frame_->EmitPush(Operand(Smi::FromInt(node->literal_index())));
frame_->EmitPush(Operand(node->constant_elements()));
int length = node->values()->length();
- if (node->depth() > 1) {
+ if (node->constant_elements()->map() == Heap::fixed_cow_array_map()) {
+ FastCloneShallowArrayStub stub(
+ FastCloneShallowArrayStub::COPY_ON_WRITE_ELEMENTS, length);
+ frame_->CallStub(&stub, 3);
+ __ IncrementCounter(&Counters::cow_arrays_created_stub, 1, r1, r2);
+ } else if (node->depth() > 1) {
frame_->CallRuntime(Runtime::kCreateArrayLiteral, 3);
- } else if (length > FastCloneShallowArrayStub::kMaximumLength) {
+ } else if (length > FastCloneShallowArrayStub::kMaximumClonedLength) {
frame_->CallRuntime(Runtime::kCreateArrayLiteralShallow, 3);
} else {
- FastCloneShallowArrayStub stub(length);
+ FastCloneShallowArrayStub stub(
+ FastCloneShallowArrayStub::CLONE_ELEMENTS, length);
frame_->CallStub(&stub, 3);
}
frame_->EmitPush(r0); // save the result
__ tst(tmp2, Operand(KeyedLoadIC::kSlowCaseBitFieldMask));
deferred->Branch(nz);
- // Check the object's elements are in fast case.
+ // Check the object's elements are in fast case and writable.
__ ldr(tmp1, FieldMemOperand(object, JSObject::kElementsOffset));
__ ldr(tmp2, FieldMemOperand(tmp1, HeapObject::kMapOffset));
__ LoadRoot(ip, Heap::kFixedArrayMapRootIndex);
__ cmp(scratch1, scratch2);
deferred->Branch(ne);
- // Get the elements array from the receiver and check that it
- // is not a dictionary.
+ // Get the elements array from the receiver.
__ ldr(scratch1, FieldMemOperand(receiver, JSObject::kElementsOffset));
- if (FLAG_debug_code) {
- __ ldr(scratch2, FieldMemOperand(scratch1, JSObject::kMapOffset));
- __ LoadRoot(ip, Heap::kFixedArrayMapRootIndex);
- __ cmp(scratch2, ip);
- __ Assert(eq, "JSObject with fast elements map has slow elements");
- }
+ __ AssertFastElements(scratch1);
// Check that key is within bounds. Use unsigned comparison to handle
// negative keys.
__ cmp(r3, ip);
__ b(eq, &slow_case);
+ if (FLAG_debug_code) {
+ const char* message;
+ Heap::RootListIndex expected_map_index;
+ if (mode_ == CLONE_ELEMENTS) {
+ message = "Expected (writable) fixed array";
+ expected_map_index = Heap::kFixedArrayMapRootIndex;
+ } else {
+ ASSERT(mode_ == COPY_ON_WRITE_ELEMENTS);
+ message = "Expected copy-on-write fixed array";
+ expected_map_index = Heap::kFixedCOWArrayMapRootIndex;
+ }
+ __ push(r3);
+ __ ldr(r3, FieldMemOperand(r3, JSArray::kElementsOffset));
+ __ ldr(r3, FieldMemOperand(r3, HeapObject::kMapOffset));
+ __ LoadRoot(ip, expected_map_index);
+ __ cmp(r3, ip);
+ __ Assert(eq, message);
+ __ pop(r3);
+ }
+
// Allocate both the JS array and the elements array in one big
// allocation. This avoids multiple limit checks.
__ AllocateInNewSpace(size,
// Constants related to patching of inlined load/store.
static int GetInlinedKeyedLoadInstructionsAfterPatch() {
- return FLAG_debug_code ? 27 : 13;
+ return FLAG_debug_code ? 32 : 13;
}
static const int kInlinedKeyedStoreInstructionsAfterPatch = 5;
static int GetInlinedNamedStoreInstructionsAfterPatch() {
__ mov(r2, Operand(Smi::FromInt(expr->literal_index())));
__ mov(r1, Operand(expr->constant_elements()));
__ Push(r3, r2, r1);
- if (expr->depth() > 1) {
+ if (expr->constant_elements()->map() == Heap::fixed_cow_array_map()) {
+ FastCloneShallowArrayStub stub(
+ FastCloneShallowArrayStub::COPY_ON_WRITE_ELEMENTS, length);
+ __ CallStub(&stub);
+ __ IncrementCounter(&Counters::cow_arrays_created_stub, 1, r1, r2);
+ } else if (expr->depth() > 1) {
__ CallRuntime(Runtime::kCreateArrayLiteral, 3);
- } else if (length > FastCloneShallowArrayStub::kMaximumLength) {
+ } else if (length > FastCloneShallowArrayStub::kMaximumClonedLength) {
__ CallRuntime(Runtime::kCreateArrayLiteralShallow, 3);
} else {
- FastCloneShallowArrayStub stub(length);
+ FastCloneShallowArrayStub stub(
+ FastCloneShallowArrayStub::CLONE_ELEMENTS, length);
__ CallStub(&stub);
}
// Falls through for regular JS object.
static void GenerateKeyedLoadReceiverCheck(MacroAssembler* masm,
Register receiver,
- Register scratch1,
- Register scratch2,
+ Register map,
+ Register scratch,
int interceptor_bit,
Label* slow) {
// Check that the object isn't a smi.
__ BranchOnSmi(receiver, slow);
// Get the map of the receiver.
- __ ldr(scratch1, FieldMemOperand(receiver, HeapObject::kMapOffset));
+ __ ldr(map, FieldMemOperand(receiver, HeapObject::kMapOffset));
// Check bit field.
- __ ldrb(scratch2, FieldMemOperand(scratch1, Map::kBitFieldOffset));
- __ tst(scratch2,
+ __ ldrb(scratch, FieldMemOperand(map, Map::kBitFieldOffset));
+ __ tst(scratch,
Operand((1 << Map::kIsAccessCheckNeeded) | (1 << interceptor_bit)));
__ b(nz, slow);
// Check that the object is some kind of JS object EXCEPT JS Value type.
// we enter the runtime system to make sure that indexing into string
// objects work as intended.
ASSERT(JS_OBJECT_TYPE > JS_VALUE_TYPE);
- __ ldrb(scratch1, FieldMemOperand(scratch1, Map::kInstanceTypeOffset));
- __ cmp(scratch1, Operand(JS_OBJECT_TYPE));
+ __ ldrb(scratch, FieldMemOperand(map, Map::kInstanceTypeOffset));
+ __ cmp(scratch, Operand(JS_OBJECT_TYPE));
__ b(lt, slow);
}
// Loads an indexed element from a fast case array.
+// If not_fast_array is NULL, doesn't perform the elements map check.
static void GenerateFastArrayLoad(MacroAssembler* masm,
Register receiver,
Register key,
// scratch2 - used to hold the loaded value.
__ ldr(elements, FieldMemOperand(receiver, JSObject::kElementsOffset));
- // Check that the object is in fast mode (not dictionary).
- __ ldr(scratch1, FieldMemOperand(elements, HeapObject::kMapOffset));
- __ LoadRoot(ip, Heap::kFixedArrayMapRootIndex);
- __ cmp(scratch1, ip);
- __ b(ne, not_fast_array);
+ if (not_fast_array != NULL) {
+ // Check that the object is in fast mode and writable.
+ __ ldr(scratch1, FieldMemOperand(elements, HeapObject::kMapOffset));
+ __ LoadRoot(ip, Heap::kFixedArrayMapRootIndex);
+ __ cmp(scratch1, ip);
+ __ b(ne, not_fast_array);
+ } else {
+ __ AssertFastElements(elements);
+ }
// Check that the key (index) is within bounds.
__ ldr(scratch1, FieldMemOperand(elements, FixedArray::kLengthOffset));
__ cmp(key, Operand(scratch1));
GenerateKeyedLoadReceiverCheck(
masm, receiver, r2, r3, Map::kHasIndexedInterceptor, &slow);
+ // Check the "has fast elements" bit in the receiver's map which is
+ // now in r2.
+ __ ldrb(r3, FieldMemOperand(r2, Map::kBitField2Offset));
+ __ tst(r3, Operand(1 << Map::kHasFastElements));
+ __ b(eq, &check_pixel_array);
+
GenerateFastArrayLoad(
- masm, receiver, key, r4, r3, r2, r0, &check_pixel_array, &slow);
+ masm, receiver, key, r4, r3, r2, r0, NULL, &slow);
__ IncrementCounter(&Counters::keyed_load_generic_smi, 1, r2, r3);
__ Ret();
// Check whether the elements is a pixel array.
// r0: key
- // r3: elements map
- // r4: elements
+ // r1: receiver
__ bind(&check_pixel_array);
+ __ ldr(r4, FieldMemOperand(r1, JSObject::kElementsOffset));
+ __ ldr(r3, FieldMemOperand(r4, HeapObject::kMapOffset));
__ LoadRoot(ip, Heap::kPixelArrayMapRootIndex);
__ cmp(r3, ip);
__ b(ne, &check_number_dictionary);
// Object case: Check key against length in the elements array.
__ ldr(elements, FieldMemOperand(receiver, JSObject::kElementsOffset));
- // Check that the object is in fast mode (not dictionary).
+ // Check that the object is in fast mode and writable.
__ ldr(r4, FieldMemOperand(elements, HeapObject::kMapOffset));
__ LoadRoot(ip, Heap::kFixedArrayMapRootIndex);
__ cmp(r4, ip);
__ b(&fast);
// Array case: Get the length and the elements array from the JS
- // array. Check that the array is in fast mode; if it is the
- // length is always a smi.
+ // array. Check that the array is in fast mode (and writable); if it
+ // is the length is always a smi.
__ bind(&array);
__ ldr(elements, FieldMemOperand(receiver, JSObject::kElementsOffset));
__ ldr(r4, FieldMemOperand(elements, HeapObject::kMapOffset));
__ b(ne, &miss);
// Check that elements are FixedArray.
+ // We rely on StoreIC_ArrayLength below to deal with all types of
+ // fast elements (including COW).
__ ldr(scratch, FieldMemOperand(receiver, JSArray::kElementsOffset));
__ CompareObjectType(scratch, scratch, scratch, FIXED_ARRAY_TYPE);
__ b(ne, &miss);
}
+void MacroAssembler::AssertFastElements(Register elements) {
+ if (FLAG_debug_code) {
+ ASSERT(!elements.is(ip));
+ Label ok;
+ push(elements);
+ ldr(elements, FieldMemOperand(elements, HeapObject::kMapOffset));
+ LoadRoot(ip, Heap::kFixedArrayMapRootIndex);
+ cmp(elements, ip);
+ b(eq, &ok);
+ LoadRoot(ip, Heap::kFixedCOWArrayMapRootIndex);
+ cmp(elements, ip);
+ b(eq, &ok);
+ Abort("JSObject with fast elements map has slow elements");
+ bind(&ok);
+ pop(elements);
+ }
+}
+
+
void MacroAssembler::Check(Condition cc, const char* msg) {
Label L;
b(cc, &L);
// Use --debug_code to enable.
void Assert(Condition cc, const char* msg);
void AssertRegisterIsRoot(Register reg, Heap::RootListIndex index);
+ void AssertFastElements(Register elements);
// Like Assert(), but always enabled.
void Check(Condition cc, const char* msg);
// Check that the maps haven't changed.
CheckPrototypes(JSObject::cast(object), r1, holder, r3, r0, r4, name, &miss);
- if (object->IsGlobalObject()) {
- __ ldr(r3, FieldMemOperand(r1, GlobalObject::kGlobalReceiverOffset));
- __ str(r3, MemOperand(sp, argc * kPointerSize));
- }
-
__ TailCallExternalReference(ExternalReference(Builtins::c_ArrayPush),
argc + 1,
1);
// Check that the maps haven't changed.
CheckPrototypes(JSObject::cast(object), r1, holder, r3, r0, r4, name, &miss);
- if (object->IsGlobalObject()) {
- __ ldr(r3, FieldMemOperand(r1, GlobalObject::kGlobalReceiverOffset));
- __ str(r3, MemOperand(sp, argc * kPointerSize));
- }
-
__ TailCallExternalReference(ExternalReference(Builtins::c_ArrayPop),
argc + 1,
1);
int src_index,
int len) {
ASSERT(dst != src); // Use MoveElements instead.
+ ASSERT(dst->map() != Heap::fixed_cow_array_map());
ASSERT(len > 0);
CopyWords(dst->data_start() + dst_index,
src->data_start() + src_index,
FixedArray* src,
int src_index,
int len) {
+ ASSERT(dst->map() != Heap::fixed_cow_array_map());
memmove(dst->data_start() + dst_index,
src->data_start() + src_index,
len * kPointerSize);
static void FillWithHoles(FixedArray* dst, int from, int to) {
+ ASSERT(dst->map() != Heap::fixed_cow_array_map());
MemsetPointer(dst->data_start() + from, Heap::the_hole_value(), to - from);
}
static FixedArray* LeftTrimFixedArray(FixedArray* elms, int to_trim) {
+ ASSERT(elms->map() != Heap::fixed_cow_array_map());
// For now this trick is only applied to fixed arrays in new space.
// In large object space the object's start must coincide with chunk
// and thus the trick is just not applicable.
}
-static bool IsJSArrayWithFastElements(Object* receiver,
- FixedArray** elements) {
- if (!receiver->IsJSArray()) {
- return false;
- }
-
+static Object* EnsureJSArrayWithWritableFastElements(Object* receiver) {
+ if (!receiver->IsJSArray()) return NULL;
JSArray* array = JSArray::cast(receiver);
-
HeapObject* elms = HeapObject::cast(array->elements());
- if (elms->map() != Heap::fixed_array_map()) {
- return false;
+ if (elms->map() == Heap::fixed_array_map()) return elms;
+ if (elms->map() == Heap::fixed_cow_array_map()) {
+ return array->EnsureWritableFastElements();
}
-
- *elements = FixedArray::cast(elms);
- return true;
+ return NULL;
}
-static bool IsFastElementMovingAllowed(Object* receiver,
- FixedArray** elements) {
- if (!IsJSArrayWithFastElements(receiver, elements)) return false;
-
+static bool IsJSArrayFastElementMovingAllowed(JSArray* receiver) {
Context* global_context = Top::context()->global_context();
JSObject* array_proto =
JSObject::cast(global_context->array_function()->prototype());
- if (JSArray::cast(receiver)->GetPrototype() != array_proto) return false;
- return ArrayPrototypeHasNoElements(global_context, array_proto);
+ return receiver->GetPrototype() == array_proto &&
+ ArrayPrototypeHasNoElements(global_context, array_proto);
}
BUILTIN(ArrayPush) {
Object* receiver = *args.receiver();
- FixedArray* elms = NULL;
- if (!IsJSArrayWithFastElements(receiver, &elms)) {
- return CallJsBuiltin("ArrayPush", args);
- }
+ Object* elms_obj = EnsureJSArrayWithWritableFastElements(receiver);
+ if (elms_obj == NULL) return CallJsBuiltin("ArrayPush", args);
+ if (elms_obj->IsFailure()) return elms_obj;
+ FixedArray* elms = FixedArray::cast(elms_obj);
JSArray* array = JSArray::cast(receiver);
int len = Smi::cast(array->length())->value();
BUILTIN(ArrayPop) {
Object* receiver = *args.receiver();
- FixedArray* elms = NULL;
- if (!IsJSArrayWithFastElements(receiver, &elms)) {
- return CallJsBuiltin("ArrayPop", args);
- }
+ Object* elms_obj = EnsureJSArrayWithWritableFastElements(receiver);
+ if (elms_obj == NULL) return CallJsBuiltin("ArrayPop", args);
+ if (elms_obj->IsFailure()) return elms_obj;
+ FixedArray* elms = FixedArray::cast(elms_obj);
JSArray* array = JSArray::cast(receiver);
int len = Smi::cast(array->length())->value();
BUILTIN(ArrayShift) {
Object* receiver = *args.receiver();
- FixedArray* elms = NULL;
- if (!IsFastElementMovingAllowed(receiver, &elms)) {
+ Object* elms_obj = EnsureJSArrayWithWritableFastElements(receiver);
+ if (elms_obj->IsFailure()) return elms_obj;
+ if (elms_obj == NULL ||
+ !IsJSArrayFastElementMovingAllowed(JSArray::cast(receiver))) {
return CallJsBuiltin("ArrayShift", args);
}
+ FixedArray* elms = FixedArray::cast(elms_obj);
JSArray* array = JSArray::cast(receiver);
ASSERT(array->HasFastElements());
BUILTIN(ArrayUnshift) {
Object* receiver = *args.receiver();
- FixedArray* elms = NULL;
- if (!IsFastElementMovingAllowed(receiver, &elms)) {
+ Object* elms_obj = EnsureJSArrayWithWritableFastElements(receiver);
+ if (elms_obj->IsFailure()) return elms_obj;
+ if (elms_obj == NULL ||
+ !IsJSArrayFastElementMovingAllowed(JSArray::cast(receiver))) {
return CallJsBuiltin("ArrayUnshift", args);
}
+ FixedArray* elms = FixedArray::cast(elms_obj);
JSArray* array = JSArray::cast(receiver);
ASSERT(array->HasFastElements());
BUILTIN(ArraySlice) {
Object* receiver = *args.receiver();
- FixedArray* elms = NULL;
- if (!IsFastElementMovingAllowed(receiver, &elms)) {
+ Object* elms_obj = EnsureJSArrayWithWritableFastElements(receiver);
+ if (elms_obj->IsFailure()) return elms_obj;
+ if (elms_obj == NULL ||
+ !IsJSArrayFastElementMovingAllowed(JSArray::cast(receiver))) {
return CallJsBuiltin("ArraySlice", args);
}
+ FixedArray* elms = FixedArray::cast(elms_obj);
JSArray* array = JSArray::cast(receiver);
ASSERT(array->HasFastElements());
BUILTIN(ArraySplice) {
Object* receiver = *args.receiver();
- FixedArray* elms = NULL;
- if (!IsFastElementMovingAllowed(receiver, &elms)) {
+ Object* elms_obj = EnsureJSArrayWithWritableFastElements(receiver);
+ if (elms_obj->IsFailure()) return elms_obj;
+ if (elms_obj == NULL ||
+ !IsJSArrayFastElementMovingAllowed(JSArray::cast(receiver))) {
return CallJsBuiltin("ArraySplice", args);
}
+ FixedArray* elms = FixedArray::cast(elms_obj);
JSArray* array = JSArray::cast(receiver);
ASSERT(array->HasFastElements());
CodeGenerator* previous_;
};
+
#if V8_TARGET_ARCH_IA32 || V8_TARGET_ARCH_X64
// State of used registers in a virtual frame.
class FastCloneShallowArrayStub : public CodeStub {
public:
- static const int kMaximumLength = 8;
+ // Maximum length of copied elements array.
+ static const int kMaximumClonedLength = 8;
+
+ enum Mode {
+ CLONE_ELEMENTS,
+ COPY_ON_WRITE_ELEMENTS
+ };
- explicit FastCloneShallowArrayStub(int length) : length_(length) {
- ASSERT(length >= 0 && length <= kMaximumLength);
+ FastCloneShallowArrayStub(Mode mode, int length)
+ : mode_(mode),
+ length_((mode == COPY_ON_WRITE_ELEMENTS) ? 0 : length) {
+ ASSERT(length_ >= 0);
+ ASSERT(length_ <= kMaximumClonedLength);
}
void Generate(MacroAssembler* masm);
private:
+ Mode mode_;
int length_;
const char* GetName() { return "FastCloneShallowArrayStub"; }
Major MajorKey() { return FastCloneShallowArray; }
- int MinorKey() { return length_; }
+ int MinorKey() {
+ ASSERT(mode_ == 0 || mode_ == 1);
+ return (length_ << 1) | mode_;
+ }
};
oddball_map()->set_prototype(null_value());
oddball_map()->set_constructor(null_value());
+ obj = AllocateMap(FIXED_ARRAY_TYPE, FixedArray::kHeaderSize);
+ if (obj->IsFailure()) return false;
+ set_fixed_cow_array_map(Map::cast(obj));
+ ASSERT(fixed_array_map() != fixed_cow_array_map());
+
obj = AllocateMap(HEAP_NUMBER_TYPE, HeapNumber::kSize);
if (obj->IsFailure()) return false;
set_heap_number_map(Map::cast(obj));
FixedArray* properties = FixedArray::cast(source->properties());
// Update elements if necessary.
if (elements->length() > 0) {
- Object* elem = CopyFixedArray(elements);
+ Object* elem =
+ (elements->map() == fixed_cow_array_map()) ?
+ elements : CopyFixedArray(elements);
if (elem->IsFailure()) return elem;
JSObject::cast(clone)->set_elements(FixedArray::cast(elem));
}
V(Map, heap_number_map, HeapNumberMap) \
V(Map, global_context_map, GlobalContextMap) \
V(Map, fixed_array_map, FixedArrayMap) \
+ V(Map, fixed_cow_array_map, FixedCOWArrayMap) \
V(Object, no_interceptor_result_sentinel, NoInterceptorResultSentinel) \
V(Map, meta_map, MetaMap) \
V(Object, termination_exception, TerminationException) \
frame_->Push(node->constant_elements());
int length = node->values()->length();
Result clone;
- if (node->depth() > 1) {
+ if (node->constant_elements()->map() == Heap::fixed_cow_array_map()) {
+ FastCloneShallowArrayStub stub(
+ FastCloneShallowArrayStub::COPY_ON_WRITE_ELEMENTS, length);
+ clone = frame_->CallStub(&stub, 3);
+ __ IncrementCounter(&Counters::cow_arrays_created_stub, 1);
+ } else if (node->depth() > 1) {
clone = frame_->CallRuntime(Runtime::kCreateArrayLiteral, 3);
- } else if (length > FastCloneShallowArrayStub::kMaximumLength) {
+ } else if (length > FastCloneShallowArrayStub::kMaximumClonedLength) {
clone = frame_->CallRuntime(Runtime::kCreateArrayLiteralShallow, 3);
} else {
- FastCloneShallowArrayStub stub(length);
+ FastCloneShallowArrayStub stub(
+ FastCloneShallowArrayStub::CLONE_ELEMENTS, length);
clone = frame_->CallStub(&stub, 3);
}
frame_->Push(&clone);
for (int i = 0; i < length; i++) {
Expression* value = node->values()->at(i);
- // If value is a literal the property value is already set in the
- // boilerplate object.
- if (value->AsLiteral() != NULL) continue;
- // If value is a materialized literal the property value is already set
- // in the boilerplate object if it is simple.
- if (CompileTimeValue::IsCompileTimeValue(value)) continue;
+ if (!CompileTimeValue::ArrayLiteralElementNeedsInitialization(value)) {
+ continue;
+ }
// The property must be set by generated code.
Load(value);
KeyedLoadIC::kSlowCaseBitFieldMask);
deferred->Branch(not_zero);
- // Check the object's elements are in fast case.
+ // Check the object's elements are in fast case and writable.
__ mov(tmp1.reg(), FieldOperand(object.reg(), JSObject::kElementsOffset));
__ cmp(FieldOperand(tmp1.reg(), HeapObject::kMapOffset),
Immediate(Factory::fixed_array_map()));
if (FLAG_debug_code) __ AbortIfNotSmi(key.reg());
}
- // Get the elements array from the receiver and check that it
- // is not a dictionary.
+ // Get the elements array from the receiver.
__ mov(elements.reg(),
FieldOperand(receiver.reg(), JSObject::kElementsOffset));
- if (FLAG_debug_code) {
- __ cmp(FieldOperand(elements.reg(), HeapObject::kMapOffset),
- Immediate(Factory::fixed_array_map()));
- __ Assert(equal, "JSObject with fast elements map has slow elements");
- }
+ __ AssertFastElements(elements.reg());
// Check that the key is within bounds.
__ cmp(key.reg(),
__ cmp(ecx, Factory::undefined_value());
__ j(equal, &slow_case);
+ if (FLAG_debug_code) {
+ const char* message;
+ Handle<Map> expected_map;
+ if (mode_ == CLONE_ELEMENTS) {
+ message = "Expected (writable) fixed array";
+ expected_map = Factory::fixed_array_map();
+ } else {
+ ASSERT(mode_ == COPY_ON_WRITE_ELEMENTS);
+ message = "Expected copy-on-write fixed array";
+ expected_map = Factory::fixed_cow_array_map();
+ }
+ __ push(ecx);
+ __ mov(ecx, FieldOperand(ecx, JSArray::kElementsOffset));
+ __ cmp(FieldOperand(ecx, HeapObject::kMapOffset), expected_map);
+ __ Assert(equal, message);
+ __ pop(ecx);
+ }
+
// Allocate both the JS array and the elements array in one big
// allocation. This avoids multiple limit checks.
__ AllocateInNewSpace(size, eax, ebx, edx, &slow_case, TAG_OBJECT);
__ push(FieldOperand(ebx, JSFunction::kLiteralsOffset));
__ push(Immediate(Smi::FromInt(expr->literal_index())));
__ push(Immediate(expr->constant_elements()));
- if (expr->depth() > 1) {
+ if (expr->constant_elements()->map() == Heap::fixed_cow_array_map()) {
+ FastCloneShallowArrayStub stub(
+ FastCloneShallowArrayStub::COPY_ON_WRITE_ELEMENTS, length);
+ __ CallStub(&stub);
+ __ IncrementCounter(&Counters::cow_arrays_created_stub, 1);
+ } else if (expr->depth() > 1) {
__ CallRuntime(Runtime::kCreateArrayLiteral, 3);
- } else if (length > FastCloneShallowArrayStub::kMaximumLength) {
+ } else if (length > FastCloneShallowArrayStub::kMaximumClonedLength) {
__ CallRuntime(Runtime::kCreateArrayLiteralShallow, 3);
} else {
- FastCloneShallowArrayStub stub(length);
+ FastCloneShallowArrayStub stub(
+ FastCloneShallowArrayStub::CLONE_ELEMENTS, length);
__ CallStub(&stub);
}
// Loads an indexed element from a fast case array.
+// If not_fast_array is NULL, doesn't perform the elements map check.
static void GenerateFastArrayLoad(MacroAssembler* masm,
Register receiver,
Register key,
// we fall through.
__ mov(scratch, FieldOperand(receiver, JSObject::kElementsOffset));
- // Check that the object is in fast mode (not dictionary).
- __ CheckMap(scratch, Factory::fixed_array_map(), not_fast_array, true);
+ if (not_fast_array != NULL) {
+ // Check that the object is in fast mode and writable.
+ __ CheckMap(scratch, Factory::fixed_array_map(), not_fast_array, true);
+ } else {
+ __ AssertFastElements(scratch);
+ }
// Check that the key (index) is within bounds.
__ cmp(key, FieldOperand(scratch, FixedArray::kLengthOffset));
__ j(above_equal, out_of_range);
GenerateKeyedLoadReceiverCheck(
masm, edx, ecx, Map::kHasIndexedInterceptor, &slow);
+ // Check the "has fast elements" bit in the receiver's map which is
+ // now in ecx.
+ __ test_b(FieldOperand(ecx, Map::kBitField2Offset),
+ 1 << Map::kHasFastElements);
+ __ j(zero, &check_pixel_array, not_taken);
+
GenerateFastArrayLoad(masm,
edx,
eax,
ecx,
eax,
- &check_pixel_array,
+ NULL,
&slow);
__ IncrementCounter(&Counters::keyed_load_generic_smi, 1);
__ ret(0);
// Check whether the elements is a pixel array.
// edx: receiver
// eax: key
- // ecx: elements
+ __ mov(ecx, FieldOperand(edx, JSObject::kElementsOffset));
__ mov(ebx, eax);
__ SmiUntag(ebx);
__ CheckMap(ecx, Factory::pixel_array_map(), &check_number_dictionary, true);
// edx: JSObject
// ecx: key (a smi)
__ mov(edi, FieldOperand(edx, JSObject::kElementsOffset));
- // Check that the object is in fast mode (not dictionary).
+ // Check that the object is in fast mode and writable.
__ CheckMap(edi, Factory::fixed_array_map(), &check_pixel_array, true);
__ cmp(ecx, FieldOperand(edi, FixedArray::kLengthOffset));
__ j(below, &fast, taken);
__ jmp(&fast);
// Array case: Get the length and the elements array from the JS
- // array. Check that the array is in fast mode; if it is the
- // length is always a smi.
+ // array. Check that the array is in fast mode (and writable); if it
+ // is the length is always a smi.
__ bind(&array);
// eax: value
// edx: receiver, a JSArray
__ j(not_equal, &miss, not_taken);
// Check that elements are FixedArray.
+ // We rely on StoreIC_ArrayLength below to deal with all types of
+ // fast elements (including COW).
__ mov(scratch, FieldOperand(receiver, JSArray::kElementsOffset));
__ CmpObjectType(scratch, FIXED_ARRAY_TYPE, scratch);
__ j(not_equal, &miss, not_taken);
}
+void MacroAssembler::AssertFastElements(Register elements) {
+ if (FLAG_debug_code) {
+ Label ok;
+ cmp(FieldOperand(elements, HeapObject::kMapOffset),
+ Immediate(Factory::fixed_array_map()));
+ j(equal, &ok);
+ cmp(FieldOperand(elements, HeapObject::kMapOffset),
+ Immediate(Factory::fixed_cow_array_map()));
+ j(equal, &ok);
+ Abort("JSObject with fast elements map has slow elements");
+ bind(&ok);
+ }
+}
+
+
void MacroAssembler::Check(Condition cc, const char* msg) {
Label L;
j(cc, &L, taken);
// Use --debug_code to enable.
void Assert(Condition cc, const char* msg);
+ void AssertFastElements(Register elements);
+
// Like Assert(), but always enabled.
void Check(Condition cc, const char* msg);
__ mov(eax, FieldOperand(edx, JSArray::kLengthOffset));
__ ret((argc + 1) * kPointerSize);
} else {
+ Label call_builtin;
+
// Get the elements array of the object.
__ mov(ebx, FieldOperand(edx, JSArray::kElementsOffset));
- // Check that the elements are in fast mode (not dictionary).
+ // Check that the elements are in fast mode and writable.
__ cmp(FieldOperand(ebx, HeapObject::kMapOffset),
Immediate(Factory::fixed_array_map()));
- __ j(not_equal, &miss);
+ __ j(not_equal, &call_builtin);
if (argc == 1) { // Otherwise fall through to call builtin.
- Label call_builtin, exit, with_write_barrier, attempt_to_grow_elements;
+ Label exit, with_write_barrier, attempt_to_grow_elements;
// Get the array's length into eax and calculate new length.
__ mov(eax, FieldOperand(edx, JSArray::kLengthOffset));
// Elements are in new space, so write barrier is not required.
__ ret((argc + 1) * kPointerSize);
-
- __ bind(&call_builtin);
}
+ __ bind(&call_builtin);
__ TailCallExternalReference(ExternalReference(Builtins::c_ArrayPush),
argc + 1,
1);
// Get the elements array of the object.
__ mov(ebx, FieldOperand(edx, JSArray::kElementsOffset));
- // Check that the elements are in fast mode (not dictionary).
+ // Check that the elements are in fast mode and writable.
__ cmp(FieldOperand(ebx, HeapObject::kMapOffset),
Immediate(Factory::fixed_array_map()));
- __ j(not_equal, &miss);
+ __ j(not_equal, &call_builtin);
// Get the array's length into ecx and calculate new length.
__ mov(ecx, FieldOperand(edx, JSArray::kLengthOffset));
map()->NextFreePropertyIndex()));
}
ASSERT(map()->has_fast_elements() ==
- (elements()->map() == Heap::fixed_array_map()));
+ (elements()->map() == Heap::fixed_array_map() ||
+ elements()->map() == Heap::fixed_cow_array_map()));
ASSERT(map()->has_fast_elements() == HasFastElements());
}
void JSObject::set_elements(HeapObject* value, WriteBarrierMode mode) {
ASSERT(map()->has_fast_elements() ==
- (value->map() == Heap::fixed_array_map()));
+ (value->map() == Heap::fixed_array_map() ||
+ value->map() == Heap::fixed_cow_array_map()));
// In the assert below Dictionary is covered under FixedArray.
ASSERT(value->IsFixedArray() || value->IsPixelArray() ||
value->IsExternalArray());
void FixedArray::set(int index, Smi* value) {
+ ASSERT(map() != Heap::fixed_cow_array_map());
ASSERT(reinterpret_cast<Object*>(value)->IsSmi());
int offset = kHeaderSize + index * kPointerSize;
WRITE_FIELD(this, offset, value);
void FixedArray::set(int index, Object* value) {
+ ASSERT(map() != Heap::fixed_cow_array_map());
ASSERT(index >= 0 && index < this->length());
int offset = kHeaderSize + index * kPointerSize;
WRITE_FIELD(this, offset, value);
void FixedArray::set(int index,
Object* value,
WriteBarrierMode mode) {
+ ASSERT(map() != Heap::fixed_cow_array_map());
ASSERT(index >= 0 && index < this->length());
int offset = kHeaderSize + index * kPointerSize;
WRITE_FIELD(this, offset, value);
void FixedArray::fast_set(FixedArray* array, int index, Object* value) {
+ ASSERT(array->map() != Heap::raw_unchecked_fixed_cow_array_map());
ASSERT(index >= 0 && index < array->length());
ASSERT(!Heap::InNewSpace(value));
WRITE_FIELD(array, kHeaderSize + index * kPointerSize, value);
void FixedArray::set_undefined(int index) {
+ ASSERT(map() != Heap::fixed_cow_array_map());
ASSERT(index >= 0 && index < this->length());
ASSERT(!Heap::InNewSpace(Heap::undefined_value()));
WRITE_FIELD(this, kHeaderSize + index * kPointerSize,
void FixedArray::set_null(int index) {
+ ASSERT(map() != Heap::fixed_cow_array_map());
ASSERT(index >= 0 && index < this->length());
ASSERT(!Heap::InNewSpace(Heap::null_value()));
WRITE_FIELD(this, kHeaderSize + index * kPointerSize, Heap::null_value());
void FixedArray::set_the_hole(int index) {
+ ASSERT(map() != Heap::fixed_cow_array_map());
ASSERT(index >= 0 && index < this->length());
ASSERT(!Heap::InNewSpace(Heap::the_hole_value()));
WRITE_FIELD(this, kHeaderSize + index * kPointerSize, Heap::the_hole_value());
}
+void FixedArray::set_unchecked(int index, Smi* value) {
+ ASSERT(reinterpret_cast<Object*>(value)->IsSmi());
+ int offset = kHeaderSize + index * kPointerSize;
+ WRITE_FIELD(this, offset, value);
+}
+
+
+void FixedArray::set_null_unchecked(int index) {
+ ASSERT(index >= 0 && index < this->length());
+ ASSERT(!Heap::InNewSpace(Heap::null_value()));
+ WRITE_FIELD(this, kHeaderSize + index * kPointerSize, Heap::null_value());
+}
+
+
Object** FixedArray::data_start() {
return HeapObject::RawField(this, kHeaderSize);
}
if (obj->IsFailure()) return obj;
Map* new_map = Map::cast(obj);
new_map->set_has_fast_elements(true);
+ Counters::map_slow_to_fast_elements.Increment();
return new_map;
}
if (obj->IsFailure()) return obj;
Map* new_map = Map::cast(obj);
new_map->set_has_fast_elements(false);
+ Counters::map_fast_to_slow_elements.Increment();
return new_map;
}
JSObject::ElementsKind JSObject::GetElementsKind() {
+ if (map()->has_fast_elements()) {
+ ASSERT(elements()->map() == Heap::fixed_array_map() ||
+ elements()->map() == Heap::fixed_cow_array_map());
+ return FAST_ELEMENTS;
+ }
HeapObject* array = elements();
if (array->IsFixedArray()) {
- // FAST_ELEMENTS or DICTIONARY_ELEMENTS are both stored in a FixedArray.
- if (array->map() == Heap::fixed_array_map()) {
- ASSERT(map()->has_fast_elements());
- return FAST_ELEMENTS;
- }
+ // FAST_ELEMENTS or DICTIONARY_ELEMENTS are both stored in a
+ // FixedArray, but FAST_ELEMENTS is already handled above.
ASSERT(array->IsDictionary());
- ASSERT(!map()->has_fast_elements());
return DICTIONARY_ELEMENTS;
}
- ASSERT(!map()->has_fast_elements());
if (array->IsExternalArray()) {
switch (array->map()->instance_type()) {
case EXTERNAL_BYTE_ARRAY_TYPE:
}
+Object* JSObject::EnsureWritableFastElements() {
+ ASSERT(HasFastElements());
+ FixedArray* elems = FixedArray::cast(elements());
+ if (elems->map() != Heap::fixed_cow_array_map()) return elems;
+ Object* writable_elems = Heap::CopyFixedArray(elems);
+ if (writable_elems->IsFailure()) return writable_elems;
+ FixedArray::cast(writable_elems)->set_map(Heap::fixed_array_map());
+ set_elements(FixedArray::cast(writable_elems));
+ Counters::cow_arrays_converted.Increment();
+ return writable_elems;
+}
+
+
StringDictionary* JSObject::property_dictionary() {
ASSERT(!HasFastProperties());
return StringDictionary::cast(properties());
ASSERT(!HasPixelElements() && !HasExternalArrayElements());
switch (GetElementsKind()) {
case FAST_ELEMENTS: {
+ Object* obj = EnsureWritableFastElements();
+ if (obj->IsFailure()) return obj;
uint32_t length = IsJSArray() ?
static_cast<uint32_t>(Smi::cast(JSArray::cast(this)->length())->value()) :
static_cast<uint32_t>(FixedArray::cast(elements())->length());
switch (GetElementsKind()) {
case FAST_ELEMENTS: {
+ Object* obj = EnsureWritableFastElements();
+ if (obj->IsFailure()) return obj;
uint32_t length = IsJSArray() ?
static_cast<uint32_t>(Smi::cast(JSArray::cast(this)->length())->value()) :
static_cast<uint32_t>(FixedArray::cast(elements())->length());
ASSERT(target->IsHeapObject());
if (!target->IsMarked()) {
ASSERT(target->IsMap());
- contents->set(i + 1, NullDescriptorDetails);
- contents->set_null(i);
+ contents->set_unchecked(i + 1, NullDescriptorDetails);
+ contents->set_null_unchecked(i);
ASSERT(target->prototype() == this ||
target->prototype() == real_prototype);
// Getter prototype() is read-only, set_prototype() has side effects.
int old_capacity = FixedArray::cast(elements())->length();
if (value <= old_capacity) {
if (IsJSArray()) {
+ Object* obj = EnsureWritableFastElements();
+ if (obj->IsFailure()) return obj;
int old_length = FastD2I(JSArray::cast(this)->length()->Number());
// NOTE: We may be able to optimize this by removing the
// last part of the elements backing storage array and
Object* JSObject::SetFastElement(uint32_t index, Object* value) {
ASSERT(HasFastElements());
- FixedArray* elms = FixedArray::cast(elements());
+ Object* elms_obj = EnsureWritableFastElements();
+ if (elms_obj->IsFailure()) return elms_obj;
+ FixedArray* elms = FixedArray::cast(elms_obj);
uint32_t elms_length = static_cast<uint32_t>(elms->length());
if (!IsJSArray() && (index >= elms_length || elms->get(index)->IsTheHole())) {
return SetElement(index, value);
}
+
Object* JSObject::SetElement(uint32_t index, Object* value) {
// Check access rights if needed.
if (IsAccessCheckNeeded() &&
set_map(new_map);
set_elements(fast_elements);
+ } else {
+ Object* obj = EnsureWritableFastElements();
+ if (obj->IsFailure()) return obj;
}
ASSERT(HasFastElements());
public:
enum DeleteMode { NORMAL_DELETION, FORCE_DELETION };
enum ElementsKind {
+ // The only "fast" kind.
FAST_ELEMENTS,
+ // All the kinds below are "slow".
DICTIONARY_ELEMENTS,
PIXEL_ELEMENTS,
EXTERNAL_BYTE_ELEMENTS,
inline StringDictionary* property_dictionary(); // Gets slow properties.
// [elements]: The elements (properties with names that are integers).
- // elements is a FixedArray in the fast case, a Dictionary in the slow
- // case, and a PixelArray or ExternalArray in special cases.
+ //
+ // Elements can be in two general modes: fast and slow. Each mode
+ // corrensponds to a set of object representations of elements that
+ // have something in common.
+ //
+ // In the fast mode elements is a FixedArray and so each element can
+ // be quickly accessed. This fact is used in the generated code. The
+ // elements array can have one of the two maps in this mode:
+ // fixed_array_map or fixed_cow_array_map (for copy-on-write
+ // arrays). In the latter case the elements array may be shared by a
+ // few objects and so before writing to any element the array must
+ // be copied. Use EnsureWritableFastElements in this case.
+ //
+ // In the slow mode elements is either a NumberDictionary or a
+ // PixelArray or an ExternalArray.
DECL_ACCESSORS(elements, HeapObject)
inline void initialize_elements();
inline Object* ResetElements();
inline bool HasExternalFloatElements();
inline bool AllowsSetElementsLength();
inline NumberDictionary* element_dictionary(); // Gets slow elements.
+ // Requires: this->HasFastElements().
+ inline Object* EnsureWritableFastElements();
// Collects elements starting at index 0.
// Undefined values are placed after non-undefined values.
inline void set_null(int index);
inline void set_the_hole(int index);
+ // Setters with less debug checks for the GC to use.
+ inline void set_unchecked(int index, Smi* value);
+ inline void set_null_unchecked(int index);
+
// Gives access to raw memory which stores the array's data.
inline Object** data_start();
inline bool is_extensible();
// Tells whether the instance has fast elements.
- void set_has_fast_elements(bool value) {
+ // Equivalent to instance->GetElementsKind() == FAST_ELEMENTS.
+ inline void set_has_fast_elements(bool value) {
if (value) {
set_bit_field2(bit_field2() | (1 << kHasFastElements));
} else {
}
}
- bool has_fast_elements() {
+ inline bool has_fast_elements() {
return ((1 << kHasFastElements) & bit_field2()) != 0;
}
}
}
+ // Simple and shallow arrays can be lazily copied, we transform the
+ // elements array to a copy-on-write array.
+ if (is_simple && depth == 1 && values.length() > 0) {
+ literals->set_map(Heap::fixed_cow_array_map());
+ }
+
return NEW(ArrayLiteral(literals, values.elements(),
literal_index, is_simple, depth));
}
return lit != NULL && lit->is_simple();
}
+
+bool CompileTimeValue::ArrayLiteralElementNeedsInitialization(
+ Expression* value) {
+ // If value is a literal the property value is already set in the
+ // boilerplate object.
+ if (value->AsLiteral() != NULL) return false;
+ // If value is a materialized literal the property value is already set
+ // in the boilerplate object if it is simple.
+ if (CompileTimeValue::IsCompileTimeValue(value)) return false;
+ return true;
+}
+
+
Handle<FixedArray> CompileTimeValue::GetValue(Expression* expression) {
ASSERT(IsCompileTimeValue(expression));
Handle<FixedArray> result = Factory::NewFixedArray(2, TENURED);
static bool IsCompileTimeValue(Expression* expression);
+ static bool ArrayLiteralElementNeedsInitialization(Expression* value);
+
// Get the value as a compile time value.
static Handle<FixedArray> GetValue(Expression* expression);
switch (copy->GetElementsKind()) {
case JSObject::FAST_ELEMENTS: {
FixedArray* elements = FixedArray::cast(copy->elements());
- for (int i = 0; i < elements->length(); i++) {
- Object* value = elements->get(i);
- if (value->IsJSObject()) {
- JSObject* js_object = JSObject::cast(value);
- result = DeepCopyBoilerplate(js_object);
- if (result->IsFailure()) return result;
- elements->set(i, result);
+ if (elements->map() == Heap::fixed_cow_array_map()) {
+ Counters::cow_arrays_created_runtime.Increment();
+#ifdef DEBUG
+ for (int i = 0; i < elements->length(); i++) {
+ ASSERT(!elements->get(i)->IsJSObject());
+ }
+#endif
+ } else {
+ for (int i = 0; i < elements->length(); i++) {
+ Object* value = elements->get(i);
+ if (value->IsJSObject()) {
+ JSObject* js_object = JSObject::cast(value);
+ result = DeepCopyBoilerplate(js_object);
+ if (result->IsFailure()) return result;
+ elements->set(i, result);
+ }
}
}
break;
JSFunction::GlobalContextFromLiterals(*literals)->array_function());
Handle<Object> object = Factory::NewJSObject(constructor);
- Handle<Object> copied_elements = Factory::CopyFixedArray(elements);
+ const bool is_cow = (elements->map() == Heap::fixed_cow_array_map());
+ Handle<FixedArray> copied_elements =
+ is_cow ? elements : Factory::CopyFixedArray(elements);
Handle<FixedArray> content = Handle<FixedArray>::cast(copied_elements);
- for (int i = 0; i < content->length(); i++) {
- if (content->get(i)->IsFixedArray()) {
- // The value contains the constant_properties of a
- // simple object literal.
- Handle<FixedArray> fa(FixedArray::cast(content->get(i)));
- Handle<Object> result =
- CreateLiteralBoilerplate(literals, fa);
- if (result.is_null()) return result;
- content->set(i, *result);
+ if (is_cow) {
+#ifdef DEBUG
+ // Copy-on-write arrays must be shallow (and simple).
+ for (int i = 0; i < content->length(); i++) {
+ ASSERT(!content->get(i)->IsFixedArray());
+ }
+#endif
+ } else {
+ for (int i = 0; i < content->length(); i++) {
+ if (content->get(i)->IsFixedArray()) {
+ // The value contains the constant_properties of a
+ // simple object literal.
+ Handle<FixedArray> fa(FixedArray::cast(content->get(i)));
+ Handle<Object> result =
+ CreateLiteralBoilerplate(literals, fa);
+ if (result.is_null()) return result;
+ content->set(i, *result);
+ }
}
}
// Update the functions literal and return the boilerplate.
literals->set(literals_index, *boilerplate);
}
+ if (JSObject::cast(*boilerplate)->elements()->map() ==
+ Heap::fixed_cow_array_map()) {
+ Counters::cow_arrays_created_runtime.Increment();
+ }
return Heap::CopyJSObject(JSObject::cast(*boilerplate));
}
int year, month, day;
DateYMDFromTime(static_cast<int>(floor(t / 86400000)), year, month, day);
- res_array->SetElement(0, Smi::FromInt(year));
- res_array->SetElement(1, Smi::FromInt(month));
- res_array->SetElement(2, Smi::FromInt(day));
+ RUNTIME_ASSERT(res_array->elements()->map() == Heap::fixed_array_map());
+ FixedArray* elms = FixedArray::cast(res_array->elements());
+ RUNTIME_ASSERT(elms->length() == 3);
+
+ elms->set(0, Smi::FromInt(year));
+ elms->set(1, Smi::FromInt(month));
+ elms->set(2, Smi::FromInt(day));
return Heap::undefined_value();
}
CONVERT_CHECKED(JSArray, to, args[1]);
HeapObject* new_elements = from->elements();
Object* new_map;
- if (new_elements->map() == Heap::fixed_array_map()) {
+ if (new_elements->map() == Heap::fixed_array_map() ||
+ new_elements->map() == Heap::fixed_cow_array_map()) {
new_map = to->map()->GetFastElementsMap();
} else {
new_map = to->map()->GetSlowElementsMap();
// would cause dupes.
ASSERT(!o->IsScript());
return o->IsString() || o->IsSharedFunctionInfo() ||
- o->IsHeapNumber() || o->IsCode();
+ o->IsHeapNumber() || o->IsCode() ||
+ o->map() == Heap::fixed_cow_array_map();
}
private:
V8.GCCompactorCausedByWeakHandles) \
SC(gc_last_resort_from_js, V8.GCLastResortFromJS) \
SC(gc_last_resort_from_handles, V8.GCLastResortFromHandles) \
+ SC(map_slow_to_fast_elements, V8.MapSlowToFastElements) \
+ SC(map_fast_to_slow_elements, V8.MapFastToSlowElements) \
/* How is the generic keyed-load stub used? */ \
SC(keyed_load_generic_smi, V8.KeyedLoadGenericSmi) \
SC(keyed_load_generic_symbol, V8.KeyedLoadGenericSymbol) \
SC(named_store_global_inline_miss, V8.NamedStoreGlobalInlineMiss) \
SC(store_normal_miss, V8.StoreNormalMiss) \
SC(store_normal_hit, V8.StoreNormalHit) \
+ SC(cow_arrays_created_stub, V8.COWArraysCreatedStub) \
+ SC(cow_arrays_created_runtime, V8.COWArraysCreatedRuntime) \
+ SC(cow_arrays_converted, V8.COWArraysConverted) \
SC(call_miss, V8.CallMiss) \
SC(keyed_call_miss, V8.KeyedCallMiss) \
SC(load_miss, V8.LoadMiss) \
frame_->Push(node->constant_elements());
int length = node->values()->length();
Result clone;
- if (node->depth() > 1) {
+ if (node->constant_elements()->map() == Heap::fixed_cow_array_map()) {
+ FastCloneShallowArrayStub stub(
+ FastCloneShallowArrayStub::COPY_ON_WRITE_ELEMENTS, length);
+ clone = frame_->CallStub(&stub, 3);
+ __ IncrementCounter(&Counters::cow_arrays_created_stub, 1);
+ } else if (node->depth() > 1) {
clone = frame_->CallRuntime(Runtime::kCreateArrayLiteral, 3);
- } else if (length > FastCloneShallowArrayStub::kMaximumLength) {
+ } else if (length > FastCloneShallowArrayStub::kMaximumClonedLength) {
clone = frame_->CallRuntime(Runtime::kCreateArrayLiteralShallow, 3);
} else {
- FastCloneShallowArrayStub stub(length);
+ FastCloneShallowArrayStub stub(
+ FastCloneShallowArrayStub::CLONE_ELEMENTS, length);
clone = frame_->CallStub(&stub, 3);
}
frame_->Push(&clone);
for (int i = 0; i < length; i++) {
Expression* value = node->values()->at(i);
- // If value is a literal the property value is already set in the
- // boilerplate object.
- if (value->AsLiteral() != NULL) continue;
- // If value is a materialized literal the property value is already set
- // in the boilerplate object if it is simple.
- if (CompileTimeValue::IsCompileTimeValue(value)) continue;
+ if (!CompileTimeValue::ArrayLiteralElementNeedsInitialization(value)) {
+ continue;
+ }
// The property must be set by generated code.
Load(value);
Immediate(KeyedLoadIC::kSlowCaseBitFieldMask));
deferred->Branch(not_zero);
- // Check the object's elements are in fast case.
+ // Check the object's elements are in fast case and writable.
__ movq(tmp1.reg(), FieldOperand(object.reg(), JSObject::kElementsOffset));
__ CompareRoot(FieldOperand(tmp1.reg(), HeapObject::kMapOffset),
Heap::kFixedArrayMapRootIndex);
// Check that the key is a non-negative smi.
__ JumpIfNotPositiveSmi(key.reg(), deferred->entry_label());
- // Get the elements array from the receiver and check that it
- // is not a dictionary.
+ // Get the elements array from the receiver.
__ movq(elements.reg(),
FieldOperand(receiver.reg(), JSObject::kElementsOffset));
- if (FLAG_debug_code) {
- __ Cmp(FieldOperand(elements.reg(), HeapObject::kMapOffset),
- Factory::fixed_array_map());
- __ Assert(equal, "JSObject with fast elements map has slow elements");
- }
+ __ AssertFastElements(elements.reg());
// Check that key is within bounds.
__ SmiCompare(key.reg(),
__ CompareRoot(rcx, Heap::kUndefinedValueRootIndex);
__ j(equal, &slow_case);
+ if (FLAG_debug_code) {
+ const char* message;
+ Heap::RootListIndex expected_map_index;
+ if (mode_ == CLONE_ELEMENTS) {
+ message = "Expected (writable) fixed array";
+ expected_map_index = Heap::kFixedArrayMapRootIndex;
+ } else {
+ ASSERT(mode_ == COPY_ON_WRITE_ELEMENTS);
+ message = "Expected copy-on-write fixed array";
+ expected_map_index = Heap::kFixedCOWArrayMapRootIndex;
+ }
+ __ push(rcx);
+ __ movq(rcx, FieldOperand(rcx, JSArray::kElementsOffset));
+ __ CompareRoot(FieldOperand(rcx, HeapObject::kMapOffset),
+ expected_map_index);
+ __ Assert(equal, message);
+ __ pop(rcx);
+ }
+
// Allocate both the JS array and the elements array in one big
// allocation. This avoids multiple limit checks.
__ AllocateInNewSpace(size, rax, rbx, rdx, &slow_case, TAG_OBJECT);
__ push(FieldOperand(rbx, JSFunction::kLiteralsOffset));
__ Push(Smi::FromInt(expr->literal_index()));
__ Push(expr->constant_elements());
- if (expr->depth() > 1) {
+ if (expr->constant_elements()->map() == Heap::fixed_cow_array_map()) {
+ FastCloneShallowArrayStub stub(
+ FastCloneShallowArrayStub::COPY_ON_WRITE_ELEMENTS, length);
+ __ CallStub(&stub);
+ __ IncrementCounter(&Counters::cow_arrays_created_stub, 1);
+ } else if (expr->depth() > 1) {
__ CallRuntime(Runtime::kCreateArrayLiteral, 3);
- } else if (length > FastCloneShallowArrayStub::kMaximumLength) {
+ } else if (length > FastCloneShallowArrayStub::kMaximumClonedLength) {
__ CallRuntime(Runtime::kCreateArrayLiteralShallow, 3);
} else {
- FastCloneShallowArrayStub stub(length);
+ FastCloneShallowArrayStub stub(
+ FastCloneShallowArrayStub::CLONE_ELEMENTS, length);
__ CallStub(&stub);
}
// Loads an indexed element from a fast case array.
+// If not_fast_array is NULL, doesn't perform the elements map check.
static void GenerateFastArrayLoad(MacroAssembler* masm,
Register receiver,
Register key,
// scratch - used to hold elements of the receiver and the loaded value.
__ movq(elements, FieldOperand(receiver, JSObject::kElementsOffset));
- // Check that the object is in fast mode (not dictionary).
- __ CompareRoot(FieldOperand(elements, HeapObject::kMapOffset),
- Heap::kFixedArrayMapRootIndex);
- __ j(not_equal, not_fast_array);
+ if (not_fast_array != NULL) {
+ // Check that the object is in fast mode and writable.
+ __ CompareRoot(FieldOperand(elements, HeapObject::kMapOffset),
+ Heap::kFixedArrayMapRootIndex);
+ __ j(not_equal, not_fast_array);
+ } else {
+ __ AssertFastElements(elements);
+ }
// Check that the key (index) is within bounds.
__ SmiCompare(key, FieldOperand(elements, FixedArray::kLengthOffset));
// Unsigned comparison rejects negative indices.
GenerateKeyedLoadReceiverCheck(
masm, rdx, rcx, Map::kHasIndexedInterceptor, &slow);
+ // Check the "has fast elements" bit in the receiver's map which is
+ // now in rcx.
+ __ testb(FieldOperand(rcx, Map::kBitField2Offset),
+ Immediate(1 << Map::kHasFastElements));
+ __ j(zero, &check_pixel_array);
+
GenerateFastArrayLoad(masm,
rdx,
rax,
rcx,
rbx,
rax,
- &check_pixel_array,
+ NULL,
&slow);
__ IncrementCounter(&Counters::keyed_load_generic_smi, 1);
__ ret(0);
// Check whether the elements object is a pixel array.
// rdx: receiver
// rax: key
- // rcx: elements array
+ __ movq(rcx, FieldOperand(rdx, JSObject::kElementsOffset));
__ SmiToInteger32(rbx, rax); // Used on both directions of next branch.
__ CompareRoot(FieldOperand(rcx, HeapObject::kMapOffset),
Heap::kPixelArrayMapRootIndex);
// rdx: JSObject
// rcx: index
__ movq(rbx, FieldOperand(rdx, JSObject::kElementsOffset));
- // Check that the object is in fast mode (not dictionary).
+ // Check that the object is in fast mode and writable.
__ CompareRoot(FieldOperand(rbx, HeapObject::kMapOffset),
Heap::kFixedArrayMapRootIndex);
__ j(not_equal, &check_pixel_array);
__ jmp(&fast);
// Array case: Get the length and the elements array from the JS
- // array. Check that the array is in fast mode; if it is the
- // length is always a smi.
+ // array. Check that the array is in fast mode (and writable); if it
+ // is the length is always a smi.
__ bind(&array);
// rax: value
// rdx: receiver (a JSArray)
__ j(not_equal, &miss);
// Check that elements are FixedArray.
+ // We rely on StoreIC_ArrayLength below to deal with all types of
+ // fast elements (including COW).
__ movq(scratch, FieldOperand(receiver, JSArray::kElementsOffset));
__ CmpObjectType(scratch, FIXED_ARRAY_TYPE, scratch);
__ j(not_equal, &miss);
}
+void MacroAssembler::AssertFastElements(Register elements) {
+ if (FLAG_debug_code) {
+ Label ok;
+ CompareRoot(FieldOperand(elements, HeapObject::kMapOffset),
+ Heap::kFixedArrayMapRootIndex);
+ j(equal, &ok);
+ CompareRoot(FieldOperand(elements, HeapObject::kMapOffset),
+ Heap::kFixedCOWArrayMapRootIndex);
+ j(equal, &ok);
+ Abort("JSObject with fast elements map has slow elements");
+ bind(&ok);
+ }
+}
+
+
void MacroAssembler::Check(Condition cc, const char* msg) {
Label L;
j(cc, &L);
// Use --debug_code to enable.
void Assert(Condition cc, const char* msg);
+ void AssertFastElements(Register elements);
+
// Like Assert(), but always enabled.
void Check(Condition cc, const char* msg);
__ movq(rax, FieldOperand(rdx, JSArray::kLengthOffset));
__ ret((argc + 1) * kPointerSize);
} else {
+ Label call_builtin;
+
// Get the elements array of the object.
__ movq(rbx, FieldOperand(rdx, JSArray::kElementsOffset));
- // Check that the elements are in fast mode (not dictionary).
+ // Check that the elements are in fast mode and writable.
__ Cmp(FieldOperand(rbx, HeapObject::kMapOffset),
Factory::fixed_array_map());
- __ j(not_equal, &miss);
+ __ j(not_equal, &call_builtin);
if (argc == 1) { // Otherwise fall through to call builtin.
- Label call_builtin, exit, with_write_barrier, attempt_to_grow_elements;
+ Label exit, with_write_barrier, attempt_to_grow_elements;
// Get the array's length into rax and calculate new length.
__ SmiToInteger32(rax, FieldOperand(rdx, JSArray::kLengthOffset));
// Push the argument...
__ movq(Operand(rdx, 0), rcx);
// ... and fill the rest with holes.
- __ Move(kScratchRegister, Factory::the_hole_value());
+ __ LoadRoot(kScratchRegister, Heap::kTheHoleValueRootIndex);
for (int i = 1; i < kAllocationDelta; i++) {
__ movq(Operand(rdx, i * kPointerSize), kScratchRegister);
}
// Increment element's and array's sizes.
__ SmiAddConstant(FieldOperand(rbx, FixedArray::kLengthOffset),
Smi::FromInt(kAllocationDelta));
+
// Make new length a smi before returning it.
__ Integer32ToSmi(rax, rax);
__ movq(FieldOperand(rdx, JSArray::kLengthOffset), rax);
+
// Elements are in new space, so write barrier is not required.
__ ret((argc + 1) * kPointerSize);
-
- __ bind(&call_builtin);
}
+ __ bind(&call_builtin);
__ TailCallExternalReference(ExternalReference(Builtins::c_ArrayPush),
argc + 1,
1);
String* name,
CheckType check) {
// ----------- S t a t e -------------
- // -- ecx : name
- // -- esp[0] : return address
- // -- esp[(argc - n) * 4] : arg[n] (zero-based)
+ // -- rcx : name
+ // -- rsp[0] : return address
+ // -- rsp[(argc - n) * 8] : arg[n] (zero-based)
// -- ...
- // -- esp[(argc + 1) * 4] : receiver
+ // -- rsp[(argc + 1) * 8] : receiver
// -----------------------------------
ASSERT(check == RECEIVER_MAP_CHECK);
// Get the elements array of the object.
__ movq(rbx, FieldOperand(rdx, JSArray::kElementsOffset));
- // Check that the elements are in fast mode (not dictionary).
- __ Cmp(FieldOperand(rbx, HeapObject::kMapOffset), Factory::fixed_array_map());
- __ j(not_equal, &miss);
+ // Check that the elements are in fast mode and writable.
+ __ CompareRoot(FieldOperand(rbx, HeapObject::kMapOffset),
+ Heap::kFixedArrayMapRootIndex);
+ __ j(not_equal, &call_builtin);
// Get the array's length into rcx and calculate new length.
__ SmiToInteger32(rcx, FieldOperand(rdx, JSArray::kLengthOffset));
__ j(negative, &return_undefined);
// Get the last element.
- __ Move(r9, Factory::the_hole_value());
+ __ LoadRoot(r9, Heap::kTheHoleValueRootIndex);
__ movq(rax, FieldOperand(rbx,
rcx, times_pointer_size,
FixedArray::kHeaderSize));
__ ret((argc + 1) * kPointerSize);
__ bind(&return_undefined);
-
- __ Move(rax, Factory::undefined_value());
+ __ LoadRoot(rax, Heap::kUndefinedValueRootIndex);
__ ret((argc + 1) * kPointerSize);
__ bind(&call_builtin);
__ TailCallExternalReference(ExternalReference(Builtins::c_ArrayPop),
argc + 1,
1);
+
__ bind(&miss);
Object* obj = GenerateMissBranch();
if (obj->IsFailure()) return obj;
projects / platform / upstream / v8.git / commitdiff