From f937e7daa5c64de98920a5bd5363017aa11d6038 Mon Sep 17 00:00:00 2001 From: "sgjesse@chromium.org" Date: Fri, 12 Feb 2010 13:49:57 +0000 Subject: [PATCH] Fix array allocation in generated code on x64 The porting of array allocation in generated code from ia32 to x64 wrongly assumed that a smi contained the actual number times 2. Removed the constant times_half_pointer_size, as it will probably not be needed. Review URL: http://codereview.chromium.org/596084 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3845 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/x64/assembler-x64.h | 1 - src/x64/builtins-x64.cc | 13 +++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/x64/assembler-x64.h b/src/x64/assembler-x64.h index c455a26..6c6f6a3 100644 --- a/src/x64/assembler-x64.h +++ b/src/x64/assembler-x64.h @@ -308,7 +308,6 @@ enum ScaleFactor { times_4 = 2, times_8 = 3, times_int_size = times_4, - times_half_pointer_size = times_4, times_pointer_size = times_8 }; diff --git a/src/x64/builtins-x64.cc b/src/x64/builtins-x64.cc index 0b7c90e..8482023 100644 --- a/src/x64/builtins-x64.cc +++ b/src/x64/builtins-x64.cc @@ -590,6 +590,7 @@ static void AllocateJSArray(MacroAssembler* masm, JSFunction::kPrototypeOrInitialMapOffset)); // Check whether an empty sized array is requested. + __ SmiToInteger64(array_size, array_size); __ testq(array_size, array_size); __ j(not_zero, ¬_empty); @@ -609,7 +610,7 @@ static void AllocateJSArray(MacroAssembler* masm, __ bind(¬_empty); ASSERT(kSmiTagSize == 1 && kSmiTag == 0); __ AllocateInNewSpace(JSArray::kSize + FixedArray::kHeaderSize, - times_half_pointer_size, // array_size is a smi. + times_pointer_size, array_size, result, elements_array_end, @@ -622,19 +623,20 @@ static void AllocateJSArray(MacroAssembler* masm, // result: JSObject // elements_array: initial map // elements_array_end: start of next object - // array_size: size of array (smi) + // array_size: size of array __ bind(&allocated); __ movq(FieldOperand(result, JSObject::kMapOffset), elements_array); __ Move(elements_array, Factory::empty_fixed_array()); __ movq(FieldOperand(result, JSArray::kPropertiesOffset), elements_array); // Field JSArray::kElementsOffset is initialized later. - __ movq(FieldOperand(result, JSArray::kLengthOffset), array_size); + __ Integer32ToSmi(scratch, array_size); + __ movq(FieldOperand(result, JSArray::kLengthOffset), scratch); // Calculate the location of the elements array and set elements array member // of the JSArray. // result: JSObject // elements_array_end: start of next object - // array_size: size of array (smi) + // array_size: size of array __ lea(elements_array, Operand(result, JSArray::kSize)); __ movq(FieldOperand(result, JSArray::kElementsOffset), elements_array); @@ -642,9 +644,8 @@ static void AllocateJSArray(MacroAssembler* masm, // result: JSObject // elements_array: elements array // elements_array_end: start of next object - // array_size: size of array (smi) + // array_size: size of array ASSERT(kSmiTag == 0); - __ SmiToInteger64(array_size, array_size); __ Move(FieldOperand(elements_array, JSObject::kMapOffset), Factory::fixed_array_map()); Label not_empty_2, fill_array; -- 2.7.4