projects / platform / upstream / v8.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e7e87c6)
X87: CallIC customization stubs must accept that a vector slot is cleared.
authorweiliang.lin@intel.com <weiliang.lin@intel.com@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Wed, 30 Jul 2014 08:21:42 +0000 (08:21 +0000)
committerweiliang.lin@intel.com <weiliang.lin@intel.com@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Wed, 30 Jul 2014 08:21:42 +0000 (08:21 +0000)
port r22668.

original commit message:
  CallIC customization stubs must accept that a vector slot is cleared.

  The CallIC Array custom IC stub read from the type vector, expecting
  to get an AllocationSite. But there are paths in the system where a type
  vector can be re-created with default values, even though we currently
  grant an exception to clearing of vector slots with AllocationSites in
  them at gc time.

BUG=
R=weiliang.lin@intel.com

Review URL: https://codereview.chromium.org/426203002

Patch from Chunyang Dai <chunyang.dai@intel.com>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22693 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/x87/code-stubs-x87.cc patch | blob | history

diff --git a/src/x87/code-stubs-x87.cc b/src/x87/code-stubs-x87.cc
index b31940d..39d78e3 100644 (file)
--- a/src/x87/code-stubs-x87.cc
+++ b/src/x87/code-stubs-x87.cc
@@ -2049,10 +2049,16 @@ void CallIC_ArrayStub::Generate(MacroAssembler* masm) {
   __ j(not_equal, &miss);
 
   __ mov(eax, arg_count());
-  __ mov(ebx, FieldOperand(ebx, edx, times_half_pointer_size,
+  __ mov(ecx, FieldOperand(ebx, edx, times_half_pointer_size,
                            FixedArray::kHeaderSize));
+
   // Verify that ecx contains an AllocationSite
-  __ AssertUndefinedOrAllocationSite(ebx);
+  Factory* factory = masm->isolate()->factory();
+  __ cmp(FieldOperand(ecx, HeapObject::kMapOffset),
+         factory->allocation_site_map());
+  __ j(not_equal, &miss);
+
+  __ mov(ebx, ecx);
   ArrayConstructorStub stub(masm->isolate(), arg_count());
   __ TailCallStub(&stub);
 
@@ -2123,7 +2129,11 @@ void CallICStub::Generate(MacroAssembler* masm) {
   __ j(equal, &miss);
 
   if (!FLAG_trace_ic) {
-    // We are going megamorphic, and we don't want to visit the runtime.
+    // We are going megamorphic. If the feedback is a JSFunction, it is fine
+    // to handle it here. More complex cases are dealt with in the runtime.
+    __ AssertNotSmi(ecx);
+    __ CmpObjectType(ecx, JS_FUNCTION_TYPE, ecx);
+    __ j(not_equal, &miss);
     __ mov(FieldOperand(ebx, edx, times_half_pointer_size,
                         FixedArray::kHeaderSize),
            Immediate(TypeFeedbackInfo::MegamorphicSentinel(isolate)));
Domain: Web Framework / Web Engine;