Stay in fast enum case if the empty_slow_element_dictionary is used.

This fixes slow for-in over frozen objects. BUG= R=ulan@chromium.org Review URL: https://codereview.chromium.org/135903014 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18705 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Stay in fast enum case if the empty_slow_element_dictionary is used.
This fixes slow for-in over frozen objects. BUG= R=ulan@chromium.org Review URL: https://codereview.chromium.org/135903014 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18705 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
342b534e · verwaest@chromium.org · 4bae6589 · 342b534e · 342b534e · 342b534e
Commit 342b534e authored Jan 21, 2014 by verwaest@chromium.org
Showing with 19 additions and 0 deletions

macro-assembler-arm.cc src/arm/macro-assembler-arm.cc +6 -0

macro-assembler-ia32.cc src/ia32/macro-assembler-ia32.cc +6 -0

macro-assembler-x64.cc src/x64/macro-assembler-x64.cc +7 -0

No files found.
--- a/src/arm/macro-assembler-arm.cc
+++ b/src/arm/macro-assembler-arm.cc
@@ -3926,10 +3926,16 @@ void MacroAssembler::CheckEnumCache(Register null_value, Label* call_runtime) {

  // Check that there are no elements. Register r2 contains the current JS
  // object we've reached through the prototype chain.
+  Label no_elements;
  ldr(r2, FieldMemOperand(r2, JSObject::kElementsOffset));
  cmp(r2, empty_fixed_array_value);
+  b(eq, &no_elements);
+
+  // Second chance, the object may be using the empty slow element dictionary.
+  CompareRoot(r2, Heap::kEmptySlowElementDictionaryRootIndex);
  b(ne, call_runtime);

+  bind(&no_elements);
  ldr(r2, FieldMemOperand(r1, Map::kPrototypeOffset));
  cmp(r2, null_value);
  b(ne, &next);

--- a/src/ia32/macro-assembler-ia32.cc
+++ b/src/ia32/macro-assembler-ia32.cc
@@ -3585,10 +3585,16 @@ void MacroAssembler::CheckEnumCache(Label* call_runtime) {

  // Check that there are no elements. Register rcx contains the current JS
  // object we've reached through the prototype chain.
+  Label no_elements;
  mov(ecx, FieldOperand(ecx, JSObject::kElementsOffset));
  cmp(ecx, isolate()->factory()->empty_fixed_array());
+  j(equal, &no_elements);
+
+  // Second chance, the object may be using the empty slow element dictionary.
+  cmp(ecx, isolate()->factory()->empty_slow_element_dictionary());
  j(not_equal, call_runtime);

+  bind(&no_elements);
  mov(ecx, FieldOperand(ebx, Map::kPrototypeOffset));
  cmp(ecx, isolate()->factory()->null_value());
  j(not_equal, &next);

--- a/src/x64/macro-assembler-x64.cc
+++ b/src/x64/macro-assembler-x64.cc
@@ -4932,10 +4932,17 @@ void MacroAssembler::CheckEnumCache(Register null_value, Label* call_runtime) {

  // Check that there are no elements. Register rcx contains the current JS
  // object we've reached through the prototype chain.
+  Label no_elements;
  cmpq(empty_fixed_array_value,
       FieldOperand(rcx, JSObject::kElementsOffset));
+  j(equal, &no_elements);
+
+  // Second chance, the object may be using the empty slow element dictionary.
+  LoadRoot(kScratchRegister, Heap::kEmptySlowElementDictionaryRootIndex);
+  cmpq(kScratchRegister, FieldOperand(rcx, JSObject::kElementsOffset));
  j(not_equal, call_runtime);

+  bind(&no_elements);
  movp(rcx, FieldOperand(rbx, Map::kPrototypeOffset));
  cmpq(rcx, null_value);
  j(not_equal, &next);