Revision: 19597
Author: [email protected]
Date: Fri Feb 28 10:39:36 2014 UTC
Log: The Array function must be looked up in the native context.
Platforms x64, a64, arm and mips had the bug that the array function was
looked
up in the global context instead of the native context. Fix this, restoring
a
weakened assert in hydrogen along the way (by the fix for crbug 347528,
which
helped find this case).
[email protected]
Review URL: https://codereview.chromium.org/184383003
http://code.google.com/p/v8/source/detail?r=19597
Modified:
/branches/bleeding_edge/src/a64/code-stubs-a64.cc
/branches/bleeding_edge/src/a64/macro-assembler-a64.cc
/branches/bleeding_edge/src/a64/macro-assembler-a64.h
/branches/bleeding_edge/src/arm/code-stubs-arm.cc
/branches/bleeding_edge/src/arm/macro-assembler-arm.cc
/branches/bleeding_edge/src/arm/macro-assembler-arm.h
/branches/bleeding_edge/src/hydrogen.cc
/branches/bleeding_edge/src/ia32/code-stubs-ia32.cc
/branches/bleeding_edge/src/ia32/macro-assembler-ia32.cc
/branches/bleeding_edge/src/ia32/macro-assembler-ia32.h
/branches/bleeding_edge/src/mips/code-stubs-mips.cc
/branches/bleeding_edge/src/mips/macro-assembler-mips.cc
/branches/bleeding_edge/src/mips/macro-assembler-mips.h
/branches/bleeding_edge/src/x64/code-stubs-x64.cc
/branches/bleeding_edge/src/x64/macro-assembler-x64.cc
/branches/bleeding_edge/src/x64/macro-assembler-x64.h
=======================================
--- /branches/bleeding_edge/src/a64/code-stubs-a64.cc Fri Feb 21 15:36:16
2014 UTC
+++ /branches/bleeding_edge/src/a64/code-stubs-a64.cc Fri Feb 28 10:39:36
2014 UTC
@@ -3290,7 +3290,7 @@
__ JumpIfNotRoot(x5, Heap::kAllocationSiteMapRootIndex, &miss);
// Make sure the function is the Array() function
- __ LoadArrayFunction(x4);
+ __ LoadGlobalFunction(Context::ARRAY_FUNCTION_INDEX, x4);
__ Cmp(x1, x4);
__ B(ne, &megamorphic);
__ B(&done);
@@ -3312,7 +3312,7 @@
// indicate the ElementsKind if function is the Array constructor.
__ Bind(&initialize);
// Make sure the function is the Array() function
- __ LoadArrayFunction(x4);
+ __ LoadGlobalFunction(Context::ARRAY_FUNCTION_INDEX, x4);
__ Cmp(x1, x4);
__ B(ne, ¬_array_function);
=======================================
--- /branches/bleeding_edge/src/a64/macro-assembler-a64.cc Fri Feb 21
11:36:04 2014 UTC
+++ /branches/bleeding_edge/src/a64/macro-assembler-a64.cc Fri Feb 28
10:39:36 2014 UTC
@@ -4710,17 +4710,6 @@
offset = (transitioned_kind * kPointerSize) +
FixedArrayBase::kHeaderSize;
Ldr(map_in_out, FieldMemOperand(scratch, offset));
}
-
-
-void MacroAssembler::LoadArrayFunction(Register function) {
- // Load the global or builtins object from the current context.
- Ldr(function, GlobalObjectMemOperand());
- // Load the global context from the global or builtins object.
- Ldr(function,
- FieldMemOperand(function, GlobalObject::kGlobalContextOffset));
- // Load the array function from the native context.
- Ldr(function, ContextMemOperand(function,
Context::ARRAY_FUNCTION_INDEX));
-}
void MacroAssembler::LoadGlobalFunction(int index, Register function) {
=======================================
--- /branches/bleeding_edge/src/a64/macro-assembler-a64.h Fri Feb 21
11:36:04 2014 UTC
+++ /branches/bleeding_edge/src/a64/macro-assembler-a64.h Fri Feb 28
10:39:36 2014 UTC
@@ -1888,7 +1888,6 @@
Register scratch,
Label* no_map_match);
- void LoadArrayFunction(Register function);
void LoadGlobalFunction(int index, Register function);
// Load the initial map from the global function. The registers function
and
=======================================
--- /branches/bleeding_edge/src/arm/code-stubs-arm.cc Wed Feb 19 13:55:25
2014 UTC
+++ /branches/bleeding_edge/src/arm/code-stubs-arm.cc Fri Feb 28 10:39:36
2014 UTC
@@ -3037,7 +3037,7 @@
__ b(ne, &miss);
// Make sure the function is the Array() function
- __ LoadArrayFunction(r4);
+ __ LoadGlobalFunction(Context::ARRAY_FUNCTION_INDEX, r4);
__ cmp(r1, r4);
__ b(ne, &megamorphic);
__ jmp(&done);
@@ -3060,7 +3060,7 @@
// indicate the ElementsKind if function is the Array constructor.
__ bind(&initialize);
// Make sure the function is the Array() function
- __ LoadArrayFunction(r4);
+ __ LoadGlobalFunction(Context::ARRAY_FUNCTION_INDEX, r4);
__ cmp(r1, r4);
__ b(ne, ¬_array_function);
=======================================
--- /branches/bleeding_edge/src/arm/macro-assembler-arm.cc Thu Feb 20
16:36:53 2014 UTC
+++ /branches/bleeding_edge/src/arm/macro-assembler-arm.cc Fri Feb 28
10:39:36 2014 UTC
@@ -2900,19 +2900,6 @@
// Load the function from the native context.
ldr(function, MemOperand(function, Context::SlotOffset(index)));
}
-
-
-void MacroAssembler::LoadArrayFunction(Register function) {
- // Load the global or builtins object from the current context.
- ldr(function,
- MemOperand(cp, Context::SlotOffset(Context::GLOBAL_OBJECT_INDEX)));
- // Load the global context from the global or builtins object.
- ldr(function,
- FieldMemOperand(function, GlobalObject::kGlobalContextOffset));
- // Load the array function from the native context.
- ldr(function,
- MemOperand(function,
Context::SlotOffset(Context::ARRAY_FUNCTION_INDEX)));
-}
void MacroAssembler::LoadGlobalFunctionInitialMap(Register function,
=======================================
--- /branches/bleeding_edge/src/arm/macro-assembler-arm.h Thu Feb 20
16:36:53 2014 UTC
+++ /branches/bleeding_edge/src/arm/macro-assembler-arm.h Fri Feb 28
10:39:36 2014 UTC
@@ -571,7 +571,6 @@
Label* no_map_match);
void LoadGlobalFunction(int index, Register function);
- void LoadArrayFunction(Register function);
// Load the initial map from the global function. The registers
// function and map can be the same, function is then overwritten.
=======================================
--- /branches/bleeding_edge/src/hydrogen.cc Fri Feb 28 10:01:27 2014 UTC
+++ /branches/bleeding_edge/src/hydrogen.cc Fri Feb 28 10:39:36 2014 UTC
@@ -8225,15 +8225,14 @@
bool HOptimizedGraphBuilder::IsCallNewArrayInlineable(CallNew* expr) {
- Handle<AllocationSite> site = expr->allocation_site();
- if (site.is_null()) return false;
-
Handle<JSFunction> caller = current_info()->closure();
Handle<JSFunction> target(isolate()->native_context()->array_function(),
isolate());
int argument_count = expr->arguments()->length();
// We should have the function plus array arguments on the environment
stack.
ASSERT(environment()->length() >= (argument_count + 1));
+ Handle<AllocationSite> site = expr->allocation_site();
+ ASSERT(!site.is_null());
bool inline_ok = false;
if (site->CanInlineCall()) {
=======================================
--- /branches/bleeding_edge/src/ia32/code-stubs-ia32.cc Wed Feb 19 13:55:25
2014 UTC
+++ /branches/bleeding_edge/src/ia32/code-stubs-ia32.cc Fri Feb 28 10:39:36
2014 UTC
@@ -2352,11 +2352,9 @@
__ cmp(FieldOperand(ecx, 0), Immediate(allocation_site_map));
__ j(not_equal, &miss);
- // Load the global or builtins object from the current context
- __ LoadGlobalContext(ecx);
// Make sure the function is the Array() function
- __ cmp(edi, Operand(ecx,
- Context::SlotOffset(Context::ARRAY_FUNCTION_INDEX)));
+ __ LoadGlobalFunction(Context::ARRAY_FUNCTION_INDEX, ecx);
+ __ cmp(edi, ecx);
__ j(not_equal, &megamorphic);
__ jmp(&done, Label::kFar);
@@ -2377,10 +2375,9 @@
// An uninitialized cache is patched with the function or sentinel to
// indicate the ElementsKind if function is the Array constructor.
__ bind(&initialize);
- __ LoadGlobalContext(ecx);
// Make sure the function is the Array() function
- __ cmp(edi, Operand(ecx,
- Context::SlotOffset(Context::ARRAY_FUNCTION_INDEX)));
+ __ LoadGlobalFunction(Context::ARRAY_FUNCTION_INDEX, ecx);
+ __ cmp(edi, ecx);
__ j(not_equal, ¬_array_function);
// The target function is the Array constructor,
=======================================
--- /branches/bleeding_edge/src/ia32/macro-assembler-ia32.cc Thu Feb 20
16:36:53 2014 UTC
+++ /branches/bleeding_edge/src/ia32/macro-assembler-ia32.cc Fri Feb 28
10:39:36 2014 UTC
@@ -2687,16 +2687,6 @@
FixedArrayBase::kHeaderSize;
mov(map_in_out, FieldOperand(scratch, offset));
}
-
-
-void MacroAssembler::LoadGlobalContext(Register global_context) {
- // Load the global or builtins object from the current context.
- mov(global_context,
- Operand(esi, Context::SlotOffset(Context::GLOBAL_OBJECT_INDEX)));
- // Load the native context from the global or builtins object.
- mov(global_context,
- FieldOperand(global_context, GlobalObject::kNativeContextOffset));
-}
void MacroAssembler::LoadGlobalFunction(int index, Register function) {
=======================================
--- /branches/bleeding_edge/src/ia32/macro-assembler-ia32.h Thu Feb 20
16:36:53 2014 UTC
+++ /branches/bleeding_edge/src/ia32/macro-assembler-ia32.h Fri Feb 28
10:39:36 2014 UTC
@@ -262,8 +262,6 @@
Register scratch,
Label* no_map_match);
- void LoadGlobalContext(Register global_context);
-
// Load the global function with the given index.
void LoadGlobalFunction(int index, Register function);
=======================================
--- /branches/bleeding_edge/src/mips/code-stubs-mips.cc Wed Feb 19 13:55:25
2014 UTC
+++ /branches/bleeding_edge/src/mips/code-stubs-mips.cc Fri Feb 28 10:39:36
2014 UTC
@@ -3184,7 +3184,7 @@
__ Branch(&miss, ne, t1, Operand(at));
// Make sure the function is the Array() function
- __ LoadArrayFunction(t0);
+ __ LoadGlobalFunction(Context::ARRAY_FUNCTION_INDEX, t0);
__ Branch(&megamorphic, ne, a1, Operand(t0));
__ jmp(&done);
@@ -3207,7 +3207,7 @@
// indicate the ElementsKind if function is the Array constructor.
__ bind(&initialize);
// Make sure the function is the Array() function
- __ LoadArrayFunction(t0);
+ __ LoadGlobalFunction(Context::ARRAY_FUNCTION_INDEX, t0);
__ Branch(¬_array_function, ne, a1, Operand(t0));
// The target function is the Array constructor.
=======================================
--- /branches/bleeding_edge/src/mips/macro-assembler-mips.cc Thu Feb 20
16:36:53 2014 UTC
+++ /branches/bleeding_edge/src/mips/macro-assembler-mips.cc Fri Feb 28
10:39:36 2014 UTC
@@ -4440,19 +4440,6 @@
// Load the function from the native context.
lw(function, MemOperand(function, Context::SlotOffset(index)));
}
-
-
-void MacroAssembler::LoadArrayFunction(Register function) {
- // Load the global or builtins object from the current context.
- lw(function,
- MemOperand(cp, Context::SlotOffset(Context::GLOBAL_OBJECT_INDEX)));
- // Load the global context from the global or builtins object.
- lw(function,
- FieldMemOperand(function, GlobalObject::kGlobalContextOffset));
- // Load the array function from the native context.
- lw(function,
- MemOperand(function,
Context::SlotOffset(Context::ARRAY_FUNCTION_INDEX)));
-}
void MacroAssembler::LoadGlobalFunctionInitialMap(Register function,
=======================================
--- /branches/bleeding_edge/src/mips/macro-assembler-mips.h Thu Feb 20
16:36:53 2014 UTC
+++ /branches/bleeding_edge/src/mips/macro-assembler-mips.h Fri Feb 28
10:39:36 2014 UTC
@@ -872,7 +872,6 @@
Label* no_map_match);
void LoadGlobalFunction(int index, Register function);
- void LoadArrayFunction(Register function);
// Load the initial map from the global function. The registers
// function and map can be the same, function is then overwritten.
=======================================
--- /branches/bleeding_edge/src/x64/code-stubs-x64.cc Wed Feb 19 13:55:25
2014 UTC
+++ /branches/bleeding_edge/src/x64/code-stubs-x64.cc Fri Feb 28 10:39:36
2014 UTC
@@ -2194,7 +2194,7 @@
__ j(not_equal, &miss);
// Make sure the function is the Array() function
- __ LoadArrayFunction(rcx);
+ __ LoadGlobalFunction(Context::ARRAY_FUNCTION_INDEX, rcx);
__ cmpq(rdi, rcx);
__ j(not_equal, &megamorphic);
__ jmp(&done);
@@ -2216,7 +2216,7 @@
// indicate the ElementsKind if function is the Array constructor.
__ bind(&initialize);
// Make sure the function is the Array() function
- __ LoadArrayFunction(rcx);
+ __ LoadGlobalFunction(Context::ARRAY_FUNCTION_INDEX, rcx);
__ cmpq(rdi, rcx);
__ j(not_equal, ¬_array_function);
=======================================
--- /branches/bleeding_edge/src/x64/macro-assembler-x64.cc Thu Feb 20
16:36:53 2014 UTC
+++ /branches/bleeding_edge/src/x64/macro-assembler-x64.cc Fri Feb 28
10:39:36 2014 UTC
@@ -4545,15 +4545,6 @@
// Load the function from the native context.
movp(function, Operand(function, Context::SlotOffset(index)));
}
-
-
-void MacroAssembler::LoadArrayFunction(Register function) {
- movp(function,
- Operand(rsi, Context::SlotOffset(Context::GLOBAL_OBJECT_INDEX)));
- movp(function, FieldOperand(function,
GlobalObject::kGlobalContextOffset));
- movp(function,
- Operand(function,
Context::SlotOffset(Context::ARRAY_FUNCTION_INDEX)));
-}
void MacroAssembler::LoadGlobalFunctionInitialMap(Register function,
=======================================
--- /branches/bleeding_edge/src/x64/macro-assembler-x64.h Thu Feb 20
16:36:53 2014 UTC
+++ /branches/bleeding_edge/src/x64/macro-assembler-x64.h Fri Feb 28
10:39:36 2014 UTC
@@ -1236,7 +1236,6 @@
// Load the global function with the given index.
void LoadGlobalFunction(int index, Register function);
- void LoadArrayFunction(Register function);
// Load the initial map from the global function. The registers
// function and map can be the same.
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
