SMI checks for receiver in KeyedLoad/Store (done right this time)

R=ager@chromium.org
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/7059013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7998 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/arm/stub-cache-arm.cc

@@ -3098,9 +3098,6 @@ MaybeObject* KeyedLoadStubCompiler::CompileLoadFastElement(Map* receiver_map) {
   //  -- r0    : key
   //  -- r1    : receiver
   // -----------------------------------
-  Label miss;
-  __ JumpIfSmi(r1, &miss);
-
   MaybeObject* maybe_stub = KeyedLoadFastElementStub().TryGetCode();
   Code* stub;
   if (!maybe_stub->To(&stub)) return maybe_stub;
@@ -3110,7 +3107,6 @@ MaybeObject* KeyedLoadStubCompiler::CompileLoadFastElement(Map* receiver_map) {
                  Handle<Code>(stub),
                  DO_SMI_CHECK);
 
-  __ bind(&miss);
   Handle<Code> ic = isolate()->builtins()->KeyedLoadIC_Miss();
   __ Jump(ic, RelocInfo::CODE_TARGET);
 
@@ -3196,9 +3192,6 @@ MaybeObject* KeyedStoreStubCompiler::CompileStoreFastElement(
   //  -- lr    : return address
   //  -- r3    : scratch
   // -----------------------------------
-  Label miss;
-  __ JumpIfSmi(r1, &miss);
-
   bool is_js_array = receiver_map->instance_type() == JS_ARRAY_TYPE;
   MaybeObject* maybe_stub =
       KeyedStoreFastElementStub(is_js_array).TryGetCode();
@@ -3210,7 +3203,6 @@ MaybeObject* KeyedStoreStubCompiler::CompileStoreFastElement(
                  Handle<Code>(stub),
                  DO_SMI_CHECK);
 
-  __ bind(&miss);
   Handle<Code> ic = isolate()->builtins()->KeyedStoreIC_Miss();
   __ Jump(ic, RelocInfo::CODE_TARGET);
 

src/ia32/macro-assembler-ia32.cc

@@ -296,7 +296,7 @@ void MacroAssembler::DispatchMap(Register obj,
                                  Handle<Code> success,
                                  SmiCheckType smi_check_type) {
   Label fail;
-  if (smi_check_type == DONT_DO_SMI_CHECK) {
+  if (smi_check_type == DO_SMI_CHECK) {
     JumpIfSmi(obj, &fail);
   }
   cmp(FieldOperand(obj, HeapObject::kMapOffset), Immediate(map));

src/ia32/stub-cache-ia32.cc

@@ -2671,9 +2671,6 @@ MaybeObject* KeyedStoreStubCompiler::CompileStoreFastElement(
   //  -- edx    : receiver
   //  -- esp[0] : return address
   // -----------------------------------
-  Label miss;
-  __ JumpIfSmi(edx, &miss);
-
   bool is_js_array = receiver_map->instance_type() == JS_ARRAY_TYPE;
   MaybeObject* maybe_stub =
       KeyedStoreFastElementStub(is_js_array).TryGetCode();
@@ -2684,7 +2681,6 @@ MaybeObject* KeyedStoreStubCompiler::CompileStoreFastElement(
                  Handle<Code>(stub),
                  DO_SMI_CHECK);
 
-  __ bind(&miss);
   Handle<Code> ic = isolate()->builtins()->KeyedStoreIC_Miss();
   __ jmp(ic, RelocInfo::CODE_TARGET);
 
@@ -3137,9 +3133,6 @@ MaybeObject* KeyedLoadStubCompiler::CompileLoadFastElement(Map* receiver_map) {
   //  -- edx    : receiver
   //  -- esp[0] : return address
   // -----------------------------------
-  Label miss;
-  __ JumpIfSmi(edx, &miss);
-
   MaybeObject* maybe_stub = KeyedLoadFastElementStub().TryGetCode();
   Code* stub;
   if (!maybe_stub->To(&stub)) return maybe_stub;
@@ -3148,7 +3141,6 @@ MaybeObject* KeyedLoadStubCompiler::CompileLoadFastElement(Map* receiver_map) {
                  Handle<Code>(stub),
                  DO_SMI_CHECK);
 
-  __ bind(&miss);
   GenerateLoadMiss(masm(), Code::KEYED_LOAD_IC);
 
   // Return the generated code.

src/x64/stub-cache-x64.cc

@@ -2501,9 +2501,6 @@ MaybeObject* KeyedStoreStubCompiler::CompileStoreFastElement(
   //  -- rdx    : receiver
   //  -- rsp[0] : return address
   // -----------------------------------
-  Label miss;
-  __ JumpIfSmi(rdx, &miss);
-
   bool is_js_array = receiver_map->instance_type() == JS_ARRAY_TYPE;
   MaybeObject* maybe_stub =
       KeyedStoreFastElementStub(is_js_array).TryGetCode();
@@ -2514,7 +2511,6 @@ MaybeObject* KeyedStoreStubCompiler::CompileStoreFastElement(
                  Handle<Code>(stub),
                  DO_SMI_CHECK);
 
-  __ bind(&miss);
   Handle<Code> ic = isolate()->builtins()->KeyedStoreIC_Miss();
   __ jmp(ic, RelocInfo::CODE_TARGET);
 
@@ -2963,9 +2959,6 @@ MaybeObject* KeyedLoadStubCompiler::CompileLoadFastElement(Map* receiver_map) {
   //  -- rdx    : receiver
   //  -- rsp[0] : return address
   // -----------------------------------
-  Label miss;
-  __ JumpIfSmi(rdx, &miss);
-
   MaybeObject* maybe_stub = KeyedLoadFastElementStub().TryGetCode();
   Code* stub;
   if (!maybe_stub->To(&stub)) return maybe_stub;
@@ -2974,7 +2967,6 @@ MaybeObject* KeyedLoadStubCompiler::CompileLoadFastElement(Map* receiver_map) {
                  Handle<Code>(stub),
                  DO_SMI_CHECK);
 
-  __ bind(&miss);
   Handle<Code> ic = isolate()->builtins()->KeyedLoadIC_Miss();
   __ jmp(ic, RelocInfo::CODE_TARGET);
 

test/mjsunit/external-array.js

@@ -193,4 +193,22 @@ for (var t = 0; t < types.length; t++) {
     a.length = 2;
     assertEquals(2, a.length);
   }
+
+  function array_load_set_smi_check(a) {
+    return a[0] = a[0] = 1;
+  }
+
+  array_load_set_smi_check(a);
+  array_load_set_smi_check(0);
+
+  function array_load_set_smi_check2(a) {
+    return a[0] = a[0] = 1;
+  }
+
+  array_load_set_smi_check2(a);
+  %OptimizeFunctionOnNextCall(array_load_set_smi_check2);
+  array_load_set_smi_check2(a);
+  array_load_set_smi_check2(0);
+  %DeoptimizeFunction(array_load_set_smi_check2);
+  gc();  // Makes V8 forget about type information for array_load_set_smi_check.
 }

test/mjsunit/fast-element-smi-check.js

+// Copyright 2011 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+//       notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer in the documentation and/or other materials provided
+//       with the distribution.
+//     * Neither the name of Google Inc. nor the names of its
+//       contributors may be used to endorse or promote products derived
+//       from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Flags: --allow-natives-syntax --expose-gc
+
+var a = new Array(10);
+
+function test_load_set_smi(a) {
+  return a[0] = a[0] = 1;
+}
+
+test_load_set_smi(a);
+test_load_set_smi(a);
+test_load_set_smi(123);
+
+function test_load_set_smi_2(a) {
+  return a[0] = a[0] = 1;
+}
+
+test_load_set_smi_2(a);
+%OptimizeFunctionOnNextCall(test_load_set_smi_2);
+test_load_set_smi_2(a);
+test_load_set_smi_2(0);
+%DeoptimizeFunction(test_load_set_smi_2);
+gc();  // Makes V8 forget about type information for test_load_set_smi.
+
+var b = new Object();
+
+function test_load_set_smi_3(b) {
+  return b[0] = b[0] = 1;
+}
+
+test_load_set_smi_3(b);
+test_load_set_smi_3(b);
+test_load_set_smi_3(123);
+
+function test_load_set_smi_4(b) {
+  return b[0] = b[0] = 1;
+}
+
+test_load_set_smi_4(b);
+%OptimizeFunctionOnNextCall(test_load_set_smi_4);
+test_load_set_smi_4(b);
+test_load_set_smi_4(0);
+%DeoptimizeFunction(test_load_set_smi_4);
+gc();  // Makes V8 forget about type information for test_load_set_smi.