Try aligning unboxed double array backing store in allocation or scavenge promotion.

src/ia32/codegen-ia32.cc

Index: src/ia32/codegen-ia32.cc
diff --git a/src/ia32/codegen-ia32.cc b/src/ia32/codegen-ia32.cc
index ea619103228c43bab8a695b0cfb8a51a6e68fd88..71eb9da7f588b29a9dea2f79a259b86bc1a66e80 100644
--- a/src/ia32/codegen-ia32.cc
+++ b/src/ia32/codegen-ia32.cc
@@ -397,9 +397,23 @@ void ElementsTransitionGenerator::GenerateSmiOnlyToDouble(
   // Allocate new FixedDoubleArray.
   // edx: receiver
   // edi: length of source FixedArray (smi-tagged)
-  __ lea(esi, Operand(edi, times_4, FixedDoubleArray::kHeaderSize));
+  __ lea(esi, Operand(edi, times_4, FixedDoubleArray::kHeaderSize + kPointerSize));

[Erik Corry, 2012/04/16 14:35:19]

Lint?

[Vyacheslav Egorov (Chromium), 2012/04/30 14:39:11]

Done.

   __ AllocateInNewSpace(esi, eax, ebx, no_reg, &gc_required, TAG_OBJECT);
 
+  Label aligned, aligned_done;
+  __ test(eax, Immediate(0x6));

[Erik Corry, 2012/04/16 14:35:19]

It seems strange to test the 2 bit here when we know it is always zero.

+  __ j(zero, &aligned, Label::kNear);
+  __ mov(FieldOperand(eax, 0),
+         Immediate(masm->isolate()->factory()->one_pointer_filler_map()));
+  __ add(eax, Immediate(kPointerSize));
+  __ j(zero, &aligned_done, Label::kNear);

[Erik Corry, 2012/04/16 14:35:19]

Why is this branch conditional?

[Vyacheslav Egorov (Chromium), 2012/04/30 14:39:11]

Done.

+
+  __ bind(&aligned);
+  __ mov(Operand(eax, esi, times_1, -kPointerSize-1),
+         Immediate(masm->isolate()->factory()->one_pointer_filler_map()));
+
+  __ bind(&aligned_done);
+
   // eax: destination FixedDoubleArray
   // edi: number of elements
   // edx: receiver