X87: CallIC customization stubs must accept that a vector slot is cleared.

port r22668. original commit message: CallIC customization stubs must accept that a vector slot is cleared. The CallIC Array custom IC stub read from the type vector, expecting to get an AllocationSite. But there are paths in the system where a type vector can be re-created with default values, even though we currently grant an exception to clearing of vector slots with AllocationSites in them at gc time. BUG= R=weiliang.lin@intel.com Review URL: https://codereview.chromium.org/426203002 Patch from Chunyang Dai <chunyang.dai@intel.com>. git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22693 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

X87: CallIC customization stubs must accept that a vector slot is cleared.
port r22668. original commit message: CallIC customization stubs must accept that a vector slot is cleared. The CallIC Array custom IC stub read from the type vector, expecting to get an AllocationSite. But there are paths in the system where a type vector can be re-created with default values, even though we currently grant an exception to clearing of vector slots with AllocationSites in them at gc time. BUG= R=weiliang.lin@intel.com Review URL: https://codereview.chromium.org/426203002 Patch from Chunyang Dai <chunyang.dai@intel.com>. git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22693 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
339efcbb · weiliang.lin@intel.com · e7e87c68 · 339efcbb
Commit 339efcbb authored Jul 30, 2014 by weiliang.lin@intel.com
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 3 deletions

code-stubs-x87.cc src/x87/code-stubs-x87.cc +13 -3

No files found.
--- a/src/x87/code-stubs-x87.cc
+++ b/src/x87/code-stubs-x87.cc
@@ -2049,10 +2049,16 @@ void CallIC_ArrayStub::Generate(MacroAssembler* masm) {
  __ j(not_equal, &miss);

  __ mov(eax, arg_count());
-  __ mov(ebx, FieldOperand(ebx, edx, times_half_pointer_size,
+  __ mov(ecx, FieldOperand(ebx, edx, times_half_pointer_size,
                           FixedArray::kHeaderSize));
+
  // Verify that ecx contains an AllocationSite
-  __ AssertUndefinedOrAllocationSite(ebx);
+  Factory* factory = masm->isolate()->factory();
+  __ cmp(FieldOperand(ecx, HeapObject::kMapOffset),
+         factory->allocation_site_map());
+  __ j(not_equal, &miss);
+
+  __ mov(ebx, ecx);
  ArrayConstructorStub stub(masm->isolate(), arg_count());
  __ TailCallStub(&stub);

@@ -2123,7 +2129,11 @@ void CallICStub::Generate(MacroAssembler* masm) {
  __ j(equal, &miss);

  if (!FLAG_trace_ic) {
-    // We are going megamorphic, and we don't want to visit the runtime.
+    // We are going megamorphic. If the feedback is a JSFunction, it is fine
+    // to handle it here. More complex cases are dealt with in the runtime.
+    __ AssertNotSmi(ecx);
+    __ CmpObjectType(ecx, JS_FUNCTION_TYPE, ecx);
+    __ j(not_equal, &miss);
    __ mov(FieldOperand(ebx, edx, times_half_pointer_size,
                        FixedArray::kHeaderSize),
           Immediate(TypeFeedbackInfo::MegamorphicSentinel(isolate)));