| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Redistribution and use in source and binary forms, with or without | 2 // Redistribution and use in source and binary forms, with or without |
| 3 // modification, are permitted provided that the following conditions are | 3 // modification, are permitted provided that the following conditions are |
| 4 // met: | 4 // met: |
| 5 // | 5 // |
| 6 // * Redistributions of source code must retain the above copyright | 6 // * Redistributions of source code must retain the above copyright |
| 7 // notice, this list of conditions and the following disclaimer. | 7 // notice, this list of conditions and the following disclaimer. |
| 8 // * Redistributions in binary form must reproduce the above | 8 // * Redistributions in binary form must reproduce the above |
| 9 // copyright notice, this list of conditions and the following | 9 // copyright notice, this list of conditions and the following |
| 10 // disclaimer in the documentation and/or other materials provided | 10 // disclaimer in the documentation and/or other materials provided |
| (...skipping 419 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 430 ASSERT(cell->value()->IsTheHole()); | 430 ASSERT(cell->value()->IsTheHole()); |
| 431 __ mov(scratch, Operand(cell)); | 431 __ mov(scratch, Operand(cell)); |
| 432 __ ldr(scratch, | 432 __ ldr(scratch, |
| 433 FieldMemOperand(scratch, JSGlobalPropertyCell::kValueOffset)); | 433 FieldMemOperand(scratch, JSGlobalPropertyCell::kValueOffset)); |
| 434 __ LoadRoot(ip, Heap::kTheHoleValueRootIndex); | 434 __ LoadRoot(ip, Heap::kTheHoleValueRootIndex); |
| 435 __ cmp(scratch, ip); | 435 __ cmp(scratch, ip); |
| 436 __ b(ne, miss); | 436 __ b(ne, miss); |
| 437 } | 437 } |
| 438 | 438 |
| 439 | 439 |
| 440 // Generate StoreField code, value is passed in r0 register. | 440 // Generate StoreTransition code, value is passed in r0 register. |
| 441 // When leaving generated code after success, the receiver_reg and name_reg | 441 // When leaving generated code after success, the receiver_reg and name_reg |
| 442 // may be clobbered. Upon branch to miss_label, the receiver and name | 442 // may be clobbered. Upon branch to miss_label, the receiver and name |
| 443 // registers have their original values. | 443 // registers have their original values. |
| 444 void StubCompiler::GenerateStoreField(MacroAssembler* masm, | 444 void StubCompiler::GenerateStoreTransition(MacroAssembler* masm, |
| 445 Handle<JSObject> object, | 445 Handle<JSObject> object, |
| 446 LookupResult* lookup, | 446 LookupResult* lookup, |
| 447 Handle<Map> transition, | 447 Handle<Map> transition, |
| 448 Handle<Name> name, | 448 Handle<Name> name, |
| 449 Register receiver_reg, | 449 Register receiver_reg, |
| 450 Register name_reg, | 450 Register name_reg, |
| 451 Register value_reg, | 451 Register value_reg, |
| 452 Register scratch1, | 452 Register scratch1, |
| 453 Register scratch2, | 453 Register scratch2, |
| 454 Label* miss_label, | 454 Label* miss_label, |
| 455 Label* miss_restore_name) { | 455 Label* miss_restore_name) { |
| 456 // r0 : value | 456 // r0 : value |
| 457 Label exit; | 457 Label exit; |
| 458 | 458 |
| 459 // Check that the map of the object hasn't changed. | 459 // Check that the map of the object hasn't changed. |
| 460 CompareMapMode mode = transition.is_null() ? ALLOW_ELEMENT_TRANSITION_MAPS | |
| 461 : REQUIRE_EXACT_MAP; | |
| 462 __ CheckMap(receiver_reg, scratch1, Handle<Map>(object->map()), miss_label, | 460 __ CheckMap(receiver_reg, scratch1, Handle<Map>(object->map()), miss_label, |
| 463 DO_SMI_CHECK, mode); | 461 DO_SMI_CHECK, REQUIRE_EXACT_MAP); |
| 464 | 462 |
| 465 // Perform global security token check if needed. | 463 // Perform global security token check if needed. |
| 466 if (object->IsJSGlobalProxy()) { | 464 if (object->IsJSGlobalProxy()) { |
| 467 __ CheckAccessGlobalProxy(receiver_reg, scratch1, miss_label); | 465 __ CheckAccessGlobalProxy(receiver_reg, scratch1, miss_label); |
| 468 } | 466 } |
| 469 | 467 |
| 470 // Check that we are allowed to write this. | 468 // Check that we are allowed to write this. |
| 471 if (!transition.is_null() && object->GetPrototype()->IsJSObject()) { | 469 if (object->GetPrototype()->IsJSObject()) { |
| 472 JSObject* holder; | 470 JSObject* holder; |
| 473 // holder == object indicates that no property was found. | 471 // holder == object indicates that no property was found. |
| 474 if (lookup->holder() != *object) { | 472 if (lookup->holder() != *object) { |
| 475 holder = lookup->holder(); | 473 holder = lookup->holder(); |
| 476 } else { | 474 } else { |
| 477 // Find the top object. | 475 // Find the top object. |
| 478 holder = *object; | 476 holder = *object; |
| 479 do { | 477 do { |
| 480 holder = JSObject::cast(holder->GetPrototype()); | 478 holder = JSObject::cast(holder->GetPrototype()); |
| 481 } while (holder->GetPrototype()->IsJSObject()); | 479 } while (holder->GetPrototype()->IsJSObject()); |
| (...skipping 17 matching lines...) Expand all Loading... |
| 499 masm, miss_restore_name, holder_reg, name, scratch1, scratch2); | 497 masm, miss_restore_name, holder_reg, name, scratch1, scratch2); |
| 500 } | 498 } |
| 501 } | 499 } |
| 502 } | 500 } |
| 503 | 501 |
| 504 // Stub never generated for non-global objects that require access | 502 // Stub never generated for non-global objects that require access |
| 505 // checks. | 503 // checks. |
| 506 ASSERT(object->IsJSGlobalProxy() || !object->IsAccessCheckNeeded()); | 504 ASSERT(object->IsJSGlobalProxy() || !object->IsAccessCheckNeeded()); |
| 507 | 505 |
| 508 // Perform map transition for the receiver if necessary. | 506 // Perform map transition for the receiver if necessary. |
| 509 if (!transition.is_null() && (object->map()->unused_property_fields() == 0)) { | 507 if (object->map()->unused_property_fields() == 0) { |
| 510 // The properties must be extended before we can store the value. | 508 // The properties must be extended before we can store the value. |
| 511 // We jump to a runtime call that extends the properties array. | 509 // We jump to a runtime call that extends the properties array. |
| 512 __ push(receiver_reg); | 510 __ push(receiver_reg); |
| 513 __ mov(r2, Operand(transition)); | 511 __ mov(r2, Operand(transition)); |
| 514 __ Push(r2, r0); | 512 __ Push(r2, r0); |
| 515 __ TailCallExternalReference( | 513 __ TailCallExternalReference( |
| 516 ExternalReference(IC_Utility(IC::kSharedStoreIC_ExtendStorage), | 514 ExternalReference(IC_Utility(IC::kSharedStoreIC_ExtendStorage), |
| 517 masm->isolate()), | 515 masm->isolate()), |
| 518 3, | 516 3, |
| 519 1); | 517 1); |
| 520 return; | 518 return; |
| 521 } | 519 } |
| 522 | 520 |
| 523 int index; | 521 // Update the map of the object. |
| 524 if (!transition.is_null()) { | 522 __ mov(scratch1, Operand(transition)); |
| 525 // Update the map of the object. | 523 __ str(scratch1, FieldMemOperand(receiver_reg, HeapObject::kMapOffset)); |
| 526 __ mov(scratch1, Operand(transition)); | |
| 527 __ str(scratch1, FieldMemOperand(receiver_reg, HeapObject::kMapOffset)); | |
| 528 | 524 |
| 529 // Update the write barrier for the map field and pass the now unused | 525 // Update the write barrier for the map field and pass the now unused |
| 530 // name_reg as scratch register. | 526 // name_reg as scratch register. |
| 531 __ RecordWriteField(receiver_reg, | 527 __ RecordWriteField(receiver_reg, |
| 532 HeapObject::kMapOffset, | 528 HeapObject::kMapOffset, |
| 533 scratch1, | 529 scratch1, |
| 534 name_reg, | 530 name_reg, |
| 535 kLRHasNotBeenSaved, | 531 kLRHasNotBeenSaved, |
| 536 kDontSaveFPRegs, | 532 kDontSaveFPRegs, |
| 537 OMIT_REMEMBERED_SET, | 533 OMIT_REMEMBERED_SET, |
| 538 OMIT_SMI_CHECK); | 534 OMIT_SMI_CHECK); |
| 539 index = transition->instance_descriptors()->GetFieldIndex( | 535 int index = transition->instance_descriptors()->GetFieldIndex( |
| 540 transition->LastAdded()); | 536 transition->LastAdded()); |
| 541 } else { | |
| 542 index = lookup->GetFieldIndex().field_index(); | |
| 543 } | |
| 544 | 537 |
| 545 // Adjust for the number of properties stored in the object. Even in the | 538 // Adjust for the number of properties stored in the object. Even in the |
| 546 // face of a transition we can use the old map here because the size of the | 539 // face of a transition we can use the old map here because the size of the |
| 547 // object and the number of in-object properties is not going to change. | 540 // object and the number of in-object properties is not going to change. |
| 548 index -= object->map()->inobject_properties(); | 541 index -= object->map()->inobject_properties(); |
| 549 | 542 |
| 543 // TODO(verwaest): Share this code as a code stub. |
| 550 if (index < 0) { | 544 if (index < 0) { |
| 551 // Set the property straight into the object. | 545 // Set the property straight into the object. |
| 552 int offset = object->map()->instance_size() + (index * kPointerSize); | 546 int offset = object->map()->instance_size() + (index * kPointerSize); |
| 547 __ str(value_reg, FieldMemOperand(receiver_reg, offset)); |
| 548 |
| 549 // Skip updating write barrier if storing a smi. |
| 550 __ JumpIfSmi(value_reg, &exit); |
| 551 |
| 552 // Update the write barrier for the array address. |
| 553 // Pass the now unused name_reg as a scratch register. |
| 554 __ mov(name_reg, value_reg); |
| 555 __ RecordWriteField(receiver_reg, |
| 556 offset, |
| 557 name_reg, |
| 558 scratch1, |
| 559 kLRHasNotBeenSaved, |
| 560 kDontSaveFPRegs); |
| 561 } else { |
| 562 // Write to the properties array. |
| 563 int offset = index * kPointerSize + FixedArray::kHeaderSize; |
| 564 // Get the properties array |
| 565 __ ldr(scratch1, |
| 566 FieldMemOperand(receiver_reg, JSObject::kPropertiesOffset)); |
| 567 __ str(value_reg, FieldMemOperand(scratch1, offset)); |
| 568 |
| 569 // Skip updating write barrier if storing a smi. |
| 570 __ JumpIfSmi(value_reg, &exit); |
| 571 |
| 572 // Update the write barrier for the array address. |
| 573 // Ok to clobber receiver_reg and name_reg, since we return. |
| 574 __ mov(name_reg, value_reg); |
| 575 __ RecordWriteField(scratch1, |
| 576 offset, |
| 577 name_reg, |
| 578 receiver_reg, |
| 579 kLRHasNotBeenSaved, |
| 580 kDontSaveFPRegs); |
| 581 } |
| 582 |
| 583 // Return the value (register r0). |
| 584 ASSERT(value_reg.is(r0)); |
| 585 __ bind(&exit); |
| 586 __ Ret(); |
| 587 } |
| 588 |
| 589 |
| 590 // Generate StoreField code, value is passed in r0 register. |
| 591 // When leaving generated code after success, the receiver_reg and name_reg |
| 592 // may be clobbered. Upon branch to miss_label, the receiver and name |
| 593 // registers have their original values. |
| 594 void StubCompiler::GenerateStoreField(MacroAssembler* masm, |
| 595 Handle<JSObject> object, |
| 596 LookupResult* lookup, |
| 597 Register receiver_reg, |
| 598 Register name_reg, |
| 599 Register value_reg, |
| 600 Register scratch1, |
| 601 Register scratch2, |
| 602 Label* miss_label) { |
| 603 // r0 : value |
| 604 Label exit; |
| 605 |
| 606 // Check that the map of the object hasn't changed. |
| 607 __ CheckMap(receiver_reg, scratch1, Handle<Map>(object->map()), miss_label, |
| 608 DO_SMI_CHECK, ALLOW_ELEMENT_TRANSITION_MAPS); |
| 609 |
| 610 // Perform global security token check if needed. |
| 611 if (object->IsJSGlobalProxy()) { |
| 612 __ CheckAccessGlobalProxy(receiver_reg, scratch1, miss_label); |
| 613 } |
| 614 |
| 615 // Stub never generated for non-global objects that require access |
| 616 // checks. |
| 617 ASSERT(object->IsJSGlobalProxy() || !object->IsAccessCheckNeeded()); |
| 618 |
| 619 int index = lookup->GetFieldIndex().field_index(); |
| 620 |
| 621 // Adjust for the number of properties stored in the object. Even in the |
| 622 // face of a transition we can use the old map here because the size of the |
| 623 // object and the number of in-object properties is not going to change. |
| 624 index -= object->map()->inobject_properties(); |
| 625 |
| 626 // TODO(verwaest): Share this code as a code stub. |
| 627 if (index < 0) { |
| 628 // Set the property straight into the object. |
| 629 int offset = object->map()->instance_size() + (index * kPointerSize); |
| 553 __ str(value_reg, FieldMemOperand(receiver_reg, offset)); | 630 __ str(value_reg, FieldMemOperand(receiver_reg, offset)); |
| 554 | 631 |
| 555 // Skip updating write barrier if storing a smi. | 632 // Skip updating write barrier if storing a smi. |
| 556 __ JumpIfSmi(value_reg, &exit); | 633 __ JumpIfSmi(value_reg, &exit); |
| 557 | 634 |
| 558 // Update the write barrier for the array address. | 635 // Update the write barrier for the array address. |
| 559 // Pass the now unused name_reg as a scratch register. | 636 // Pass the now unused name_reg as a scratch register. |
| 560 __ mov(name_reg, value_reg); | 637 __ mov(name_reg, value_reg); |
| 561 __ RecordWriteField(receiver_reg, | 638 __ RecordWriteField(receiver_reg, |
| 562 offset, | 639 offset, |
| (...skipping 3043 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3606 TailCallBuiltin(masm, Builtins::kKeyedStoreIC_Slow); | 3683 TailCallBuiltin(masm, Builtins::kKeyedStoreIC_Slow); |
| 3607 } | 3684 } |
| 3608 } | 3685 } |
| 3609 | 3686 |
| 3610 | 3687 |
| 3611 #undef __ | 3688 #undef __ |
| 3612 | 3689 |
| 3613 } } // namespace v8::internal | 3690 } } // namespace v8::internal |
| 3614 | 3691 |
| 3615 #endif // V8_TARGET_ARCH_ARM | 3692 #endif // V8_TARGET_ARCH_ARM |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 14063006:
Disentangle field from transition stores. (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge