Change FastArrayShift stub to use for-loop instead of memmove for SMIs.

The concurrent marker visits arrays with fast SMI elements because they have the same visitor id as arrays with tagged elements. Visiting concurrently with memmove can be unsafe depending on memmove implementation. Bug: chromium:694255 Change-Id: Ic6c2cae8761e5b1b042e4274d4f90ac59f32d91f Reviewed-on: https://chromium-review.googlesource.com/712158 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#48454}

Change FastArrayShift stub to use for-loop instead of memmove for SMIs.
The concurrent marker visits arrays with fast SMI elements because they have the same visitor id as arrays with tagged elements. Visiting concurrently with memmove can be unsafe depending on memmove implementation. Bug: chromium:694255 Change-Id: Ic6c2cae8761e5b1b042e4274d4f90ac59f32d91f Reviewed-on: https://chromium-review.googlesource.com/712158 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#48454}
190fea60 · Ulan Degenbaev · Commit Bot · e44fdc70 · 190fea60
Commit 190fea60 authored Oct 11, 2017 by Ulan Degenbaev Committed by Commit Bot Oct 11, 2017
Show whitespace changes
Inline Side-by-side

Showing with 10 additions and 11 deletions

builtins-array-gen.cc src/builtins/builtins-array-gen.cc +10 -11

No files found.
--- a/src/builtins/builtins-array-gen.cc
+++ b/src/builtins/builtins-array-gen.cc
@@ -1167,17 +1167,16 @@ TF_BUILTIN(FastArrayShift, CodeStubAssembler) {
    BIND(&fast_elements_smi);
    {
      Node* value = LoadFixedArrayElement(elements, 0);
-      int32_t header_size = FixedDoubleArray::kHeaderSize - kHeapObjectTag;
-      Node* memmove =
-          ExternalConstant(ExternalReference::libc_memmove_function(isolate()));
-      Node* start = IntPtrAdd(
-          BitcastTaggedToWord(elements),
-          ElementOffsetFromIndex(IntPtrConstant(0), HOLEY_SMI_ELEMENTS,
-                                 INTPTR_PARAMETERS, header_size));
-      CallCFunction3(MachineType::AnyTagged(), MachineType::Pointer(),
-                     MachineType::Pointer(), MachineType::UintPtr(), memmove,
-                     start, IntPtrAdd(start, IntPtrConstant(kPointerSize)),
-                     IntPtrMul(new_length, IntPtrConstant(kPointerSize)));
+      BuildFastLoop(IntPtrConstant(0), new_length,
+                    [&](Node* index) {
+                      StoreFixedArrayElement(
+                          elements, index,
+                          LoadFixedArrayElement(
+                              elements, IntPtrAdd(index, IntPtrConstant(1))),
+                          SKIP_WRITE_BARRIER);
+                    },
+                    1, ParameterMode::INTPTR_PARAMETERS,
+                    IndexAdvanceMode::kPost);
      StoreFixedArrayElement(elements, new_length, TheHoleConstant());
      GotoIf(WordEqual(value, TheHoleConstant()), &return_undefined);
      args.PopAndReturn(value);