[strong] Implement strong mode restrictions on property access

src/ic/ic.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/v8.h"
 
 #include "src/accessors.h"
 #include "src/api.h"
 #include "src/arguments.h"
 #include "src/base/bits.h"
@@ skipping 553 matching lines @@
   // Only clear CompareICs that can retain objects.
   if (stub.state() != CompareICState::KNOWN_OBJECT) return;
   SetTargetAtAddress(address,
                      GetRawUninitialized(isolate, stub.op(), stub.strength()),
                      constant_pool);
   PatchInlinedSmiCode(address, DISABLE_INLINED_SMI_CHECK);
 }
 
 
 // static
-Handle<Code> KeyedLoadIC::ChooseMegamorphicStub(Isolate* isolate) {
+Handle<Code> KeyedLoadIC::ChooseMegamorphicStub(Isolate* isolate,
+                                                ExtraICState extra_state) {
   if (FLAG_compiled_keyed_generic_loads) {
-    return KeyedLoadGenericStub(isolate).GetCode();
+    return KeyedLoadGenericStub(isolate, LoadICState(extra_state)).GetCode();
   } else {
-    return isolate->builtins()->KeyedLoadIC_Megamorphic();
+    return is_strong(LoadICState::GetStrength(extra_state))
+               ? isolate->builtins()->KeyedLoadIC_Megamorphic_Strong()
+               : isolate->builtins()->KeyedLoadIC_Megamorphic();
   }
 }
 
 
 static bool MigrateDeprecated(Handle<Object> object) {
   if (!object->IsJSObject()) return false;
   Handle<JSObject> receiver = Handle<JSObject>::cast(object);
   if (!receiver->map()->is_deprecated()) return false;
   JSObject::MigrateInstance(Handle<JSObject>::cast(object));
   return true;
@@ skipping 83 matching lines @@
         ConfigureVectorState(MEGAMORPHIC);
       } else {
         set_target(*megamorphic_stub());
       }
       TRACE_IC("LoadIC", name);
       TRACE_GENERIC_IC(isolate(), "LoadIC", "name as array index");
     }
     Handle<Object> result;
     ASSIGN_RETURN_ON_EXCEPTION(
         isolate(), result,
-        Runtime::GetElementOrCharAt(isolate(), object, index), Object);
+        Runtime::GetElementOrCharAt(isolate(), object, index, strength()),
+        Object);
     return result;
   }
 
   bool use_ic = MigrateDeprecated(object) ? false : FLAG_use_ic;
 
   if (object->IsGlobalObject() && name->IsString()) {
     // Look up in script context table.
     Handle<String> str_name = Handle<String>::cast(name);
     Handle<GlobalObject> global = Handle<GlobalObject>::cast(object);
     Handle<ScriptContextTable> script_contexts(
@@ skipping 22 matching lines @@
   // Named lookup in the object.
   LookupIterator it(object, name);
   LookupForRead(&it);
 
   if (it.IsFound() || !IsUndeclaredGlobal(object)) {
     // Update inline cache and stub cache.
     if (use_ic) UpdateCaches(&it);
 
     // Get the property.
     Handle<Object> result;
-    ASSIGN_RETURN_ON_EXCEPTION(isolate(), result, Object::GetProperty(&it),
-                               Object);
+
+    ASSIGN_RETURN_ON_EXCEPTION(isolate(), result,
+                               Object::GetProperty(&it, strength()), Object);
     if (it.IsFound()) {
       return result;
     } else if (!IsUndeclaredGlobal(object)) {
       LOG(isolate(), SuspectReadEvent(*name, *object));
       return result;
     }
   }
   return ReferenceError(name);
 }
 
@@ skipping 171 matching lines @@
   return LoadICTrampolineStub(isolate, LoadICState(extra_state)).GetCode();
 }
 
 
 Handle<Code> LoadIC::initialize_stub_in_optimized_code(
     Isolate* isolate, ExtraICState extra_state, State initialization_state) {
   return LoadICStub(isolate, LoadICState(extra_state)).GetCode();
 }
 
 
-Handle<Code> KeyedLoadIC::initialize_stub(Isolate* isolate) {
-  return KeyedLoadICTrampolineStub(isolate).GetCode();
+Handle<Code> KeyedLoadIC::initialize_stub(Isolate* isolate,
+                                          ExtraICState extra_state) {
+  return KeyedLoadICTrampolineStub(isolate, LoadICState(extra_state)).GetCode();
 }
 
 
 Handle<Code> KeyedLoadIC::initialize_stub_in_optimized_code(
-    Isolate* isolate, State initialization_state) {
+    Isolate* isolate, State initialization_state, ExtraICState extra_state) {
   if (initialization_state != MEGAMORPHIC) {
-    return KeyedLoadICStub(isolate).GetCode();
+    return KeyedLoadICStub(isolate, LoadICState(extra_state)).GetCode();
   }
+  bool strong = is_strong(LoadICState::GetStrength(extra_state));
   switch (initialization_state) {
     case UNINITIALIZED:
-      return isolate->builtins()->KeyedLoadIC_Initialize();
+      return strong ? isolate->builtins()->KeyedLoadIC_Initialize_Strong()

[mvstanton, 2015/06/09 12:46:44]

I think this shows some unfinished clean-up work now that vector ics area always
on for loads. We can't achieve UNINITIALIZED state here because of the statement
above ("if (initialization_state != MEGAMORPHIC)").

Suggests that you could eliminate KeyedLoadIC_Initialize() from the builtins,
and your strong variant then too.

[conradw, 2015/06/09 13:09:27]

Done.

+                    : isolate->builtins()->KeyedLoadIC_Initialize();
     case MEGAMORPHIC:
-      return isolate->builtins()->KeyedLoadIC_Megamorphic();
+      return strong ? isolate->builtins()->KeyedLoadIC_Megamorphic_Strong()
+                    : isolate->builtins()->KeyedLoadIC_Megamorphic();
     default:
       UNREACHABLE();
   }
   return Handle<Code>();
 }
 
 
 Handle<Code> KeyedStoreIC::initialize_stub(Isolate* isolate,
                                            LanguageMode language_mode,
                                            State initialization_state) {
@@ skipping 12 matching lines @@
                  : isolate->builtins()->KeyedStoreIC_Megamorphic();
     default:
       UNREACHABLE();
   }
   return Handle<Code>();
 }
 
 
 Handle<Code> LoadIC::megamorphic_stub() {
   DCHECK_EQ(Code::KEYED_LOAD_IC, kind());
-  return KeyedLoadIC::ChooseMegamorphicStub(isolate());
+  return KeyedLoadIC::ChooseMegamorphicStub(isolate(), extra_ic_state());
 }
 
 
 Handle<Code> LoadIC::SimpleFieldLoad(FieldIndex index) {
   LoadFieldStub stub(isolate(), index);
   return stub.GetCode();
 }
 
 
 void LoadIC::UpdateCaches(LookupIterator* lookup) {
   if (state() == UNINITIALIZED) {
     // This is the first time we execute this inline cache. Set the target to
     // the pre monomorphic stub to delay setting the monomorphic state.
     ConfigureVectorState(PREMONOMORPHIC);
     TRACE_IC("LoadIC", lookup->name());
     return;
   }
 
   Handle<Code> code;
   if (lookup->state() == LookupIterator::JSPROXY ||
       lookup->state() == LookupIterator::ACCESS_CHECK) {
     code = slow_stub();
   } else if (!lookup->IsFound()) {
-    if (kind() == Code::LOAD_IC) {
+    if (kind() == Code::LOAD_IC && !is_strong(strength())) {
       code = NamedLoadHandlerCompiler::ComputeLoadNonexistent(lookup->name(),
                                                               receiver_map());
       // TODO(jkummerow/verwaest): Introduce a builtin that handles this case.
       if (code.is_null()) code = slow_stub();
     } else {
       code = slow_stub();
     }
   } else {
     code = ComputeHandler(lookup);
   }
@@ skipping 238 matching lines @@
 
 Handle<Code> KeyedLoadIC::LoadElementStub(Handle<HeapObject> receiver) {
   Handle<Code> null_handle;
   Handle<Map> receiver_map(receiver->map(), isolate());
   MapHandleList target_receiver_maps;
   TargetMaps(&target_receiver_maps);
 
 
   if (target_receiver_maps.length() == 0) {
     Handle<Code> handler =
-        PropertyICCompiler::ComputeKeyedLoadMonomorphicHandler(receiver_map);
+        PropertyICCompiler::ComputeKeyedLoadMonomorphicHandler(
+            receiver_map, extra_ic_state());
     ConfigureVectorState(Handle<Name>::null(), receiver_map, handler);
     return null_handle;
   }
 
   // The first time a receiver is seen that is a transitioned version of the
   // previous monomorphic receiver type, assume the new ElementsKind is the
   // monomorphic type. This benefits global arrays that only transition
   // once, and all call sites accessing them are faster if they remain
   // monomorphic. If this optimistic assumption is not true, the IC will
   // miss again and it will become polymorphic and support both the
   // untransitioned and transitioned maps.
   if (state() == MONOMORPHIC && !receiver->IsString() &&
       IsMoreGeneralElementsKindTransition(
           target_receiver_maps.at(0)->elements_kind(),
           Handle<JSObject>::cast(receiver)->GetElementsKind())) {
     Handle<Code> handler =
-        PropertyICCompiler::ComputeKeyedLoadMonomorphicHandler(receiver_map);
+        PropertyICCompiler::ComputeKeyedLoadMonomorphicHandler(
+            receiver_map, extra_ic_state());
     ConfigureVectorState(Handle<Name>::null(), receiver_map, handler);
     return null_handle;
   }
 
   DCHECK(state() != GENERIC);
 
   // Determine the list of receiver maps that this call site has seen,
   // adding the map that was just encountered.
   if (!AddOneReceiverMapIfMissing(&target_receiver_maps, receiver_map)) {
     // If the miss wasn't due to an unseen map, a polymorphic stub
     // won't help, use the generic stub.
     TRACE_GENERIC_IC(isolate(), "KeyedLoadIC", "same map added twice");
     return megamorphic_stub();
   }
 
   // If the maximum number of receiver maps has been exceeded, use the generic
   // version of the IC.
   if (target_receiver_maps.length() > kMaxKeyedPolymorphism) {
     TRACE_GENERIC_IC(isolate(), "KeyedLoadIC", "max polymorph exceeded");
     return megamorphic_stub();
   }
 
   CodeHandleList handlers(target_receiver_maps.length());
   ElementHandlerCompiler compiler(isolate());
-  compiler.CompileElementHandlers(&target_receiver_maps, &handlers);
+  compiler.CompileElementHandlers(&target_receiver_maps, &handlers, strength());
   ConfigureVectorState(Handle<Name>::null(), &target_receiver_maps, &handlers);
   return null_handle;
 }
 
 
 MaybeHandle<Object> KeyedLoadIC::Load(Handle<Object> object,
                                       Handle<Object> key) {
   if (MigrateDeprecated(object)) {
     Handle<Object> result;
     ASSIGN_RETURN_ON_EXCEPTION(
-        isolate(), result, Runtime::GetObjectProperty(isolate(), object, key),
-        Object);
+        isolate(), result,
+        Runtime::GetObjectProperty(isolate(), object, key, strength()), Object);
     return result;
   }
 
   Handle<Object> load_handle;
   Handle<Code> stub = megamorphic_stub();
 
   // Check for non-string values that can be converted into an
   // internalized string directly or is representable as a smi.
   key = TryConvertKey(key, isolate());
 
@@ skipping 26 matching lines @@
       if (!stub.is_null() && *stub == generic) {
         ConfigureVectorState(MEGAMORPHIC);
         TRACE_GENERIC_IC(isolate(), "KeyedLoadIC", "set generic");
       }
 
       TRACE_IC("LoadIC", key);
     }
   }
 
   if (!load_handle.is_null()) return load_handle;
+
   Handle<Object> result;
-  ASSIGN_RETURN_ON_EXCEPTION(isolate(), result,
-                             Runtime::GetObjectProperty(isolate(), object, key),
-                             Object);
+  ASSIGN_RETURN_ON_EXCEPTION(
+      isolate(), result,
+      Runtime::GetObjectProperty(isolate(), object, key, strength()), Object);
   return result;
 }
 
 
 bool StoreIC::LookupForWrite(LookupIterator* it, Handle<Object> value,
                              JSReceiver::StoreFromKeyed store_mode) {
   // Disable ICs for non-JSObjects for now.
   Handle<Object> receiver = it->GetReceiver();
   if (!receiver->IsJSObject()) return false;
   DCHECK(!Handle<JSObject>::cast(receiver)->map()->is_deprecated());
@@ skipping 1442 matching lines @@
   DCHECK(args.length() == NamedLoadHandlerCompiler::kInterceptorArgsLength);
   Handle<Name> name =
       args.at<Name>(NamedLoadHandlerCompiler::kInterceptorArgsNameIndex);
   Handle<JSObject> receiver =
       args.at<JSObject>(NamedLoadHandlerCompiler::kInterceptorArgsThisIndex);
   Handle<JSObject> holder =
       args.at<JSObject>(NamedLoadHandlerCompiler::kInterceptorArgsHolderIndex);
 
   Handle<Object> result;
   LookupIterator it(receiver, name, holder);
+  // TODO(conradw): Investigate strong mode semantics for this.
   ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result,
                                      JSObject::GetProperty(&it));
 
   if (it.IsFound()) return *result;
 
   return ThrowReferenceError(isolate, Name::cast(args[0]));
 }
 
 
 RUNTIME_FUNCTION(StorePropertyWithInterceptor) {
@@ skipping 25 matching lines @@
 }
 
 
 RUNTIME_FUNCTION(LoadElementWithInterceptor) {
   // TODO(verwaest): This should probably get the holder and receiver as input.
   HandleScope scope(isolate);
   Handle<JSObject> receiver = args.at<JSObject>(0);
   DCHECK(args.smi_at(1) >= 0);
   uint32_t index = args.smi_at(1);
   Handle<Object> result;
+  // TODO(conradw): Investigate strong mode semantics for this.
+  Strength strength = Strength::WEAK;
   ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
-      isolate, result, Object::GetElement(isolate, receiver, index));
+      isolate, result, Object::GetElement(isolate, receiver, index, strength));
   return *result;
 }
 
 
 RUNTIME_FUNCTION(LoadIC_MissFromStubFailure) {
   TimerEventScope<TimerEventIcMiss> timer(isolate);
   HandleScope scope(isolate);
   Handle<Object> receiver = args.at<Object>(0);
   Handle<Name> key = args.at<Name>(1);
   Handle<Object> result;
@@ skipping 15 matching lines @@
     KeyedLoadICNexus nexus(vector, vector_slot);
     KeyedLoadIC ic(IC::EXTRA_CALL_FRAME, isolate, &nexus);
     ic.UpdateState(receiver, key);
     ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result, ic.Load(receiver, key));
   }
 
   return *result;
 }
 
 
+RUNTIME_FUNCTION(LoadIC_Slow) {
+  HandleScope scope(isolate);
+  DCHECK(args.length() == 2);
+
+  Handle<Object> receiver = args.at<Object>(0);
+  Handle<Name> name = args.at<Name>(1);
+  LoadIC ic(IC::NO_EXTRA_FRAME, isolate, true);
+  Handle<Object> result;
+  ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
+      isolate, result,
+      Runtime::GetObjectProperty(isolate, receiver, name, ic.strength()));
+  return *result;
+}
+
+
+RUNTIME_FUNCTION(KeyedLoadIC_Slow) {
+  HandleScope scope(isolate);
+  DCHECK(args.length() == 2);
+
+  Handle<Object> receiver = args.at<Object>(0);
+  Handle<Object> key = args.at<Object>(1);
+  LoadIC ic(IC::NO_EXTRA_FRAME, isolate, true);
+  Handle<Object> result;
+  ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
+      isolate, result,
+      Runtime::KeyedGetObjectProperty(isolate, receiver, key, ic.strength()));
+  return *result;
+}
+
+
 static const Address IC_utilities[] = {
 #define ADDR(name) FUNCTION_ADDR(name),
     IC_UTIL_LIST(ADDR) NULL
 #undef ADDR
 };
 
 
 Address IC::AddressFromUtilityId(IC::UtilityId id) { return IC_utilities[id]; }
-}  // namespace internal
-}  // namespace v8
+}
+}  // namespace v8::internal