Revert of Revert of [strong] Implement strong mode restrictions on property access

src/ic/x64/ic-x64.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/v8.h"
 
 #if V8_TARGET_ARCH_X64
 
 #include "src/codegen.h"
 #include "src/ic/ic.h"
@@ skipping 153 matching lines @@
       FieldOperand(map, Map::kBitFieldOffset),
       Immediate((1 << Map::kIsAccessCheckNeeded) | (1 << interceptor_bit)));
   __ j(not_zero, slow);
 }
 
 
 // Loads an indexed element from a fast case array.
 static void GenerateFastArrayLoad(MacroAssembler* masm, Register receiver,
                                   Register key, Register elements,
                                   Register scratch, Register result,
-                                  Label* slow) {
+                                  Label* slow, LanguageMode language_mode) {
   // Register use:
   //
   // receiver - holds the receiver on entry.
   //            Unchanged unless 'result' is the same register.
   //
   // key      - holds the smi key on entry.
   //            Unchanged unless 'result' is the same register.
   //
   // result   - holds the result on exit if the load succeeded.
   //            Allowed to be the the same as 'receiver' or 'key'.
   //            Unchanged on bailout so 'receiver' and 'key' can be safely
   //            used by further computation.
   //
   // Scratch registers:
   //
   // elements - holds the elements of the receiver and its prototypes.
   //
   // scratch  - used to hold maps, prototypes, and the loaded value.
   Label check_prototypes, check_next_prototype;
-  Label done, in_bounds, return_undefined;
+  Label done, in_bounds, absent;
 
   __ movp(elements, FieldOperand(receiver, JSObject::kElementsOffset));
   __ AssertFastElements(elements);
   // Check that the key (index) is within bounds.
   __ SmiCompare(key, FieldOperand(elements, FixedArray::kLengthOffset));
   // Unsigned comparison rejects negative indices.
   __ j(below, &in_bounds);
 
   // Out-of-bounds. Check the prototype chain to see if we can just return
   // 'undefined'.
   __ SmiCompare(key, Smi::FromInt(0));
   __ j(less, slow);  // Negative keys can't take the fast OOB path.
   __ bind(&check_prototypes);
   __ movp(scratch, FieldOperand(receiver, HeapObject::kMapOffset));
   __ bind(&check_next_prototype);
   __ movp(scratch, FieldOperand(scratch, Map::kPrototypeOffset));
   // scratch: current prototype
   __ CompareRoot(scratch, Heap::kNullValueRootIndex);
-  __ j(equal, &return_undefined);
+  __ j(equal, &absent);
   __ movp(elements, FieldOperand(scratch, JSObject::kElementsOffset));
   __ movp(scratch, FieldOperand(scratch, HeapObject::kMapOffset));
   // elements: elements of current prototype
   // scratch: map of current prototype
   __ CmpInstanceType(scratch, JS_OBJECT_TYPE);
   __ j(below, slow);
   __ testb(FieldOperand(scratch, Map::kBitFieldOffset),
            Immediate((1 << Map::kIsAccessCheckNeeded) |
                      (1 << Map::kHasIndexedInterceptor)));
   __ j(not_zero, slow);
   __ CompareRoot(elements, Heap::kEmptyFixedArrayRootIndex);
   __ j(not_equal, slow);
   __ jmp(&check_next_prototype);
 
-  __ bind(&return_undefined);
-  __ LoadRoot(result, Heap::kUndefinedValueRootIndex);
-  __ jmp(&done);
+  __ bind(&absent);
+  if (is_strong(language_mode)) {
+    // Strong mode accesses must throw in this case, so call the runtime.
+    __ jmp(slow);
+  } else {
+    __ LoadRoot(result, Heap::kUndefinedValueRootIndex);
+    __ jmp(&done);
+  }
 
   __ bind(&in_bounds);
   // Fast case: Do the load.
   SmiIndex index = masm->SmiToIndex(scratch, key, kPointerSizeLog2);
   __ movp(scratch, FieldOperand(elements, index.reg, index.scale,
                                 FixedArray::kHeaderSize));
   __ CompareRoot(scratch, Heap::kTheHoleValueRootIndex);
   // In case the loaded value is the_hole we have to check the prototype chain.
   __ j(equal, &check_prototypes);
   __ Move(result, scratch);
@@ skipping 26 matching lines @@
   // bit test is enough.
   STATIC_ASSERT(kNotInternalizedTag != 0);
   __ testb(FieldOperand(map, Map::kInstanceTypeOffset),
            Immediate(kIsNotInternalizedMask));
   __ j(not_zero, not_unique);
 
   __ bind(&unique);
 }
 
 
-void KeyedLoadIC::GenerateMegamorphic(MacroAssembler* masm) {
+void KeyedLoadIC::GenerateMegamorphic(MacroAssembler* masm,
+                                      LanguageMode language_mode) {
   // The return address is on the stack.
   Label slow, check_name, index_smi, index_name, property_array_property;
   Label probe_dictionary, check_number_dictionary;
 
   Register receiver = LoadDescriptor::ReceiverRegister();
   Register key = LoadDescriptor::NameRegister();
   DCHECK(receiver.is(rdx));
   DCHECK(key.is(rcx));
 
   // Check that the key is a smi.
   __ JumpIfNotSmi(key, &check_name);
   __ bind(&index_smi);
   // Now the key is known to be a smi. This place is also jumped to from below
   // where a numeric string is converted to a smi.
 
   GenerateKeyedLoadReceiverCheck(masm, receiver, rax,
                                  Map::kHasIndexedInterceptor, &slow);
 
   // Check the receiver's map to see if it has fast elements.
   __ CheckFastElements(rax, &check_number_dictionary);
 
-  GenerateFastArrayLoad(masm, receiver, key, rax, rbx, rax, &slow);
+  GenerateFastArrayLoad(masm, receiver, key, rax, rbx, rax, &slow,
+                        language_mode);
   Counters* counters = masm->isolate()->counters();
   __ IncrementCounter(counters->keyed_load_generic_smi(), 1);
   __ ret(0);
 
   __ bind(&check_number_dictionary);
   __ SmiToInteger32(rbx, key);
   __ movp(rax, FieldOperand(receiver, JSObject::kElementsOffset));
 
   // Check whether the elements is a number dictionary.
   // rbx: key as untagged int32
   // rax: elements
   __ CompareRoot(FieldOperand(rax, HeapObject::kMapOffset),
                  Heap::kHashTableMapRootIndex);
   __ j(not_equal, &slow);
   __ LoadFromNumberDictionary(&slow, rax, key, rbx, r9, rdi, rax);
   __ ret(0);
 
   __ bind(&slow);
   // Slow case: Jump to runtime.
   __ IncrementCounter(counters->keyed_load_generic_slow(), 1);
-  GenerateRuntimeGetProperty(masm);
+  GenerateSlow(masm);
 
   __ bind(&check_name);
   GenerateKeyNameCheck(masm, key, rax, rbx, &index_name, &slow);
 
   GenerateKeyedLoadReceiverCheck(masm, receiver, rax, Map::kHasNamedInterceptor,
                                  &slow);
 
   // If the receiver is a fast-case object, check the stub cache. Otherwise
   // probe the dictionary.
   __ movp(rbx, FieldOperand(receiver, JSObject::kPropertiesOffset));
@@ skipping 285 matching lines @@
   Label slow;
 
   __ movp(dictionary, FieldOperand(LoadDescriptor::ReceiverRegister(),
                                    JSObject::kPropertiesOffset));
   GenerateDictionaryLoad(masm, &slow, dictionary,
                          LoadDescriptor::NameRegister(), rbx, rdi, rax);
   __ ret(0);
 
   // Dictionary load failed, go slow (but don't miss).
   __ bind(&slow);
-  GenerateRuntimeGetProperty(masm);
+  GenerateSlow(masm);
 }
 
 
 static void LoadIC_PushArgs(MacroAssembler* masm) {
   Register receiver = LoadDescriptor::ReceiverRegister();
   Register name = LoadDescriptor::NameRegister();
   Register slot = LoadDescriptor::SlotRegister();
   Register vector = LoadWithVectorDescriptor::VectorRegister();
   DCHECK(!rdi.is(receiver) && !rdi.is(name) && !rdi.is(slot) &&
          !rdi.is(vector));
@@ skipping 16 matching lines @@
   LoadIC_PushArgs(masm);
 
   // Perform tail call to the entry.
   ExternalReference ref =
       ExternalReference(IC_Utility(kLoadIC_Miss), masm->isolate());
   int arg_count = 4;
   __ TailCallExternalReference(ref, arg_count, 1);
 }
 
 
-void LoadIC::GenerateRuntimeGetProperty(MacroAssembler* masm) {
+void LoadIC::GenerateSlow(MacroAssembler* masm) {
   // The return address is on the stack.
   Register receiver = LoadDescriptor::ReceiverRegister();
   Register name = LoadDescriptor::NameRegister();
   DCHECK(!rbx.is(receiver) && !rbx.is(name));
 
   __ PopReturnAddressTo(rbx);
   __ Push(receiver);
   __ Push(name);
   __ PushReturnAddressFrom(rbx);
 
   // Perform tail call to the entry.
-  __ TailCallRuntime(Runtime::kGetProperty, 2, 1);
+  ExternalReference ref =
+      ExternalReference(IC_Utility(kLoadIC_Slow), masm->isolate());
+  int arg_count = 2;
+  __ TailCallExternalReference(ref, arg_count, 1);
 }
 
 
 void KeyedLoadIC::GenerateMiss(MacroAssembler* masm) {
   // The return address is on the stack.
   Counters* counters = masm->isolate()->counters();
   __ IncrementCounter(counters->keyed_load_miss(), 1);
 
   LoadIC_PushArgs(masm);
 
   // Perform tail call to the entry.
   ExternalReference ref =
       ExternalReference(IC_Utility(kKeyedLoadIC_Miss), masm->isolate());
   int arg_count = 4;
   __ TailCallExternalReference(ref, arg_count, 1);
 }
 
 
-void KeyedLoadIC::GenerateRuntimeGetProperty(MacroAssembler* masm) {
+void KeyedLoadIC::GenerateSlow(MacroAssembler* masm) {
   // The return address is on the stack.
   Register receiver = LoadDescriptor::ReceiverRegister();
   Register name = LoadDescriptor::NameRegister();
   DCHECK(!rbx.is(receiver) && !rbx.is(name));
 
   __ PopReturnAddressTo(rbx);
   __ Push(receiver);
   __ Push(name);
   __ PushReturnAddressFrom(rbx);
 
   // Perform tail call to the entry.
-  __ TailCallRuntime(Runtime::kKeyedGetProperty, 2, 1);
+  ExternalReference ref =
+      ExternalReference(IC_Utility(kKeyedLoadIC_Slow), masm->isolate());
+  int arg_count = 2;
+  __ TailCallExternalReference(ref, arg_count, 1);
 }
 
 
 void StoreIC::GenerateMegamorphic(MacroAssembler* masm) {
   // The return address is on the stack.
 
   // Get the receiver from the stack and probe the stub cache.
   Code::Flags flags = Code::RemoveTypeAndHolderFromFlags(
       Code::ComputeHandlerFlags(Code::STORE_IC));
   masm->isolate()->stub_cache()->GenerateProbe(
@@ skipping 129 matching lines @@
   Condition cc =
       (check == ENABLE_INLINED_SMI_CHECK)
           ? (*jmp_address == Assembler::kJncShortOpcode ? not_zero : zero)
           : (*jmp_address == Assembler::kJnzShortOpcode ? not_carry : carry);
   *jmp_address = static_cast<byte>(Assembler::kJccShortPrefix | cc);
 }
 }  // namespace internal
 }  // namespace v8
 
 #endif  // V8_TARGET_ARCH_X64