Reviewers: Toon Verwaest, danno, Paul Lind, kisg,
Description:
MIPS: Sharing of descriptor arrays.
Port r12492 (479be376)
Original commit message:
This CL adds multiple things:
Transition arrays do not directly point at their descriptor array anymore,
but
rather do so via an indirect pointer (a JSGlobalPropertyCell).
An ownership bit is added to maps indicating whether it owns its own
descriptor
array or not.
Maps owning a descriptor array can pass on ownership if a transition from
that
map is generated; but only if the descriptor array stays exactly the same;
or if
a descriptor is added.
Maps that don't have ownership get ownership back if their direct child to
which
ownership was passed is cleared in ClearNonLiveTransitions.
To detect which descriptors in an array are valid, each map knows its own
NumberOfOwnDescriptors. Since the descriptors are sorted in order of
addition,
if we search and find a descriptor with index bigger than this number, it
is not
valid for the given map.
We currently still build up an enumeration cache (although this may
disappear).
The enumeration cache is always built for the entire descriptor array, even
if
not all descriptors are owned by the map. Once a descriptor array has an
enumeration cache for a given map; this invariant will always be true, even
if
the descriptor array was extended. The extended array will inherit the
enumeration cache from the smaller descriptor array. If a map with more
descriptors needs an enumeration cache, it's EnumLength will still be set to
invalid, so it will have to recompute the enumeration cache. This new cache
will
also be valid for smaller maps since they have their own enumlength; and use
this to loop over the cache. If the EnumLength is still invalid, but there
is
already a cache present that is big enough; we just initialize the
EnumLength
field for the map.
When we apply ClearNonLiveTransitions and descriptor ownership is passed
back to
a parent map, the descriptor array is trimmed in-place and resorted. At the
same
time, the enumeration cache is trimmed in-place.
Only transition arrays contain descriptor arrays. If we transition to a map
and
pass ownership of the descriptor array along, the child map will not store
the
descriptor array it owns. Rather its parent will keep the pointer. So for
every
leaf-map, we find the descriptor array by following the back pointer,
reading
out the transition array, and fetching the descriptor array from the
JSGlobalPropertyCell. If a map has a transition array, we fetch it from
there.
If a map has undefined as its back-pointer and has no transition array; it
is
considered to have an empty descriptor array.
When we modify properties, we cannot share the descriptor array. To
accommodate
this, the child map will get its own transition array; even if there are not
necessarily any transitions leaving from the child map. This is necessary
since
it's the only way to store its own descriptor array.
BUG=
TEST=
Please review this at https://chromiumcodereview.appspot.com/10918287/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files:
M src/mips/full-codegen-mips.cc
M src/mips/macro-assembler-mips.h
M src/mips/macro-assembler-mips.cc
Index: src/mips/full-codegen-mips.cc
diff --git a/src/mips/full-codegen-mips.cc b/src/mips/full-codegen-mips.cc
index
bfa24252b9046e2e15e275c2c613ef6b18b5ee25..69b4e9a30238f182b5a85c1c93c67d442d049231
100644
--- a/src/mips/full-codegen-mips.cc
+++ b/src/mips/full-codegen-mips.cc
@@ -2759,27 +2759,31 @@ void
FullCodeGenerator::EmitIsStringWrapperSafeForDefaultValueOf(
__ Branch(if_false, eq, a2, Operand(t0));
// Look for valueOf symbol in the descriptor array, and indicate false if
- // found. The type is not checked, so if it is a transition it is a false
- // negative.
- __ LoadInstanceDescriptors(a1, t0, a3);
- __ lw(a3, FieldMemOperand(t0, FixedArray::kLengthOffset));
- // t0: descriptor array
- // a3: length of descriptor array
- // Calculate the end of the descriptor array.
+ // found. Since we omit an enumeration index check, if it is added via a
+ // transition that shares its descriptor array, this is a false positive.
+ Label entry, loop, done;
+
+ // Skip loop if no descriptors are valid.
+ __ NumberOfOwnDescriptors(a3, a1);
+ __ Branch(&done, eq, a3, Operand(zero_reg));
+
+ __ LoadInstanceDescriptors(a1, t0, a2);
+ // t0: descriptor array.
+ // a3: valid entries in the descriptor array.
STATIC_ASSERT(kSmiTag == 0);
STATIC_ASSERT(kSmiTagSize == 1);
STATIC_ASSERT(kPointerSize == 4);
- __ Addu(a2, t0, Operand(FixedArray::kHeaderSize - kHeapObjectTag));
+ __ li(at, Operand(DescriptorArray::kDescriptorSize));
+ __ Mult(a3, at);
+ // Calculate location of the first key name.
+ __ Addu(t0, t0, Operand(DescriptorArray::kFirstOffset - kHeapObjectTag));
+ // Calculate the end of the descriptor array.
+ __ mov(a2, t0);
__ sll(t1, a3, kPointerSizeLog2 - kSmiTagSize);
__ Addu(a2, a2, t1);
- // Calculate location of the first key name.
- __ Addu(t0,
- t0,
- Operand(DescriptorArray::kFirstOffset - kHeapObjectTag));
// Loop through all the keys in the descriptor array. If one of these is
the
// symbol valueOf the result is false.
- Label entry, loop;
// The use of t2 to store the valueOf symbol asumes that it is not
otherwise
// used in the loop below.
__ LoadRoot(t2, Heap::kvalue_of_symbolRootIndex);
@@ -2791,7 +2795,8 @@ void
FullCodeGenerator::EmitIsStringWrapperSafeForDefaultValueOf(
__ bind(&entry);
__ Branch(&loop, ne, t0, Operand(a2));
- // If a valueOf property is not found on the object check that it's
+ __ bind(&done);
+ // If a valueOf property is not found on the object check that its
// prototype is the un-modified String prototype. If not result is false.
__ lw(a2, FieldMemOperand(a1, Map::kPrototypeOffset));
__ JumpIfSmi(a2, if_false);
Index: src/mips/macro-assembler-mips.cc
diff --git a/src/mips/macro-assembler-mips.cc
b/src/mips/macro-assembler-mips.cc
index
7ded49499957b010b996229de161b0268dd45192..a0b8e976580b4af6642ffb61ed0f3c55e9b23e94
100644
--- a/src/mips/macro-assembler-mips.cc
+++ b/src/mips/macro-assembler-mips.cc
@@ -5299,20 +5299,37 @@ void
MacroAssembler::LoadInstanceDescriptors(Register map,
Register temp = descriptors;
lw(temp, FieldMemOperand(map, Map::kTransitionsOrBackPointerOffset));
- Label ok, fail;
+ Label ok, fail, load_from_back_pointer;
CheckMap(temp,
scratch,
isolate()->factory()->fixed_array_map(),
&fail,
DONT_DO_SMI_CHECK);
- lw(descriptors, FieldMemOperand(temp,
TransitionArray::kDescriptorsOffset));
+ lw(temp, FieldMemOperand(temp,
TransitionArray::kDescriptorsPointerOffset));
+ lw(descriptors, FieldMemOperand(temp,
JSGlobalPropertyCell::kValueOffset));
jmp(&ok);
+
bind(&fail);
+ LoadRoot(scratch, Heap::kUndefinedValueRootIndex);
+ Branch(&load_from_back_pointer, ne, temp, Operand(scratch));
LoadRoot(descriptors, Heap::kEmptyDescriptorArrayRootIndex);
+ jmp(&ok);
+
+ bind(&load_from_back_pointer);
+ lw(temp, FieldMemOperand(temp, Map::kTransitionsOrBackPointerOffset));
+ lw(temp, FieldMemOperand(temp,
TransitionArray::kDescriptorsPointerOffset));
+ lw(descriptors, FieldMemOperand(temp,
JSGlobalPropertyCell::kValueOffset));
+
bind(&ok);
}
+void MacroAssembler::NumberOfOwnDescriptors(Register dst, Register map) {
+ lbu(dst, FieldMemOperand(map, Map::kBitFieldOffset));
+ DecodeField<Map::NumberOfOwnDescriptorsBits>(dst);
+}
+
+
void MacroAssembler::EnumLength(Register dst, Register map) {
STATIC_ASSERT(Map::EnumLengthBits::kShift == 0);
lw(dst, FieldMemOperand(map, Map::kBitField3Offset));
Index: src/mips/macro-assembler-mips.h
diff --git a/src/mips/macro-assembler-mips.h
b/src/mips/macro-assembler-mips.h
index
2a77d6ce2305edf67ded888aa2c9aafddaa0a2cf..dcbeb9fd0e81c1500bf83bb507e764df55ad5a0a
100644
--- a/src/mips/macro-assembler-mips.h
+++ b/src/mips/macro-assembler-mips.h
@@ -1400,7 +1400,15 @@ class MacroAssembler: public Assembler {
Register descriptors,
Register scratch);
void EnumLength(Register dst, Register map);
-
+ void NumberOfOwnDescriptors(Register dst, Register map);
+
+ template<typename Field>
+ void DecodeField(Register reg) {
+ static const int shift = Field::kShift;
+ static const int mask = (Field::kMask >> shift) << kSmiTagSize;
+ srl(reg, reg, shift);
+ And(reg, reg, Operand(mask));
+ }
// Activation support.
void EnterFrame(StackFrame::Type type);
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
