Commit c96a928c authored by verwaest@chromium.org's avatar verwaest@chromium.org

Disentangle field from transition stores.

Review URL: https://chromiumcodereview.appspot.com/14063006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14223 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
parent 447ff509
...@@ -437,30 +437,28 @@ static void GenerateCheckPropertyCell(MacroAssembler* masm, ...@@ -437,30 +437,28 @@ static void GenerateCheckPropertyCell(MacroAssembler* masm,
} }
// Generate StoreField code, value is passed in r0 register. // Generate StoreTransition code, value is passed in r0 register.
// When leaving generated code after success, the receiver_reg and name_reg // When leaving generated code after success, the receiver_reg and name_reg
// may be clobbered. Upon branch to miss_label, the receiver and name // may be clobbered. Upon branch to miss_label, the receiver and name
// registers have their original values. // registers have their original values.
void StubCompiler::GenerateStoreField(MacroAssembler* masm, void StubCompiler::GenerateStoreTransition(MacroAssembler* masm,
Handle<JSObject> object, Handle<JSObject> object,
LookupResult* lookup, LookupResult* lookup,
Handle<Map> transition, Handle<Map> transition,
Handle<Name> name, Handle<Name> name,
Register receiver_reg, Register receiver_reg,
Register name_reg, Register name_reg,
Register value_reg, Register value_reg,
Register scratch1, Register scratch1,
Register scratch2, Register scratch2,
Label* miss_label, Label* miss_label,
Label* miss_restore_name) { Label* miss_restore_name) {
// r0 : value // r0 : value
Label exit; Label exit;
// Check that the map of the object hasn't changed. // Check that the map of the object hasn't changed.
CompareMapMode mode = transition.is_null() ? ALLOW_ELEMENT_TRANSITION_MAPS
: REQUIRE_EXACT_MAP;
__ CheckMap(receiver_reg, scratch1, Handle<Map>(object->map()), miss_label, __ CheckMap(receiver_reg, scratch1, Handle<Map>(object->map()), miss_label,
DO_SMI_CHECK, mode); DO_SMI_CHECK, REQUIRE_EXACT_MAP);
// Perform global security token check if needed. // Perform global security token check if needed.
if (object->IsJSGlobalProxy()) { if (object->IsJSGlobalProxy()) {
...@@ -468,7 +466,7 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm, ...@@ -468,7 +466,7 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm,
} }
// Check that we are allowed to write this. // Check that we are allowed to write this.
if (!transition.is_null() && object->GetPrototype()->IsJSObject()) { if (object->GetPrototype()->IsJSObject()) {
JSObject* holder; JSObject* holder;
// holder == object indicates that no property was found. // holder == object indicates that no property was found.
if (lookup->holder() != *object) { if (lookup->holder() != *object) {
...@@ -506,7 +504,7 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm, ...@@ -506,7 +504,7 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm,
ASSERT(object->IsJSGlobalProxy() || !object->IsAccessCheckNeeded()); ASSERT(object->IsJSGlobalProxy() || !object->IsAccessCheckNeeded());
// Perform map transition for the receiver if necessary. // Perform map transition for the receiver if necessary.
if (!transition.is_null() && (object->map()->unused_property_fields() == 0)) { if (object->map()->unused_property_fields() == 0) {
// The properties must be extended before we can store the value. // The properties must be extended before we can store the value.
// We jump to a runtime call that extends the properties array. // We jump to a runtime call that extends the properties array.
__ push(receiver_reg); __ push(receiver_reg);
...@@ -520,33 +518,113 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm, ...@@ -520,33 +518,113 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm,
return; return;
} }
int index; // Update the map of the object.
if (!transition.is_null()) { __ mov(scratch1, Operand(transition));
// Update the map of the object. __ str(scratch1, FieldMemOperand(receiver_reg, HeapObject::kMapOffset));
__ mov(scratch1, Operand(transition));
__ str(scratch1, FieldMemOperand(receiver_reg, HeapObject::kMapOffset)); // Update the write barrier for the map field and pass the now unused
// name_reg as scratch register.
__ RecordWriteField(receiver_reg,
HeapObject::kMapOffset,
scratch1,
name_reg,
kLRHasNotBeenSaved,
kDontSaveFPRegs,
OMIT_REMEMBERED_SET,
OMIT_SMI_CHECK);
int index = transition->instance_descriptors()->GetFieldIndex(
transition->LastAdded());
// Adjust for the number of properties stored in the object. Even in the
// face of a transition we can use the old map here because the size of the
// object and the number of in-object properties is not going to change.
index -= object->map()->inobject_properties();
// TODO(verwaest): Share this code as a code stub.
if (index < 0) {
// Set the property straight into the object.
int offset = object->map()->instance_size() + (index * kPointerSize);
__ str(value_reg, FieldMemOperand(receiver_reg, offset));
// Skip updating write barrier if storing a smi.
__ JumpIfSmi(value_reg, &exit);
// Update the write barrier for the map field and pass the now unused // Update the write barrier for the array address.
// name_reg as scratch register. // Pass the now unused name_reg as a scratch register.
__ mov(name_reg, value_reg);
__ RecordWriteField(receiver_reg, __ RecordWriteField(receiver_reg,
HeapObject::kMapOffset, offset,
scratch1,
name_reg, name_reg,
scratch1,
kLRHasNotBeenSaved, kLRHasNotBeenSaved,
kDontSaveFPRegs, kDontSaveFPRegs);
OMIT_REMEMBERED_SET,
OMIT_SMI_CHECK);
index = transition->instance_descriptors()->GetFieldIndex(
transition->LastAdded());
} else { } else {
index = lookup->GetFieldIndex().field_index(); // Write to the properties array.
int offset = index * kPointerSize + FixedArray::kHeaderSize;
// Get the properties array
__ ldr(scratch1,
FieldMemOperand(receiver_reg, JSObject::kPropertiesOffset));
__ str(value_reg, FieldMemOperand(scratch1, offset));
// Skip updating write barrier if storing a smi.
__ JumpIfSmi(value_reg, &exit);
// Update the write barrier for the array address.
// Ok to clobber receiver_reg and name_reg, since we return.
__ mov(name_reg, value_reg);
__ RecordWriteField(scratch1,
offset,
name_reg,
receiver_reg,
kLRHasNotBeenSaved,
kDontSaveFPRegs);
} }
// Return the value (register r0).
ASSERT(value_reg.is(r0));
__ bind(&exit);
__ Ret();
}
// Generate StoreField code, value is passed in r0 register.
// When leaving generated code after success, the receiver_reg and name_reg
// may be clobbered. Upon branch to miss_label, the receiver and name
// registers have their original values.
void StubCompiler::GenerateStoreField(MacroAssembler* masm,
Handle<JSObject> object,
LookupResult* lookup,
Register receiver_reg,
Register name_reg,
Register value_reg,
Register scratch1,
Register scratch2,
Label* miss_label) {
// r0 : value
Label exit;
// Check that the map of the object hasn't changed.
__ CheckMap(receiver_reg, scratch1, Handle<Map>(object->map()), miss_label,
DO_SMI_CHECK, ALLOW_ELEMENT_TRANSITION_MAPS);
// Perform global security token check if needed.
if (object->IsJSGlobalProxy()) {
__ CheckAccessGlobalProxy(receiver_reg, scratch1, miss_label);
}
// Stub never generated for non-global objects that require access
// checks.
ASSERT(object->IsJSGlobalProxy() || !object->IsAccessCheckNeeded());
int index = lookup->GetFieldIndex().field_index();
// Adjust for the number of properties stored in the object. Even in the // Adjust for the number of properties stored in the object. Even in the
// face of a transition we can use the old map here because the size of the // face of a transition we can use the old map here because the size of the
// object and the number of in-object properties is not going to change. // object and the number of in-object properties is not going to change.
index -= object->map()->inobject_properties(); index -= object->map()->inobject_properties();
// TODO(verwaest): Share this code as a code stub.
if (index < 0) { if (index < 0) {
// Set the property straight into the object. // Set the property straight into the object.
int offset = object->map()->instance_size() + (index * kPointerSize); int offset = object->map()->instance_size() + (index * kPointerSize);
......
...@@ -751,23 +751,21 @@ static void GenerateCheckPropertyCell(MacroAssembler* masm, ...@@ -751,23 +751,21 @@ static void GenerateCheckPropertyCell(MacroAssembler* masm,
// Both name_reg and receiver_reg are preserved on jumps to miss_label, // Both name_reg and receiver_reg are preserved on jumps to miss_label,
// but may be destroyed if store is successful. // but may be destroyed if store is successful.
void StubCompiler::GenerateStoreField(MacroAssembler* masm, void StubCompiler::GenerateStoreTransition(MacroAssembler* masm,
Handle<JSObject> object, Handle<JSObject> object,
LookupResult* lookup, LookupResult* lookup,
Handle<Map> transition, Handle<Map> transition,
Handle<Name> name, Handle<Name> name,
Register receiver_reg, Register receiver_reg,
Register name_reg, Register name_reg,
Register value_reg, Register value_reg,
Register scratch1, Register scratch1,
Register scratch2, Register scratch2,
Label* miss_label, Label* miss_label,
Label* miss_restore_name) { Label* miss_restore_name) {
// Check that the map of the object hasn't changed. // Check that the map of the object hasn't changed.
CompareMapMode mode = transition.is_null() ? ALLOW_ELEMENT_TRANSITION_MAPS
: REQUIRE_EXACT_MAP;
__ CheckMap(receiver_reg, Handle<Map>(object->map()), __ CheckMap(receiver_reg, Handle<Map>(object->map()),
miss_label, DO_SMI_CHECK, mode); miss_label, DO_SMI_CHECK, REQUIRE_EXACT_MAP);
// Perform global security token check if needed. // Perform global security token check if needed.
if (object->IsJSGlobalProxy()) { if (object->IsJSGlobalProxy()) {
...@@ -775,7 +773,7 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm, ...@@ -775,7 +773,7 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm,
} }
// Check that we are allowed to write this. // Check that we are allowed to write this.
if (!transition.is_null() && object->GetPrototype()->IsJSObject()) { if (object->GetPrototype()->IsJSObject()) {
JSObject* holder; JSObject* holder;
// holder == object indicates that no property was found. // holder == object indicates that no property was found.
if (lookup->holder() != *object) { if (lookup->holder() != *object) {
...@@ -814,7 +812,7 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm, ...@@ -814,7 +812,7 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm,
ASSERT(object->IsJSGlobalProxy() || !object->IsAccessCheckNeeded()); ASSERT(object->IsJSGlobalProxy() || !object->IsAccessCheckNeeded());
// Perform map transition for the receiver if necessary. // Perform map transition for the receiver if necessary.
if (!transition.is_null() && (object->map()->unused_property_fields() == 0)) { if (object->map()->unused_property_fields() == 0) {
// The properties must be extended before we can store the value. // The properties must be extended before we can store the value.
// We jump to a runtime call that extends the properties array. // We jump to a runtime call that extends the properties array.
__ pop(scratch1); // Return address. __ pop(scratch1); // Return address.
...@@ -830,33 +828,97 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm, ...@@ -830,33 +828,97 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm,
return; return;
} }
int index; // Update the map of the object.
if (!transition.is_null()) { __ mov(scratch1, Immediate(transition));
// Update the map of the object. __ mov(FieldOperand(receiver_reg, HeapObject::kMapOffset), scratch1);
__ mov(scratch1, Immediate(transition));
__ mov(FieldOperand(receiver_reg, HeapObject::kMapOffset), scratch1);
// Update the write barrier for the map field and pass the now unused // Update the write barrier for the map field and pass the now unused
// name_reg as scratch register. // name_reg as scratch register.
__ RecordWriteField(receiver_reg,
HeapObject::kMapOffset,
scratch1,
name_reg,
kDontSaveFPRegs,
OMIT_REMEMBERED_SET,
OMIT_SMI_CHECK);
int index = transition->instance_descriptors()->GetFieldIndex(
transition->LastAdded());
// Adjust for the number of properties stored in the object. Even in the
// face of a transition we can use the old map here because the size of the
// object and the number of in-object properties is not going to change.
index -= object->map()->inobject_properties();
// TODO(verwaest): Share this code as a code stub.
if (index < 0) {
// Set the property straight into the object.
int offset = object->map()->instance_size() + (index * kPointerSize);
__ mov(FieldOperand(receiver_reg, offset), value_reg);
// Update the write barrier for the array address.
// Pass the value being stored in the now unused name_reg.
__ mov(name_reg, value_reg);
__ RecordWriteField(receiver_reg, __ RecordWriteField(receiver_reg,
HeapObject::kMapOffset, offset,
scratch1,
name_reg, name_reg,
kDontSaveFPRegs, scratch1,
OMIT_REMEMBERED_SET, kDontSaveFPRegs);
OMIT_SMI_CHECK);
index = transition->instance_descriptors()->GetFieldIndex(
transition->LastAdded());
} else { } else {
index = lookup->GetFieldIndex().field_index(); // Write to the properties array.
int offset = index * kPointerSize + FixedArray::kHeaderSize;
// Get the properties array (optimistically).
__ mov(scratch1, FieldOperand(receiver_reg, JSObject::kPropertiesOffset));
__ mov(FieldOperand(scratch1, offset), eax);
// Update the write barrier for the array address.
// Pass the value being stored in the now unused name_reg.
__ mov(name_reg, value_reg);
__ RecordWriteField(scratch1,
offset,
name_reg,
receiver_reg,
kDontSaveFPRegs);
} }
// Return the value (register eax).
ASSERT(value_reg.is(eax));
__ ret(0);
}
// Both name_reg and receiver_reg are preserved on jumps to miss_label,
// but may be destroyed if store is successful.
void StubCompiler::GenerateStoreField(MacroAssembler* masm,
Handle<JSObject> object,
LookupResult* lookup,
Register receiver_reg,
Register name_reg,
Register value_reg,
Register scratch1,
Register scratch2,
Label* miss_label) {
// Check that the map of the object hasn't changed.
__ CheckMap(receiver_reg, Handle<Map>(object->map()),
miss_label, DO_SMI_CHECK, ALLOW_ELEMENT_TRANSITION_MAPS);
// Perform global security token check if needed.
if (object->IsJSGlobalProxy()) {
__ CheckAccessGlobalProxy(receiver_reg, scratch1, scratch2, miss_label);
}
// Stub never generated for non-global objects that require access
// checks.
ASSERT(object->IsJSGlobalProxy() || !object->IsAccessCheckNeeded());
int index = lookup->GetFieldIndex().field_index();
// Adjust for the number of properties stored in the object. Even in the // Adjust for the number of properties stored in the object. Even in the
// face of a transition we can use the old map here because the size of the // face of a transition we can use the old map here because the size of the
// object and the number of in-object properties is not going to change. // object and the number of in-object properties is not going to change.
index -= object->map()->inobject_properties(); index -= object->map()->inobject_properties();
// TODO(verwaest): Share this code as a code stub.
if (index < 0) { if (index < 0) {
// Set the property straight into the object. // Set the property straight into the object.
int offset = object->map()->instance_size() + (index * kPointerSize); int offset = object->map()->instance_size() + (index * kPointerSize);
......
...@@ -1586,7 +1586,7 @@ Handle<Code> StoreIC::ComputeStoreMonomorphic(LookupResult* lookup, ...@@ -1586,7 +1586,7 @@ Handle<Code> StoreIC::ComputeStoreMonomorphic(LookupResult* lookup,
switch (lookup->type()) { switch (lookup->type()) {
case FIELD: case FIELD:
return isolate()->stub_cache()->ComputeStoreField( return isolate()->stub_cache()->ComputeStoreField(
name, receiver, lookup, Handle<Map>::null(), strict_mode); name, receiver, lookup, strict_mode);
case NORMAL: case NORMAL:
if (receiver->IsGlobalObject()) { if (receiver->IsGlobalObject()) {
// The stub generated for the global object picks the value directly // The stub generated for the global object picks the value directly
...@@ -1644,7 +1644,7 @@ Handle<Code> StoreIC::ComputeStoreMonomorphic(LookupResult* lookup, ...@@ -1644,7 +1644,7 @@ Handle<Code> StoreIC::ComputeStoreMonomorphic(LookupResult* lookup,
if (details.type() != FIELD || details.attributes() != NONE) break; if (details.type() != FIELD || details.attributes() != NONE) break;
return isolate()->stub_cache()->ComputeStoreField( return isolate()->stub_cache()->ComputeStoreTransition(
name, receiver, lookup, transition, strict_mode); name, receiver, lookup, transition, strict_mode);
} }
case NONEXISTENT: case NONEXISTENT:
...@@ -1987,7 +1987,7 @@ Handle<Code> KeyedStoreIC::ComputeStoreMonomorphic(LookupResult* lookup, ...@@ -1987,7 +1987,7 @@ Handle<Code> KeyedStoreIC::ComputeStoreMonomorphic(LookupResult* lookup,
switch (lookup->type()) { switch (lookup->type()) {
case FIELD: case FIELD:
return isolate()->stub_cache()->ComputeKeyedStoreField( return isolate()->stub_cache()->ComputeKeyedStoreField(
name, receiver, lookup, Handle<Map>::null(), strict_mode); name, receiver, lookup, strict_mode);
case TRANSITION: { case TRANSITION: {
// Explicitly pass in the receiver map since LookupForWrite may have // Explicitly pass in the receiver map since LookupForWrite may have
// stored something else than the receiver in the holder. // stored something else than the receiver in the holder.
...@@ -1999,7 +1999,7 @@ Handle<Code> KeyedStoreIC::ComputeStoreMonomorphic(LookupResult* lookup, ...@@ -1999,7 +1999,7 @@ Handle<Code> KeyedStoreIC::ComputeStoreMonomorphic(LookupResult* lookup,
PropertyDetails details = target_descriptors->GetDetails(descriptor); PropertyDetails details = target_descriptors->GetDetails(descriptor);
if (details.type() == FIELD && details.attributes() == NONE) { if (details.type() == FIELD && details.attributes() == NONE) {
return isolate()->stub_cache()->ComputeKeyedStoreField( return isolate()->stub_cache()->ComputeKeyedStoreTransition(
name, receiver, lookup, transition, strict_mode); name, receiver, lookup, transition, strict_mode);
} }
// fall through. // fall through.
......
...@@ -402,18 +402,30 @@ Handle<Code> StubCache::ComputeKeyedLoadCallback( ...@@ -402,18 +402,30 @@ Handle<Code> StubCache::ComputeKeyedLoadCallback(
Handle<Code> StubCache::ComputeStoreField(Handle<Name> name, Handle<Code> StubCache::ComputeStoreField(Handle<Name> name,
Handle<JSObject> receiver, Handle<JSObject> receiver,
LookupResult* lookup, LookupResult* lookup,
Handle<Map> transition,
StrictModeFlag strict_mode) { StrictModeFlag strict_mode) {
Code::StubType type = Handle<Code> stub = FindIC(
transition.is_null() ? Code::FIELD : Code::MAP_TRANSITION; name, receiver, Code::STORE_IC, Code::FIELD, strict_mode);
if (!stub.is_null()) return stub;
StoreStubCompiler compiler(isolate_, strict_mode);
Handle<Code> code = compiler.CompileStoreField(receiver, lookup, name);
JSObject::UpdateMapCodeCache(receiver, name, code);
return code;
}
Handle<Code> StubCache::ComputeStoreTransition(Handle<Name> name,
Handle<JSObject> receiver,
LookupResult* lookup,
Handle<Map> transition,
StrictModeFlag strict_mode) {
Handle<Code> stub = FindIC( Handle<Code> stub = FindIC(
name, receiver, Code::STORE_IC, type, strict_mode); name, receiver, Code::STORE_IC, Code::MAP_TRANSITION, strict_mode);
if (!stub.is_null()) return stub; if (!stub.is_null()) return stub;
StoreStubCompiler compiler(isolate_, strict_mode); StoreStubCompiler compiler(isolate_, strict_mode);
Handle<Code> code = Handle<Code> code =
compiler.CompileStoreField(receiver, lookup, transition, name); compiler.CompileStoreTransition(receiver, lookup, transition, name);
JSObject::UpdateMapCodeCache(receiver, name, code); JSObject::UpdateMapCodeCache(receiver, name, code);
return code; return code;
} }
...@@ -534,20 +546,35 @@ Handle<Code> StubCache::ComputeStoreInterceptor(Handle<Name> name, ...@@ -534,20 +546,35 @@ Handle<Code> StubCache::ComputeStoreInterceptor(Handle<Name> name,
return code; return code;
} }
Handle<Code> StubCache::ComputeKeyedStoreField(Handle<Name> name, Handle<Code> StubCache::ComputeKeyedStoreField(Handle<Name> name,
Handle<JSObject> receiver, Handle<JSObject> receiver,
LookupResult* lookup, LookupResult* lookup,
Handle<Map> transition,
StrictModeFlag strict_mode) { StrictModeFlag strict_mode) {
Code::StubType type =
(transition.is_null()) ? Code::FIELD : Code::MAP_TRANSITION;
Handle<Code> stub = FindIC( Handle<Code> stub = FindIC(
name, receiver, Code::KEYED_STORE_IC, type, strict_mode); name, receiver, Code::KEYED_STORE_IC, Code::FIELD, strict_mode);
if (!stub.is_null()) return stub;
KeyedStoreStubCompiler compiler(isolate(), strict_mode, STANDARD_STORE);
Handle<Code> code = compiler.CompileStoreField(receiver, lookup, name);
JSObject::UpdateMapCodeCache(receiver, name, code);
return code;
}
Handle<Code> StubCache::ComputeKeyedStoreTransition(
Handle<Name> name,
Handle<JSObject> receiver,
LookupResult* lookup,
Handle<Map> transition,
StrictModeFlag strict_mode) {
Handle<Code> stub = FindIC(
name, receiver, Code::KEYED_STORE_IC, Code::MAP_TRANSITION, strict_mode);
if (!stub.is_null()) return stub; if (!stub.is_null()) return stub;
KeyedStoreStubCompiler compiler(isolate(), strict_mode, STANDARD_STORE); KeyedStoreStubCompiler compiler(isolate(), strict_mode, STANDARD_STORE);
Handle<Code> code = Handle<Code> code =
compiler.CompileStoreField(receiver, lookup, transition, name); compiler.CompileStoreTransition(receiver, lookup, transition, name);
JSObject::UpdateMapCodeCache(receiver, name, code); JSObject::UpdateMapCodeCache(receiver, name, code);
return code; return code;
} }
...@@ -1587,11 +1614,39 @@ Handle<Code> LoadStubCompiler::CompileLoadViaGetter( ...@@ -1587,11 +1614,39 @@ Handle<Code> LoadStubCompiler::CompileLoadViaGetter(
} }
Handle<Code> BaseStoreStubCompiler::CompileStoreTransition(
Handle<JSObject> object,
LookupResult* lookup,
Handle<Map> transition,
Handle<Name> name) {
Label miss, miss_restore_name;
GenerateNameCheck(name, this->name(), &miss);
GenerateStoreTransition(masm(),
object,
lookup,
transition,
name,
receiver(), this->name(), value(),
scratch1(), scratch2(),
&miss,
&miss_restore_name);
// Handle store cache miss.
GenerateRestoreName(masm(), &miss_restore_name, name);
__ bind(&miss);
TailCallBuiltin(masm(), MissBuiltin(kind()));
// Return the generated code.
return GetICCode(kind(), Code::MAP_TRANSITION, name);
}
Handle<Code> BaseStoreStubCompiler::CompileStoreField(Handle<JSObject> object, Handle<Code> BaseStoreStubCompiler::CompileStoreField(Handle<JSObject> object,
LookupResult* lookup, LookupResult* lookup,
Handle<Map> transition,
Handle<Name> name) { Handle<Name> name) {
Label miss, miss_restore_name; Label miss;
GenerateNameCheck(name, this->name(), &miss); GenerateNameCheck(name, this->name(), &miss);
...@@ -1599,21 +1654,15 @@ Handle<Code> BaseStoreStubCompiler::CompileStoreField(Handle<JSObject> object, ...@@ -1599,21 +1654,15 @@ Handle<Code> BaseStoreStubCompiler::CompileStoreField(Handle<JSObject> object,
GenerateStoreField(masm(), GenerateStoreField(masm(),
object, object,
lookup, lookup,
transition,
name,
receiver(), this->name(), value(), scratch1(), scratch2(), receiver(), this->name(), value(), scratch1(), scratch2(),
&miss, &miss);
&miss_restore_name);
// Handle store cache miss. // Handle store cache miss.
GenerateRestoreName(masm(), &miss_restore_name, name);
__ bind(&miss); __ bind(&miss);
TailCallBuiltin(masm(), MissBuiltin(kind())); TailCallBuiltin(masm(), MissBuiltin(kind()));
// Return the generated code. // Return the generated code.
return GetICCode(kind(), return GetICCode(kind(), Code::FIELD, name);
transition.is_null() ? Code::FIELD : Code::MAP_TRANSITION,
name);
} }
......
...@@ -162,9 +162,14 @@ class StubCache { ...@@ -162,9 +162,14 @@ class StubCache {
Handle<Code> ComputeStoreField(Handle<Name> name, Handle<Code> ComputeStoreField(Handle<Name> name,
Handle<JSObject> object, Handle<JSObject> object,
LookupResult* lookup, LookupResult* lookup,
Handle<Map> transition,
StrictModeFlag strict_mode); StrictModeFlag strict_mode);
Handle<Code> ComputeStoreTransition(Handle<Name> name,
Handle<JSObject> object,
LookupResult* lookup,
Handle<Map> transition,
StrictModeFlag strict_mode);
Handle<Code> ComputeStoreNormal(StrictModeFlag strict_mode); Handle<Code> ComputeStoreNormal(StrictModeFlag strict_mode);
Handle<Code> ComputeStoreGlobal(Handle<Name> name, Handle<Code> ComputeStoreGlobal(Handle<Name> name,
...@@ -193,8 +198,12 @@ class StubCache { ...@@ -193,8 +198,12 @@ class StubCache {
Handle<Code> ComputeKeyedStoreField(Handle<Name> name, Handle<Code> ComputeKeyedStoreField(Handle<Name> name,
Handle<JSObject> object, Handle<JSObject> object,
LookupResult* lookup, LookupResult* lookup,
Handle<Map> transition,
StrictModeFlag strict_mode); StrictModeFlag strict_mode);
Handle<Code> ComputeKeyedStoreTransition(Handle<Name> name,
Handle<JSObject> object,
LookupResult* lookup,
Handle<Map> transition,
StrictModeFlag strict_mode);
Handle<Code> ComputeKeyedLoadElement(Handle<Map> receiver_map); Handle<Code> ComputeKeyedLoadElement(Handle<Map> receiver_map);
...@@ -509,18 +518,28 @@ class StubCompiler BASE_EMBEDDED { ...@@ -509,18 +518,28 @@ class StubCompiler BASE_EMBEDDED {
Register scratch2, Register scratch2,
Label* miss_label); Label* miss_label);
void GenerateStoreTransition(MacroAssembler* masm,
Handle<JSObject> object,
LookupResult* lookup,
Handle<Map> transition,
Handle<Name> name,
Register receiver_reg,
Register name_reg,
Register value_reg,
Register scratch1,
Register scratch2,
Label* miss_label,
Label* miss_restore_name);
void GenerateStoreField(MacroAssembler* masm, void GenerateStoreField(MacroAssembler* masm,
Handle<JSObject> object, Handle<JSObject> object,
LookupResult* lookup, LookupResult* lookup,
Handle<Map> transition,
Handle<Name> name,
Register receiver_reg, Register receiver_reg,
Register name_reg, Register name_reg,
Register value_reg, Register value_reg,
Register scratch1, Register scratch1,
Register scratch2, Register scratch2,
Label* miss_label, Label* miss_label);
Label* miss_restore_name);
static Builtins::Name MissBuiltin(Code::Kind kind) { static Builtins::Name MissBuiltin(Code::Kind kind) {
switch (kind) { switch (kind) {
...@@ -781,9 +800,13 @@ class BaseStoreStubCompiler: public StubCompiler { ...@@ -781,9 +800,13 @@ class BaseStoreStubCompiler: public StubCompiler {
virtual ~BaseStoreStubCompiler() { } virtual ~BaseStoreStubCompiler() { }
Handle<Code> CompileStoreTransition(Handle<JSObject> object,
LookupResult* lookup,
Handle<Map> transition,
Handle<Name> name);
Handle<Code> CompileStoreField(Handle<JSObject> object, Handle<Code> CompileStoreField(Handle<JSObject> object,
LookupResult* lookup, LookupResult* lookup,
Handle<Map> transition,
Handle<Name> name); Handle<Name> name);
protected: protected:
......
...@@ -732,23 +732,21 @@ static void GenerateCheckPropertyCell(MacroAssembler* masm, ...@@ -732,23 +732,21 @@ static void GenerateCheckPropertyCell(MacroAssembler* masm,
// Both name_reg and receiver_reg are preserved on jumps to miss_label, // Both name_reg and receiver_reg are preserved on jumps to miss_label,
// but may be destroyed if store is successful. // but may be destroyed if store is successful.
void StubCompiler::GenerateStoreField(MacroAssembler* masm, void StubCompiler::GenerateStoreTransition(MacroAssembler* masm,
Handle<JSObject> object, Handle<JSObject> object,
LookupResult* lookup, LookupResult* lookup,
Handle<Map> transition, Handle<Map> transition,
Handle<Name> name, Handle<Name> name,
Register receiver_reg, Register receiver_reg,
Register name_reg, Register name_reg,
Register value_reg, Register value_reg,
Register scratch1, Register scratch1,
Register scratch2, Register scratch2,
Label* miss_label, Label* miss_label,
Label* miss_restore_name) { Label* miss_restore_name) {
// Check that the map of the object hasn't changed. // Check that the map of the object hasn't changed.
CompareMapMode mode = transition.is_null() ? ALLOW_ELEMENT_TRANSITION_MAPS
: REQUIRE_EXACT_MAP;
__ CheckMap(receiver_reg, Handle<Map>(object->map()), __ CheckMap(receiver_reg, Handle<Map>(object->map()),
miss_label, DO_SMI_CHECK, mode); miss_label, DO_SMI_CHECK, REQUIRE_EXACT_MAP);
// Perform global security token check if needed. // Perform global security token check if needed.
if (object->IsJSGlobalProxy()) { if (object->IsJSGlobalProxy()) {
...@@ -756,7 +754,7 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm, ...@@ -756,7 +754,7 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm,
} }
// Check that we are allowed to write this. // Check that we are allowed to write this.
if (!transition.is_null() && object->GetPrototype()->IsJSObject()) { if (object->GetPrototype()->IsJSObject()) {
JSObject* holder; JSObject* holder;
// holder == object indicates that no property was found. // holder == object indicates that no property was found.
if (lookup->holder() != *object) { if (lookup->holder() != *object) {
...@@ -794,7 +792,7 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm, ...@@ -794,7 +792,7 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm,
ASSERT(object->IsJSGlobalProxy() || !object->IsAccessCheckNeeded()); ASSERT(object->IsJSGlobalProxy() || !object->IsAccessCheckNeeded());
// Perform map transition for the receiver if necessary. // Perform map transition for the receiver if necessary.
if (!transition.is_null() && (object->map()->unused_property_fields() == 0)) { if (object->map()->unused_property_fields() == 0) {
// The properties must be extended before we can store the value. // The properties must be extended before we can store the value.
// We jump to a runtime call that extends the properties array. // We jump to a runtime call that extends the properties array.
__ pop(scratch1); // Return address. __ pop(scratch1); // Return address.
...@@ -810,32 +808,91 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm, ...@@ -810,32 +808,91 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm,
return; return;
} }
int index; // Update the map of the object.
if (!transition.is_null()) { __ Move(scratch1, transition);
// Update the map of the object. __ movq(FieldOperand(receiver_reg, HeapObject::kMapOffset), scratch1);
__ Move(scratch1, transition);
__ movq(FieldOperand(receiver_reg, HeapObject::kMapOffset), scratch1); // Update the write barrier for the map field and pass the now unused
// name_reg as scratch register.
// Update the write barrier for the map field and pass the now unused __ RecordWriteField(receiver_reg,
// name_reg as scratch register. HeapObject::kMapOffset,
__ RecordWriteField(receiver_reg, scratch1,
HeapObject::kMapOffset, name_reg,
scratch1, kDontSaveFPRegs,
name_reg, OMIT_REMEMBERED_SET,
kDontSaveFPRegs, OMIT_SMI_CHECK);
OMIT_REMEMBERED_SET,
OMIT_SMI_CHECK); int index = transition->instance_descriptors()->GetFieldIndex(
index = transition->instance_descriptors()->GetFieldIndex( transition->LastAdded());
transition->LastAdded());
// Adjust for the number of properties stored in the object. Even in the
// face of a transition we can use the old map here because the size of the
// object and the number of in-object properties is not going to change.
index -= object->map()->inobject_properties();
// TODO(verwaest): Share this code as a code stub.
if (index < 0) {
// Set the property straight into the object.
int offset = object->map()->instance_size() + (index * kPointerSize);
__ movq(FieldOperand(receiver_reg, offset), value_reg);
// Update the write barrier for the array address.
// Pass the value being stored in the now unused name_reg.
__ movq(name_reg, value_reg);
__ RecordWriteField(
receiver_reg, offset, name_reg, scratch1, kDontSaveFPRegs);
} else { } else {
index = lookup->GetFieldIndex().field_index(); // Write to the properties array.
int offset = index * kPointerSize + FixedArray::kHeaderSize;
// Get the properties array (optimistically).
__ movq(scratch1, FieldOperand(receiver_reg, JSObject::kPropertiesOffset));
__ movq(FieldOperand(scratch1, offset), value_reg);
// Update the write barrier for the array address.
// Pass the value being stored in the now unused name_reg.
__ movq(name_reg, value_reg);
__ RecordWriteField(
scratch1, offset, name_reg, receiver_reg, kDontSaveFPRegs);
} }
// Return the value (register rax).
ASSERT(value_reg.is(rax));
__ ret(0);
}
// Both name_reg and receiver_reg are preserved on jumps to miss_label,
// but may be destroyed if store is successful.
void StubCompiler::GenerateStoreField(MacroAssembler* masm,
Handle<JSObject> object,
LookupResult* lookup,
Register receiver_reg,
Register name_reg,
Register value_reg,
Register scratch1,
Register scratch2,
Label* miss_label) {
// Check that the map of the object hasn't changed.
__ CheckMap(receiver_reg, Handle<Map>(object->map()),
miss_label, DO_SMI_CHECK, ALLOW_ELEMENT_TRANSITION_MAPS);
// Perform global security token check if needed.
if (object->IsJSGlobalProxy()) {
__ CheckAccessGlobalProxy(receiver_reg, scratch1, miss_label);
}
// Stub never generated for non-global objects that require access
// checks.
ASSERT(object->IsJSGlobalProxy() || !object->IsAccessCheckNeeded());
int index = lookup->GetFieldIndex().field_index();
// Adjust for the number of properties stored in the object. Even in the // Adjust for the number of properties stored in the object. Even in the
// face of a transition we can use the old map here because the size of the // face of a transition we can use the old map here because the size of the
// object and the number of in-object properties is not going to change. // object and the number of in-object properties is not going to change.
index -= object->map()->inobject_properties(); index -= object->map()->inobject_properties();
// TODO(verwaest): Share this code as a code stub.
if (index < 0) { if (index < 0) {
// Set the property straight into the object. // Set the property straight into the object.
int offset = object->map()->instance_size() + (index * kPointerSize); int offset = object->map()->instance_size() + (index * kPointerSize);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment