Commit cc2a2771 authored by jkummerow's avatar jkummerow Committed by Commit bot

[stubs] Fix CodeStubAssembler::TrapAllocationMemento

to actually trap allocation mementos.

Review-Url: https://codereview.chromium.org/2487943005
Cr-Commit-Position: refs/heads/master@{#40895}
parent 6d533403
...@@ -6887,23 +6887,23 @@ void CodeStubAssembler::TrapAllocationMemento(Node* object, ...@@ -6887,23 +6887,23 @@ void CodeStubAssembler::TrapAllocationMemento(Node* object,
Node* new_space_top_address = ExternalConstant( Node* new_space_top_address = ExternalConstant(
ExternalReference::new_space_allocation_top_address(isolate())); ExternalReference::new_space_allocation_top_address(isolate()));
const int kMementoMapOffset = JSArray::kSize - kHeapObjectTag; const int kMementoMapOffset = JSArray::kSize;
const int kMementoLastWordOffset = const int kMementoLastWordOffset =
kMementoMapOffset + AllocationMemento::kSize - kPointerSize; kMementoMapOffset + AllocationMemento::kSize - kPointerSize;
// Bail out if the object is not in new space. // Bail out if the object is not in new space.
Node* object_page = PageFromAddress(object); Node* object_page = PageFromAddress(object);
{ {
const int mask = Node* page_flags = Load(MachineType::IntPtr(), object_page,
(1 << MemoryChunk::IN_FROM_SPACE) | (1 << MemoryChunk::IN_TO_SPACE); IntPtrConstant(Page::kFlagsOffset));
Node* page_flags = Load(MachineType::IntPtr(), object_page); GotoIf(WordEqual(WordAnd(page_flags,
GotoIf( IntPtrConstant(MemoryChunk::kIsInNewSpaceMask)),
WordEqual(WordAnd(page_flags, IntPtrConstant(mask)), IntPtrConstant(0)), IntPtrConstant(0)),
&no_memento_found); &no_memento_found);
} }
Node* memento_last_word = Node* memento_last_word = IntPtrAdd(
IntPtrAdd(object, IntPtrConstant(kMementoLastWordOffset)); object, IntPtrConstant(kMementoLastWordOffset - kHeapObjectTag));
Node* memento_last_word_page = PageFromAddress(memento_last_word); Node* memento_last_word_page = PageFromAddress(memento_last_word);
Node* new_space_top = Load(MachineType::Pointer(), new_space_top_address); Node* new_space_top = Load(MachineType::Pointer(), new_space_top_address);
......
// Copyright 2016 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --allow-natives-syntax --noalways-opt
var elements_kind = {
fast_smi_only : 'fast smi only elements',
fast : 'fast elements',
fast_double : 'fast double elements',
dictionary : 'dictionary elements',
}
function getKind(obj) {
if (%HasFastSmiElements(obj)) return elements_kind.fast_smi_only;
if (%HasFastObjectElements(obj)) return elements_kind.fast;
if (%HasFastDoubleElements(obj)) return elements_kind.fast_double;
if (%HasDictionaryElements(obj)) return elements_kind.dictionary;
}
function assertKind(expected, obj, name_opt) {
assertEquals(expected, getKind(obj), name_opt);
}
(function() {
function make1() { return new Array(); }
function make2() { return new Array(); }
function make3() { return new Array(); }
function foo(a, i) { a[0] = i; }
function run_test(maker_function) {
var one = maker_function();
assertKind(elements_kind.fast_smi_only, one);
// Use memento to pre-transition allocation site to DOUBLE elements.
foo(one, 1.5);
// Newly created arrays should now have DOUBLE elements right away.
var two = maker_function();
assertKind(elements_kind.fast_double, two);
}
// Initialize the KeyedStoreIC in foo; the actual operation will be done
// in the runtime.
run_test(make1);
// Run again; the IC optimistically assumed to only see the transitioned
// (double-elements) map again, so this will make it polymorphic.
// The actual operation will again be done in the runtime.
run_test(make2);
// Finally, check if the initialized IC honors the allocation memento.
run_test(make3);
})();
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment