[strong] Implement strong mode restrictions on property access

src/ic/arm/ic-arm.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/v8.h"
 
 #if V8_TARGET_ARCH_ARM
 
 #include "src/codegen.h"
 #include "src/ic/ic.h"
@@ skipping 143 matching lines @@
   __ ldrb(scratch, FieldMemOperand(map, Map::kInstanceTypeOffset));
   __ cmp(scratch, Operand(JS_OBJECT_TYPE));
   __ b(lt, slow);
 }
 
 
 // Loads an indexed element from a fast case array.
 static void GenerateFastArrayLoad(MacroAssembler* masm, Register receiver,
                                   Register key, Register elements,
                                   Register scratch1, Register scratch2,
-                                  Register result, Label* slow) {
+                                  Register result, Label* slow,
+                                  LanguageMode language_mode) {
   // Register use:
   //
   // receiver - holds the receiver on entry.
   //            Unchanged unless 'result' is the same register.
   //
   // key      - holds the smi key on entry.
   //            Unchanged unless 'result' is the same register.
   //
   // result   - holds the result on exit if the load succeeded.
   //            Allowed to be the the same as 'receiver' or 'key'.
   //            Unchanged on bailout so 'receiver' and 'key' can be safely
   //            used by further computation.
   //
   // Scratch registers:
   //
   // elements - holds the elements of the receiver and its prototypes.
   //
   // scratch1 - used to hold elements length, bit fields, base addresses.
   //
   // scratch2 - used to hold maps, prototypes, and the loaded value.
   Label check_prototypes, check_next_prototype;
-  Label done, in_bounds, return_undefined;
+  Label done, in_bounds, absent;
 
   __ ldr(elements, FieldMemOperand(receiver, JSObject::kElementsOffset));
   __ AssertFastElements(elements);
 
   // Check that the key (index) is within bounds.
   __ ldr(scratch1, FieldMemOperand(elements, FixedArray::kLengthOffset));
   __ cmp(key, Operand(scratch1));
   __ b(lo, &in_bounds);
   // Out-of-bounds. Check the prototype chain to see if we can just return
   // 'undefined'.
   __ cmp(key, Operand(0));
   __ b(lt, slow);  // Negative keys can't take the fast OOB path.
   __ bind(&check_prototypes);
   __ ldr(scratch2, FieldMemOperand(receiver, HeapObject::kMapOffset));
   __ bind(&check_next_prototype);
   __ ldr(scratch2, FieldMemOperand(scratch2, Map::kPrototypeOffset));
   // scratch2: current prototype
   __ CompareRoot(scratch2, Heap::kNullValueRootIndex);
-  __ b(eq, &return_undefined);
+  __ b(eq, &absent);
   __ ldr(elements, FieldMemOperand(scratch2, JSObject::kElementsOffset));
   __ ldr(scratch2, FieldMemOperand(scratch2, HeapObject::kMapOffset));
   // elements: elements of current prototype
   // scratch2: map of current prototype
   __ CompareInstanceType(scratch2, scratch1, JS_OBJECT_TYPE);
   __ b(lo, slow);
   __ ldrb(scratch1, FieldMemOperand(scratch2, Map::kBitFieldOffset));
   __ tst(scratch1, Operand((1 << Map::kIsAccessCheckNeeded) |
                            (1 << Map::kHasIndexedInterceptor)));
   __ b(ne, slow);
   __ CompareRoot(elements, Heap::kEmptyFixedArrayRootIndex);
   __ b(ne, slow);
   __ jmp(&check_next_prototype);
 
-  __ bind(&return_undefined);
-  __ LoadRoot(result, Heap::kUndefinedValueRootIndex);
-  __ jmp(&done);
+  __ bind(&absent);
+  if (is_strong(language_mode)) {
+    // Strong mode accesses must throw in this case, so call the runtime.
+    __ jmp(slow);
+  } else {
+    __ LoadRoot(result, Heap::kUndefinedValueRootIndex);
+    __ jmp(&done);
+  }
 
   __ bind(&in_bounds);
   // Fast case: Do the load.
   __ add(scratch1, elements, Operand(FixedArray::kHeaderSize - kHeapObjectTag));
   __ ldr(scratch2, MemOperand::PointerAddressFromSmiKey(scratch1, key));
   __ CompareRoot(scratch2, Heap::kTheHoleValueRootIndex);
   // In case the loaded value is the_hole we have to check the prototype chain.
   __ b(eq, &check_prototypes);
   __ mov(result, scratch2);
   __ bind(&done);
@@ skipping 38 matching lines @@
   Label slow;
 
   __ ldr(dictionary, FieldMemOperand(LoadDescriptor::ReceiverRegister(),
                                      JSObject::kPropertiesOffset));
   GenerateDictionaryLoad(masm, &slow, dictionary,
                          LoadDescriptor::NameRegister(), r0, r3, r4);
   __ Ret();
 
   // Dictionary load failed, go slow (but don't miss).
   __ bind(&slow);
-  GenerateRuntimeGetProperty(masm);
+  GenerateSlow(masm);
 }
 
 
 // A register that isn't one of the parameters to the load ic.
 static const Register LoadIC_TempRegister() { return r3; }
 
 
 static void LoadIC_PushArgs(MacroAssembler* masm) {
   Register receiver = LoadDescriptor::ReceiverRegister();
   Register name = LoadDescriptor::NameRegister();
@@ skipping 14 matching lines @@
 
   LoadIC_PushArgs(masm);
 
   // Perform tail call to the entry.
   ExternalReference ref = ExternalReference(IC_Utility(kLoadIC_Miss), isolate);
   int arg_count = 4;
   __ TailCallExternalReference(ref, arg_count, 1);
 }
 
 
-void LoadIC::GenerateRuntimeGetProperty(MacroAssembler* masm) {
+void LoadIC::GenerateSlow(MacroAssembler* masm) {
   // The return address is in lr.
 
   __ mov(LoadIC_TempRegister(), LoadDescriptor::ReceiverRegister());
   __ Push(LoadIC_TempRegister(), LoadDescriptor::NameRegister());
 
-  __ TailCallRuntime(Runtime::kGetProperty, 2, 1);
+  // Perform tail call to the entry.
+  ExternalReference ref =
+      ExternalReference(IC_Utility(kLoadIC_Slow), masm->isolate());
+  int arg_count = 2;
+  __ TailCallExternalReference(ref, arg_count, 1);
 }
 
 
 void KeyedLoadIC::GenerateMiss(MacroAssembler* masm) {
   // The return address is in lr.
   Isolate* isolate = masm->isolate();
 
   DCHECK(!AreAliased(r4, r5, LoadWithVectorDescriptor::SlotRegister(),
                      LoadWithVectorDescriptor::VectorRegister()));
   __ IncrementCounter(isolate->counters()->keyed_load_miss(), 1, r4, r5);
 
   LoadIC_PushArgs(masm);
 
   // Perform tail call to the entry.
   ExternalReference ref =
       ExternalReference(IC_Utility(kKeyedLoadIC_Miss), isolate);
   int arg_count = 4;
   __ TailCallExternalReference(ref, arg_count, 1);
 }
 
 
-void KeyedLoadIC::GenerateRuntimeGetProperty(MacroAssembler* masm) {
+void KeyedLoadIC::GenerateSlow(MacroAssembler* masm) {
   // The return address is in lr.
 
   __ Push(LoadDescriptor::ReceiverRegister(), LoadDescriptor::NameRegister());
 
-  __ TailCallRuntime(Runtime::kKeyedGetProperty, 2, 1);
+  // Perform tail call to the entry.
+  ExternalReference ref =
+      ExternalReference(IC_Utility(kKeyedLoadIC_Slow), masm->isolate());
+  int arg_count = 2;
+  __ TailCallExternalReference(ref, arg_count, 1);
 }
 
 
-void KeyedLoadIC::GenerateMegamorphic(MacroAssembler* masm) {
+void KeyedLoadIC::GenerateMegamorphic(MacroAssembler* masm,
+                                      LanguageMode language_mode) {
   // The return address is in lr.
   Label slow, check_name, index_smi, index_name, property_array_property;
   Label probe_dictionary, check_number_dictionary;
 
   Register key = LoadDescriptor::NameRegister();
   Register receiver = LoadDescriptor::ReceiverRegister();
   DCHECK(key.is(r2));
   DCHECK(receiver.is(r1));
 
   Isolate* isolate = masm->isolate();
 
   // Check that the key is a smi.
   __ JumpIfNotSmi(key, &check_name);
   __ bind(&index_smi);
   // Now the key is known to be a smi. This place is also jumped to from below
   // where a numeric string is converted to a smi.
 
   GenerateKeyedLoadReceiverCheck(masm, receiver, r0, r3,
                                  Map::kHasIndexedInterceptor, &slow);
 
   // Check the receiver's map to see if it has fast elements.
   __ CheckFastElements(r0, r3, &check_number_dictionary);
 
-  GenerateFastArrayLoad(masm, receiver, key, r0, r3, r4, r0, &slow);
+  GenerateFastArrayLoad(masm, receiver, key, r0, r3, r4, r0, &slow,
+                        language_mode);
   __ IncrementCounter(isolate->counters()->keyed_load_generic_smi(), 1, r4, r3);
   __ Ret();
 
   __ bind(&check_number_dictionary);
   __ ldr(r4, FieldMemOperand(receiver, JSObject::kElementsOffset));
   __ ldr(r3, FieldMemOperand(r4, JSObject::kMapOffset));
 
   // Check whether the elements is a number dictionary.
   // r3: elements map
   // r4: elements
   __ LoadRoot(ip, Heap::kHashTableMapRootIndex);
   __ cmp(r3, ip);
   __ b(ne, &slow);
   __ SmiUntag(r0, key);
   __ LoadFromNumberDictionary(&slow, r4, key, r0, r0, r3, r5);
   __ Ret();
 
   // Slow case, key and receiver still in r2 and r1.
   __ bind(&slow);
   __ IncrementCounter(isolate->counters()->keyed_load_generic_slow(), 1, r4,
                       r3);
-  GenerateRuntimeGetProperty(masm);
+  GenerateSlow(masm);
 
   __ bind(&check_name);
   GenerateKeyNameCheck(masm, key, r0, r3, &index_name, &slow);
 
   GenerateKeyedLoadReceiverCheck(masm, receiver, r0, r3,
                                  Map::kHasNamedInterceptor, &slow);
 
   // If the receiver is a fast-case object, check the stub cache. Otherwise
   // probe the dictionary.
   __ ldr(r3, FieldMemOperand(receiver, JSObject::kPropertiesOffset));
@@ skipping 452 matching lines @@
     patcher.EmitCondition(ne);
   } else {
     DCHECK(Assembler::GetCondition(branch_instr) == ne);
     patcher.EmitCondition(eq);
   }
 }
 }  // namespace internal
 }  // namespace v8
 
 #endif  // V8_TARGET_ARCH_ARM