Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(121)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 9310117: Implement KeyedStoreICs to grow arrays on out-of-bound stores. (Closed)

Created:
8 years, 10 months ago by danno
Modified:
8 years, 10 months ago
CC:
v8-dev, Yang, Jakob Kummerow
Visibility:
Public.

Description

Implement KeyedStoreICs to grow arrays on out-of-bound stores. Supports growing non-COW JSArray by a single element if the backing store has room, and initial allocation of a backing store for the store to index zero of an empty array to kPreallocatedArrayElements elements (e.g. the [] array literal). Committed: https://code.google.com/p/v8/source/detail?r=10673

Patch Set 1 #

Patch Set 2 : more changes #

Patch Set 3 : More tweaks #

Patch Set 4 : Implement x64 and ARM #

Patch Set 5 : Fix bugs #

Patch Set 6 : Fix ARM #

Patch Set 7 : Fix ARM bug #

Patch Set 8 : nits #

Total comments: 76

Patch Set 9 : Review feedback #

Patch Set 10 : Turn off flag #

Patch Set 11 : tweaks #

Patch Set 12 : Add missing qualifier #

Patch Set 13 : Add missing WB stub #

Unified diffs Side-by-side diffs Delta from patch set Stats (+1106 lines, -187 lines) Patch
M src/arm/code-stubs-arm.cc View 1 2 3 4 5 6 7 8 1 chunk +3 lines, -1 line 0 comments Download
M src/arm/codegen-arm.cc View 1 2 3 4 5 6 7 8 7 chunks +40 lines, -15 lines 0 comments Download
M src/arm/stub-cache-arm.cc View 1 2 3 4 5 6 7 8 9 10 10 chunks +172 lines, -18 lines 0 comments Download
M src/code-stubs.h View 1 2 3 4 5 6 7 8 4 chunks +26 lines, -12 lines 0 comments Download
M src/code-stubs.cc View 3 chunks +10 lines, -5 lines 0 comments Download
M src/heap.h View 1 2 3 2 chunks +2 lines, -5 lines 0 comments Download
M src/heap.cc View 1 2 3 4 5 6 7 8 2 chunks +2 lines, -2 lines 0 comments Download
M src/ia32/code-stubs-ia32.cc View 1 2 3 4 5 6 7 8 1 chunk +3 lines, -1 line 0 comments Download
M src/ia32/codegen-ia32.cc View 1 2 3 4 5 6 7 8 8 chunks +40 lines, -9 lines 0 comments Download
M src/ia32/stub-cache-ia32.cc View 1 2 3 4 5 6 7 8 7 chunks +178 lines, -21 lines 0 comments Download
M src/ic.h View 1 2 3 4 5 6 7 8 11 chunks +65 lines, -15 lines 0 comments Download
M src/ic.cc View 1 2 3 4 5 6 7 8 9 10 17 chunks +91 lines, -35 lines 0 comments Download
M src/ic-inl.h View 1 2 3 4 5 6 7 8 1 chunk +2 lines, -1 line 0 comments Download
M src/objects.h View 1 2 3 4 5 6 7 8 2 chunks +27 lines, -0 lines 0 comments Download
M src/objects-debug.cc View 1 2 3 4 5 6 7 8 2 chunks +4 lines, -2 lines 0 comments Download
M src/objects-inl.h View 1 2 3 4 5 6 7 8 1 chunk +4 lines, -3 lines 0 comments Download
M src/profile-generator.cc View 1 2 3 2 chunks +1 line, -2 lines 0 comments Download
M src/stub-cache.h View 1 2 3 4 5 6 7 8 4 chunks +12 lines, -5 lines 0 comments Download
M src/stub-cache.cc View 6 chunks +22 lines, -5 lines 0 comments Download
M src/type-info.cc View 1 2 3 chunks +9 lines, -1 line 0 comments Download
M src/x64/code-stubs-x64.cc View 1 2 3 4 5 6 7 8 9 10 11 12 1 chunk +3 lines, -1 line 0 comments Download
M src/x64/codegen-x64.cc View 1 2 3 4 5 6 7 8 7 chunks +41 lines, -13 lines 0 comments Download
M src/x64/stub-cache-x64.cc View 1 2 3 4 5 6 7 8 9 10 11 7 chunks +166 lines, -15 lines 0 comments Download
A test/mjsunit/array-store-and-grow.js View 1 2 3 4 5 6 7 8 1 chunk +183 lines, -0 lines 0 comments Download

Messages

Total messages: 5 (0 generated)
danno
Some highlights of the change: * Introduced KeyedAccessGrowMode, which specifies whether an IC supports growing ...
8 years, 10 months ago (2012-02-08 14:32:00 UTC) #1
Jakob Kummerow
I've only taken a cursory glance, and all I've found are three nits :-) http://codereview.chromium.org/9310117/diff/13029/src/code-stubs.h ...
8 years, 10 months ago (2012-02-09 14:51:24 UTC) #2
Vyacheslav Egorov (Chromium)
Initial round of comments http://codereview.chromium.org/9310117/diff/13029/src/arm/codegen-arm.cc File src/arm/codegen-arm.cc (right): http://codereview.chromium.org/9310117/diff/13029/src/arm/codegen-arm.cc#newcode126 src/arm/codegen-arm.cc:126: EMIT_REMEMBERED_SET, OMIT_REMEMBERED_SET (maps are never ...
8 years, 10 months ago (2012-02-09 16:29:19 UTC) #3
Vyacheslav Egorov (Chromium)
lgtm http://codereview.chromium.org/9310117/diff/13029/src/arm/codegen-arm.cc File src/arm/codegen-arm.cc (right): http://codereview.chromium.org/9310117/diff/13029/src/arm/codegen-arm.cc#newcode100 src/arm/codegen-arm.cc:100: __ cmp(r4, r5); CompareRoot(r4, Heap::kEmptyFixedArrayRootIndex) ? http://codereview.chromium.org/9310117/diff/13029/src/arm/codegen-arm.cc#newcode235 src/arm/codegen-arm.cc:235: ...
8 years, 10 months ago (2012-02-10 00:19:18 UTC) #4
danno
8 years, 10 months ago (2012-02-10 12:25:34 UTC) #5 
Feedback addressed, landing.

http://codereview.chromium.org/9310117/diff/13029/src/arm/codegen-arm.cc
File src/arm/codegen-arm.cc (right):

http://codereview.chromium.org/9310117/diff/13029/src/arm/codegen-arm.cc#newc...
src/arm/codegen-arm.cc:100: __ cmp(r4, r5);
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> CompareRoot(r4, Heap::kEmptyFixedArrayRootIndex) ?

Done.

http://codereview.chromium.org/9310117/diff/13029/src/arm/codegen-arm.cc#newc...
src/arm/codegen-arm.cc:126: EMIT_REMEMBERED_SET,
On 2012/02/09 16:29:19, Vyacheslav Egorov wrote:
> OMIT_REMEMBERED_SET (maps are never in new space).

Done.

http://codereview.chromium.org/9310117/diff/13029/src/arm/codegen-arm.cc#newc...
src/arm/codegen-arm.cc:163: EMIT_REMEMBERED_SET,
On 2012/02/09 16:29:19, Vyacheslav Egorov wrote:
> OMIT_REMEMBERED_SET (maps are never in new space).

Done.

http://codereview.chromium.org/9310117/diff/13029/src/arm/codegen-arm.cc#newc...
src/arm/codegen-arm.cc:235: __ cmp(r4, r5);
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> CompareRoot?

Done.

http://codereview.chromium.org/9310117/diff/13029/src/arm/codegen-arm.cc#newc...
src/arm/codegen-arm.cc:329: EMIT_REMEMBERED_SET,
On 2012/02/09 16:29:19, Vyacheslav Egorov wrote:
> OMIT_

Done.

http://codereview.chromium.org/9310117/diff/13029/src/arm/stub-cache-arm.cc
File src/arm/stub-cache-arm.cc (right):

http://codereview.chromium.org/9310117/diff/13029/src/arm/stub-cache-arm.cc#n...
src/arm/stub-cache-arm.cc:4210: __ LoadRoot(scratch,
Heap::kHeapNumberMapRootIndex);
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> CompareRoot? 
> 
> also root index is incorrect. should be empty fixed array.

Done.

http://codereview.chromium.org/9310117/diff/13029/src/arm/stub-cache-arm.cc#n...
src/arm/stub-cache-arm.cc:4242: __ add(length_reg, length_reg,
Operand(Smi::FromInt(1)));
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> can write directly 1 into the length field.

Done.

http://codereview.chromium.org/9310117/diff/13029/src/arm/stub-cache-arm.cc#n...
src/arm/stub-cache-arm.cc:4353: __ cmp(scratch1, scratch2);
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> CompareRoot

Done.

http://codereview.chromium.org/9310117/diff/13029/src/arm/stub-cache-arm.cc#n...
src/arm/stub-cache-arm.cc:4364: __ cmp(elements_reg, scratch1);
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> CompareRoot
> 
> also root index is incorrect. should be empty fixed array.

Done.

http://codereview.chromium.org/9310117/diff/13029/src/arm/stub-cache-arm.cc#n...
src/arm/stub-cache-arm.cc:4384: __ str(elements_reg,
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> elements of the backing store are completely uninitialized; if this is
> intentional please add comment.

Done.

http://codereview.chromium.org/9310117/diff/13029/src/arm/stub-cache-arm.cc#n...
src/arm/stub-cache-arm.cc:4391: __ add(length_reg, length_reg,
Operand(Smi::FromInt(1)));
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> store 1 directly without addition.

Done.

http://codereview.chromium.org/9310117/diff/13029/src/code-stubs.h
File src/code-stubs.h (right):

http://codereview.chromium.org/9310117/diff/13029/src/code-stubs.h#newcode990
src/code-stubs.h:990: : is_js_array_(is_js_array),
On 2012/02/09 14:51:25, Jakob wrote:
> nit: 4-space indent

Done.

http://codereview.chromium.org/9310117/diff/13029/src/code-stubs.h#newcode996
src/code-stubs.h:996: int multiplier = is_js_array_ ? 1 : 0;
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> is there any particular reason why you don't want to use BitField's here? I
> think it would be much more readable.

Done.

http://codereview.chromium.org/9310117/diff/13029/src/code-stubs.h#newcode1103
src/code-stubs.h:1103: StrictModeBits::encode(strict_mode_);
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> i think grow_mode_ should be embedded into MinorKey.

Done.

http://codereview.chromium.org/9310117/diff/13029/src/ia32/codegen-ia32.cc
File src/ia32/codegen-ia32.cc (right):

http://codereview.chromium.org/9310117/diff/13029/src/ia32/codegen-ia32.cc#ne...
src/ia32/codegen-ia32.cc:422: EMIT_REMEMBERED_SET,
On 2012/02/09 16:29:19, Vyacheslav Egorov wrote:
> map can not be in new space. 
> 
> We only need an incremental write barrier here.

Done.

http://codereview.chromium.org/9310117/diff/13029/src/ia32/codegen-ia32.cc#ne...
src/ia32/codegen-ia32.cc:474: EMIT_REMEMBERED_SET,
On 2012/02/09 16:29:19, Vyacheslav Egorov wrote:
> ditto

Done.

http://codereview.chromium.org/9310117/diff/13029/src/ia32/stub-cache-ia32.cc
File src/ia32/stub-cache-ia32.cc (right):

http://codereview.chromium.org/9310117/diff/13029/src/ia32/stub-cache-ia32.cc...
src/ia32/stub-cache-ia32.cc:3776: if (is_js_array && grow_mode ==
ALLOW_JSARRAY_GROWTH) {
It turns out the existing elements ICs are very broken  WRT honoring setters,
even if they are set on the prototype before the IC is used. This CL doesn't
make it any worse, but this is totally something we need to fix. 
On 2012/02/09 16:29:19, Vyacheslav Egorov wrote:
> We might have setters on the prototype:
> 
> 
> function add(x) { x[x.length] = x.length; }
> 
> Array.prototype.__defineSetter__("1", function (v) {
>   print("I am setter!");
> });
> 
> var x = new Array(0);
> add(x);
> add(x);
> 
> I think this setter will fire without this CL (which is correct) but will not
> fire with this CL. This seems like yet another "setter on the prototype"
compat
> problem.

http://codereview.chromium.org/9310117/diff/13029/src/ia32/stub-cache-ia32.cc...
src/ia32/stub-cache-ia32.cc:3823: __ add(FieldOperand(edx,
JSArray::kLengthOffset),
On 2012/02/09 16:29:19, Vyacheslav Egorov wrote:
> can be actually move of smi 1 instead of addition as length is known to be 0.

Done.

http://codereview.chromium.org/9310117/diff/13029/src/ia32/stub-cache-ia32.cc...
src/ia32/stub-cache-ia32.cc:3957: __ mov(FieldOperand(edx,
JSObject::kElementsOffset), edi);
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> elements of the backing store are completely uninitialized; if this is
> intentional please add comment.

Done.

http://codereview.chromium.org/9310117/diff/13029/src/objects-debug.cc
File src/objects-debug.cc (right):

http://codereview.chromium.org/9310117/diff/13029/src/objects-debug.cc#newcod...
src/objects-debug.cc:284: || map()->has_fast_smi_only_elements() ||
On 2012/02/09 14:51:25, Jakob wrote:
> nit: all operators at the end of the line, please.

Done.

http://codereview.chromium.org/9310117/diff/13029/src/objects.h
File src/objects.h (right):

http://codereview.chromium.org/9310117/diff/13029/src/objects.h#newcode4226
src/objects.h:4226: static inline StrictModeFlag GetStrictMode(ExtraICState
extra_ic_state) {
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> Consider using BitField to encode and decode extra_ic_state.

Done.

http://codereview.chromium.org/9310117/diff/13029/src/stub-cache.h
File src/stub-cache.h (right):

http://codereview.chromium.org/9310117/diff/13029/src/stub-cache.h#newcode707
src/stub-cache.h:707: PropertyType type,
On 2012/02/09 14:51:25, Jakob wrote:
> Why this formatting change?

Done.

http://codereview.chromium.org/9310117/diff/13029/src/x64/codegen-x64.cc
File src/x64/codegen-x64.cc (right):

http://codereview.chromium.org/9310117/diff/13029/src/x64/codegen-x64.cc#newc...
src/x64/codegen-x64.cc:190: __ Cmp(r8,
masm->isolate()->factory()->empty_fixed_array());
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> CompareRoot

Done.

http://codereview.chromium.org/9310117/diff/13029/src/x64/codegen-x64.cc#newc...
src/x64/codegen-x64.cc:257: EMIT_REMEMBERED_SET,
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> OMIT_

Done.

http://codereview.chromium.org/9310117/diff/13029/src/x64/codegen-x64.cc#newc...
src/x64/codegen-x64.cc:303: __ Cmp(r8,
masm->isolate()->factory()->empty_fixed_array());
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> CompareRoot

Done.

http://codereview.chromium.org/9310117/diff/13029/src/x64/codegen-x64.cc#newc...
src/x64/codegen-x64.cc:394: EMIT_REMEMBERED_SET,
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> OMIT

Done.

http://codereview.chromium.org/9310117/diff/13029/src/x64/stub-cache-x64.cc
File src/x64/stub-cache-x64.cc (right):

http://codereview.chromium.org/9310117/diff/13029/src/x64/stub-cache-x64.cc#n...
src/x64/stub-cache-x64.cc:3562: __ Cmp(rdi,
masm->isolate()->factory()->empty_fixed_array());
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> CompareRoot

Done.

http://codereview.chromium.org/9310117/diff/13029/src/x64/stub-cache-x64.cc#n...
src/x64/stub-cache-x64.cc:3582: __ Move(rbx,
masm->isolate()->factory()->the_hole_value());
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> LoadRoot

Done.

http://codereview.chromium.org/9310117/diff/13029/src/x64/stub-cache-x64.cc#n...
src/x64/stub-cache-x64.cc:3596: __ SmiAddConstant(FieldOperand(rdx,
JSArray::kLengthOffset),
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> Store 1 directly into field instead of addition.

Done.

http://codereview.chromium.org/9310117/diff/13029/src/x64/stub-cache-x64.cc#n...
src/x64/stub-cache-x64.cc:3602: __ Cmp(FieldOperand(rdi,
HeapObject::kMapOffset),
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> CompareRoot.

Done.

http://codereview.chromium.org/9310117/diff/13029/src/x64/stub-cache-x64.cc#n...
src/x64/stub-cache-x64.cc:3693: __ Cmp(FieldOperand(rax,
HeapObject::kMapOffset),
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> CompareRoot

Done.

http://codereview.chromium.org/9310117/diff/13029/src/x64/stub-cache-x64.cc#n...
src/x64/stub-cache-x64.cc:3701: __ Cmp(rdi,
masm->isolate()->factory()->empty_fixed_array());
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> CompareRoot

Done.

http://codereview.chromium.org/9310117/diff/13029/src/x64/stub-cache-x64.cc#n...
src/x64/stub-cache-x64.cc:3718:
masm->isolate()->factory()->fixed_double_array_map());
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> indentation

Done.

http://codereview.chromium.org/9310117/diff/13029/src/x64/stub-cache-x64.cc#n...
src/x64/stub-cache-x64.cc:3720:
Smi::FromInt(JSArray::kPreallocatedArrayElements));
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> indentation

Done.

http://codereview.chromium.org/9310117/diff/13029/src/x64/stub-cache-x64.cc#n...
src/x64/stub-cache-x64.cc:3723: __ movq(FieldOperand(rdx,
JSObject::kElementsOffset), rdi);
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> elements seem to be uninitialized. if this is intentional please add a
comment.

Done.

http://codereview.chromium.org/9310117/diff/13029/src/x64/stub-cache-x64.cc#n...
src/x64/stub-cache-x64.cc:3728: __ SmiAddConstant(FieldOperand(rdx,
JSArray::kLengthOffset),
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> Store 1 directly instead of add.

Done.

http://codereview.chromium.org/9310117/diff/13029/src/x64/stub-cache-x64.cc#n...
src/x64/stub-cache-x64.cc:3728: __ SmiAddConstant(FieldOperand(rdx,
JSArray::kLengthOffset),
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> Store 1 directly instead of add.

Done.

http://codereview.chromium.org/9310117/diff/13029/test/mjsunit/array-store-an...
File test/mjsunit/array-store-and-grow.js (right):

http://codereview.chromium.org/9310117/diff/13029/test/mjsunit/array-store-an...
test/mjsunit/array-store-and-grow.js:27: 
On 2012/02/10 00:19:18, Vyacheslav Egorov wrote:
> consider adding test that checks COW handling. like
> 
> function makeCOW() { return [1,2,3]; }
> 
> var cow1 = makeCOW(), cow2 = makeCOW();
> store(cow1); 
> check_that_cow_is_fine(cow2);

Done.

Powered by Google App Engine
This is Rietveld 408576698