[v8-dev] MIPS: Fix LFastLiteral to check boilerplate elements kind. (issue 10271018)

Mon, 30 Apr 2012 13:29:43 -0700 

Reviewers: Michael Starzinger, danno, Paul Lind, kisg, kalmard,

Description:
MIPS: Fix LFastLiteral to check boilerplate elements kind.

Port r11470 (621f96c0)

Original commit message:
Fix LFastLiteral to check boilerplate elements kind.

Adds a missing check that the elements kind of the boilerplate object
still has the expected elements kind, unoptimized code can transition
the boilerplate. Corner cases might cause the optimized code to be
reentered again.

BUG=
TEST=


Please review this at https://chromiumcodereview.appspot.com/10271018/

SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge

Affected files:
  M src/mips/lithium-codegen-mips.cc


Index: src/mips/lithium-codegen-mips.cc
diff --git a/src/mips/lithium-codegen-mips.cc b/src/mips/lithium-codegen-mips.cc index c0323e3521b7b3602e17422e4ae033ac99a3f701..ccda5268417c9e040e646735c4cbee729d759740 100644 
--- a/src/mips/lithium-codegen-mips.cc
+++ b/src/mips/lithium-codegen-mips.cc
@@ -4603,6 +4603,23 @@ void LCodeGen::EmitDeepCopy(Handle<JSObject> object,

 void LCodeGen::DoFastLiteral(LFastLiteral* instr) {
   int size = instr->hydrogen()->total_size();
+  ElementsKind boilerplate_elements_kind =
+      instr->hydrogen()->boilerplate()->GetElementsKind();
+
+ // Deopt if the literal boilerplate ElementsKind is of a type different than + // the expected one. The check isn't necessary if the boilerplate has already 
+  // been converted to FAST_ELEMENTS.
+  if (boilerplate_elements_kind != FAST_ELEMENTS) {
+    __ LoadHeapObject(a1, instr->hydrogen()->boilerplate());
+    // Load map into a2.
+    __ lw(a2, FieldMemOperand(a1, HeapObject::kMapOffset));
+    // Load the map's "bit field 2".
+    __ lbu(a2, FieldMemOperand(a2, Map::kBitField2Offset));
+    // Retrieve elements_kind from bit field 2.
+    __ Ext(a2, a2, Map::kElementsKindShift, Map::kElementsKindBitCount);
+    DeoptimizeIf(ne, instr->environment(), a2,
+        Operand(boilerplate_elements_kind));
+  }

   // Allocate all objects that are part of the literal in one big
   // allocation. This avoids multiple limit checks.


--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev

Reply via email to