Commit fa1b0fce authored by zhengxing.li's avatar zhengxing.li Committed by Commit bot

X87: Fix inobject slack tracking for both subclassing and non-subclassing cases.

  port 5d38d681 (r32547)

  original commit message:
  It didn't support subclassing case at all and in non-subclassing case the runtime
  allocation didn't do the slack tracking step.

BUG=

Review URL: https://codereview.chromium.org/1506713002

Cr-Commit-Position: refs/heads/master@{#32633}
parent 552437c0
...@@ -166,37 +166,6 @@ static void Generate_JSConstructStubHelper(MacroAssembler* masm, ...@@ -166,37 +166,6 @@ static void Generate_JSConstructStubHelper(MacroAssembler* masm,
__ CmpInstanceType(eax, JS_FUNCTION_TYPE); __ CmpInstanceType(eax, JS_FUNCTION_TYPE);
__ j(equal, &rt_call); __ j(equal, &rt_call);
if (!is_api_function) {
Label allocate;
// The code below relies on these assumptions.
STATIC_ASSERT(Map::Counter::kShift + Map::Counter::kSize == 32);
// Check if slack tracking is enabled.
__ mov(esi, FieldOperand(eax, Map::kBitField3Offset));
__ shr(esi, Map::Counter::kShift);
__ cmp(esi, Map::kSlackTrackingCounterEnd);
__ j(less, &allocate);
// Decrease generous allocation count.
__ sub(FieldOperand(eax, Map::kBitField3Offset),
Immediate(1 << Map::Counter::kShift));
__ cmp(esi, Map::kSlackTrackingCounterEnd);
__ j(not_equal, &allocate);
__ push(eax);
__ push(edx);
__ push(edi);
__ push(eax); // initial map
__ CallRuntime(Runtime::kFinalizeInstanceSize, 1);
__ pop(edi);
__ pop(edx);
__ pop(eax);
__ mov(esi, Map::kSlackTrackingCounterEnd - 1);
__ bind(&allocate);
}
// Now allocate the JSObject on the heap. // Now allocate the JSObject on the heap.
// edi: constructor // edi: constructor
// eax: initial map // eax: initial map
...@@ -209,25 +178,37 @@ static void Generate_JSConstructStubHelper(MacroAssembler* masm, ...@@ -209,25 +178,37 @@ static void Generate_JSConstructStubHelper(MacroAssembler* masm,
// Allocated the JSObject, now initialize the fields. // Allocated the JSObject, now initialize the fields.
// eax: initial map // eax: initial map
// ebx: JSObject // ebx: JSObject (not HeapObject tagged - the actual address).
// edi: start of next object // edi: start of next object
__ mov(Operand(ebx, JSObject::kMapOffset), eax); __ mov(Operand(ebx, JSObject::kMapOffset), eax);
__ mov(ecx, factory->empty_fixed_array()); __ mov(ecx, factory->empty_fixed_array());
__ mov(Operand(ebx, JSObject::kPropertiesOffset), ecx); __ mov(Operand(ebx, JSObject::kPropertiesOffset), ecx);
__ mov(Operand(ebx, JSObject::kElementsOffset), ecx); __ mov(Operand(ebx, JSObject::kElementsOffset), ecx);
// Set extra fields in the newly allocated object.
// eax: initial map
// ebx: JSObject
// edi: start of next object
// esi: slack tracking counter (non-API function case)
__ mov(edx, factory->undefined_value());
__ lea(ecx, Operand(ebx, JSObject::kHeaderSize)); __ lea(ecx, Operand(ebx, JSObject::kHeaderSize));
// Add the object tag to make the JSObject real, so that we can continue
// and jump into the continuation code at any time from now on.
__ or_(ebx, Immediate(kHeapObjectTag));
// Fill all the in-object properties with the appropriate filler.
// ebx: JSObject (tagged)
// ecx: First in-object property of JSObject (not tagged)
__ mov(edx, factory->undefined_value());
if (!is_api_function) { if (!is_api_function) {
Label no_inobject_slack_tracking; Label no_inobject_slack_tracking;
// The code below relies on these assumptions.
STATIC_ASSERT(Map::Counter::kShift + Map::Counter::kSize == 32);
// Check if slack tracking is enabled. // Check if slack tracking is enabled.
__ mov(esi, FieldOperand(eax, Map::kBitField3Offset));
__ shr(esi, Map::Counter::kShift);
__ cmp(esi, Map::kSlackTrackingCounterEnd); __ cmp(esi, Map::kSlackTrackingCounterEnd);
__ j(less, &no_inobject_slack_tracking); __ j(less, &no_inobject_slack_tracking);
__ push(esi); // Save allocation count value.
// Decrease generous allocation count.
__ sub(FieldOperand(eax, Map::kBitField3Offset),
Immediate(1 << Map::Counter::kShift));
// Allocate object with a slack. // Allocate object with a slack.
__ movzx_b(esi, FieldOperand(eax, Map::kUnusedPropertyFieldsOffset)); __ movzx_b(esi, FieldOperand(eax, Map::kUnusedPropertyFieldsOffset));
...@@ -244,17 +225,28 @@ static void Generate_JSConstructStubHelper(MacroAssembler* masm, ...@@ -244,17 +225,28 @@ static void Generate_JSConstructStubHelper(MacroAssembler* masm,
// To allow truncation fill the remaining fields with one pointer // To allow truncation fill the remaining fields with one pointer
// filler map. // filler map.
__ mov(edx, factory->one_pointer_filler_map()); __ mov(edx, factory->one_pointer_filler_map());
__ InitializeFieldsWithFiller(ecx, edi, edx);
__ pop(esi); // Restore allocation count value before decreasing.
__ cmp(esi, Map::kSlackTrackingCounterEnd);
__ j(not_equal, &allocated);
// Push the object to the stack, and then the initial map as
// an argument to the runtime call.
__ push(ebx);
__ push(eax); // initial map
__ CallRuntime(Runtime::kFinalizeInstanceSize, 1);
__ pop(ebx);
// Continue with JSObject being successfully allocated
// ebx: JSObject (tagged)
__ jmp(&allocated);
__ bind(&no_inobject_slack_tracking); __ bind(&no_inobject_slack_tracking);
} }
__ InitializeFieldsWithFiller(ecx, edi, edx); __ InitializeFieldsWithFiller(ecx, edi, edx);
// Add the object tag to make the JSObject real, so that we can continue
// and jump into the continuation code at any time from now on.
// ebx: JSObject (untagged)
__ or_(ebx, Immediate(kHeapObjectTag));
// Continue with JSObject being successfully allocated // Continue with JSObject being successfully allocated
// ebx: JSObject (tagged) // ebx: JSObject (tagged)
__ jmp(&allocated); __ jmp(&allocated);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment