Implement many KeyedStoreStubs using Crankshaft

src/ic.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 1343 matching lines @@
         if (state == UNINITIALIZED) {
           stub = string_stub();
         }
       } else if (object->IsJSObject()) {
         Handle<JSObject> receiver = Handle<JSObject>::cast(object);
         if (receiver->elements()->map() ==
             isolate()->heap()->non_strict_arguments_elements_map()) {
           stub = non_strict_arguments_stub();
         } else if (receiver->HasIndexedInterceptor()) {
           stub = indexed_interceptor_stub();
-        } else if (key->IsSmi() && (target() != *non_strict_arguments_stub())) {
+        } else if (!key->ToSmi()->IsFailure() &&
+                   (target() != *non_strict_arguments_stub())) {
           stub = LoadElementStub(receiver);
         }
       }
     } else {
       TRACE_GENERIC_IC(isolate(), "KeyedLoadIC", "force generic");
     }
     ASSERT(!stub.is_null());
     set_target(*stub);
     TRACE_IC("KeyedLoadIC", key, state, target());
   }
@@ skipping 273 matching lines @@
                                             KeyedAccessStoreMode store_mode,
                                             StrictModeFlag strict_mode) {
   // Don't handle megamorphic property accesses for INTERCEPTORS or CALLBACKS
   // via megamorphic stubs, since they don't have a map in their relocation info
   // and so the stubs can't be harvested for the object needed for a map check.
   if (target()->type() != Code::NORMAL) {
     TRACE_GENERIC_IC(isolate(), "KeyedIC", "non-NORMAL target type");
     return strict_mode == kStrictMode ? generic_stub_strict() : generic_stub();
   }
 
-  if ((store_mode == STORE_NO_TRANSITION_HANDLE_COW ||
-       store_mode == STORE_NO_TRANSITION_IGNORE_OUT_OF_BOUNDS)) {
-    // TODO(danno): We'll soon handle MONOMORPHIC ICs that also support
-    // copying COW arrays and silently ignoring some OOB stores into external
-    // arrays, but for now use the generic.
-    TRACE_GENERIC_IC(isolate(), "KeyedIC", "COW/OOB external array");
-    return strict_mode == kStrictMode
-        ? generic_stub_strict()
-        : generic_stub();
-  }
-
   State ic_state = target()->ic_state();
   Handle<Map> receiver_map(receiver->map());
   if (ic_state == UNINITIALIZED || ic_state == PREMONOMORPHIC) {
     // Optimistically assume that ICs that haven't reached the MONOMORPHIC state
     // yet will do so and stay there.
     Handle<Map> monomorphic_map = ComputeTransitionedMap(receiver, store_mode);
     store_mode = GetNonTransitioningStoreMode(store_mode);
     return isolate()->stub_cache()->ComputeKeyedStoreElement(
         monomorphic_map, strict_mode, store_mode);
   }
@@ skipping 32 matching lines @@
             transitioned_kind);
     Map* transitioned_previous_map = more_general_transition
         ? previous_receiver_map->LookupElementsTransitionMap(transitioned_kind)
         : NULL;
     if (transitioned_previous_map == *transitioned_receiver_map) {
       // Element family is the same, use the "worst" case map.
       store_mode = GetNonTransitioningStoreMode(store_mode);
       return isolate()->stub_cache()->ComputeKeyedStoreElement(
           transitioned_receiver_map, strict_mode, store_mode);
     } else if (*previous_receiver_map == receiver->map()) {
-      if (IsGrowStoreMode(store_mode)) {
+      if (IsGrowStoreMode(store_mode) ||
+          store_mode == STORE_NO_TRANSITION_IGNORE_OUT_OF_BOUNDS ||
+          store_mode == STORE_NO_TRANSITION_HANDLE_COW) {
         // A "normal" IC that handles stores can switch to a version that can
-        // grow at the end of the array and still stay MONOMORPHIC.
+        // grow at the end of the array, handle OOB accesses or copy COW arrays
+        // and still stay MONOMORPHIC.
         return isolate()->stub_cache()->ComputeKeyedStoreElement(
             receiver_map, strict_mode, store_mode);
       }
     }
   }
 
   ASSERT(ic_state != GENERIC);
 
   bool map_added =
       AddOneReceiverMapIfMissing(&target_receiver_maps, receiver_map);
@@ skipping 78 matching lines @@
     return JSArray::cast(*receiver)->length()->IsSmi() &&
         index >= Smi::cast(JSArray::cast(*receiver)->length())->value();
   }
   return index >= receiver->elements()->length();
 }
 
 
 KeyedAccessStoreMode KeyedStoreIC::GetStoreMode(Handle<JSObject> receiver,
                                                 Handle<Object> key,
                                                 Handle<Object> value) {
-  ASSERT(key->IsSmi());
-  int index = Smi::cast(*key)->value();
+  ASSERT(!key->ToSmi()->IsFailure());
+  Smi* smi_key = NULL;
+  key->ToSmi()->To<Smi>(&smi_key);

[Jakob Kummerow, 2013/03/11 16:36:07]

nit: drop the "<Smi>", just "...->To(&smi_key)".

[danno, 2013/03/13 15:36:26]

Done.

+  int index = smi_key->value();
   bool oob_access = IsOutOfBoundsAccess(receiver, index);
   bool allow_growth = receiver->IsJSArray() && oob_access;
   if (allow_growth) {
     // Handle growing array in stub if necessary.
     if (receiver->HasFastSmiElements()) {
       if (value->IsHeapNumber()) {
         if (receiver->HasFastHoleyElements()) {
           return STORE_AND_GROW_TRANSITION_HOLEY_SMI_TO_DOUBLE;
         } else {
           return STORE_AND_GROW_TRANSITION_SMI_TO_DOUBLE;
@@ skipping 37 matching lines @@
         if (receiver->HasFastHoleyElements()) {
           return STORE_TRANSITION_HOLEY_DOUBLE_TO_OBJECT;
         } else {
           return STORE_TRANSITION_DOUBLE_TO_OBJECT;
         }
       }
     }
     if (!FLAG_trace_external_array_abuse &&
         receiver->map()->has_external_array_elements() && oob_access) {
       return STORE_NO_TRANSITION_IGNORE_OUT_OF_BOUNDS;
+    }
+    Heap* heap = receiver->GetHeap();
+    if (receiver->elements()->map() == heap->fixed_cow_array_map()) {
+      return STORE_NO_TRANSITION_HANDLE_COW;
     } else {
       return STANDARD_STORE;
     }
   }
 }
 
 
 MaybeObject* KeyedStoreIC::Store(State state,
                                  StrictModeFlag strict_mode,
                                  Handle<Object> object,
@@ skipping 21 matching lines @@
   if (use_ic) {
     Handle<Code> stub = (strict_mode == kStrictMode)
         ? generic_stub_strict()
         : generic_stub();
     if (miss_mode != MISS_FORCE_GENERIC) {
       if (object->IsJSObject()) {
         Handle<JSObject> receiver = Handle<JSObject>::cast(object);
         if (receiver->elements()->map() ==
             isolate()->heap()->non_strict_arguments_elements_map()) {
           stub = non_strict_arguments_stub();
-        } else if (key->IsSmi() && (target() != *non_strict_arguments_stub())) {
+        } else if (!key->ToSmi()->IsFailure() &&
+                   (target() != *non_strict_arguments_stub())) {
           KeyedAccessStoreMode store_mode = GetStoreMode(receiver, key, value);
           stub = StoreElementStub(receiver, store_mode, strict_mode);
+        } else {
+          TRACE_GENERIC_IC(isolate(), "KeyedStoreIC", "key not a number");
         }
+      } else {
+        TRACE_GENERIC_IC(isolate(), "KeyedStoreIC", "not an object");
       }
     } else {
       TRACE_GENERIC_IC(isolate(), "KeyedStoreIC", "force generic");
     }
     ASSERT(!stub.is_null());
     set_target(*stub);
     TRACE_IC("KeyedStoreIC", key, state, target());
   }
 
   return Runtime::SetObjectProperty(
@@ skipping 137 matching lines @@
                  args.at<Object>(0),
                  args.at<Object>(1),
                  MISS_FORCE_GENERIC);
 }
 
 
 // Used from ic-<arch>.cc.
 RUNTIME_FUNCTION(MaybeObject*, StoreIC_Miss) {
   HandleScope scope(isolate);
   ASSERT(args.length() == 3);
-  StoreIC ic(isolate);
+  StoreIC ic(IC::NO_EXTRA_FRAME, isolate);
   IC::State state = IC::StateFrom(ic.target(), args[0], args[1]);
   Code::ExtraICState extra_ic_state = ic.target()->extra_ic_state();
   return ic.Store(state,
                   Code::GetStrictMode(extra_ic_state),
                   args.at<Object>(0),
                   args.at<String>(1),
                   args.at<Object>(2));
 }
 
 
@@ skipping 55 matching lines @@
 
   // Return the stored value.
   return value;
 }
 
 
 // Used from ic-<arch>.cc.
 RUNTIME_FUNCTION(MaybeObject*, KeyedStoreIC_Miss) {
   HandleScope scope(isolate);
   ASSERT(args.length() == 3);
-  KeyedStoreIC ic(isolate);
+  KeyedStoreIC ic(IC::NO_EXTRA_FRAME, isolate);
   IC::State state = IC::StateFrom(ic.target(), args[0], args[1]);
   Code::ExtraICState extra_ic_state = ic.target()->extra_ic_state();
   return ic.Store(state,
+                  Code::GetStrictMode(extra_ic_state),
+                  args.at<Object>(0),
+                  args.at<Object>(1),
+                  args.at<Object>(2),
+                  MISS);
+}
+
+
+RUNTIME_FUNCTION(MaybeObject*, KeyedStoreIC_MissFromStubFailure) {
+  HandleScope scope(isolate);
+  ASSERT(args.length() == 3);
+  KeyedStoreIC ic(IC::EXTRA_CALL_FRAME, isolate);
+  IC::State state = IC::StateFrom(ic.target(), args[0], args[1]);
+  Code::ExtraICState extra_ic_state = ic.target()->extra_ic_state();
+  return ic.Store(state,
                   Code::GetStrictMode(extra_ic_state),
                   args.at<Object>(0),
                   args.at<Object>(1),
                   args.at<Object>(2),
                   MISS);
 }
 
 
 RUNTIME_FUNCTION(MaybeObject*, KeyedStoreIC_Slow) {
   NoHandleAllocation na(isolate);
   ASSERT(args.length() == 3);
-  KeyedStoreIC ic(isolate);
+  KeyedStoreIC ic(IC::NO_EXTRA_FRAME, isolate);
   Code::ExtraICState extra_ic_state = ic.target()->extra_ic_state();
   Handle<Object> object = args.at<Object>(0);
   Handle<Object> key = args.at<Object>(1);
   Handle<Object> value = args.at<Object>(2);
   StrictModeFlag strict_mode = Code::GetStrictMode(extra_ic_state);
   return Runtime::SetObjectProperty(isolate,
                                     object,
                                     key,
                                     value,
                                     NONE,
                                     strict_mode);
 }
 
 
 RUNTIME_FUNCTION(MaybeObject*, KeyedStoreIC_MissForceGeneric) {
   HandleScope scope(isolate);
   ASSERT(args.length() == 3);
-  KeyedStoreIC ic(isolate);
+  KeyedStoreIC ic(IC::NO_EXTRA_FRAME, isolate);
   IC::State state = IC::StateFrom(ic.target(), args[0], args[1]);
   Code::ExtraICState extra_ic_state = ic.target()->extra_ic_state();
   return ic.Store(state,
                   Code::GetStrictMode(extra_ic_state),
                   args.at<Object>(0),
                   args.at<Object>(1),
                   args.at<Object>(2),
                   MISS_FORCE_GENERIC);
 }
 
@@ skipping 540 matching lines @@
 #undef ADDR
 };
 
 
 Address IC::AddressFromUtilityId(IC::UtilityId id) {
   return IC_utilities[id];
 }
 
 
 } }  // namespace v8::internal