Chromium Code Reviews Chromium Code Reviews
Issue 8932004:
Implement target cache for constructor calls. (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge| Index: src/ia32/code-stubs-ia32.cc |
| diff --git a/src/ia32/code-stubs-ia32.cc b/src/ia32/code-stubs-ia32.cc |
| index eabf201d7877c7f6f4e8baa97e31c5ac24a44c45..e8996e1024309bcd3c1055e6bf3871e3d2972bc7 100644 |
| --- a/src/ia32/code-stubs-ia32.cc |
| +++ b/src/ia32/code-stubs-ia32.cc |
| @@ -4573,12 +4573,7 @@ void StackCheckStub::Generate(MacroAssembler* masm) { |
| } |
| -void CallFunctionStub::FinishCode(Handle<Code> code) { |
|
Vyacheslav Egorov (Chromium)
2012/01/23 10:39:52
Did it disappear? I can't find it.
Michael Starzinger
2012/01/25 11:42:29
Done. It was still there on line 4633. No longer n
|
| - code->set_has_function_cache(RecordCallTarget()); |
| -} |
| - |
| - |
| -void CallFunctionStub::Clear(Heap* heap, Address address) { |
| +void CallStub::Clear(Heap* heap, Address address) { |
| ASSERT(Memory::uint8_at(address + kPointerSize) == Assembler::kTestEaxByte); |
| // 1 ~ size of the test eax opcode. |
| Object* cell = Memory::Object_at(address + kPointerSize + 1); |
| @@ -4588,7 +4583,7 @@ void CallFunctionStub::Clear(Heap* heap, Address address) { |
| } |
| -Object* CallFunctionStub::GetCachedValue(Address address) { |
| +Object* CallStub::GetCachedValue(Address address) { |
| ASSERT(Memory::uint8_at(address + kPointerSize) == Assembler::kTestEaxByte); |
| // 1 ~ size of the test eax opcode. |
| Object* cell = Memory::Object_at(address + kPointerSize + 1); |
| @@ -4596,6 +4591,50 @@ Object* CallFunctionStub::GetCachedValue(Address address) { |
| } |
| +void CallStub::GenerateRecordCallTarget(MacroAssembler* masm) { |
| + // Cache the called function in a global property cell in the |
| + // instruction stream after the call. Cache states are uninitialized, |
| + // monomorphic (indicated by a JSFunction), and megamorphic. |
| + // edi : the function to call |
| + Isolate* isolate = masm->isolate(); |
| + Label initialize, call; |
|
Vyacheslav Egorov (Chromium)
2012/01/23 10:39:52
I would rename call to done.
Michael Starzinger
2012/01/25 11:42:29
Done.
|
| + |
| + // Load the cache cell address into ebx and the cache state into ecx. |
| + __ mov(ebx, Operand(esp, 0)); // Return address. |
| + __ mov(ebx, Operand(ebx, 1)); // 1 ~ sizeof 'test eax' opcode in bytes. |
|
Vyacheslav Egorov (Chromium)
2012/01/23 10:39:52
you can generate assertion into instruction stream
Michael Starzinger
2012/01/25 11:42:29
Done. No longer needed with new approach.
|
| + __ mov(ecx, FieldOperand(ebx, JSGlobalPropertyCell::kValueOffset)); |
| + |
| + // A monomorphic cache hit or an already megamorphic state: invoke the |
| + // function without changing the state. |
| + __ cmp(ecx, edi); |
| + __ j(equal, &call, Label::kNear); |
| + __ cmp(ecx, Immediate(MegamorphicSentinel(isolate))); |
| + __ j(equal, &call, Label::kNear); |
| + |
| + // A monomorphic miss (i.e, here the cache is not uninitialized) goes |
| + // megamorphic. |
| + __ cmp(ecx, Immediate(UninitializedSentinel(isolate))); |
| + __ j(equal, &initialize, Label::kNear); |
| + // MegamorphicSentinel is an immortal immovable object (undefined) so no |
| + // write-barrier is needed. |
| + __ mov(FieldOperand(ebx, JSGlobalPropertyCell::kValueOffset), |
| + Immediate(MegamorphicSentinel(isolate))); |
| + __ jmp(&call, Label::kNear); |
| + |
| + // An uninitialized cache is patched with the function. |
| + __ bind(&initialize); |
| + __ mov(FieldOperand(ebx, JSGlobalPropertyCell::kValueOffset), edi); |
| + // No need for a write barrier here - cells are rescanned. |
| + |
| + __ bind(&call); |
| +} |
| + |
| + |
| +void CallFunctionStub::FinishCode(Handle<Code> code) { |
| + code->set_has_function_cache(RecordCallTarget()); |
| +} |
| + |
| + |
| void CallFunctionStub::Generate(MacroAssembler* masm) { |
| // edi : the function to call |
| Isolate* isolate = masm->isolate(); |
| @@ -4626,38 +4665,7 @@ void CallFunctionStub::Generate(MacroAssembler* masm) { |
| __ j(not_equal, &slow); |
| if (RecordCallTarget()) { |
| - // Cache the called function in a global property cell in the |
| - // instruction stream after the call. Cache states are uninitialized, |
| - // monomorphic (indicated by a JSFunction), and megamorphic. |
| - Label initialize, call; |
| - // Load the cache cell address into ebx and the cache state into ecx. |
| - __ mov(ebx, Operand(esp, 0)); // Return address. |
| - __ mov(ebx, Operand(ebx, 1)); // 1 ~ sizeof 'test eax' opcode in bytes. |
| - __ mov(ecx, FieldOperand(ebx, JSGlobalPropertyCell::kValueOffset)); |
| - |
| - // A monomorphic cache hit or an already megamorphic state: invoke the |
| - // function without changing the state. |
| - __ cmp(ecx, edi); |
| - __ j(equal, &call, Label::kNear); |
| - __ cmp(ecx, Immediate(MegamorphicSentinel(isolate))); |
| - __ j(equal, &call, Label::kNear); |
| - |
| - // A monomorphic miss (i.e, here the cache is not uninitialized) goes |
| - // megamorphic. |
| - __ cmp(ecx, Immediate(UninitializedSentinel(isolate))); |
| - __ j(equal, &initialize, Label::kNear); |
| - // MegamorphicSentinel is an immortal immovable object (undefined) so no |
| - // write-barrier is needed. |
| - __ mov(FieldOperand(ebx, JSGlobalPropertyCell::kValueOffset), |
| - Immediate(MegamorphicSentinel(isolate))); |
| - __ jmp(&call, Label::kNear); |
| - |
| - // An uninitialized cache is patched with the function. |
| - __ bind(&initialize); |
| - __ mov(FieldOperand(ebx, JSGlobalPropertyCell::kValueOffset), edi); |
| - // No need for a write barrier here - cells are rescanned. |
| - |
| - __ bind(&call); |
| + GenerateRecordCallTarget(masm); |
| } |
| // Fast-case: Just invoke the function. |
| @@ -4720,6 +4728,56 @@ void CallFunctionStub::Generate(MacroAssembler* masm) { |
| } |
| +void CallConstructStub::FinishCode(Handle<Code> code) { |
| + code->set_has_function_cache(RecordCallTarget()); |
| +} |
| + |
| + |
| +void CallConstructStub::Generate(MacroAssembler* masm) { |
| + // ----------- S t a t e ------------- |
| + // -- eax: number of arguments |
| + // -- edi: constructor function |
| + // ----------------------------------- |
| + |
| + Label slow, non_function_call; |
| + // Check that function is not a smi. |
| + __ JumpIfSmi(edi, &non_function_call); |
| + // Check that function is a JSFunction. |
| + __ CmpObjectType(edi, JS_FUNCTION_TYPE, ecx); |
| + __ j(not_equal, &slow); |
| + |
| + if (RecordCallTarget()) { |
| + GenerateRecordCallTarget(masm); |
| + } |
| + |
| + // Jump to the function-specific construct stub. |
| + __ mov(ebx, FieldOperand(edi, JSFunction::kSharedFunctionInfoOffset)); |
| + __ mov(ebx, FieldOperand(ebx, SharedFunctionInfo::kConstructStubOffset)); |
| + __ lea(ebx, FieldOperand(ebx, Code::kHeaderSize)); |
| + __ jmp(ebx); |
| + |
| + // edi: called object |
| + // eax: number of arguments |
| + // ecx: object map |
| + Label do_call; |
| + __ bind(&slow); |
| + __ CmpInstanceType(ecx, JS_FUNCTION_PROXY_TYPE); |
| + __ j(not_equal, &non_function_call); |
| + __ GetBuiltinEntry(edx, Builtins::CALL_FUNCTION_PROXY_AS_CONSTRUCTOR); |
| + __ jmp(&do_call); |
| + |
| + __ bind(&non_function_call); |
| + __ GetBuiltinEntry(edx, Builtins::CALL_NON_FUNCTION_AS_CONSTRUCTOR); |
| + __ bind(&do_call); |
| + // Set expected number of arguments to zero (not changing eax). |
| + __ Set(ebx, Immediate(0)); |
| + Handle<Code> arguments_adaptor = |
| + masm->isolate()->builtins()->ArgumentsAdaptorTrampoline(); |
| + __ SetCallKind(ecx, CALL_AS_METHOD); |
| + __ jmp(arguments_adaptor, RelocInfo::CODE_TARGET); |
| +} |
| + |
| + |
| bool CEntryStub::NeedsImmovableCode() { |
| return false; |
| } |
