Fix CALL_IC to read properties out of the object in the presence

of in-object properties instead of always going to read out of the properties array. TBR=ager Review URL: http://codereview.chromium.org/6607 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@503 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix CALL_IC to read properties out of the object in the presence
of in-object properties instead of always going to read out of the properties array. TBR=ager Review URL: http://codereview.chromium.org/6607 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@503 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
f1f09624 · iposva@chromium.org · d67fa3c3 · f1f09624 · f1f09624
Commit f1f09624 authored Oct 15, 2008 by iposva@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 26 additions and 8 deletions

stub-cache-arm.cc src/stub-cache-arm.cc +13 -4

stub-cache-ia32.cc src/stub-cache-ia32.cc +13 -4

No files found.
--- a/src/stub-cache-arm.cc
+++ b/src/stub-cache-arm.cc
@@ -209,10 +209,19 @@ Object* CallStubCompiler::CompileCallField(Object* object,
  Register reg =
      __ CheckMaps(JSObject::cast(object), r1, holder, r3, r2, &miss);

-  // Get the properties array of the holder and get the function from the field.
-  int offset = index * kPointerSize + Array::kHeaderSize;
-  __ ldr(r1, FieldMemOperand(reg, JSObject::kPropertiesOffset));
-  __ ldr(r1, FieldMemOperand(r1, offset));
+  // Adjust for the number of properties stored in the holder.
+  index -= holder->map()->inobject_properties();
+  if (index < 0) {
+    // Get the property straight out of the holder.
+    int offset = holder->map()->instance_size() + (index * kPointerSize);
+    __ ldr(r1, FieldMemOperand(reg, offset));
+  } else {
+    // Get the properties array of the holder and get the function from
+    // the field.
+    int offset = index * kPointerSize + Array::kHeaderSize;
+    __ ldr(r1, FieldMemOperand(reg, JSObject::kPropertiesOffset));
+    __ ldr(r1, FieldMemOperand(r1, offset));
+  }

  // Check that the function really is a function.
  __ tst(r1, Operand(kSmiTagMask));

--- a/src/stub-cache-ia32.cc
+++ b/src/stub-cache-ia32.cc
@@ -499,10 +499,19 @@ Object* CallStubCompiler::CompileCallField(Object* object,
  Register reg =
      __ CheckMaps(JSObject::cast(object), edx, holder, ebx, ecx, &miss);

-  // Get the properties array of the holder and get the function from the field.
-  int offset = index * kPointerSize + Array::kHeaderSize;
-  __ mov(edi, FieldOperand(reg, JSObject::kPropertiesOffset));
-  __ mov(edi, FieldOperand(edi, offset));
+  // Adjust for the number of properties stored in the holder.
+  index -= holder->map()->inobject_properties();
+  if (index < 0) {
+    // Get the property straight out of the holder.
+    int offset = holder->map()->instance_size() + (index * kPointerSize);
+    __ mov(edi, FieldOperand(reg, offset));
+  } else {
+    // Get the properties array of the holder and get the function from
+    // the field.
+    int offset = index * kPointerSize + Array::kHeaderSize;
+    __ mov(edi, FieldOperand(reg, JSObject::kPropertiesOffset));
+    __ mov(edi, FieldOperand(edi, offset));
+  }

  // Check that the function really is a function.
  __ test(edi, Immediate(kSmiTagMask));