Revision: 18705
Author: [email protected]
Date: Tue Jan 21 11:20:11 2014 UTC
Log: Stay in fast enum case if the empty_slow_element_dictionary is
used.
This fixes slow for-in over frozen objects.
BUG=
[email protected]
Review URL: https://codereview.chromium.org/135903014
http://code.google.com/p/v8/source/detail?r=18705
Modified:
/branches/bleeding_edge/src/arm/macro-assembler-arm.cc
/branches/bleeding_edge/src/ia32/macro-assembler-ia32.cc
/branches/bleeding_edge/src/x64/macro-assembler-x64.cc
=======================================
--- /branches/bleeding_edge/src/arm/macro-assembler-arm.cc Wed Jan 15
17:00:35 2014 UTC
+++ /branches/bleeding_edge/src/arm/macro-assembler-arm.cc Tue Jan 21
11:20:11 2014 UTC
@@ -3926,10 +3926,16 @@
// Check that there are no elements. Register r2 contains the current JS
// object we've reached through the prototype chain.
+ Label no_elements;
ldr(r2, FieldMemOperand(r2, JSObject::kElementsOffset));
cmp(r2, empty_fixed_array_value);
+ b(eq, &no_elements);
+
+ // Second chance, the object may be using the empty slow element
dictionary.
+ CompareRoot(r2, Heap::kEmptySlowElementDictionaryRootIndex);
b(ne, call_runtime);
+ bind(&no_elements);
ldr(r2, FieldMemOperand(r1, Map::kPrototypeOffset));
cmp(r2, null_value);
b(ne, &next);
=======================================
--- /branches/bleeding_edge/src/ia32/macro-assembler-ia32.cc Wed Jan 15
17:00:35 2014 UTC
+++ /branches/bleeding_edge/src/ia32/macro-assembler-ia32.cc Tue Jan 21
11:20:11 2014 UTC
@@ -3585,10 +3585,16 @@
// Check that there are no elements. Register rcx contains the current JS
// object we've reached through the prototype chain.
+ Label no_elements;
mov(ecx, FieldOperand(ecx, JSObject::kElementsOffset));
cmp(ecx, isolate()->factory()->empty_fixed_array());
+ j(equal, &no_elements);
+
+ // Second chance, the object may be using the empty slow element
dictionary.
+ cmp(ecx, isolate()->factory()->empty_slow_element_dictionary());
j(not_equal, call_runtime);
+ bind(&no_elements);
mov(ecx, FieldOperand(ebx, Map::kPrototypeOffset));
cmp(ecx, isolate()->factory()->null_value());
j(not_equal, &next);
=======================================
--- /branches/bleeding_edge/src/x64/macro-assembler-x64.cc Mon Jan 20
04:59:40 2014 UTC
+++ /branches/bleeding_edge/src/x64/macro-assembler-x64.cc Tue Jan 21
11:20:11 2014 UTC
@@ -4932,10 +4932,17 @@
// Check that there are no elements. Register rcx contains the current JS
// object we've reached through the prototype chain.
+ Label no_elements;
cmpq(empty_fixed_array_value,
FieldOperand(rcx, JSObject::kElementsOffset));
+ j(equal, &no_elements);
+
+ // Second chance, the object may be using the empty slow element
dictionary.
+ LoadRoot(kScratchRegister, Heap::kEmptySlowElementDictionaryRootIndex);
+ cmpq(kScratchRegister, FieldOperand(rcx, JSObject::kElementsOffset));
j(not_equal, call_runtime);
+ bind(&no_elements);
movp(rcx, FieldOperand(rbx, Map::kPrototypeOffset));
cmpq(rcx, null_value);
j(not_equal, &next);
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
