| OLD | NEW |
|---|
| 1 // Copyright 2006-2009 the V8 project authors. All rights reserved. | 1 // Copyright 2006-2009 the V8 project authors. All rights reserved. |
| 2 // Redistribution and use in source and binary forms, with or without | 2 // Redistribution and use in source and binary forms, with or without |
| 3 // modification, are permitted provided that the following conditions are | 3 // modification, are permitted provided that the following conditions are |
| 4 // met: | 4 // met: |
| 5 // | 5 // |
| 6 // * Redistributions of source code must retain the above copyright | 6 // * Redistributions of source code must retain the above copyright |
| 7 // notice, this list of conditions and the following disclaimer. | 7 // notice, this list of conditions and the following disclaimer. |
| 8 // * Redistributions in binary form must reproduce the above | 8 // * Redistributions in binary form must reproduce the above |
| 9 // copyright notice, this list of conditions and the following | 9 // copyright notice, this list of conditions and the following |
| 10 // disclaimer in the documentation and/or other materials provided | 10 // disclaimer in the documentation and/or other materials provided |
| (...skipping 20 matching lines...) Expand all Loading... |
| 31 #include "api.h" | 31 #include "api.h" |
| 32 #include "arguments.h" | 32 #include "arguments.h" |
| 33 #include "execution.h" | 33 #include "execution.h" |
| 34 #include "ic-inl.h" | 34 #include "ic-inl.h" |
| 35 #include "runtime.h" | 35 #include "runtime.h" |
| 36 #include "stub-cache.h" | 36 #include "stub-cache.h" |
| 37 | 37 |
| 38 namespace v8 { | 38 namespace v8 { |
| 39 namespace internal { | 39 namespace internal { |
| 40 | 40 |
| 41 // Temporary helper for working around http://crbug.com/16276. If we | |
| 42 // allow 'the hole value' to leak into the IC code, it may lead to | |
| 43 // crashes, but this should not happen and we should track down the | |
| 44 // cause of it. | |
| 45 static inline Handle<Object> UnholeForBug16276(Handle<Object> object) { | |
| 46 if (!object->IsTheHole()) return object; | |
| 47 ASSERT(false); // This should not happen. | |
| 48 return Factory::undefined_value(); | |
| 49 } | |
| 50 | |
| 51 | |
| 52 #ifdef DEBUG | 41 #ifdef DEBUG |
| 53 static char TransitionMarkFromState(IC::State state) { | 42 static char TransitionMarkFromState(IC::State state) { |
| 54 switch (state) { | 43 switch (state) { |
| 55 case UNINITIALIZED: return '0'; | 44 case UNINITIALIZED: return '0'; |
| 56 case PREMONOMORPHIC: return 'P'; | 45 case PREMONOMORPHIC: return 'P'; |
| 57 case MONOMORPHIC: return '1'; | 46 case MONOMORPHIC: return '1'; |
| 58 case MONOMORPHIC_PROTOTYPE_FAILURE: return '^'; | 47 case MONOMORPHIC_PROTOTYPE_FAILURE: return '^'; |
| 59 case MEGAMORPHIC: return 'N'; | 48 case MEGAMORPHIC: return 'N'; |
| 60 | 49 |
| 61 // We never see the debugger states here, because the state is | 50 // We never see the debugger states here, because the state is |
| (...skipping 263 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 325 frame->SetExpression(index, *target); | 314 frame->SetExpression(index, *target); |
| 326 } | 315 } |
| 327 | 316 |
| 328 return *delegate; | 317 return *delegate; |
| 329 } | 318 } |
| 330 | 319 |
| 331 | 320 |
| 332 Object* CallIC::LoadFunction(State state, | 321 Object* CallIC::LoadFunction(State state, |
| 333 Handle<Object> object, | 322 Handle<Object> object, |
| 334 Handle<String> name) { | 323 Handle<String> name) { |
| 335 object = UnholeForBug16276(object); | |
| 336 | |
| 337 // If the object is undefined or null it's illegal to try to get any | 324 // If the object is undefined or null it's illegal to try to get any |
| 338 // of its properties; throw a TypeError in that case. | 325 // of its properties; throw a TypeError in that case. |
| 339 if (object->IsUndefined() || object->IsNull()) { | 326 if (object->IsUndefined() || object->IsNull()) { |
| 340 return TypeError("non_object_property_call", object, name); | 327 return TypeError("non_object_property_call", object, name); |
| 341 } | 328 } |
| 342 | 329 |
| 343 // Check if the name is trivially convertible to an index and get | 330 // Check if the name is trivially convertible to an index and get |
| 344 // the element if so. | 331 // the element if so. |
| 345 uint32_t index; | 332 uint32_t index; |
| 346 if (name->AsArrayIndex(&index)) { | 333 if (name->AsArrayIndex(&index)) { |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 380 // If the object does not have the requested property, check which | 367 // If the object does not have the requested property, check which |
| 381 // exception we need to throw. | 368 // exception we need to throw. |
| 382 if (attr == ABSENT) { | 369 if (attr == ABSENT) { |
| 383 if (is_contextual()) { | 370 if (is_contextual()) { |
| 384 return ReferenceError("not_defined", name); | 371 return ReferenceError("not_defined", name); |
| 385 } | 372 } |
| 386 return TypeError("undefined_method", object, name); | 373 return TypeError("undefined_method", object, name); |
| 387 } | 374 } |
| 388 } | 375 } |
| 389 | 376 |
| 390 ASSERT(!result->IsTheHole()); | 377 ASSERT(result != Heap::the_hole_value()); |
| 391 | 378 |
| 392 if (result->IsJSFunction()) { | 379 if (result->IsJSFunction()) { |
| 393 // Check if there is an optimized (builtin) version of the function. | 380 // Check if there is an optimized (builtin) version of the function. |
| 394 // Ignored this will degrade performance for Array.prototype.{push,pop}. | 381 // Ignored this will degrade performance for Array.prototype.{push,pop}. |
| 395 // Please note we only return the optimized function iff | 382 // Please note we only return the optimized function iff |
| 396 // the JSObject has FastElements. | 383 // the JSObject has FastElements. |
| 397 if (object->IsJSObject() && JSObject::cast(*object)->HasFastElements()) { | 384 if (object->IsJSObject() && JSObject::cast(*object)->HasFastElements()) { |
| 398 Object* opt = Top::LookupSpecialFunction(JSObject::cast(*object), | 385 Object* opt = Top::LookupSpecialFunction(JSObject::cast(*object), |
| 399 lookup.holder(), | 386 lookup.holder(), |
| 400 JSFunction::cast(result)); | 387 JSFunction::cast(result)); |
| (...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 511 set_target(Code::cast(code)); | 498 set_target(Code::cast(code)); |
| 512 } | 499 } |
| 513 | 500 |
| 514 #ifdef DEBUG | 501 #ifdef DEBUG |
| 515 TraceIC("CallIC", name, state, target(), in_loop ? " (in-loop)" : ""); | 502 TraceIC("CallIC", name, state, target(), in_loop ? " (in-loop)" : ""); |
| 516 #endif | 503 #endif |
| 517 } | 504 } |
| 518 | 505 |
| 519 | 506 |
| 520 Object* LoadIC::Load(State state, Handle<Object> object, Handle<String> name) { | 507 Object* LoadIC::Load(State state, Handle<Object> object, Handle<String> name) { |
| 521 object = UnholeForBug16276(object); | |
| 522 | |
| 523 // If the object is undefined or null it's illegal to try to get any | 508 // If the object is undefined or null it's illegal to try to get any |
| 524 // of its properties; throw a TypeError in that case. | 509 // of its properties; throw a TypeError in that case. |
| 525 if (object->IsUndefined() || object->IsNull()) { | 510 if (object->IsUndefined() || object->IsNull()) { |
| 526 return TypeError("non_object_property_load", object, name); | 511 return TypeError("non_object_property_load", object, name); |
| 527 } | 512 } |
| 528 | 513 |
| 529 if (FLAG_use_ic) { | 514 if (FLAG_use_ic) { |
| 530 // Use specialized code for getting the length of strings and | 515 // Use specialized code for getting the length of strings and |
| 531 // string wrapper objects. The length property of string wrapper | 516 // string wrapper objects. The length property of string wrapper |
| 532 // objects is read-only and therefore always returns the length of | 517 // objects is read-only and therefore always returns the length of |
| (...skipping 192 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 725 | 710 |
| 726 #ifdef DEBUG | 711 #ifdef DEBUG |
| 727 TraceIC("LoadIC", name, state, target()); | 712 TraceIC("LoadIC", name, state, target()); |
| 728 #endif | 713 #endif |
| 729 } | 714 } |
| 730 | 715 |
| 731 | 716 |
| 732 Object* KeyedLoadIC::Load(State state, | 717 Object* KeyedLoadIC::Load(State state, |
| 733 Handle<Object> object, | 718 Handle<Object> object, |
| 734 Handle<Object> key) { | 719 Handle<Object> key) { |
| 735 object = UnholeForBug16276(object); | |
| 736 | |
| 737 if (key->IsSymbol()) { | 720 if (key->IsSymbol()) { |
| 738 Handle<String> name = Handle<String>::cast(key); | 721 Handle<String> name = Handle<String>::cast(key); |
| 739 | 722 |
| 740 // If the object is undefined or null it's illegal to try to get any | 723 // If the object is undefined or null it's illegal to try to get any |
| 741 // of its properties; throw a TypeError in that case. | 724 // of its properties; throw a TypeError in that case. |
| 742 if (object->IsUndefined() || object->IsNull()) { | 725 if (object->IsUndefined() || object->IsNull()) { |
| 743 return TypeError("non_object_property_load", object, name); | 726 return TypeError("non_object_property_load", object, name); |
| 744 } | 727 } |
| 745 | 728 |
| 746 if (FLAG_use_ic) { | 729 if (FLAG_use_ic) { |
| (...skipping 205 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 952 } | 935 } |
| 953 | 936 |
| 954 return true; | 937 return true; |
| 955 } | 938 } |
| 956 | 939 |
| 957 | 940 |
| 958 Object* StoreIC::Store(State state, | 941 Object* StoreIC::Store(State state, |
| 959 Handle<Object> object, | 942 Handle<Object> object, |
| 960 Handle<String> name, | 943 Handle<String> name, |
| 961 Handle<Object> value) { | 944 Handle<Object> value) { |
| 962 object = UnholeForBug16276(object); | |
| 963 | |
| 964 // If the object is undefined or null it's illegal to try to set any | 945 // If the object is undefined or null it's illegal to try to set any |
| 965 // properties on it; throw a TypeError in that case. | 946 // properties on it; throw a TypeError in that case. |
| 966 if (object->IsUndefined() || object->IsNull()) { | 947 if (object->IsUndefined() || object->IsNull()) { |
| 967 return TypeError("non_object_property_store", object, name); | 948 return TypeError("non_object_property_store", object, name); |
| 968 } | 949 } |
| 969 | 950 |
| 970 // Ignore stores where the receiver is not a JSObject. | 951 // Ignore stores where the receiver is not a JSObject. |
| 971 if (!object->IsJSObject()) return *value; | 952 if (!object->IsJSObject()) return *value; |
| 972 Handle<JSObject> receiver = Handle<JSObject>::cast(object); | 953 Handle<JSObject> receiver = Handle<JSObject>::cast(object); |
| 973 | 954 |
| (...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1072 #ifdef DEBUG | 1053 #ifdef DEBUG |
| 1073 TraceIC("StoreIC", name, state, target()); | 1054 TraceIC("StoreIC", name, state, target()); |
| 1074 #endif | 1055 #endif |
| 1075 } | 1056 } |
| 1076 | 1057 |
| 1077 | 1058 |
| 1078 Object* KeyedStoreIC::Store(State state, | 1059 Object* KeyedStoreIC::Store(State state, |
| 1079 Handle<Object> object, | 1060 Handle<Object> object, |
| 1080 Handle<Object> key, | 1061 Handle<Object> key, |
| 1081 Handle<Object> value) { | 1062 Handle<Object> value) { |
| 1082 object = UnholeForBug16276(object); | |
| 1083 | |
| 1084 if (key->IsSymbol()) { | 1063 if (key->IsSymbol()) { |
| 1085 Handle<String> name = Handle<String>::cast(key); | 1064 Handle<String> name = Handle<String>::cast(key); |
| 1086 | 1065 |
| 1087 // If the object is undefined or null it's illegal to try to set | 1066 // If the object is undefined or null it's illegal to try to set any |
| 1088 // any properties on it; throw a TypeError in that case. | 1067 // properties on it; throw a TypeError in that case. |
| 1089 if (object->IsUndefined() || object->IsNull()) { | 1068 if (object->IsUndefined() || object->IsNull()) { |
| 1090 return TypeError("non_object_property_store", object, name); | 1069 return TypeError("non_object_property_store", object, name); |
| 1091 } | 1070 } |
| 1092 | 1071 |
| 1093 // Ignore stores where the receiver is not a JSObject. | 1072 // Ignore stores where the receiver is not a JSObject. |
| 1094 if (!object->IsJSObject()) return *value; | 1073 if (!object->IsJSObject()) return *value; |
| 1095 Handle<JSObject> receiver = Handle<JSObject>::cast(object); | 1074 Handle<JSObject> receiver = Handle<JSObject>::cast(object); |
| 1096 | 1075 |
| 1097 // Check if the given name is an array index. | 1076 // Check if the given name is an array index. |
| 1098 uint32_t index; | 1077 uint32_t index; |
| (...skipping 276 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1375 #undef ADDR | 1354 #undef ADDR |
| 1376 }; | 1355 }; |
| 1377 | 1356 |
| 1378 | 1357 |
| 1379 Address IC::AddressFromUtilityId(IC::UtilityId id) { | 1358 Address IC::AddressFromUtilityId(IC::UtilityId id) { |
| 1380 return IC_utilities[id]; | 1359 return IC_utilities[id]; |
| 1381 } | 1360 } |
| 1382 | 1361 |
| 1383 | 1362 |
| 1384 } } // namespace v8::internal | 1363 } } // namespace v8::internal |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 155419:
Revert r2431. I don't think this is it. (Closed)
Base URL: http://v8.googlecode.com/svn/branches/bleeding_edge/