Swap bitfield3 and backpointer.

src/x64/macro-assembler-x64.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 2835 matching lines @@
   testl(result_reg, Immediate(0xFFFFFF00));
   j(zero, &done, Label::kNear);
   Set(result_reg, 255);
   bind(&done);
 }
 
 
 void MacroAssembler::LoadInstanceDescriptors(Register map,
                                              Register descriptors) {
   movq(descriptors, FieldOperand(map,
-                                 Map::kInstanceDescriptorsOrBitField3Offset));
-  Label not_smi;
-  JumpIfNotSmi(descriptors, &not_smi, Label::kNear);
+                                 Map::kInstanceDescriptorsOrBackPointerOffset));
+
+  Label ok, fail;
+  CheckMap(descriptors,
+           isolate()->factory()->fixed_array_map(),
+           &fail,
+           DONT_DO_SMI_CHECK);
+  jmp(&ok);
+  bind(&fail);
   Move(descriptors, isolate()->factory()->empty_descriptor_array());
-  bind(&not_smi);
+  bind(&ok);
+
+  if (emit_debug_code()) {
+    AbortIfNotFixedArray(descriptors);
+  }
 }
 
 
 void MacroAssembler::DispatchMap(Register obj,
                                  Handle<Map> map,
                                  Handle<Code> success,
                                  SmiCheckType smi_check_type) {
   Label fail;
   if (smi_check_type == DO_SMI_CHECK) {
     JumpIfSmi(obj, &fail);
@@ skipping 27 matching lines @@
   Assert(is_smi, "Operand is not a smi");
 }
 
 
 void MacroAssembler::AbortIfNotSmi(const Operand& object) {
   Condition is_smi = CheckSmi(object);
   Assert(is_smi, "Operand is not a smi");
 }
 
 
+void MacroAssembler::AbortIfNotFixedArray(Register object) {
+  Label ok, fail;
+  CheckMap(object,
+           isolate()->factory()->fixed_array_map(),
+           &fail,
+           DONT_DO_SMI_CHECK);
+  jmp(&ok);
+  bind(&fail);
+  Abort("Operand is not a fixed array");
+  bind(&ok);
+}
+
+
 void MacroAssembler::AbortIfNotZeroExtended(Register int32_register) {
   ASSERT(!int32_register.is(kScratchRegister));
   movq(kScratchRegister, 0x100000000l, RelocInfo::NONE);
   cmpq(kScratchRegister, int32_register);
   Assert(above_equal, "32 bit value in register is not zero-extended");
 }
 
 
 void MacroAssembler::AbortIfNotString(Register object) {
   testb(object, Immediate(kSmiTagMask));
@@ skipping 1532 matching lines @@
   // Check that there are no elements.  Register rcx contains the
   // current JS object we've reached through the prototype chain.
   cmpq(empty_fixed_array_value,
        FieldOperand(rcx, JSObject::kElementsOffset));
   j(not_equal, call_runtime);
 
   // Check that instance descriptors are not empty so that we can
   // check for an enum cache.  Leave the map in rbx for the subsequent
   // prototype load.
   movq(rbx, FieldOperand(rcx, HeapObject::kMapOffset));
-  movq(rdx, FieldOperand(rbx, Map::kInstanceDescriptorsOrBitField3Offset));
-  JumpIfSmi(rdx, call_runtime);
+  movq(rdx, FieldOperand(rbx, Map::kInstanceDescriptorsOrBackPointerOffset));
+
+  CheckMap(rdx,
+           isolate()->factory()->fixed_array_map(),
+           call_runtime,
+           DONT_DO_SMI_CHECK);
+
+  if (emit_debug_code()) {
+    AbortIfNotFixedArray(rdx);
+  }
 
   // Check that there is an enum cache in the non-empty instance
   // descriptors (rdx).  This is the case if the next enumeration
   // index field does not contain a smi.
   movq(rdx, FieldOperand(rdx, DescriptorArray::kEnumerationIndexOffset));
   JumpIfSmi(rdx, call_runtime);
 
   // For all objects but the receiver, check that the cache is empty.
   Label check_prototype;
   cmpq(rcx, rax);
   j(equal, &check_prototype, Label::kNear);
   movq(rdx, FieldOperand(rdx, DescriptorArray::kEnumCacheBridgeCacheOffset));
   cmpq(rdx, empty_fixed_array_value);
   j(not_equal, call_runtime);
 
   // Load the prototype from the map and loop if non-null.
   bind(&check_prototype);
   movq(rcx, FieldOperand(rbx, Map::kPrototypeOffset));
   cmpq(rcx, null_value);
   j(not_equal, &next);
 }
 
 
 } }  // namespace v8::internal
 
 #endif  // V8_TARGET_ARCH_X64