PPC: Array() in optimized code can create with wrong ElementsKind in corner cases.

Port 13459c1ae3caa4cc546c522177bac5450a3252bf

Original commit message:
Calling new Array(JSObject::kInitialMaxFastElementArray) in optimized code
makes a stub call that bails out due to the length. Currently, the bailout
code a) doesn't have the allocation site, and b) wouldn't use it if it did
because the length is perceived to be too high.

This CL passes the allocation site to the stub call (rather than undefined),
and alters the bailout code to utilize the feedback.

R=mvstanton@chromium.org, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1089913002

Cr-Commit-Position: refs/heads/master@{#27895}

diff --git a/src/ppc/lithium-codegen-ppc.cc b/src/ppc/lithium-codegen-ppc.cc
index 793658e..5538615 100644 (file)
--- a/src/ppc/lithium-codegen-ppc.cc
+++ b/src/ppc/lithium-codegen-ppc.cc
@@ -4301,7 +4301,14 @@ void LCodeGen::DoCallNewArray(LCallNewArray* instr) {
   DCHECK(ToRegister(instr->result()).is(r3));
 
   __ mov(r3, Operand(instr->arity()));
-  __ LoadRoot(r5, Heap::kUndefinedValueRootIndex);
+  if (instr->arity() == 1) {
+    // We only need the allocation site for the case we have a length argument.
+    // The case may bail out to the runtime, which will determine the correct
+    // elements kind with the site.
+    __ Move(r5, instr->hydrogen()->site());
+  } else {
+    __ LoadRoot(r5, Heap::kUndefinedValueRootIndex);
+  }
   ElementsKind kind = instr->hydrogen()->elements_kind();
   AllocationSiteOverrideMode override_mode =
       (AllocationSite::GetMode(kind) == TRACK_ALLOCATION_SITE)