From d85f4972644e1215ba16e1cf7a16064e8ad65a18 Mon Sep 17 00:00:00 2001 From: Igor Sheludko Date: Fri, 15 Nov 2019 02:23:45 +0100 Subject: [PATCH] [csa] Remove ParameterMode from CSA::AllocateUninitializedJSArrayWithElements Bug: v8:9708 Change-Id: I8ae79b0a5ec43497b43fa6c98c9d33ba91fc7e59 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1917145 Commit-Queue: Igor Sheludko Reviewed-by: Leszek Swirski Cr-Commit-Position: refs/heads/master@{#64978} --- src/builtins/builtins-object-gen.cc | 8 +++--- src/builtins/builtins-regexp-gen.cc | 2 +- src/codegen/code-stub-assembler.cc | 38 ++++++++++++----------------- src/codegen/code-stub-assembler.h | 6 ++--- 4 files changed, 22 insertions(+), 32 deletions(-) diff --git a/src/builtins/builtins-object-gen.cc b/src/builtins/builtins-object-gen.cc index 21fa1b8bb9..9c148a5272 100644 --- a/src/builtins/builtins-object-gen.cc +++ b/src/builtins/builtins-object-gen.cc @@ -516,8 +516,8 @@ TF_BUILTIN(ObjectKeys, ObjectBuiltinsAssembler) { LoadJSArrayElementsMap(PACKED_ELEMENTS, native_context); TNode array_length = SmiTag(Signed(object_enum_length)); std::tie(array, elements) = AllocateUninitializedJSArrayWithElements( - PACKED_ELEMENTS, array_map, array_length, {}, object_enum_length, - INTPTR_PARAMETERS); + PACKED_ELEMENTS, array_map, array_length, {}, + Signed(object_enum_length)); CopyFixedArrayElements(PACKED_ELEMENTS, object_enum_keys, elements, object_enum_length, SKIP_WRITE_BARRIER); Return(array); @@ -611,8 +611,8 @@ TF_BUILTIN(ObjectGetOwnPropertyNames, ObjectBuiltinsAssembler) { TNode array; TNode elements; std::tie(array, elements) = AllocateUninitializedJSArrayWithElements( - PACKED_ELEMENTS, array_map, array_length, {}, object_enum_length, - INTPTR_PARAMETERS); + PACKED_ELEMENTS, array_map, array_length, {}, + Signed(object_enum_length)); CopyFixedArrayElements(PACKED_ELEMENTS, object_enum_keys, elements, object_enum_length, SKIP_WRITE_BARRIER); Return(array); diff --git a/src/builtins/builtins-regexp-gen.cc b/src/builtins/builtins-regexp-gen.cc index b4bae0b91e..d9e31a17b5 100644 --- a/src/builtins/builtins-regexp-gen.cc +++ b/src/builtins/builtins-regexp-gen.cc @@ -99,7 +99,7 @@ TNode RegExpBuiltinsAssembler::AllocateRegExpResult( TNode elements; std::tie(array, elements) = AllocateUninitializedJSArrayWithElements( elements_kind, map, length, no_allocation_site, length_intptr, - INTPTR_PARAMETERS, kAllowLargeObjectAllocation, JSRegExpResult::kSize); + kAllowLargeObjectAllocation, JSRegExpResult::kSize); // Finish result initialization. diff --git a/src/codegen/code-stub-assembler.cc b/src/codegen/code-stub-assembler.cc index 82cb23a1e2..1a533fefa4 100644 --- a/src/codegen/code-stub-assembler.cc +++ b/src/codegen/code-stub-assembler.cc @@ -3882,10 +3882,9 @@ void CodeStubAssembler::StoreFieldsNoWriteBarrier(TNode start_address, } TNode CodeStubAssembler::IsValidFastJSArrayCapacity( - Node* capacity, ParameterMode capacity_mode) { - return UncheckedCast( - UintPtrLessThanOrEqual(ParameterToIntPtr(capacity, capacity_mode), - IntPtrConstant(JSArray::kMaxFastArrayLength))); + TNode capacity) { + return UintPtrLessThanOrEqual(capacity, + UintPtrConstant(JSArray::kMaxFastArrayLength)); } TNode CodeStubAssembler::AllocateJSArray( @@ -3909,9 +3908,8 @@ TNode CodeStubAssembler::AllocateJSArray( std::pair, TNode> CodeStubAssembler::AllocateUninitializedJSArrayWithElements( ElementsKind kind, TNode array_map, TNode length, - TNode allocation_site, Node* capacity, - ParameterMode capacity_mode, AllocationFlags allocation_flags, - int array_header_size) { + TNode allocation_site, TNode capacity, + AllocationFlags allocation_flags, int array_header_size) { Comment("begin allocation of JSArray with elements"); CHECK_EQ(allocation_flags & ~kAllowLargeObjectAllocation, 0); CSA_SLOW_ASSERT(this, TaggedIsPositiveSmi(length)); @@ -3922,7 +3920,7 @@ CodeStubAssembler::AllocateUninitializedJSArrayWithElements( Label out(this), empty(this), nonempty(this); int capacity_int; - if (TryGetIntPtrOrSmiConstantValue(capacity, &capacity_int, capacity_mode)) { + if (ToInt32Constant(capacity, &capacity_int)) { if (capacity_int == 0) { TNode empty_array = EmptyFixedArrayConstant(); array = AllocateJSArray(array_map, empty_array, length, allocation_site, @@ -3932,8 +3930,7 @@ CodeStubAssembler::AllocateUninitializedJSArrayWithElements( Goto(&nonempty); } } else { - Branch(SmiEqual(ParameterToTagged(capacity, capacity_mode), SmiConstant(0)), - &empty, &nonempty); + Branch(WordEqual(capacity, IntPtrConstant(0)), &empty, &nonempty); BIND(&empty); { @@ -3956,8 +3953,7 @@ CodeStubAssembler::AllocateUninitializedJSArrayWithElements( // Compute space for elements base_size += FixedArray::kHeaderSize; - TNode size = - ElementOffsetFromIndex(capacity, kind, capacity_mode, base_size); + TNode size = ElementOffsetFromIndex(capacity, kind, base_size); // For very large arrays in which the requested allocation exceeds the // maximal size of a regular heap object, we cannot use the allocation @@ -3968,19 +3964,16 @@ CodeStubAssembler::AllocateUninitializedJSArrayWithElements( Label next(this); GotoIf(IsRegularHeapObjectSize(size), &next); - CSA_CHECK(this, IsValidFastJSArrayCapacity(capacity, capacity_mode)); + CSA_CHECK(this, IsValidFastJSArrayCapacity(capacity)); // Allocate and initialize the elements first. Full initialization is // needed because the upcoming JSArray allocation could trigger GC. - elements = - AllocateFixedArray(kind, capacity, capacity_mode, allocation_flags); + elements = AllocateFixedArray(kind, capacity, allocation_flags); if (IsDoubleElementsKind(kind)) { - FillFixedDoubleArrayWithZero( - CAST(elements.value()), ParameterToIntPtr(capacity, capacity_mode)); + FillFixedDoubleArrayWithZero(CAST(elements.value()), capacity); } else { - FillFixedArrayWithSmiZero(CAST(elements.value()), - ParameterToIntPtr(capacity, capacity_mode)); + FillFixedArrayWithSmiZero(CAST(elements.value()), capacity); } // The JSArray and possibly allocation memento next. Note that @@ -4011,8 +4004,8 @@ CodeStubAssembler::AllocateUninitializedJSArrayWithElements( DCHECK(RootsTable::IsImmortalImmovable(elements_map_index)); StoreMapNoWriteBarrier(elements.value(), elements_map_index); - TNode capacity_smi = ParameterToTagged(capacity, capacity_mode); - CSA_ASSERT(this, SmiGreaterThan(capacity_smi, SmiConstant(0))); + CSA_ASSERT(this, WordNotEqual(capacity, IntPtrConstant(0))); + TNode capacity_smi = SmiTag(capacity); StoreObjectFieldNoWriteBarrier(elements.value(), FixedArray::kLengthOffset, capacity_smi); Goto(&out); @@ -4054,8 +4047,7 @@ TNode CodeStubAssembler::AllocateJSArray( TNode elements; std::tie(array, elements) = AllocateUninitializedJSArrayWithElements( - kind, array_map, length, allocation_site, capacity, capacity_mode, - allocation_flags); + kind, array_map, length, allocation_site, capacity, allocation_flags); Label out(this), nonempty(this); diff --git a/src/codegen/code-stub-assembler.h b/src/codegen/code-stub-assembler.h index fa3a139ec6..0acc075570 100644 --- a/src/codegen/code-stub-assembler.h +++ b/src/codegen/code-stub-assembler.h @@ -1809,8 +1809,7 @@ class V8_EXPORT_PRIVATE CodeStubAssembler SloppyTNode instance_size, int start_offset = JSObject::kHeaderSize); - TNode IsValidFastJSArrayCapacity(Node* capacity, - ParameterMode capacity_mode); + TNode IsValidFastJSArrayCapacity(TNode capacity); // // Allocate and return a JSArray with initialized header fields and its @@ -1819,8 +1818,7 @@ class V8_EXPORT_PRIVATE CodeStubAssembler std::pair, TNode> AllocateUninitializedJSArrayWithElements( ElementsKind kind, TNode array_map, TNode length, - TNode allocation_site, Node* capacity, - ParameterMode capacity_mode = INTPTR_PARAMETERS, + TNode allocation_site, TNode capacity, AllocationFlags allocation_flags = kNone, int array_header_size = JSArray::kSize);