GetObjectProperty.
=======================================
--- /branches/bleeding_edge/src/stub-cache.cc Fri Jan 21 15:58:00 2011
+++ /branches/bleeding_edge/src/stub-cache.cc Thu Feb 3 04:50:50 2011
@@ -441,6 +441,12 @@
MaybeObject* StubCache::ComputeKeyedLoadSpecialized(JSObject* receiver) {
+ // Using NORMAL as the PropertyType for array element loads is a misuse.
The
+ // generated stub always accesses fast elements, not slow-mode fields,
but
+ // some property type is required for the stub lookup. Note that
overloading
+ // the NORMAL PropertyType is only safe as long as no stubs are
generated for
+ // other keyed field loads. This is guaranteed to be the case since all
field
+ // keyed loads that are not array elements go through a generic builtin
stub.
Code::Flags flags =
Code::ComputeMonomorphicFlags(Code::KEYED_LOAD_IC, NORMAL);
String* name = Heap::KeyedLoadSpecialized_symbol();
@@ -459,6 +465,33 @@
}
return code;
}
+
+
+MaybeObject* StubCache::ComputeKeyedLoadPixelArray(JSObject* receiver) {
+ // Using NORMAL as the PropertyType for array element loads is a misuse.
The
+ // generated stub always accesses fast elements, not slow-mode fields,
but
+ // some property type is required for the stub lookup. Note that
overloading
+ // the NORMAL PropertyType is only safe as long as no stubs are
generated for
+ // other keyed field loads. This is guaranteed to be the case since all
field
+ // keyed loads that are not array elements go through a generic builtin
stub.
+ Code::Flags flags =
+ Code::ComputeMonomorphicFlags(Code::KEYED_LOAD_IC, NORMAL);
+ String* name = Heap::KeyedLoadPixelArray_symbol();
+ Object* code = receiver->map()->FindInCodeCache(name, flags);
+ if (code->IsUndefined()) {
+ KeyedLoadStubCompiler compiler;
+ { MaybeObject* maybe_code = compiler.CompileLoadPixelArray(receiver);
+ if (!maybe_code->ToObject(&code)) return maybe_code;
+ }
+ PROFILE(CodeCreateEvent(Logger::KEYED_LOAD_IC_TAG, Code::cast(code),
0));
+ Object* result;
+ { MaybeObject* maybe_result =
+ receiver->UpdateMapCodeCache(name, Code::cast(code));
+ if (!maybe_result->ToObject(&result)) return maybe_result;
+ }
+ }
+ return code;
+}
MaybeObject* StubCache::ComputeStoreField(String* name,
=======================================
--- /branches/bleeding_edge/src/stub-cache.h Wed Jan 26 00:12:56 2011
+++ /branches/bleeding_edge/src/stub-cache.h Thu Feb 3 04:50:50 2011
@@ -133,6 +133,9 @@
MUST_USE_RESULT static MaybeObject* ComputeKeyedLoadSpecialized(
JSObject* receiver);
+ MUST_USE_RESULT static MaybeObject* ComputeKeyedLoadPixelArray(
+ JSObject* receiver);
+
// ---
MUST_USE_RESULT static MaybeObject* ComputeStoreField(String* name,
@@ -607,6 +610,7 @@
MUST_USE_RESULT MaybeObject* CompileLoadFunctionPrototype(String* name);
MUST_USE_RESULT MaybeObject* CompileLoadSpecialized(JSObject* receiver);
+ MUST_USE_RESULT MaybeObject* CompileLoadPixelArray(JSObject* receiver);
private:
MaybeObject* GetCode(PropertyType type, String* name);
=======================================
--- /branches/bleeding_edge/src/x64/code-stubs-x64.cc Fri Jan 28 06:18:26
2011
+++ /branches/bleeding_edge/src/x64/code-stubs-x64.cc Thu Feb 3 04:50:50
2011
@@ -4413,6 +4413,53 @@
// Do a tail call to the rewritten stub.
__ jmp(rdi);
}
+
+
+void GenerateFastPixelArrayLoad(MacroAssembler* masm,
+ Register receiver,
+ Register key,
+ Register elements,
+ Register untagged_key,
+ Register result,
+ Label* not_pixel_array,
+ Label* key_not_smi,
+ Label* out_of_range) {
+ // Register use:
+ // receiver - holds the receiver and is unchanged.
+ // key - holds the key and is unchanged (must be a smi).
+ // elements - is set to the the receiver's element if
+ // the receiver doesn't have a pixel array or the
+ // key is not a smi, otherwise it's the elements'
+ // external pointer.
+ // untagged_key - is set to the untagged key
+
+ // Some callers already have verified that the key is a smi.
key_not_smi is
+ // set to NULL as a sentinel for that case. Otherwise, add an explicit
check
+ // to ensure the key is a smi must be added.
+ if (key_not_smi != NULL) {
+ __ JumpIfNotSmi(key, key_not_smi);
+ } else {
+ if (FLAG_debug_code) {
+ __ AbortIfNotSmi(key);
+ }
+ }
+ __ SmiToInteger32(untagged_key, key);
+
+ // Verify that the receiver has pixel array elements.
+ __ movq(elements, FieldOperand(receiver, JSObject::kElementsOffset));
+ __ CheckMap(elements, Factory::pixel_array_map(), not_pixel_array, true);
+
+ // Check that the smi is in range.
+ __ cmpl(untagged_key, FieldOperand(elements, PixelArray::kLengthOffset));
+ __ j(above_equal, out_of_range); // unsigned check handles negative
keys.
+
+ // Load and tag the element as a smi.
+ __ movq(elements, FieldOperand(elements,
PixelArray::kExternalPointerOffset));
+ __ movzxbq(result, Operand(elements, untagged_key, times_1, 0));
+ __ Integer32ToSmi(result, result);
+ __ ret(0);
+}
+
#undef __
=======================================
--- /branches/bleeding_edge/src/x64/code-stubs-x64.h Tue Jan 18 06:32:13
2011
+++ /branches/bleeding_edge/src/x64/code-stubs-x64.h Thu Feb 3 04:50:50
2011
@@ -447,6 +447,25 @@
};
+// Generate code the to load an element from a pixel array. The receiver is
+// assumed to not be a smi and to have elements, the caller must guarantee
this
+// precondition. If the receiver does not have elements that are pixel
arrays,
+// the generated code jumps to not_pixel_array. If key is not a smi, then
the
+// generated code branches to key_not_smi. Callers can specify NULL for
+// key_not_smi to signal that a smi check has already been performed on
key so
+// that the smi check is not generated . If key is not a valid index
within the
+// bounds of the pixel array, the generated code jumps to out_of_range.
+void GenerateFastPixelArrayLoad(MacroAssembler* masm,
+ Register receiver,
+ Register key,
+ Register elements,
+ Register untagged_key,
+ Register result,
+ Label* not_pixel_array,
+ Label* key_not_smi,
+ Label* out_of_range);
+
+
} } // namespace v8::internal
#endif // V8_X64_CODE_STUBS_X64_H_
=======================================
--- /branches/bleeding_edge/src/x64/ic-x64.cc Fri Jan 28 07:07:04 2011
+++ /branches/bleeding_edge/src/x64/ic-x64.cc Thu Feb 3 04:50:50 2011
@@ -580,20 +580,15 @@
__ ret(0);
__ bind(&check_pixel_array);
- // Check whether the elements object is a pixel array.
- // rdx: receiver
- // rax: key
- __ movq(rcx, FieldOperand(rdx, JSObject::kElementsOffset));
- __ SmiToInteger32(rbx, rax); // Used on both directions of next branch.
- __ CompareRoot(FieldOperand(rcx, HeapObject::kMapOffset),
- Heap::kPixelArrayMapRootIndex);
- __ j(not_equal, &check_number_dictionary);
- __ cmpl(rbx, FieldOperand(rcx, PixelArray::kLengthOffset));
- __ j(above_equal, &slow);
- __ movq(rax, FieldOperand(rcx, PixelArray::kExternalPointerOffset));
- __ movzxbq(rax, Operand(rax, rbx, times_1, 0));
- __ Integer32ToSmi(rax, rax);
- __ ret(0);
+ GenerateFastPixelArrayLoad(masm,
+ rdx,
+ rax,
+ rcx,
+ rbx,
+ rax,
+ &check_number_dictionary,
+ NULL,
+ &slow);
__ bind(&check_number_dictionary);
// Check whether the elements is a number dictionary.
=======================================
--- /branches/bleeding_edge/src/x64/stub-cache-x64.cc Thu Jan 27 00:35:39
2011
+++ /branches/bleeding_edge/src/x64/stub-cache-x64.cc Thu Feb 3 04:50:50
2011
@@ -2996,6 +2996,35 @@
// Return the generated code.
return GetCode(NORMAL, NULL);
}
+
+
+MaybeObject* KeyedLoadStubCompiler::CompileLoadPixelArray(JSObject*
receiver) {
+ // ----------- S t a t e -------------
+ // -- rax : key
+ // -- rdx : receiver
+ // -- esp[0] : return address
+ // -----------------------------------
+ Label miss;
+
+ // Check that the map matches.
+ __ CheckMap(rdx, Handle<Map>(receiver->map()), &miss, false);
+
+ GenerateFastPixelArrayLoad(masm(),
+ rdx,
+ rax,
+ rbx,
+ rcx,
+ rax,
+ &miss,
+ &miss,
+ &miss);
+
+ __ bind(&miss);
+ GenerateLoadMiss(masm(), Code::KEYED_LOAD_IC);
+
+ // Return the generated code.
+ return GetCode(NORMAL, NULL);
+}
// Specialized stub for constructing objects from functions which only
have only
=======================================
--- /branches/bleeding_edge/test/cctest/test-api.cc Wed Feb 2 09:44:29 2011
+++ /branches/bleeding_edge/test/cctest/test-api.cc Thu Feb 3 04:50:50 2011
@@ -10450,6 +10450,93 @@
"i");
CHECK_EQ(255, result->Int32Value());
+ // Make sure that pixel array ICs recognize when a non-pixel array
+ // is passed to it.
+ result = CompileRun("function pa_load(p) {"
+ " var sum = 0;"
+ " for (var j = 0; j < 256; j++) { sum += p[j]; }"
+ " return sum;"
+ "}"
+ "for (var i = 0; i < 256; ++i) { pixels[i] = i; }"
+ "for (var i = 0; i < 10; ++i) { pa_load(pixels); }"
+ "just_ints = new Object();"
+ "for (var i = 0; i < 256; ++i) { just_ints[i] = i; }"
+ "for (var i = 0; i < 10; ++i) {"
+ " result = pa_load(just_ints);"
+ "}"
+ "result");
+ CHECK_EQ(32640, result->Int32Value());
+
+ // Make sure that pixel array ICs recognize out-of-bound accesses.
+ result = CompileRun("function pa_load(p, start) {"
+ " var sum = 0;"
+ " for (var j = start; j < 256; j++) { sum += p[j];
}"
+ " return sum;"
+ "}"
+ "for (var i = 0; i < 256; ++i) { pixels[i] = i; }"
+ "for (var i = 0; i < 10; ++i) { pa_load(pixels,0); }"
+ "for (var i = 0; i < 10; ++i) {"
+ " result = pa_load(pixels,-10);"
+ "}"
+ "result");
+ CHECK_EQ(0, result->Int32Value());
+
+ // Make sure that generic ICs properly handles a pixel array.
+ result = CompileRun("function pa_load(p) {"
+ " var sum = 0;"
+ " for (var j = 0; j < 256; j++) { sum += p[j]; }"
+ " return sum;"
+ "}"
+ "for (var i = 0; i < 256; ++i) { pixels[i] = i; }"
+ "just_ints = new Object();"
+ "for (var i = 0; i < 256; ++i) { just_ints[i] = i; }"
+ "for (var i = 0; i < 10; ++i) { pa_load(just_ints);
}"
+ "for (var i = 0; i < 10; ++i) {"
+ " result = pa_load(pixels);"
+ "}"
+ "result");
+ CHECK_EQ(32640, result->Int32Value());
+
+ // Make sure that generic load ICs recognize out-of-bound accesses in
+ // pixel arrays.
+ result = CompileRun("function pa_load(p, start) {"
+ " var sum = 0;"
+ " for (var j = start; j < 256; j++) { sum += p[j];
}"
+ " return sum;"
+ "}"
+ "for (var i = 0; i < 256; ++i) { pixels[i] = i; }"
+ "just_ints = new Object();"
+ "for (var i = 0; i < 256; ++i) { just_ints[i] = i; }"
+ "for (var i = 0; i < 10; ++i) {
pa_load(just_ints,0); }"
+ "for (var i = 0; i < 10; ++i) { pa_load(pixels,0); }"
+ "for (var i = 0; i < 10; ++i) {"
+ " result = pa_load(pixels,-10);"
+ "}"
+ "result");
+ CHECK_EQ(0, result->Int32Value());
+
+ // Make sure that generic ICs properly handles other types than pixel
+ // arrays (that the inlined fast pixel array test leaves the right
information
+ // in the right registers).
+ result = CompileRun("function pa_load(p) {"
+ " var sum = 0;"
+ " for (var j = 0; j < 256; j++) { sum += p[j]; }"
+ " return sum;"
+ "}"
+ "for (var i = 0; i < 256; ++i) { pixels[i] = i; }"
+ "just_ints = new Object();"
+ "for (var i = 0; i < 256; ++i) { just_ints[i] = i; }"
+ "for (var i = 0; i < 10; ++i) { pa_load(just_ints);
}"
+ "for (var i = 0; i < 10; ++i) { pa_load(pixels); }"
+ "sparse_array = new Object();"
+ "for (var i = 0; i < 256; ++i) { sparse_array[i] =
i; }"
+ "sparse_array[1000000] = 3;"
+ "for (var i = 0; i < 10; ++i) {"
+ " result = pa_load(sparse_array);"
+ "}"
+ "result");
+ CHECK_EQ(32640, result->Int32Value());
+
free(pixel_data);
}
=======================================
--- /branches/bleeding_edge/test/mjsunit/regress/regress-900966.js Tue Dec
7 03:01:02 2010
+++ /branches/bleeding_edge/test/mjsunit/regress/regress-900966.js Thu Feb
3 04:50:50 2011
@@ -37,6 +37,8 @@
}
f();
f();
+f();
+f();
assertTrue(2[11] === undefined);
Number.prototype[11] = 'y';
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
