Revision: 10971
Author: [email protected]
Date: Fri Mar 9 00:00:50 2012
Log: Merged r10968 into trunk branch.
Fix a bug in the x64 elements transition code.
BUG=117037
[email protected]
TEST=
Review URL: https://chromiumcodereview.appspot.com/9651031
http://code.google.com/p/v8/source/detail?r=10971
Modified:
/trunk/src/version.cc
/trunk/src/x64/codegen-x64.cc
=======================================
--- /trunk/src/version.cc Tue Mar 6 00:42:24 2012
+++ /trunk/src/version.cc Fri Mar 9 00:00:50 2012
@@ -35,7 +35,7 @@
#define MAJOR_VERSION 3
#define MINOR_VERSION 9
#define BUILD_NUMBER 15
-#define PATCH_LEVEL 0
+#define PATCH_LEVEL 1
// Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.)
#define IS_CANDIDATE_VERSION 0
=======================================
--- /trunk/src/x64/codegen-x64.cc Tue Mar 6 00:42:24 2012
+++ /trunk/src/x64/codegen-x64.cc Fri Mar 9 00:00:50 2012
@@ -228,7 +228,7 @@
// -- rsp[0] : return address
// -----------------------------------
// The fail label is not actually used since we do not allocate.
- Label allocated, cow_array, only_change_map, done;
+ Label allocated, new_backing_store, only_change_map, done;
// Check for empty arrays, which only require a map transition and no
changes
// to the backing store.
@@ -236,16 +236,20 @@
__ CompareRoot(r8, Heap::kEmptyFixedArrayRootIndex);
__ j(equal, &only_change_map);
- // Check backing store for COW-ness. If the negative case, we do not
have to
- // allocate a new array, since FixedArray and FixedDoubleArray do not
differ
- // in size.
+ // Check backing store for COW-ness. For COW arrays we have to
+ // allocate a new backing store.
__ SmiToInteger32(r9, FieldOperand(r8, FixedDoubleArray::kLengthOffset));
__ CompareRoot(FieldOperand(r8, HeapObject::kMapOffset),
Heap::kFixedCOWArrayMapRootIndex);
- __ j(equal, &cow_array);
+ __ j(equal, &new_backing_store);
+ // Check if the backing store is in new-space. If not, we need to
allocate
+ // a new one since the old one is in pointer-space.
+ // If in new space, we can reuse the old backing store because it is
+ // the same size.
+ __ JumpIfNotInNewSpace(r8, rdi, &new_backing_store);
+
__ movq(r14, r8); // Destination array equals source array.
- __ bind(&allocated);
// r8 : source FixedArray
// r9 : elements array length
// r14: destination FixedDoubleArray
@@ -253,6 +257,7 @@
__ LoadRoot(rdi, Heap::kFixedDoubleArrayMapRootIndex);
__ movq(FieldOperand(r14, HeapObject::kMapOffset), rdi);
+ __ bind(&allocated);
// Set transitioned map.
__ movq(FieldOperand(rdx, HeapObject::kMapOffset), rbx);
__ RecordWriteField(rdx,
@@ -273,10 +278,13 @@
// r15: the-hole NaN
__ jmp(&entry);
- // Allocate new array if the source array is a COW array.
- __ bind(&cow_array);
+ // Allocate new backing store.
+ __ bind(&new_backing_store);
__ lea(rdi, Operand(r9, times_pointer_size, FixedArray::kHeaderSize));
__ AllocateInNewSpace(rdi, r14, r11, r15, fail, TAG_OBJECT);
+ // Set backing store's map
+ __ LoadRoot(rdi, Heap::kFixedDoubleArrayMapRootIndex);
+ __ movq(FieldOperand(r14, HeapObject::kMapOffset), rdi);
// Set receiver's backing store.
__ movq(FieldOperand(rdx, JSObject::kElementsOffset), r14);
__ movq(r11, r14);
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
