Make it possible to hoist the neutering check for TA property accesses

Also correctly set up the dependency between propoerty and elements accesses and the checks BUG=v8:3996 R=hpayer@chromium.org LOG=n Review URL: https://codereview.chromium.org/1107993002 Cr-Commit-Position: refs/heads/master@{#28087}

Make it possible to hoist the neutering check for TA property accesses
Also correctly set up the dependency between propoerty and elements accesses and the checks BUG=v8:3996 R=hpayer@chromium.org LOG=n Review URL: https://codereview.chromium.org/1107993002 Cr-Commit-Position: refs/heads/master@{#28087}
6a62e321 · jochen · Commit bot · 919c5491 · 6a62e321
Commit 6a62e321 authored Apr 27, 2015 by jochen Committed by Commit bot Apr 27, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 6 deletions

hydrogen.cc src/hydrogen.cc +16 -6

No files found.
--- a/src/hydrogen.cc
+++ b/src/hydrogen.cc
@@ -2465,19 +2465,21 @@ HInstruction* HGraphBuilder::BuildUncheckedMonomorphicElementAccess(
      length_checker.End();
      return result;
    } else {
+      HValue* neuter_checked_object = checked_object;
      if (IsExternalArrayElementsKind(elements_kind)) {
        HInstruction* buffer =
            Add<HLoadNamedField>(checked_object, nullptr,
                                 HObjectAccess::ForJSArrayBufferViewBuffer());
        HInstruction* buffer_length = Add<HLoadNamedField>(
            buffer, nullptr, HObjectAccess::ForJSArrayBufferByteLength());
-        Add<HBoundsCheck>(graph()->GetConstant0(), buffer_length);
+        neuter_checked_object =
+            Add<HBoundsCheck>(graph()->GetConstant0(), buffer_length);
      }
      DCHECK(store_mode == STANDARD_STORE);
      checked_key = Add<HBoundsCheck>(key, length);
-      return AddElementAccess(
-          backing_store, checked_key, val,
-          checked_object, elements_kind, access_type);
+      return AddElementAccess(backing_store, checked_key, val,
+                              neuter_checked_object, elements_kind,
+                              access_type);
    }
  }
  DCHECK(fast_smi_only_elements ||
@@ -6340,8 +6342,16 @@ HValue* HOptimizedGraphBuilder::BuildMonomorphicAccess(

  if (info->GetJSArrayBufferViewFieldAccess(&access)) {
    DCHECK(info->IsLoad());
-    return BuildArrayBufferViewFieldAccessor(
-        object, checked_object, FieldIndex::ForInObjectOffset(access.offset()));
+    HValue* neuter_checked_object = checked_object;
+    if (IsExternalArrayElementsKind(info->map()->elements_kind())) {
+      HInstruction* buffer = Add<HLoadNamedField>(
+          checked_object, nullptr, HObjectAccess::ForJSArrayBufferViewBuffer());
+      HInstruction* buffer_length = Add<HLoadNamedField>(
+          buffer, nullptr, HObjectAccess::ForJSArrayBufferByteLength());
+      neuter_checked_object =
+          Add<HBoundsCheck>(graph()->GetConstant0(), buffer_length);
+    }
+    return New<HLoadNamedField>(object, neuter_checked_object, access);
  }

  if (info->name().is_identical_to(isolate()->factory()->prototype_string()) &&