Reviewers: ulan,
Message:
PTAL
Description:
Stay in fast enum case if the empty_slow_element_dictionary is used.
This fixes slow for-in over frozen objects.
BUG=
Please review this at https://codereview.chromium.org/135903014/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files (+19, -0 lines):
M src/arm/macro-assembler-arm.cc
M src/ia32/macro-assembler-ia32.cc
M src/x64/macro-assembler-x64.cc
Index: src/arm/macro-assembler-arm.cc
diff --git a/src/arm/macro-assembler-arm.cc b/src/arm/macro-assembler-arm.cc
index
624ba81340a6d8b31797d93bda3bb340aa0ef4de..013c7c0651edd76a7f2523cc02c5aef361d4b8d9
100644
--- a/src/arm/macro-assembler-arm.cc
+++ b/src/arm/macro-assembler-arm.cc
@@ -3926,10 +3926,16 @@ void MacroAssembler::CheckEnumCache(Register
null_value, Label* call_runtime) {
// Check that there are no elements. Register r2 contains the current JS
// object we've reached through the prototype chain.
+ Label no_elements;
ldr(r2, FieldMemOperand(r2, JSObject::kElementsOffset));
cmp(r2, empty_fixed_array_value);
+ b(eq, &no_elements);
+
+ // Second chance, the object may be using the empty slow element
dictionary.
+ CompareRoot(r2, Heap::kEmptySlowElementDictionaryRootIndex);
b(ne, call_runtime);
+ bind(&no_elements);
ldr(r2, FieldMemOperand(r1, Map::kPrototypeOffset));
cmp(r2, null_value);
b(ne, &next);
Index: src/ia32/macro-assembler-ia32.cc
diff --git a/src/ia32/macro-assembler-ia32.cc
b/src/ia32/macro-assembler-ia32.cc
index
56a6e0e70ba3cf815edff6c10c9732cdca467eff..2e00980f16f208ada9015bea708bccac2ccc6bef
100644
--- a/src/ia32/macro-assembler-ia32.cc
+++ b/src/ia32/macro-assembler-ia32.cc
@@ -3585,10 +3585,16 @@ void MacroAssembler::CheckEnumCache(Label*
call_runtime) {
// Check that there are no elements. Register rcx contains the current JS
// object we've reached through the prototype chain.
+ Label no_elements;
mov(ecx, FieldOperand(ecx, JSObject::kElementsOffset));
cmp(ecx, isolate()->factory()->empty_fixed_array());
+ j(equal, &no_elements);
+
+ // Second chance, the object may be using the empty slow element
dictionary.
+ cmp(ecx, isolate()->factory()->empty_slow_element_dictionary());
j(not_equal, call_runtime);
+ bind(&no_elements);
mov(ecx, FieldOperand(ebx, Map::kPrototypeOffset));
cmp(ecx, isolate()->factory()->null_value());
j(not_equal, &next);
Index: src/x64/macro-assembler-x64.cc
diff --git a/src/x64/macro-assembler-x64.cc b/src/x64/macro-assembler-x64.cc
index
fd42b63ee5368571317c55a050280d74df9b86b5..bf3e6e1919f1a0016a3f7923ea519052bc9d5492
100644
--- a/src/x64/macro-assembler-x64.cc
+++ b/src/x64/macro-assembler-x64.cc
@@ -4932,10 +4932,17 @@ void MacroAssembler::CheckEnumCache(Register
null_value, Label* call_runtime) {
// Check that there are no elements. Register rcx contains the current JS
// object we've reached through the prototype chain.
+ Label no_elements;
cmpq(empty_fixed_array_value,
FieldOperand(rcx, JSObject::kElementsOffset));
+ j(equal, &no_elements);
+
+ // Second chance, the object may be using the empty slow element
dictionary.
+ LoadRoot(kScratchRegister, Heap::kEmptySlowElementDictionaryRootIndex);
+ cmpq(kScratchRegister, FieldOperand(rcx, JSObject::kElementsOffset));
j(not_equal, call_runtime);
+ bind(&no_elements);
movp(rcx, FieldOperand(rbx, Map::kPrototypeOffset));
cmpq(rcx, null_value);
j(not_equal, &next);
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
