Implement inlined object allocation in Crankshaft.

src/x64/lithium-codegen-x64.cc

Index: src/x64/lithium-codegen-x64.cc
diff --git a/src/x64/lithium-codegen-x64.cc b/src/x64/lithium-codegen-x64.cc
index cf2c1b01df86d61ad1d0908f650bd419db7e2a26..745630bb5cc6d59b91bdd0dec72135c7e57afc8b 100644
--- a/src/x64/lithium-codegen-x64.cc
+++ b/src/x64/lithium-codegen-x64.cc
@@ -3946,9 +3946,58 @@ void LCodeGen::DoAllocateObject(LAllocateObject* instr) {
 
   DeferredAllocateObject* deferred = new DeferredAllocateObject(this, instr);
 
-  // TODO(mstarzinger): Implement inlined version instead of jumping to
-  // deferred runtime call.
-  __ jmp(deferred->entry());
+  Register result = ToRegister(instr->result());
+  Register scratch = ToRegister(instr->TempAt(0));
+  Handle<JSFunction> constructor = instr->hydrogen()->constructor();
+  Handle<Map> initial_map(constructor->initial_map());
+  int instance_size = initial_map->instance_size();
+  ASSERT(initial_map->pre_allocated_property_fields() +
+         initial_map->unused_property_fields() -
+         initial_map->inobject_properties() == 0);
+
+  // Allocate memory for the object.  The initial map might change when
+  // the constructor's prototype changes, but instance size and property
+  // counts remain unchanged (if slack tracking finished).
+  ASSERT(!constructor->shared()->IsInobjectSlackTrackingInProgress());
+  __ AllocateInNewSpace(instance_size,
+                        result,
+                        no_reg,
+                        scratch,
+                        deferred->entry(),
+                        TAG_OBJECT);
+
+  // Load the initial map.
+  Register map = scratch;
+  __ LoadHeapObject(scratch, constructor);
+  __ movq(map, FieldOperand(scratch, JSFunction::kPrototypeOrInitialMapOffset));
+
+  if (FLAG_debug_code) {
+    __ AbortIfSmi(map);
+    __ cmpb(FieldOperand(map, Map::kInstanceSizeOffset),
+            Immediate(instance_size >> kPointerSizeLog2));
+    __ Assert(equal, "Unexpected instance size");
+    __ cmpb(FieldOperand(map, Map::kPreAllocatedPropertyFieldsOffset),
+            Immediate(initial_map->pre_allocated_property_fields()));
+    __ Assert(equal, "Unexpected pre-allocated property fields count");
+    __ cmpb(FieldOperand(map, Map::kUnusedPropertyFieldsOffset),
+            Immediate(initial_map->unused_property_fields()));
+    __ Assert(equal, "Unexpected unused property fields count");
+    __ cmpb(FieldOperand(map, Map::kInObjectPropertiesOffset),
+            Immediate(initial_map->inobject_properties()));
+    __ Assert(equal, "Unexpected in-object property fields count");
+  }
+
+  // Initialize map and fields of the newly allocated object.
+  ASSERT(initial_map->instance_type() == JS_OBJECT_TYPE);
+  Handle<Object> undefined = factory()->undefined_value();
+  __ movq(FieldOperand(result, JSObject::kMapOffset), map);
+  __ Move(scratch, factory()->empty_fixed_array());
+  __ movq(FieldOperand(result, JSObject::kElementsOffset), scratch);
+  __ movq(FieldOperand(result, JSObject::kPropertiesOffset), scratch);
+  for (int i = 0; i < initial_map->inobject_properties(); i++) {
+    int property_offset = JSObject::kHeaderSize + i * kPointerSize;
+    __ Move(FieldOperand(result, property_offset), undefined);

[Vyacheslav Egorov (Chromium), 2012/03/01 10:34:28]

consider pre loading undefined into a register (it's a huge 64-bit constant).

[Michael Starzinger, 2012/03/01 11:11:24]

Done.

+  }
 
   __ bind(deferred->exit());
 }