Skip to content

Commit

Permalink
[runtime] Introduce a proper %NewArray runtime entry.
Browse files Browse the repository at this point in the history 
This adds a new %NewArray runtime entry, which constructs a new JSArray
and does the subclassing correctly (to the same degree that %NewObject
does currently), and also deals properly with the AllocationSite
feedback mechanism. This runtime entry will be used by TurboFan and is
also used as a fallback in the subclassing case in the stub currently.

BUG=v8:3101, v8:3330
LOG=n

Review URL: https://codereview.chromium.org/1456423003

Cr-Commit-Position: refs/heads/master@{#32131}
  • Loading branch information
@bmeurer
bmeurer authored and Commit bot committed Nov 20, 2015
1 parent ce3d04c commit ceade6c
Show file tree
Hide file tree
Showing 8 changed files with 153 additions and 154 deletions.
18 changes: 8 additions & 10 deletions src/arm/code-stubs-arm.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4821,25 +4821,23 @@ void ArrayConstructorStub::Generate(MacroAssembler* masm) {
GenerateDispatchToArrayStub(masm, DISABLE_ALLOCATION_SITES);

__ bind(&subclassing);
__ push(r1);
__ push(r3);

// Adjust argc.
switch (argument_count()) {
case ANY:
case MORE_THAN_ONE:
__ add(r0, r0, Operand(2));
__ str(r1, MemOperand(sp, r0, LSL, kPointerSizeLog2));
__ add(r0, r0, Operand(3));
break;
case NONE:
__ mov(r0, Operand(2));
__ str(r1, MemOperand(sp, 0 * kPointerSize));
__ mov(r0, Operand(3));
break;
case ONE:
__ mov(r0, Operand(3));
__ str(r1, MemOperand(sp, 1 * kPointerSize));
__ mov(r0, Operand(4));
break;
}

__ JumpToExternalReference(
ExternalReference(Runtime::kArrayConstructorWithSubclassing, isolate()));
__ Push(r3, r2);
__ JumpToExternalReference(ExternalReference(Runtime::kNewArray, isolate()));
}


Expand Down
15 changes: 8 additions & 7 deletions src/arm64/code-stubs-arm64.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5215,22 +5215,23 @@ void ArrayConstructorStub::Generate(MacroAssembler* masm) {

// Subclassing support.
__ Bind(&subclassing);
__ Push(constructor, new_target);
// Adjust argc.
switch (argument_count()) {
case ANY:
case MORE_THAN_ONE:
__ add(x0, x0, Operand(2));
__ Poke(constructor, Operand(x0, LSL, kPointerSizeLog2));
__ Add(x0, x0, Operand(3));
break;
case NONE:
__ Mov(x0, Operand(2));
__ Poke(constructor, 0 * kPointerSize);
__ Mov(x0, Operand(3));
break;
case ONE:
__ Mov(x0, Operand(3));
__ Poke(constructor, 1 * kPointerSize);
__ Mov(x0, Operand(4));
break;
}
__ JumpToExternalReference(
ExternalReference(Runtime::kArrayConstructorWithSubclassing, isolate()));
__ Push(new_target, allocation_site);
__ JumpToExternalReference(ExternalReference(Runtime::kNewArray, isolate()));
}


Expand Down
23 changes: 11 additions & 12 deletions src/ia32/code-stubs-ia32.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5019,27 +5019,26 @@ void ArrayConstructorStub::Generate(MacroAssembler* masm) {

// Subclassing.
__ bind(&subclassing);
__ pop(ecx); // return address.
__ push(edi);
__ push(edx);

// Adjust argc.
switch (argument_count()) {
case ANY:
case MORE_THAN_ONE:
__ add(eax, Immediate(2));
__ mov(Operand(esp, eax, times_pointer_size, kPointerSize), edi);
__ add(eax, Immediate(3));
break;
case NONE:
__ mov(eax, Immediate(2));
__ mov(Operand(esp, 1 * kPointerSize), edi);
__ mov(eax, Immediate(3));
break;
case ONE:
__ mov(eax, Immediate(3));
__ mov(Operand(esp, 2 * kPointerSize), edi);
__ mov(eax, Immediate(4));
break;
}

__ push(ecx);
__ JumpToExternalReference(
ExternalReference(Runtime::kArrayConstructorWithSubclassing, isolate()));
__ PopReturnAddressTo(ecx);
__ Push(edx);
__ Push(ebx);
__ PushReturnAddressFrom(ecx);
__ JumpToExternalReference(ExternalReference(Runtime::kNewArray, isolate()));
}


Expand Down
20 changes: 10 additions & 10 deletions src/mips/code-stubs-mips.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5030,26 +5030,26 @@ void ArrayConstructorStub::Generate(MacroAssembler* masm) {

// Subclassing.
__ bind(&subclassing);
__ Push(a1);
__ Push(a3);

// Adjust argc.
switch (argument_count()) {
case ANY:
case MORE_THAN_ONE:
__ li(at, Operand(2));
__ sll(at, a0, kPointerSizeLog2);
__ addu(at, sp, at);
__ sw(a1, MemOperand(at));
__ li(at, Operand(3));
__ addu(a0, a0, at);
break;
case NONE:
__ li(a0, Operand(2));
__ sw(a1, MemOperand(sp, 0 * kPointerSize));
__ li(a0, Operand(3));
break;
case ONE:
__ li(a0, Operand(3));
__ sw(a1, MemOperand(sp, 1 * kPointerSize));
__ li(a0, Operand(4));
break;
}

__ JumpToExternalReference(
ExternalReference(Runtime::kArrayConstructorWithSubclassing, isolate()));
__ Push(a3, a2);
__ JumpToExternalReference(ExternalReference(Runtime::kNewArray, isolate()));
}


Expand Down
22 changes: 11 additions & 11 deletions src/mips64/code-stubs-mips64.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5055,26 +5055,26 @@ void ArrayConstructorStub::Generate(MacroAssembler* masm) {

// Subclassing.
__ bind(&subclassing);
__ Push(a1);
__ Push(a3);

// Adjust argc.
switch (argument_count()) {
case ANY:
case MORE_THAN_ONE:
__ li(at, Operand(2));
__ addu(a0, a0, at);
__ dsll(at, a0, kPointerSizeLog2);
__ Daddu(at, sp, at);
__ sd(a1, MemOperand(at));
__ li(at, Operand(3));
__ Daddu(a0, a0, at);
break;
case NONE:
__ li(a0, Operand(2));
__ sd(a1, MemOperand(sp, 0 * kPointerSize));
__ li(a0, Operand(3));
break;
case ONE:
__ li(a0, Operand(3));
__ sd(a1, MemOperand(sp, 1 * kPointerSize));
__ li(a0, Operand(4));
break;
}

__ JumpToExternalReference(
ExternalReference(Runtime::kArrayConstructorWithSubclassing, isolate()));
__ Push(a3, a2);
__ JumpToExternalReference(ExternalReference(Runtime::kNewArray, isolate()));
}


Expand Down
132 changes: 64 additions & 68 deletions src/runtime/runtime-array.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -233,15 +233,24 @@ RUNTIME_FUNCTION(Runtime_GetArrayKeys) {
}


static Object* ArrayConstructorCommon(Isolate* isolate,
Handle<JSFunction> constructor,
Handle<JSFunction> new_target,
Handle<AllocationSite> site,
Arguments* caller_args) {
namespace {

Object* ArrayConstructorCommon(Isolate* isolate, Handle<JSFunction> constructor,
Handle<JSReceiver> new_target,
Handle<AllocationSite> site,
Arguments* caller_args) {
Factory* factory = isolate->factory();

// If called through new, new.target can be:
// - a subclass of constructor,
// - a proxy wrapper around constructor, or
// - the constructor itself.
// If called through Reflect.construct, it's guaranteed to be a constructor by
// REFLECT_CONSTRUCT_PREPARE.
DCHECK(new_target->IsConstructor());

bool holey = false;
bool can_use_type_feedback = true;
bool can_use_type_feedback = !site.is_null();
bool can_inline_array_constructor = true;
if (caller_args->length() == 1) {
Handle<Object> argument_one = caller_args->at<Object>(0);
Expand All @@ -263,43 +272,42 @@ static Object* ArrayConstructorCommon(Isolate* isolate,
}
}

Handle<JSArray> array;
if (!site.is_null() && can_use_type_feedback) {
ElementsKind to_kind = site->GetElementsKind();
if (holey && !IsFastHoleyElementsKind(to_kind)) {
to_kind = GetHoleyElementsKind(to_kind);
// Update the allocation site info to reflect the advice alteration.
site->SetElementsKind(to_kind);
}
// TODO(verwaest): new_target could be a proxy. Read new.target.prototype in
// that case.
Handle<JSFunction> original_function = Handle<JSFunction>::cast(new_target);

// We should allocate with an initial map that reflects the allocation site
// advice. Therefore we use AllocateJSObjectFromMap instead of passing
// the constructor.
Handle<Map> initial_map(constructor->initial_map(), isolate);
if (to_kind != initial_map->elements_kind()) {
initial_map = Map::AsElementsKind(initial_map, to_kind);
}
JSFunction::EnsureHasInitialMap(constructor);

// If we don't care to track arrays of to_kind ElementsKind, then
// don't emit a memento for them.
Handle<AllocationSite> allocation_site;
if (AllocationSite::GetMode(to_kind) == TRACK_ALLOCATION_SITE) {
allocation_site = site;
}
// TODO(verwaest): original_function could have non-instance-prototype
// (non-JSReceiver), requiring fallback to the intrinsicDefaultProto.
Handle<Map> initial_map =
JSFunction::EnsureDerivedHasInitialMap(original_function, constructor);

array = Handle<JSArray>::cast(
factory->NewJSObjectFromMap(initial_map, NOT_TENURED, allocation_site));
} else {
array = Handle<JSArray>::cast(factory->NewJSObject(constructor));
ElementsKind to_kind = can_use_type_feedback ? site->GetElementsKind()
: initial_map->elements_kind();
if (holey && !IsFastHoleyElementsKind(to_kind)) {
to_kind = GetHoleyElementsKind(to_kind);
// Update the allocation site info to reflect the advice alteration.
if (!site.is_null()) site->SetElementsKind(to_kind);
}

// We might need to transition to holey
ElementsKind kind = constructor->initial_map()->elements_kind();
if (holey && !IsFastHoleyElementsKind(kind)) {
kind = GetHoleyElementsKind(kind);
JSObject::TransitionElementsKind(array, kind);
}
// We should allocate with an initial map that reflects the allocation site
// advice. Therefore we use AllocateJSObjectFromMap instead of passing
// the constructor.
if (to_kind != initial_map->elements_kind()) {
initial_map = Map::AsElementsKind(initial_map, to_kind);
}

// If we don't care to track arrays of to_kind ElementsKind, then
// don't emit a memento for them.
Handle<AllocationSite> allocation_site;
if (AllocationSite::GetMode(to_kind) == TRACK_ALLOCATION_SITE) {
allocation_site = site;
}

Handle<JSArray> array = Handle<JSArray>::cast(
factory->NewJSObjectFromMap(initial_map, NOT_TENURED, allocation_site));

factory->NewJSArrayStorage(array, 0, 0, DONT_INITIALIZE_ARRAY_ELEMENTS);

ElementsKind old_kind = array->GetElementsKind();
Expand All @@ -314,21 +322,28 @@ static Object* ArrayConstructorCommon(Isolate* isolate,
site->SetDoNotInlineCall();
}

// Set up the prototoype using original function.
// TODO(dslomov): instead of setting the __proto__,
// use and cache the correct map.
if (*new_target != *constructor) {
if (new_target->has_instance_prototype()) {
Handle<Object> prototype(new_target->instance_prototype(), isolate);
MAYBE_RETURN(JSObject::SetPrototype(array, prototype, false,
Object::THROW_ON_ERROR),
isolate->heap()->exception());
}
}

return *array;
}

} // namespace


RUNTIME_FUNCTION(Runtime_NewArray) {
HandleScope scope(isolate);
DCHECK_LE(3, args.length());
int const argc = args.length() - 3;
// TODO(bmeurer): Remove this Arguments nonsense.
Arguments argv(argc, args.arguments() - 1);
CONVERT_ARG_HANDLE_CHECKED(JSFunction, constructor, 0);
CONVERT_ARG_HANDLE_CHECKED(JSReceiver, new_target, argc + 1);
CONVERT_ARG_HANDLE_CHECKED(HeapObject, type_info, argc + 2);
// TODO(bmeurer): Use MaybeHandle to pass around the AllocationSite.
Handle<AllocationSite> site = type_info->IsAllocationSite()
? Handle<AllocationSite>::cast(type_info)
: Handle<AllocationSite>::null();
return ArrayConstructorCommon(isolate, constructor, new_target, site, &argv);
}


RUNTIME_FUNCTION(Runtime_ArrayConstructor) {
HandleScope scope(isolate);
Expand Down Expand Up @@ -364,25 +379,6 @@ RUNTIME_FUNCTION(Runtime_ArrayConstructor) {
}


RUNTIME_FUNCTION(Runtime_ArrayConstructorWithSubclassing) {
HandleScope scope(isolate);
int args_length = args.length();
CHECK(args_length >= 2);

// This variables and checks work around -Werror=strict-overflow.
int pre_last_arg_index = args_length - 2;
int last_arg_index = args_length - 1;
CHECK(pre_last_arg_index >= 0);
CHECK(last_arg_index >= 0);

CONVERT_ARG_HANDLE_CHECKED(JSFunction, constructor, pre_last_arg_index);
CONVERT_ARG_HANDLE_CHECKED(JSFunction, new_target, last_arg_index);
Arguments caller_args(args_length - 2, args.arguments());
return ArrayConstructorCommon(isolate, constructor, new_target,
Handle<AllocationSite>::null(), &caller_args);
}


RUNTIME_FUNCTION(Runtime_InternalArrayConstructor) {
HandleScope scope(isolate);
Arguments empty_args(0, NULL);
Expand Down
40 changes: 20 additions & 20 deletions src/runtime/runtime.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,26 +30,26 @@ namespace internal {

// Entries have the form F(name, number of arguments, number of values):

#define FOR_EACH_INTRINSIC_ARRAY(F) \
F(FinishArrayPrototypeSetup, 1, 1) \
F(SpecialArrayFunctions, 0, 1) \
F(TransitionElementsKind, 2, 1) \
F(PushIfAbsent, 2, 1) \
F(RemoveArrayHoles, 2, 1) \
F(MoveArrayContents, 2, 1) \
F(EstimateNumberOfElements, 1, 1) \
F(GetArrayKeys, 2, 1) \
F(ArrayConstructor, -1, 1) \
F(ArrayConstructorWithSubclassing, -1, 1) \
F(InternalArrayConstructor, -1, 1) \
F(NormalizeElements, 1, 1) \
F(GrowArrayElements, 2, 1) \
F(HasComplexElements, 1, 1) \
F(IsArray, 1, 1) \
F(HasCachedArrayIndex, 1, 1) \
F(GetCachedArrayIndex, 1, 1) \
F(FixedArrayGet, 2, 1) \
F(FixedArraySet, 3, 1) \
#define FOR_EACH_INTRINSIC_ARRAY(F) \
F(FinishArrayPrototypeSetup, 1, 1) \
F(SpecialArrayFunctions, 0, 1) \
F(TransitionElementsKind, 2, 1) \
F(PushIfAbsent, 2, 1) \
F(RemoveArrayHoles, 2, 1) \
F(MoveArrayContents, 2, 1) \
F(EstimateNumberOfElements, 1, 1) \
F(GetArrayKeys, 2, 1) \
F(ArrayConstructor, -1, 1) \
F(NewArray, -1 /* >= 3 */, 1) \
F(InternalArrayConstructor, -1, 1) \
F(NormalizeElements, 1, 1) \
F(GrowArrayElements, 2, 1) \
F(HasComplexElements, 1, 1) \
F(IsArray, 1, 1) \
F(HasCachedArrayIndex, 1, 1) \
F(GetCachedArrayIndex, 1, 1) \
F(FixedArrayGet, 2, 1) \
F(FixedArraySet, 3, 1) \
F(FastOneByteArrayJoin, 2, 1)


Expand Down
Loading

0 comments on commit ceade6c

Please sign in to comment.