From ecc31a0cee8fb7f492596f6687a20e8e36a5a955 Mon Sep 17 00:00:00 2001 From: "hpayer@chromium.org" Date: Mon, 22 Jul 2013 11:07:43 +0000 Subject: [PATCH] Prefill pre-allocated memory of folded allocation with one pointer fillers when heap verifier is on. BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/19723004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15798 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/arm/lithium-codegen-arm.cc | 19 +++++++++++++++++++ src/hydrogen-instructions.cc | 32 +++----------------------------- src/hydrogen-instructions.h | 11 ++++++++++- src/ia32/lithium-codegen-ia32.cc | 17 +++++++++++++++++ src/x64/lithium-codegen-x64.cc | 17 +++++++++++++++++ 5 files changed, 66 insertions(+), 30 deletions(-) diff --git a/src/arm/lithium-codegen-arm.cc b/src/arm/lithium-codegen-arm.cc index 9e0d59f8ec..d12b229c38 100644 --- a/src/arm/lithium-codegen-arm.cc +++ b/src/arm/lithium-codegen-arm.cc @@ -5364,6 +5364,25 @@ void LCodeGen::DoAllocate(LAllocate* instr) { } __ bind(deferred->exit()); + + if (instr->hydrogen()->MustPrefillWithFiller()) { + if (instr->size()->IsConstantOperand()) { + int32_t size = ToInteger32(LConstantOperand::cast(instr->size())); + __ mov(scratch, Operand(size)); + } else { + scratch = ToRegister(instr->size()); + } + __ sub(scratch, scratch, Operand(kPointerSize)); + __ sub(result, result, Operand(kHeapObjectTag)); + Label loop; + __ bind(&loop); + __ mov(scratch2, Operand(isolate()->factory()->one_pointer_filler_map())); + __ str(scratch2, MemOperand(result, scratch)); + __ sub(scratch, scratch, Operand(kPointerSize)); + __ cmp(scratch, Operand(0)); + __ b(ge, &loop); + __ add(result, result, Operand(kHeapObjectTag)); + } } diff --git a/src/hydrogen-instructions.cc b/src/hydrogen-instructions.cc index 880de29aca..932b9b219d 100644 --- a/src/hydrogen-instructions.cc +++ b/src/hydrogen-instructions.cc @@ -3237,35 +3237,9 @@ void HAllocate::HandleSideEffectDominator(GVNFlag side_effect, dominator_allocate_instr->UpdateSize(new_dominator_size); #ifdef VERIFY_HEAP - HInstruction* free_space_instr = - new(zone) HInnerAllocatedObject(dominator_allocate_instr, - dominator_size_constant, - type()); - free_space_instr->InsertAfter(dominator_allocate_instr); - HConstant* filler_map = new(zone) HConstant( - isolate()->factory()->free_space_map(), - UniqueValueId(isolate()->heap()->free_space_map()), - Representation::Tagged(), - HType::Tagged(), - false, - true, - false, - false); - filler_map->InsertAfter(free_space_instr); - - HInstruction* store_map = new(zone) HStoreNamedField( - free_space_instr, HObjectAccess::ForMap(), filler_map); - store_map->SetFlag(HValue::kHasNoObservableSideEffects); - store_map->InsertAfter(filler_map); - - HInstruction* free_space_size = new(zone) HConstant(current_size_constant); - free_space_size->InsertAfter(store_map); - HObjectAccess access = - HObjectAccess::ForJSObjectOffset(FreeSpace::kSizeOffset); - HInstruction* store_size = new(zone) HStoreNamedField( - free_space_instr, access, free_space_size); - store_size->SetFlag(HValue::kHasNoObservableSideEffects); - store_size->InsertAfter(free_space_size); + if (FLAG_verify_heap) { + dominator_allocate_instr->SetFlags(HAllocate::PREFILL_WITH_FILLER); + } #endif // After that replace the dominated allocate instruction. diff --git a/src/hydrogen-instructions.h b/src/hydrogen-instructions.h index 5fba5f2c63..763b6369e3 100644 --- a/src/hydrogen-instructions.h +++ b/src/hydrogen-instructions.h @@ -4964,7 +4964,8 @@ class HAllocate: public HTemplateInstruction<2> { CAN_ALLOCATE_IN_NEW_SPACE = 1 << 0, CAN_ALLOCATE_IN_OLD_DATA_SPACE = 1 << 1, CAN_ALLOCATE_IN_OLD_POINTER_SPACE = 1 << 2, - ALLOCATE_DOUBLE_ALIGNED = 1 << 3 + ALLOCATE_DOUBLE_ALIGNED = 1 << 3, + PREFILL_WITH_FILLER = 1 << 4 }; HAllocate(HValue* context, HValue* size, HType type, Flags flags) @@ -5041,6 +5042,14 @@ class HAllocate: public HTemplateInstruction<2> { return (flags_ & ALLOCATE_DOUBLE_ALIGNED) != 0; } + bool MustPrefillWithFiller() const { + return (flags_ & PREFILL_WITH_FILLER) != 0; + } + + void SetFlags(Flags flags) { + flags_ = static_cast(flags_ | flags); + } + void UpdateSize(HValue* size) { SetOperandAt(1, size); } diff --git a/src/ia32/lithium-codegen-ia32.cc b/src/ia32/lithium-codegen-ia32.cc index 2c234d834c..38d2011d0b 100644 --- a/src/ia32/lithium-codegen-ia32.cc +++ b/src/ia32/lithium-codegen-ia32.cc @@ -6046,6 +6046,23 @@ void LCodeGen::DoAllocate(LAllocate* instr) { } __ bind(deferred->exit()); + + if (instr->hydrogen()->MustPrefillWithFiller()) { + if (instr->size()->IsConstantOperand()) { + int32_t size = ToInteger32(LConstantOperand::cast(instr->size())); + __ mov(temp, (size / kPointerSize) - 1); + } else { + temp = ToRegister(instr->size()); + __ shr(temp, kPointerSizeLog2); + __ dec(temp); + } + Label loop; + __ bind(&loop); + __ mov(FieldOperand(result, temp, times_pointer_size, 0), + isolate()->factory()->one_pointer_filler_map()); + __ dec(temp); + __ j(not_zero, &loop); + } } diff --git a/src/x64/lithium-codegen-x64.cc b/src/x64/lithium-codegen-x64.cc index c9b808c10c..475c405d0d 100644 --- a/src/x64/lithium-codegen-x64.cc +++ b/src/x64/lithium-codegen-x64.cc @@ -5075,6 +5075,23 @@ void LCodeGen::DoAllocate(LAllocate* instr) { } __ bind(deferred->exit()); + + if (instr->hydrogen()->MustPrefillWithFiller()) { + if (instr->size()->IsConstantOperand()) { + int32_t size = ToInteger32(LConstantOperand::cast(instr->size())); + __ movl(temp, Immediate((size / kPointerSize) - 1)); + } else { + temp = ToRegister(instr->size()); + __ sar(temp, Immediate(kPointerSizeLog2)); + __ decl(temp); + } + Label loop; + __ bind(&loop); + __ Move(FieldOperand(result, temp, times_pointer_size, 0), + isolate()->factory()->one_pointer_filler_map()); + __ decl(temp); + __ j(not_zero, &loop); + } }