| Index: src/x64/stub-cache-x64.cc
|
| diff --git a/src/x64/stub-cache-x64.cc b/src/x64/stub-cache-x64.cc
|
| index 963bc12e468aa3ad54b36adc5521f331dfe87ab8..e64698cf24fa06907180e98947560c8aae854213 100644
|
| --- a/src/x64/stub-cache-x64.cc
|
| +++ b/src/x64/stub-cache-x64.cc
|
| @@ -379,17 +379,12 @@ static void CompileCallLoadPropertyWithInterceptor(
|
| Register receiver,
|
| Register holder,
|
| Register name,
|
| - Handle<JSObject> holder_obj) {
|
| + Handle<JSObject> holder_obj,
|
| + IC::UtilityId id) {
|
| PushInterceptorArguments(masm, receiver, holder, name, holder_obj);
|
| -
|
| - ExternalReference ref =
|
| - ExternalReference(IC_Utility(IC::kLoadPropertyWithInterceptorOnly),
|
| - masm->isolate());
|
| - __ Set(rax, StubCache::kInterceptorArgsLength);
|
| - __ LoadAddress(rbx, ref);
|
| -
|
| - CEntryStub stub(1);
|
| - __ CallStub(&stub);
|
| + __ CallExternalReference(
|
| + ExternalReference(IC_Utility(id), masm->isolate()),
|
| + StubCache::kInterceptorArgsLength);
|
| }
|
|
|
|
|
| @@ -720,9 +715,10 @@ class CallInterceptorCompiler BASE_EMBEDDED {
|
| Label miss_cleanup;
|
| Label* miss = can_do_fast_api_call ? &miss_cleanup : miss_label;
|
| Register holder =
|
| - stub_compiler_->CheckPrototypes(object, receiver, interceptor_holder,
|
| - scratch1, scratch2, scratch3,
|
| - name, depth1, miss);
|
| + stub_compiler_->CheckPrototypes(
|
| + IC::CurrentTypeOf(object, masm->isolate()), receiver,
|
| + interceptor_holder, scratch1, scratch2, scratch3,
|
| + name, depth1, miss);
|
|
|
| // Invoke an interceptor and if it provides a value,
|
| // branch to |regular_invoke|.
|
| @@ -736,10 +732,10 @@ class CallInterceptorCompiler BASE_EMBEDDED {
|
| // Check that the maps from interceptor's holder to constant function's
|
| // holder haven't changed and thus we can use cached constant function.
|
| if (*interceptor_holder != lookup->holder()) {
|
| - stub_compiler_->CheckPrototypes(interceptor_holder, receiver,
|
| - Handle<JSObject>(lookup->holder()),
|
| - scratch1, scratch2, scratch3,
|
| - name, depth2, miss);
|
| + stub_compiler_->CheckPrototypes(
|
| + IC::CurrentTypeOf(interceptor_holder, masm->isolate()), receiver,
|
| + handle(lookup->holder()), scratch1, scratch2, scratch3,
|
| + name, depth2, miss);
|
| } else {
|
| // CheckPrototypes has a side effect of fetching a 'holder'
|
| // for API (object which is instanceof for the signature). It's
|
| @@ -785,20 +781,17 @@ class CallInterceptorCompiler BASE_EMBEDDED {
|
| Handle<JSObject> interceptor_holder,
|
| Label* miss_label) {
|
| Register holder =
|
| - stub_compiler_->CheckPrototypes(object, receiver, interceptor_holder,
|
| - scratch1, scratch2, scratch3,
|
| - name, miss_label);
|
| + stub_compiler_->CheckPrototypes(
|
| + IC::CurrentTypeOf(object, masm->isolate()), receiver,
|
| + interceptor_holder, scratch1, scratch2, scratch3, name, miss_label);
|
|
|
| FrameScope scope(masm, StackFrame::INTERNAL);
|
| // Save the name_ register across the call.
|
| __ push(name_);
|
|
|
| - PushInterceptorArguments(masm, receiver, holder, name_, interceptor_holder);
|
| -
|
| - __ CallExternalReference(
|
| - ExternalReference(IC_Utility(IC::kLoadPropertyWithInterceptorForCall),
|
| - masm->isolate()),
|
| - StubCache::kInterceptorArgsLength);
|
| + CompileCallLoadPropertyWithInterceptor(
|
| + masm, receiver, holder, name_, interceptor_holder,
|
| + IC::kLoadPropertyWithInterceptorForCall);
|
|
|
| // Restore the name_ register.
|
| __ pop(name_);
|
| @@ -816,11 +809,9 @@ class CallInterceptorCompiler BASE_EMBEDDED {
|
| __ push(holder); // Save the holder.
|
| __ push(name_); // Save the name.
|
|
|
| - CompileCallLoadPropertyWithInterceptor(masm,
|
| - receiver,
|
| - holder,
|
| - name_,
|
| - holder_obj);
|
| + CompileCallLoadPropertyWithInterceptor(
|
| + masm, receiver, holder, name_, holder_obj,
|
| + IC::kLoadPropertyWithInterceptorOnly);
|
|
|
| __ pop(name_); // Restore the name.
|
| __ pop(receiver); // Restore the holder.
|
| @@ -1122,26 +1113,6 @@ void StoreStubCompiler::GenerateStoreField(MacroAssembler* masm,
|
| }
|
|
|
|
|
| -void StubCompiler::GenerateCheckPropertyCells(MacroAssembler* masm,
|
| - Handle<JSObject> object,
|
| - Handle<JSObject> holder,
|
| - Handle<Name> name,
|
| - Register scratch,
|
| - Label* miss) {
|
| - Handle<JSObject> current = object;
|
| - while (!current.is_identical_to(holder)) {
|
| - if (current->IsJSGlobalObject()) {
|
| - GenerateCheckPropertyCell(masm,
|
| - Handle<JSGlobalObject>::cast(current),
|
| - name,
|
| - scratch,
|
| - miss);
|
| - }
|
| - current = Handle<JSObject>(JSObject::cast(current->GetPrototype()));
|
| - }
|
| -}
|
| -
|
| -
|
| void StubCompiler::GenerateTailCall(MacroAssembler* masm, Handle<Code> code) {
|
| __ jmp(code, RelocInfo::CODE_TARGET);
|
| }
|
| @@ -1151,7 +1122,7 @@ void StubCompiler::GenerateTailCall(MacroAssembler* masm, Handle<Code> code) {
|
| #define __ ACCESS_MASM((masm()))
|
|
|
|
|
| -Register StubCompiler::CheckPrototypes(Handle<JSObject> object,
|
| +Register StubCompiler::CheckPrototypes(Handle<Type> type,
|
| Register object_reg,
|
| Handle<JSObject> holder,
|
| Register holder_reg,
|
| @@ -1161,11 +1132,11 @@ Register StubCompiler::CheckPrototypes(Handle<JSObject> object,
|
| int save_at_depth,
|
| Label* miss,
|
| PrototypeCheckType check) {
|
| + Handle<Map> receiver_map(IC::TypeToMap(*type, isolate()));
|
| // Make sure that the type feedback oracle harvests the receiver map.
|
| // TODO(svenpanne) Remove this hack when all ICs are reworked.
|
| - __ Move(scratch1, Handle<Map>(object->map()));
|
| + __ Move(scratch1, receiver_map);
|
|
|
| - Handle<JSObject> first = object;
|
| // Make sure there's no overlap between holder and object registers.
|
| ASSERT(!scratch1.is(object_reg) && !scratch1.is(holder_reg));
|
| ASSERT(!scratch2.is(object_reg) && !scratch2.is(holder_reg)
|
| @@ -1186,25 +1157,31 @@ Register StubCompiler::CheckPrototypes(Handle<JSObject> object,
|
| __ movq(args.GetArgumentOperand(kHolderIndex), object_reg);
|
| }
|
|
|
| - // Check the maps in the prototype chain.
|
| - // Traverse the prototype chain from the object and do map checks.
|
| - Handle<JSObject> current = object;
|
| - while (!current.is_identical_to(holder)) {
|
| + Handle<JSObject> current = Handle<JSObject>::null();
|
| + if (type->IsConstant()) current = Handle<JSObject>::cast(type->AsConstant());
|
| + Handle<JSObject> prototype = Handle<JSObject>::null();
|
| + Handle<Map> current_map = receiver_map;
|
| + Handle<Map> holder_map(holder->map());
|
| + // Traverse the prototype chain and check the maps in the prototype chain for
|
| + // fast and global objects or do negative lookup for normal objects.
|
| + while (!current_map.is_identical_to(holder_map)) {
|
| ++depth;
|
|
|
| // Only global objects and objects that do not require access
|
| // checks are allowed in stubs.
|
| - ASSERT(current->IsJSGlobalProxy() || !current->IsAccessCheckNeeded());
|
| + ASSERT(current_map->IsJSGlobalProxyMap() ||
|
| + !current_map->is_access_check_needed());
|
|
|
| - Handle<JSObject> prototype(JSObject::cast(current->GetPrototype()));
|
| - if (!current->HasFastProperties() &&
|
| - !current->IsJSGlobalObject() &&
|
| - !current->IsJSGlobalProxy()) {
|
| + prototype = handle(JSObject::cast(current_map->prototype()));
|
| + if (current_map->is_dictionary_map() &&
|
| + !current_map->IsJSGlobalObjectMap() &&
|
| + !current_map->IsJSGlobalProxyMap()) {
|
| if (!name->IsUniqueName()) {
|
| ASSERT(name->IsString());
|
| name = factory()->InternalizeString(Handle<String>::cast(name));
|
| }
|
| - ASSERT(current->property_dictionary()->FindEntry(*name) ==
|
| + ASSERT(current.is_null() ||
|
| + current->property_dictionary()->FindEntry(*name) ==
|
| NameDictionary::kNotFound);
|
|
|
| GenerateDictionaryNegativeLookup(masm(), miss, reg, name,
|
| @@ -1215,20 +1192,23 @@ Register StubCompiler::CheckPrototypes(Handle<JSObject> object,
|
| __ movq(reg, FieldOperand(scratch1, Map::kPrototypeOffset));
|
| } else {
|
| bool in_new_space = heap()->InNewSpace(*prototype);
|
| - Handle<Map> current_map(current->map());
|
| if (in_new_space) {
|
| // Save the map in scratch1 for later.
|
| __ movq(scratch1, FieldOperand(reg, HeapObject::kMapOffset));
|
| }
|
| - if (!current.is_identical_to(first) || check == CHECK_ALL_MAPS) {
|
| + if (depth != 1 || check == CHECK_ALL_MAPS) {
|
| __ CheckMap(reg, current_map, miss, DONT_DO_SMI_CHECK);
|
| }
|
|
|
| // Check access rights to the global object. This has to happen after
|
| // the map check so that we know that the object is actually a global
|
| // object.
|
| - if (current->IsJSGlobalProxy()) {
|
| + if (current_map->IsJSGlobalProxyMap()) {
|
| __ CheckAccessGlobalProxy(reg, scratch2, miss);
|
| + } else if (current_map->IsJSGlobalObjectMap()) {
|
| + GenerateCheckPropertyCell(
|
| + masm(), Handle<JSGlobalObject>::cast(current), name,
|
| + scratch2, miss);
|
| }
|
| reg = holder_reg; // From now on the object will be in holder_reg.
|
|
|
| @@ -1248,28 +1228,24 @@ Register StubCompiler::CheckPrototypes(Handle<JSObject> object,
|
|
|
| // Go to the next object in the prototype chain.
|
| current = prototype;
|
| + current_map = handle(current->map());
|
| }
|
| - ASSERT(current.is_identical_to(holder));
|
|
|
| // Log the check depth.
|
| LOG(isolate(), IntEvent("check-maps-depth", depth + 1));
|
|
|
| - if (!holder.is_identical_to(first) || check == CHECK_ALL_MAPS) {
|
| + if (depth != 0 || check == CHECK_ALL_MAPS) {
|
| // Check the holder map.
|
| - __ CheckMap(reg, Handle<Map>(holder->map()), miss, DONT_DO_SMI_CHECK);
|
| + __ CheckMap(reg, current_map, miss, DONT_DO_SMI_CHECK);
|
| }
|
|
|
| // Perform security check for access to the global object.
|
| - ASSERT(current->IsJSGlobalProxy() || !current->IsAccessCheckNeeded());
|
| - if (current->IsJSGlobalProxy()) {
|
| + ASSERT(current_map->IsJSGlobalProxyMap() ||
|
| + !current_map->is_access_check_needed());
|
| + if (current_map->IsJSGlobalProxyMap()) {
|
| __ CheckAccessGlobalProxy(reg, scratch1, miss);
|
| }
|
|
|
| - // If we've skipped any global objects, it's not enough to verify that
|
| - // their maps haven't changed. We also need to check that the property
|
| - // cell for the property is still empty.
|
| - GenerateCheckPropertyCells(masm(), object, holder, name, scratch1, miss);
|
| -
|
| // Return the register containing the holder.
|
| return reg;
|
| }
|
| @@ -1298,14 +1274,14 @@ void StoreStubCompiler::HandlerFrontendFooter(Handle<Name> name, Label* miss) {
|
|
|
|
|
| Register LoadStubCompiler::CallbackHandlerFrontend(
|
| - Handle<Object> object,
|
| + Handle<Type> type,
|
| Register object_reg,
|
| Handle<JSObject> holder,
|
| Handle<Name> name,
|
| Handle<Object> callback) {
|
| Label miss;
|
|
|
| - Register reg = HandlerFrontendHeader(object, object_reg, holder, name, &miss);
|
| + Register reg = HandlerFrontendHeader(type, object_reg, holder, name, &miss);
|
|
|
| if (!holder->HasFastProperties() && !holder->IsJSGlobalObject()) {
|
| ASSERT(!reg.is(scratch2()));
|
| @@ -1515,11 +1491,9 @@ void LoadStubCompiler::GenerateLoadInterceptor(
|
| // Invoke an interceptor. Note: map checks from receiver to
|
| // interceptor's holder has been compiled before (see a caller
|
| // of this method.)
|
| - CompileCallLoadPropertyWithInterceptor(masm(),
|
| - receiver(),
|
| - holder_reg,
|
| - this->name(),
|
| - interceptor_holder);
|
| + CompileCallLoadPropertyWithInterceptor(
|
| + masm(), receiver(), holder_reg, this->name(), interceptor_holder,
|
| + IC::kLoadPropertyWithInterceptorOnly);
|
|
|
| // Check if interceptor provided a value for property. If it's
|
| // the case, return immediately.
|
| @@ -1575,7 +1549,8 @@ void CallStubCompiler::GenerateGlobalReceiverCheck(Handle<JSObject> object,
|
|
|
| // Check that the maps haven't changed.
|
| __ JumpIfSmi(rdx, miss);
|
| - CheckPrototypes(object, rdx, holder, rbx, rax, rdi, name, miss);
|
| + CheckPrototypes(IC::CurrentTypeOf(object, isolate()), rdx, holder,
|
| + rbx, rax, rdi, name, miss);
|
| }
|
|
|
|
|
| @@ -1641,8 +1616,8 @@ Handle<Code> CallStubCompiler::CompileCallField(Handle<JSObject> object,
|
| __ JumpIfSmi(rdx, &miss);
|
|
|
| // Do the right check and compute the holder register.
|
| - Register reg = CheckPrototypes(object, rdx, holder, rbx, rax, rdi,
|
| - name, &miss);
|
| + Register reg = CheckPrototypes(IC::CurrentTypeOf(object, isolate()), rdx,
|
| + holder, rbx, rax, rdi, name, &miss);
|
|
|
| GenerateFastPropertyLoad(masm(), rdi, reg, index.is_inobject(holder),
|
| index.translate(holder), Representation::Tagged());
|
| @@ -1694,8 +1669,8 @@ Handle<Code> CallStubCompiler::CompileArrayCodeCall(
|
|
|
| // Check that the receiver isn't a smi.
|
| __ JumpIfSmi(rdx, &miss);
|
| - CheckPrototypes(Handle<JSObject>::cast(object), rdx, holder, rbx, rax, rdi,
|
| - name, &miss);
|
| + CheckPrototypes(IC::CurrentTypeOf(object, isolate()), rdx, holder,
|
| + rbx, rax, rdi, name, &miss);
|
| } else {
|
| ASSERT(cell->value() == *function);
|
| GenerateGlobalReceiverCheck(Handle<JSObject>::cast(object), holder, name,
|
| @@ -1753,8 +1728,8 @@ Handle<Code> CallStubCompiler::CompileArrayPushCall(
|
| // Check that the receiver isn't a smi.
|
| __ JumpIfSmi(rdx, &miss);
|
|
|
| - CheckPrototypes(Handle<JSObject>::cast(object), rdx, holder, rbx, rax, rdi,
|
| - name, &miss);
|
| + CheckPrototypes(IC::CurrentTypeOf(object, isolate()), rdx, holder,
|
| + rbx, rax, rdi, name, &miss);
|
|
|
| if (argc == 0) {
|
| // Noop, return the length.
|
| @@ -2008,8 +1983,8 @@ Handle<Code> CallStubCompiler::CompileArrayPopCall(
|
| // Check that the receiver isn't a smi.
|
| __ JumpIfSmi(rdx, &miss);
|
|
|
| - CheckPrototypes(Handle<JSObject>::cast(object), rdx, holder, rbx, rax, rdi,
|
| - name, &miss);
|
| + CheckPrototypes(IC::CurrentTypeOf(object, isolate()), rdx, holder,
|
| + rbx, rax, rdi, name, &miss);
|
|
|
| // Get the elements array of the object.
|
| __ movq(rbx, FieldOperand(rdx, JSArray::kElementsOffset));
|
| @@ -2100,8 +2075,9 @@ Handle<Code> CallStubCompiler::CompileStringCharCodeAtCall(
|
| rax,
|
| &miss);
|
| ASSERT(!object.is_identical_to(holder));
|
| + Handle<Object> prototype(object->GetPrototype(isolate()), isolate());
|
| CheckPrototypes(
|
| - Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
|
| + IC::CurrentTypeOf(prototype, isolate()),
|
| rax, holder, rbx, rdx, rdi, name, &miss);
|
|
|
| Register receiver = rbx;
|
| @@ -2182,8 +2158,9 @@ Handle<Code> CallStubCompiler::CompileStringCharAtCall(
|
| rax,
|
| &miss);
|
| ASSERT(!object.is_identical_to(holder));
|
| + Handle<Object> prototype(object->GetPrototype(isolate()), isolate());
|
| CheckPrototypes(
|
| - Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
|
| + IC::CurrentTypeOf(prototype, isolate()),
|
| rax, holder, rbx, rdx, rdi, name, &miss);
|
|
|
| Register receiver = rax;
|
| @@ -2254,8 +2231,8 @@ Handle<Code> CallStubCompiler::CompileStringFromCharCodeCall(
|
| if (cell.is_null()) {
|
| __ movq(rdx, args.GetReceiverOperand());
|
| __ JumpIfSmi(rdx, &miss);
|
| - CheckPrototypes(Handle<JSObject>::cast(object), rdx, holder, rbx, rax, rdi,
|
| - name, &miss);
|
| + CheckPrototypes(IC::CurrentTypeOf(object, isolate()), rdx, holder,
|
| + rbx, rax, rdi, name, &miss);
|
| } else {
|
| ASSERT(cell->value() == *function);
|
| GenerateGlobalReceiverCheck(Handle<JSObject>::cast(object), holder, name,
|
| @@ -2332,8 +2309,8 @@ Handle<Code> CallStubCompiler::CompileMathFloorCall(
|
| STATIC_ASSERT(kSmiTag == 0);
|
| __ JumpIfSmi(rdx, &miss);
|
|
|
| - CheckPrototypes(Handle<JSObject>::cast(object), rdx, holder, rbx, rax, rdi,
|
| - name, &miss);
|
| + CheckPrototypes(IC::CurrentTypeOf(object, isolate()), rdx, holder,
|
| + rbx, rax, rdi, name, &miss);
|
| } else {
|
| ASSERT(cell->value() == *function);
|
| GenerateGlobalReceiverCheck(Handle<JSObject>::cast(object), holder, name,
|
| @@ -2455,8 +2432,8 @@ Handle<Code> CallStubCompiler::CompileMathAbsCall(
|
| if (cell.is_null()) {
|
| __ movq(rdx, args.GetReceiverOperand());
|
| __ JumpIfSmi(rdx, &miss);
|
| - CheckPrototypes(Handle<JSObject>::cast(object), rdx, holder, rbx, rax, rdi,
|
| - name, &miss);
|
| + CheckPrototypes(IC::CurrentTypeOf(object, isolate()), rdx, holder,
|
| + rbx, rax, rdi, name, &miss);
|
| } else {
|
| ASSERT(cell->value() == *function);
|
| GenerateGlobalReceiverCheck(Handle<JSObject>::cast(object), holder, name,
|
| @@ -2569,8 +2546,8 @@ Handle<Code> CallStubCompiler::CompileFastApiCall(
|
| __ subq(rsp, Immediate(kFastApiCallArguments * kPointerSize));
|
|
|
| // Check that the maps haven't changed and find a Holder as a side effect.
|
| - CheckPrototypes(Handle<JSObject>::cast(object), rdx, holder, rbx, rax, rdi,
|
| - name, depth, &miss);
|
| + CheckPrototypes(IC::CurrentTypeOf(object, isolate()), rdx, holder,
|
| + rbx, rax, rdi, name, depth, &miss);
|
|
|
| // Move the return address on top of the stack.
|
| __ movq(rax,
|
| @@ -2635,8 +2612,8 @@ void CallStubCompiler::CompileHandlerFrontend(Handle<Object> object,
|
| __ IncrementCounter(counters->call_const(), 1);
|
|
|
| // Check that the maps haven't changed.
|
| - CheckPrototypes(Handle<JSObject>::cast(object), rdx, holder, rbx, rax,
|
| - rdi, name, &miss);
|
| + CheckPrototypes(IC::CurrentTypeOf(object, isolate()), rdx, holder,
|
| + rbx, rax, rdi, name, &miss);
|
|
|
| // Patch the receiver on the stack with the global proxy if
|
| // necessary.
|
| @@ -2646,30 +2623,32 @@ void CallStubCompiler::CompileHandlerFrontend(Handle<Object> object,
|
| }
|
| break;
|
|
|
| - case STRING_CHECK:
|
| + case STRING_CHECK: {
|
| // Check that the object is a string.
|
| __ CmpObjectType(rdx, FIRST_NONSTRING_TYPE, rax);
|
| __ j(above_equal, &miss);
|
| // Check that the maps starting from the prototype haven't changed.
|
| GenerateDirectLoadGlobalFunctionPrototype(
|
| masm(), Context::STRING_FUNCTION_INDEX, rax, &miss);
|
| + Handle<Object> prototype(object->GetPrototype(isolate()), isolate());
|
| CheckPrototypes(
|
| - Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
|
| + IC::CurrentTypeOf(prototype, isolate()),
|
| rax, holder, rbx, rdx, rdi, name, &miss);
|
| break;
|
| -
|
| - case SYMBOL_CHECK:
|
| + }
|
| + case SYMBOL_CHECK: {
|
| // Check that the object is a symbol.
|
| __ CmpObjectType(rdx, SYMBOL_TYPE, rax);
|
| __ j(not_equal, &miss);
|
| // Check that the maps starting from the prototype haven't changed.
|
| GenerateDirectLoadGlobalFunctionPrototype(
|
| masm(), Context::SYMBOL_FUNCTION_INDEX, rax, &miss);
|
| + Handle<Object> prototype(object->GetPrototype(isolate()), isolate());
|
| CheckPrototypes(
|
| - Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
|
| + IC::CurrentTypeOf(prototype, isolate()),
|
| rax, holder, rbx, rdx, rdi, name, &miss);
|
| break;
|
| -
|
| + }
|
| case NUMBER_CHECK: {
|
| Label fast;
|
| // Check that the object is a smi or a heap number.
|
| @@ -2680,8 +2659,9 @@ void CallStubCompiler::CompileHandlerFrontend(Handle<Object> object,
|
| // Check that the maps starting from the prototype haven't changed.
|
| GenerateDirectLoadGlobalFunctionPrototype(
|
| masm(), Context::NUMBER_FUNCTION_INDEX, rax, &miss);
|
| + Handle<Object> prototype(object->GetPrototype(isolate()), isolate());
|
| CheckPrototypes(
|
| - Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
|
| + IC::CurrentTypeOf(prototype, isolate()),
|
| rax, holder, rbx, rdx, rdi, name, &miss);
|
| break;
|
| }
|
| @@ -2690,8 +2670,9 @@ void CallStubCompiler::CompileHandlerFrontend(Handle<Object> object,
|
| // Check that the maps starting from the prototype haven't changed.
|
| GenerateDirectLoadGlobalFunctionPrototype(
|
| masm(), Context::BOOLEAN_FUNCTION_INDEX, rax, &miss);
|
| + Handle<Object> prototype(object->GetPrototype(isolate()), isolate());
|
| CheckPrototypes(
|
| - Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
|
| + IC::CurrentTypeOf(prototype, isolate()),
|
| rax, holder, rbx, rdx, rdi, name, &miss);
|
| break;
|
| }
|
| @@ -2869,7 +2850,8 @@ Handle<Code> StoreStubCompiler::CompileStoreCallback(
|
| Handle<JSObject> holder,
|
| Handle<Name> name,
|
| Handle<ExecutableAccessorInfo> callback) {
|
| - HandlerFrontend(object, receiver(), holder, name);
|
| + HandlerFrontend(IC::CurrentTypeOf(object, isolate()),
|
| + receiver(), holder, name);
|
|
|
| __ PopReturnAddressTo(scratch1());
|
| __ push(receiver());
|
| @@ -2893,7 +2875,8 @@ Handle<Code> StoreStubCompiler::CompileStoreCallback(
|
| Handle<JSObject> holder,
|
| Handle<Name> name,
|
| const CallOptimization& call_optimization) {
|
| - HandlerFrontend(object, receiver(), holder, name);
|
| + HandlerFrontend(IC::CurrentTypeOf(object, isolate()),
|
| + receiver(), holder, name);
|
|
|
| Register values[] = { value() };
|
| GenerateFastApiCall(
|
| @@ -3007,12 +2990,10 @@ Handle<Code> KeyedStoreStubCompiler::CompileStorePolymorphic(
|
| }
|
|
|
|
|
| -Handle<Code> LoadStubCompiler::CompileLoadNonexistent(
|
| - Handle<Object> object,
|
| - Handle<JSObject> last,
|
| - Handle<Name> name,
|
| - Handle<JSGlobalObject> global) {
|
| - NonexistentHandlerFrontend(object, last, name, global);
|
| +Handle<Code> LoadStubCompiler::CompileLoadNonexistent(Handle<Type> type,
|
| + Handle<JSObject> last,
|
| + Handle<Name> name) {
|
| + NonexistentHandlerFrontend(type, last, name);
|
|
|
| // Return undefined if maps of the full prototype chain are still the
|
| // same and no global property with this name contains a value.
|
| @@ -3108,7 +3089,7 @@ void LoadStubCompiler::GenerateLoadViaGetter(MacroAssembler* masm,
|
|
|
|
|
| Handle<Code> LoadStubCompiler::CompileLoadGlobal(
|
| - Handle<Object> object,
|
| + Handle<Type> type,
|
| Handle<GlobalObject> global,
|
| Handle<PropertyCell> cell,
|
| Handle<Name> name,
|
| @@ -3117,7 +3098,7 @@ Handle<Code> LoadStubCompiler::CompileLoadGlobal(
|
| // TODO(verwaest): Directly store to rax. Currently we cannot do this, since
|
| // rax is used as receiver(), which we would otherwise clobber before a
|
| // potential miss.
|
| - HandlerFrontendHeader(object, receiver(), global, name, &miss);
|
| + HandlerFrontendHeader(type, receiver(), global, name, &miss);
|
|
|
| // Get the value from the cell.
|
| __ Move(rbx, cell);
|
|
|
Chromium Code Reviews
Issue 148593004:
A64: Synchronize with r18084. (Closed)
Base URL: https://v8.googlecode.com/svn/branches/experimental/a64