| Index: src/ic.cc
|
| diff --git a/src/ic.cc b/src/ic.cc
|
| index 7211ad91679dc199abc4b704406731efa13a10c7..5267af1a27152d6be1dcb754f35a542dfeb04947 100644
|
| --- a/src/ic.cc
|
| +++ b/src/ic.cc
|
| @@ -549,9 +549,11 @@ MaybeObject* CallICBase::LoadFunction(State state,
|
| Code::ExtraICState extra_ic_state,
|
| Handle<Object> object,
|
| Handle<String> name) {
|
| + bool use_ic = FLAG_use_ic;
|
| if (object->IsJSObject()) {
|
| Handle<JSObject> receiver = Handle<JSObject>::cast(object);
|
| if (receiver->map()->is_deprecated()) {
|
| + use_ic = false;
|
| JSObject::MigrateInstance(receiver);
|
| }
|
| }
|
| @@ -590,9 +592,7 @@ MaybeObject* CallICBase::LoadFunction(State state,
|
| }
|
|
|
| // Lookup is valid: Update inline cache and stub cache.
|
| - if (FLAG_use_ic) {
|
| - UpdateCaches(&lookup, state, extra_ic_state, object, name);
|
| - }
|
| + if (use_ic) UpdateCaches(&lookup, state, extra_ic_state, object, name);
|
|
|
| // Get the property.
|
| PropertyAttributes attr;
|
| @@ -819,9 +819,11 @@ MaybeObject* KeyedCallIC::LoadFunction(State state,
|
| Handle<String>::cast(key));
|
| }
|
|
|
| + bool use_ic = FLAG_use_ic && !object->IsAccessCheckNeeded();
|
| if (object->IsJSObject()) {
|
| Handle<JSObject> receiver = Handle<JSObject>::cast(object);
|
| if (receiver->map()->is_deprecated()) {
|
| + use_ic = false;
|
| JSObject::MigrateInstance(receiver);
|
| }
|
| }
|
| @@ -830,7 +832,6 @@ MaybeObject* KeyedCallIC::LoadFunction(State state,
|
| return TypeError("non_object_property_call", object, key);
|
| }
|
|
|
| - bool use_ic = FLAG_use_ic && !object->IsAccessCheckNeeded();
|
| ASSERT(!(use_ic && object->IsJSGlobalProxy()));
|
|
|
| if (use_ic && state != MEGAMORPHIC) {
|
| @@ -874,21 +875,20 @@ MaybeObject* LoadIC::Load(State state,
|
| return TypeError("non_object_property_load", object, name);
|
| }
|
|
|
| - if (FLAG_use_ic) {
|
| + bool use_ic = FLAG_use_ic;
|
| +
|
| + if (use_ic) {
|
| // Use specialized code for getting the length of strings and
|
| // string wrapper objects. The length property of string wrapper
|
| // objects is read-only and therefore always returns the length of
|
| // the underlying string value. See ECMA-262 15.5.5.1.
|
| - if ((object->IsString() || object->IsStringWrapper()) &&
|
| + if (object->IsStringWrapper() &&
|
| name->Equals(isolate()->heap()->length_string())) {
|
| Handle<Code> stub;
|
| if (state == UNINITIALIZED) {
|
| stub = pre_monomorphic_stub();
|
| - } else if (state == PREMONOMORPHIC) {
|
| - StringLengthStub string_length_stub(kind(), !object->IsString());
|
| - stub = string_length_stub.GetCode(isolate());
|
| - } else if (state == MONOMORPHIC && object->IsStringWrapper()) {
|
| - StringLengthStub string_length_stub(kind(), true);
|
| + } else if (state == PREMONOMORPHIC || state == MONOMORPHIC) {
|
| + StringLengthStub string_length_stub(kind());
|
| stub = string_length_stub.GetCode(isolate());
|
| } else if (state != MEGAMORPHIC) {
|
| ASSERT(state != GENERIC);
|
| @@ -897,14 +897,12 @@ MaybeObject* LoadIC::Load(State state,
|
| if (!stub.is_null()) {
|
| set_target(*stub);
|
| #ifdef DEBUG
|
| - if (FLAG_trace_ic) PrintF("[LoadIC : +#length /string]\n");
|
| + if (FLAG_trace_ic) PrintF("[LoadIC : +#length /stringwrapper]\n");
|
| #endif
|
| }
|
| // Get the string if we have a string wrapper object.
|
| - Handle<Object> string = object->IsJSValue()
|
| - ? Handle<Object>(Handle<JSValue>::cast(object)->value(), isolate())
|
| - : object;
|
| - return Smi::FromInt(String::cast(*string)->length());
|
| + String* string = String::cast(JSValue::cast(*object)->value());
|
| + return Smi::FromInt(string->length());
|
| }
|
|
|
| // Use specialized code for getting prototype of functions.
|
| @@ -936,13 +934,14 @@ MaybeObject* LoadIC::Load(State state,
|
| uint32_t index;
|
| if (kind() == Code::KEYED_LOAD_IC && name->AsArrayIndex(&index)) {
|
| // Rewrite to the generic keyed load stub.
|
| - if (FLAG_use_ic) set_target(*generic_stub());
|
| + if (use_ic) set_target(*generic_stub());
|
| return Runtime::GetElementOrCharAtOrFail(isolate(), object, index);
|
| }
|
|
|
| if (object->IsJSObject()) {
|
| Handle<JSObject> receiver = Handle<JSObject>::cast(object);
|
| if (receiver->map()->is_deprecated()) {
|
| + use_ic = false;
|
| JSObject::MigrateInstance(receiver);
|
| }
|
| }
|
| @@ -960,7 +959,7 @@ MaybeObject* LoadIC::Load(State state,
|
| }
|
|
|
| // Update inline cache and stub cache.
|
| - if (FLAG_use_ic) UpdateCaches(&lookup, state, object, name);
|
| + if (use_ic) UpdateCaches(&lookup, state, object, name);
|
|
|
| PropertyAttributes attr;
|
| if (lookup.IsInterceptor() || lookup.IsHandler()) {
|
| @@ -996,7 +995,7 @@ static bool AddOneReceiverMapIfMissing(MapHandleList* receiver_maps,
|
|
|
|
|
| bool IC::UpdatePolymorphicIC(State state,
|
| - Handle<JSObject> receiver,
|
| + Handle<HeapObject> receiver,
|
| Handle<String> name,
|
| Handle<Code> code,
|
| StrictModeFlag strict_mode) {
|
| @@ -1077,44 +1076,44 @@ Handle<Code> StoreIC::ComputePolymorphicIC(MapHandleList* receiver_maps,
|
| }
|
|
|
|
|
| -void LoadIC::UpdateMonomorphicIC(Handle<JSObject> receiver,
|
| +void LoadIC::UpdateMonomorphicIC(Handle<HeapObject> receiver,
|
| Handle<Code> handler,
|
| Handle<String> name,
|
| StrictModeFlag strict_mode) {
|
| - if (handler->type() == Code::NORMAL) return set_target(*handler);
|
| + if (handler->is_load_stub()) return set_target(*handler);
|
| Handle<Code> ic = isolate()->stub_cache()->ComputeMonomorphicLoadIC(
|
| receiver, handler, name);
|
| set_target(*ic);
|
| }
|
|
|
|
|
| -void KeyedLoadIC::UpdateMonomorphicIC(Handle<JSObject> receiver,
|
| +void KeyedLoadIC::UpdateMonomorphicIC(Handle<HeapObject> receiver,
|
| Handle<Code> handler,
|
| Handle<String> name,
|
| StrictModeFlag strict_mode) {
|
| - if (handler->type() == Code::NORMAL) return set_target(*handler);
|
| + if (handler->is_keyed_load_stub()) return set_target(*handler);
|
| Handle<Code> ic = isolate()->stub_cache()->ComputeMonomorphicKeyedLoadIC(
|
| receiver, handler, name);
|
| set_target(*ic);
|
| }
|
|
|
|
|
| -void StoreIC::UpdateMonomorphicIC(Handle<JSObject> receiver,
|
| +void StoreIC::UpdateMonomorphicIC(Handle<HeapObject> receiver,
|
| Handle<Code> handler,
|
| Handle<String> name,
|
| StrictModeFlag strict_mode) {
|
| - if (handler->type() == Code::NORMAL) return set_target(*handler);
|
| + if (handler->is_store_stub()) return set_target(*handler);
|
| Handle<Code> ic = isolate()->stub_cache()->ComputeMonomorphicStoreIC(
|
| receiver, handler, name, strict_mode);
|
| set_target(*ic);
|
| }
|
|
|
|
|
| -void KeyedStoreIC::UpdateMonomorphicIC(Handle<JSObject> receiver,
|
| +void KeyedStoreIC::UpdateMonomorphicIC(Handle<HeapObject> receiver,
|
| Handle<Code> handler,
|
| Handle<String> name,
|
| StrictModeFlag strict_mode) {
|
| - if (handler->type() == Code::NORMAL) return set_target(*handler);
|
| + if (handler->is_keyed_store_stub()) return set_target(*handler);
|
| Handle<Code> ic = isolate()->stub_cache()->ComputeMonomorphicKeyedStoreIC(
|
| receiver, handler, name, strict_mode);
|
| set_target(*ic);
|
| @@ -1155,7 +1154,7 @@ bool IC::IsTransitionedMapOfMonomorphicTarget(Map* receiver_map) {
|
| // not necessarily equal to target()->state().
|
| void IC::PatchCache(State state,
|
| StrictModeFlag strict_mode,
|
| - Handle<JSObject> receiver,
|
| + Handle<HeapObject> receiver,
|
| Handle<String> name,
|
| Handle<Code> code) {
|
| switch (state) {
|
| @@ -1265,32 +1264,38 @@ void LoadIC::UpdateCaches(LookupResult* lookup,
|
| State state,
|
| Handle<Object> object,
|
| Handle<String> name) {
|
| - // Bail out if the result is not cacheable.
|
| - if (!lookup->IsCacheable()) {
|
| - set_target(*generic_stub());
|
| - return;
|
| - }
|
| + // TODO(verwaest): It would be nice to support loading fields from smis as
|
| + // well. For now just fail to update the cache.
|
| + if (!object->IsHeapObject()) return;
|
|
|
| - // TODO(jkummerow): It would be nice to support non-JSObjects in
|
| - // UpdateCaches, then we wouldn't need to go generic here.
|
| - if (!object->IsJSObject()) {
|
| - set_target(*generic_stub());
|
| - return;
|
| - }
|
| + Handle<HeapObject> receiver = Handle<HeapObject>::cast(object);
|
|
|
| - Handle<JSObject> receiver = Handle<JSObject>::cast(object);
|
| Handle<Code> code;
|
| if (state == UNINITIALIZED) {
|
| // This is the first time we execute this inline cache.
|
| // Set the target to the pre monomorphic stub to delay
|
| // setting the monomorphic state.
|
| code = pre_monomorphic_stub();
|
| - } else {
|
| - code = ComputeLoadHandler(lookup, receiver, name);
|
| - if (code.is_null()) {
|
| - set_target(*generic_stub());
|
| - return;
|
| + } else if (!lookup->IsCacheable()) {
|
| + // Bail out if the result is not cacheable.
|
| + code = slow_stub();
|
| + } else if (object->IsString() &&
|
| + name->Equals(isolate()->heap()->length_string())) {
|
| + int length_index = String::kLengthOffset / kPointerSize;
|
| + if (target()->is_load_stub()) {
|
| + LoadFieldStub stub(true, length_index, Representation::Tagged());
|
| + code = stub.GetCode(isolate());
|
| + } else {
|
| + KeyedLoadFieldStub stub(true, length_index, Representation::Tagged());
|
| + code = stub.GetCode(isolate());
|
| }
|
| + } else if (!object->IsJSObject()) {
|
| + // TODO(jkummerow): It would be nice to support non-JSObjects in
|
| + // ComputeLoadHandler, then we wouldn't need to go generic here.
|
| + code = slow_stub();
|
| + } else {
|
| + code = ComputeLoadHandler(lookup, Handle<JSObject>::cast(receiver), name);
|
| + if (code.is_null()) code = slow_stub();
|
| }
|
|
|
| PatchCache(state, kNonStrictMode, receiver, name, code);
|
| @@ -1368,9 +1373,9 @@ Handle<Code> LoadIC::ComputeLoadHandler(LookupResult* lookup,
|
| return isolate()->stub_cache()->ComputeLoadViaGetter(
|
| name, receiver, holder, function);
|
| } else if (receiver->IsJSArray() &&
|
| - name->Equals(isolate()->heap()->length_string())) {
|
| - PropertyIndex lengthIndex =
|
| - PropertyIndex::NewHeaderIndex(JSArray::kLengthOffset / kPointerSize);
|
| + name->Equals(isolate()->heap()->length_string())) {
|
| + PropertyIndex lengthIndex = PropertyIndex::NewHeaderIndex(
|
| + JSArray::kLengthOffset / kPointerSize);
|
| return isolate()->stub_cache()->ComputeLoadField(
|
| name, receiver, holder, lengthIndex, Representation::Tagged());
|
| }
|
| @@ -1502,6 +1507,7 @@ MaybeObject* KeyedLoadIC::Load(State state,
|
| } else if (object->IsJSObject()) {
|
| Handle<JSObject> receiver = Handle<JSObject>::cast(object);
|
| if (receiver->map()->is_deprecated()) {
|
| + use_ic = false;
|
| JSObject::MigrateInstance(receiver);
|
| }
|
|
|
| @@ -1518,9 +1524,11 @@ MaybeObject* KeyedLoadIC::Load(State state,
|
| } else {
|
| TRACE_GENERIC_IC(isolate(), "KeyedLoadIC", "force generic");
|
| }
|
| - ASSERT(!stub.is_null());
|
| - set_target(*stub);
|
| - TRACE_IC("KeyedLoadIC", key, state, target());
|
| + if (use_ic) {
|
| + ASSERT(!stub.is_null());
|
| + set_target(*stub);
|
| + TRACE_IC("KeyedLoadIC", key, state, target());
|
| + }
|
| }
|
|
|
|
|
| @@ -1684,7 +1692,9 @@ MaybeObject* StoreIC::Store(State state,
|
|
|
| Handle<JSObject> receiver = Handle<JSObject>::cast(object);
|
|
|
| + bool use_ic = FLAG_use_ic;
|
| if (receiver->map()->is_deprecated()) {
|
| + use_ic = false;
|
| JSObject::MigrateInstance(receiver);
|
| }
|
|
|
| @@ -1707,7 +1717,7 @@ MaybeObject* StoreIC::Store(State state,
|
| // properties. Slow properties might indicate redefinition of the length
|
| // property. Note that when redefined using Object.freeze, it's possible
|
| // to have fast properties but a read-only length.
|
| - if (FLAG_use_ic &&
|
| + if (use_ic &&
|
| receiver->IsJSArray() &&
|
| name->Equals(isolate()->heap()->length_string()) &&
|
| Handle<JSArray>::cast(receiver)->AllowsSetElementsLength() &&
|
| @@ -1722,7 +1732,7 @@ MaybeObject* StoreIC::Store(State state,
|
| }
|
|
|
| if (receiver->IsJSGlobalProxy()) {
|
| - if (FLAG_use_ic && kind() != Code::KEYED_STORE_IC) {
|
| + if (use_ic && kind() != Code::KEYED_STORE_IC) {
|
| // Generate a generic stub that goes to the runtime when we see a global
|
| // proxy as receiver.
|
| Handle<Code> stub = (strict_mode == kStrictMode)
|
| @@ -1744,7 +1754,7 @@ MaybeObject* StoreIC::Store(State state,
|
| // Strict mode doesn't allow setting non-existent global property.
|
| return ReferenceError("not_defined", name);
|
| }
|
| - if (FLAG_use_ic) {
|
| + if (use_ic) {
|
| if (state == UNINITIALIZED) {
|
| Handle<Code> stub = (strict_mode == kStrictMode)
|
| ? pre_monomorphic_stub_strict()
|
|
|
Chromium Code Reviews
Issue 153913002:
A64: Synchronize with r16756. (Closed)
Base URL: https://v8.googlecode.com/svn/branches/experimental/a64