• Leszek Swirski's avatar
    [turbofan] Avoid megamorphic loads for zero-map mono/polymorphic sites · 8428feed
    Leszek Swirski authored
    Soft-deopt for mono/polymorphic property accesses that don't have any
    maps, and only allow zero-map feedback to be monomorphic. This makes
    sure we only emit a megamorphic LoadIC builtin call if the IC was
    actually megamorphic.
    
    JSGenericLowering assumed that zero maps meant that a load site is
    megamorphic. However, it can be the case that the call-site is
    monomorphic or polymorphic, and the maps had died. In this case we don't
    want to call the megamorphic IC builtin, as on a stub cache miss we
    fallback to a normal LoadIC miss, which can record mono/polymorphic
    feedback in the IC. After this, we'll enter a miss loop in the
    megamorphic load builtin, and worse the LoadIC assumes that there's
    something "wrong" with the feedback, so it'll keep trying to reconfigure
    the handler (possibly allocating new load handlers if this is a
    prototype field access).
    
    As a drive-by, rewrite GetRelevantReceiverMaps to be an in-place
    filtering of the maps rather than copying them.
    
    Change-Id: I0c25bfa606367fa81c43223bbd56cdadb5e789ef
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2150586Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
    Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
    Commit-Queue: Georg Neis <neis@chromium.org>
    Auto-Submit: Leszek Swirski <leszeks@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#67152}
    8428feed
accessor-assembler.cc 161 KB