[strong] Implement strong mode restrictions on property access

src/ic/mips/ic-mips.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 
 #include "src/v8.h"
 
 #if V8_TARGET_ARCH_MIPS
 
 #include "src/codegen.h"
@@ skipping 145 matching lines @@
   DCHECK(JS_OBJECT_TYPE > JS_VALUE_TYPE);
   __ lbu(scratch, FieldMemOperand(map, Map::kInstanceTypeOffset));
   __ Branch(slow, lt, scratch, Operand(JS_OBJECT_TYPE));
 }
 
 
 // Loads an indexed element from a fast case array.
 static void GenerateFastArrayLoad(MacroAssembler* masm, Register receiver,
                                   Register key, Register elements,
                                   Register scratch1, Register scratch2,
-                                  Register result, Label* slow) {
+                                  Register result, Label* slow,
+                                  LanguageMode language_mode) {
   // Register use:
   //
   // receiver - holds the receiver on entry.
   //            Unchanged unless 'result' is the same register.
   //
   // key      - holds the smi key on entry.
   //            Unchanged unless 'result' is the same register.
   //
   // result   - holds the result on exit if the load succeeded.
   //            Allowed to be the the same as 'receiver' or 'key'.
   //            Unchanged on bailout so 'receiver' and 'key' can be safely
   //            used by further computation.
   //
   // Scratch registers:
   //
   // elements - holds the elements of the receiver and its prototypes.
   //
   // scratch1 - used to hold elements length, bit fields, base addresses.
   //
   // scratch2 - used to hold maps, prototypes, and the loaded value.
   Label check_prototypes, check_next_prototype;
-  Label done, in_bounds, return_undefined;
+  Label done, in_bounds, absent;
 
   __ lw(elements, FieldMemOperand(receiver, JSObject::kElementsOffset));
   __ AssertFastElements(elements);
 
   // Check that the key (index) is within bounds.
   __ lw(scratch1, FieldMemOperand(elements, FixedArray::kLengthOffset));
   __ Branch(&in_bounds, lo, key, Operand(scratch1));
   // Out-of-bounds. Check the prototype chain to see if we can just return
   // 'undefined'.
   // Negative keys can't take the fast OOB path.
   __ Branch(slow, lt, key, Operand(zero_reg));
   __ bind(&check_prototypes);
   __ lw(scratch2, FieldMemOperand(receiver, HeapObject::kMapOffset));
   __ bind(&check_next_prototype);
   __ lw(scratch2, FieldMemOperand(scratch2, Map::kPrototypeOffset));
   // scratch2: current prototype
   __ LoadRoot(at, Heap::kNullValueRootIndex);
-  __ Branch(&return_undefined, eq, scratch2, Operand(at));
+  __ Branch(&absent, eq, scratch2, Operand(at));
   __ lw(elements, FieldMemOperand(scratch2, JSObject::kElementsOffset));
   __ lw(scratch2, FieldMemOperand(scratch2, HeapObject::kMapOffset));
   // elements: elements of current prototype
   // scratch2: map of current prototype
   __ lbu(scratch1, FieldMemOperand(scratch2, Map::kInstanceTypeOffset));
   __ Branch(slow, lo, scratch1, Operand(JS_OBJECT_TYPE));
   __ lbu(scratch1, FieldMemOperand(scratch2, Map::kBitFieldOffset));
   __ And(at, scratch1, Operand((1 << Map::kIsAccessCheckNeeded) |
                                (1 << Map::kHasIndexedInterceptor)));
   __ Branch(slow, ne, at, Operand(zero_reg));
   __ LoadRoot(at, Heap::kEmptyFixedArrayRootIndex);
   __ Branch(slow, ne, elements, Operand(at));
   __ Branch(&check_next_prototype);
 
-  __ bind(&return_undefined);
-  __ LoadRoot(result, Heap::kUndefinedValueRootIndex);
-  __ Branch(&done);
+  __ bind(&absent);
+  if (is_strong(language_mode)) {
+    // Strong mode accesses must throw in this case, so call the runtime.
+    __ Branch(slow);
+  } else {
+    __ LoadRoot(result, Heap::kUndefinedValueRootIndex);
+    __ Branch(&done);
+  }
 
   __ bind(&in_bounds);
   // Fast case: Do the load.
   __ Addu(scratch1, elements,
           Operand(FixedArray::kHeaderSize - kHeapObjectTag));
   // The key is a smi.
   STATIC_ASSERT(kSmiTag == 0 && kSmiTagSize < kPointerSizeLog2);
   __ sll(at, key, kPointerSizeLog2 - kSmiTagSize);
   __ addu(at, at, scratch1);
   __ lw(scratch2, MemOperand(at));
@@ skipping 44 matching lines @@
   Label slow;
 
   __ lw(dictionary, FieldMemOperand(LoadDescriptor::ReceiverRegister(),
                                     JSObject::kPropertiesOffset));
   GenerateDictionaryLoad(masm, &slow, dictionary,
                          LoadDescriptor::NameRegister(), v0, a3, t0);
   __ Ret();
 
   // Dictionary load failed, go slow (but don't miss).
   __ bind(&slow);
-  GenerateRuntimeGetProperty(masm);
+  GenerateSlow(masm);
 }
 
 
 // A register that isn't one of the parameters to the load ic.
 static const Register LoadIC_TempRegister() { return a3; }
 
 
 static void LoadIC_PushArgs(MacroAssembler* masm) {
   Register receiver = LoadDescriptor::ReceiverRegister();
   Register name = LoadDescriptor::NameRegister();
@@ skipping 14 matching lines @@
 
   LoadIC_PushArgs(masm);
 
   // Perform tail call to the entry.
   ExternalReference ref = ExternalReference(IC_Utility(kLoadIC_Miss), isolate);
   int arg_count = 4;
   __ TailCallExternalReference(ref, arg_count, 1);
 }
 
 
-void LoadIC::GenerateRuntimeGetProperty(MacroAssembler* masm) {
+void LoadIC::GenerateSlow(MacroAssembler* masm) {
   // The return address is in ra.
 
   __ mov(LoadIC_TempRegister(), LoadDescriptor::ReceiverRegister());
   __ Push(LoadIC_TempRegister(), LoadDescriptor::NameRegister());
 
-  __ TailCallRuntime(Runtime::kGetProperty, 2, 1);
+  ExternalReference ref =
+      ExternalReference(IC_Utility(kLoadIC_Slow), masm->isolate());
+  int arg_count = 2;
+  __ TailCallExternalReference(ref, arg_count, 1);
 }
 
 
 void KeyedLoadIC::GenerateMiss(MacroAssembler* masm) {
   // The return address is in ra.
   Isolate* isolate = masm->isolate();
 
   DCHECK(!AreAliased(t0, t1, LoadWithVectorDescriptor::SlotRegister(),
                      LoadWithVectorDescriptor::VectorRegister()));
   __ IncrementCounter(isolate->counters()->keyed_load_miss(), 1, t0, t1);
 
   LoadIC_PushArgs(masm);
 
   // Perform tail call to the entry.
   ExternalReference ref =
       ExternalReference(IC_Utility(kKeyedLoadIC_Miss), isolate);
 
   int arg_count = 4;
   __ TailCallExternalReference(ref, arg_count, 1);
 }
 
 
-void KeyedLoadIC::GenerateRuntimeGetProperty(MacroAssembler* masm) {
+void KeyedLoadIC::GenerateSlow(MacroAssembler* masm) {
   // The return address is in ra.
 
   __ Push(LoadDescriptor::ReceiverRegister(), LoadDescriptor::NameRegister());
 
-  __ TailCallRuntime(Runtime::kKeyedGetProperty, 2, 1);
+  ExternalReference ref =
+      ExternalReference(IC_Utility(kKeyedLoadIC_Slow), masm->isolate());
+  int arg_count = 2;
+  __ TailCallExternalReference(ref, arg_count, 1);
 }
 
 
-void KeyedLoadIC::GenerateMegamorphic(MacroAssembler* masm) {
+void KeyedLoadIC::GenerateMegamorphic(MacroAssembler* masm,
+                                      LanguageMode language_mode) {
   // The return address is in ra.
   Label slow, check_name, index_smi, index_name, property_array_property;
   Label probe_dictionary, check_number_dictionary;
 
   Register key = LoadDescriptor::NameRegister();
   Register receiver = LoadDescriptor::ReceiverRegister();
   DCHECK(key.is(a2));
   DCHECK(receiver.is(a1));
 
   Isolate* isolate = masm->isolate();
 
   // Check that the key is a smi.
   __ JumpIfNotSmi(key, &check_name);
   __ bind(&index_smi);
   // Now the key is known to be a smi. This place is also jumped to from below
   // where a numeric string is converted to a smi.
 
   GenerateKeyedLoadReceiverCheck(masm, receiver, a0, a3,
                                  Map::kHasIndexedInterceptor, &slow);
 
   // Check the receiver's map to see if it has fast elements.
   __ CheckFastElements(a0, a3, &check_number_dictionary);
 
-  GenerateFastArrayLoad(masm, receiver, key, a0, a3, t0, v0, &slow);
+  GenerateFastArrayLoad(masm, receiver, key, a0, a3, t0, v0, &slow,
+                        language_mode);
   __ IncrementCounter(isolate->counters()->keyed_load_generic_smi(), 1, t0, a3);
   __ Ret();
 
   __ bind(&check_number_dictionary);
   __ lw(t0, FieldMemOperand(receiver, JSObject::kElementsOffset));
   __ lw(a3, FieldMemOperand(t0, JSObject::kMapOffset));
 
   // Check whether the elements is a number dictionary.
   // a3: elements map
   // t0: elements
   __ LoadRoot(at, Heap::kHashTableMapRootIndex);
   __ Branch(&slow, ne, a3, Operand(at));
   __ sra(a0, key, kSmiTagSize);
   __ LoadFromNumberDictionary(&slow, t0, key, v0, a0, a3, t1);
   __ Ret();
 
   // Slow case, key and receiver still in a2 and a1.
   __ bind(&slow);
   __ IncrementCounter(isolate->counters()->keyed_load_generic_slow(), 1, t0,
                       a3);
-  GenerateRuntimeGetProperty(masm);
+  GenerateSlow(masm);
 
   __ bind(&check_name);
   GenerateKeyNameCheck(masm, key, a0, a3, &index_name, &slow);
 
   GenerateKeyedLoadReceiverCheck(masm, receiver, a0, a3,
                                  Map::kHasNamedInterceptor, &slow);
 
 
   // If the receiver is a fast-case object, check the stub cache. Otherwise
   // probe the dictionary.
@@ skipping 450 matching lines @@
     patcher.ChangeBranchCondition(ne);
   } else {
     DCHECK(Assembler::IsBne(branch_instr));
     patcher.ChangeBranchCondition(eq);
   }
 }
 }  // namespace internal
 }  // namespace v8
 
 #endif  // V8_TARGET_ARCH_MIPS