| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #if V8_TARGET_ARCH_X87 | 5 #if V8_TARGET_ARCH_X87 |
| 6 | 6 |
| 7 #include "src/ast/scopes.h" | 7 #include "src/ast/scopes.h" |
| 8 #include "src/code-factory.h" | 8 #include "src/code-factory.h" |
| 9 #include "src/code-stubs.h" | 9 #include "src/code-stubs.h" |
| 10 #include "src/codegen.h" | 10 #include "src/codegen.h" |
| (...skipping 951 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 962 void FullCodeGenerator::VisitForInStatement(ForInStatement* stmt) { | 962 void FullCodeGenerator::VisitForInStatement(ForInStatement* stmt) { |
| 963 Comment cmnt(masm_, "[ ForInStatement"); | 963 Comment cmnt(masm_, "[ ForInStatement"); |
| 964 SetStatementPosition(stmt, SKIP_BREAK); | 964 SetStatementPosition(stmt, SKIP_BREAK); |
| 965 | 965 |
| 966 FeedbackVectorSlot slot = stmt->ForInFeedbackSlot(); | 966 FeedbackVectorSlot slot = stmt->ForInFeedbackSlot(); |
| 967 | 967 |
| 968 Label loop, exit; | 968 Label loop, exit; |
| 969 ForIn loop_statement(this, stmt); | 969 ForIn loop_statement(this, stmt); |
| 970 increment_loop_depth(); | 970 increment_loop_depth(); |
| 971 | 971 |
| 972 // Get the object to enumerate over. If the object is null or undefined, skip | 972 // Get the object to enumerate over. |
| 973 // over the loop. See ECMA-262 version 5, section 12.6.4. | |
| 974 SetExpressionAsStatementPosition(stmt->enumerable()); | 973 SetExpressionAsStatementPosition(stmt->enumerable()); |
| 975 VisitForAccumulatorValue(stmt->enumerable()); | 974 VisitForAccumulatorValue(stmt->enumerable()); |
| 975 |
| 976 // If the object is null or undefined, skip over the loop, otherwise convert |
| 977 // it to a JS receiver. See ECMA-262 version 5, section 12.6.4. |
| 978 Label convert, done_convert; |
| 979 __ JumpIfSmi(eax, &convert, Label::kNear); |
| 980 __ CmpObjectType(eax, FIRST_JS_RECEIVER_TYPE, ecx); |
| 981 __ j(above_equal, &done_convert, Label::kNear); |
| 976 __ cmp(eax, isolate()->factory()->undefined_value()); | 982 __ cmp(eax, isolate()->factory()->undefined_value()); |
| 977 __ j(equal, &exit); | 983 __ j(equal, &exit); |
| 978 __ cmp(eax, isolate()->factory()->null_value()); | 984 __ cmp(eax, isolate()->factory()->null_value()); |
| 979 __ j(equal, &exit); | 985 __ j(equal, &exit); |
| 980 | |
| 981 PrepareForBailoutForId(stmt->PrepareId(), TOS_REG); | |
| 982 | |
| 983 // Convert the object to a JS object. | |
| 984 Label convert, done_convert; | |
| 985 __ JumpIfSmi(eax, &convert, Label::kNear); | |
| 986 __ CmpObjectType(eax, FIRST_JS_RECEIVER_TYPE, ecx); | |
| 987 __ j(above_equal, &done_convert, Label::kNear); | |
| 988 __ bind(&convert); | 986 __ bind(&convert); |
| 989 ToObjectStub stub(isolate()); | 987 ToObjectStub stub(isolate()); |
| 990 __ CallStub(&stub); | 988 __ CallStub(&stub); |
| 991 __ bind(&done_convert); | 989 __ bind(&done_convert); |
| 992 PrepareForBailoutForId(stmt->ToObjectId(), TOS_REG); | 990 PrepareForBailoutForId(stmt->ToObjectId(), TOS_REG); |
| 993 __ push(eax); | 991 __ push(eax); |
| 994 | 992 |
| 995 // Check for proxies. | |
| 996 Label call_runtime, use_cache, fixed_array; | |
| 997 __ CmpObjectType(eax, JS_PROXY_TYPE, ecx); | |
| 998 __ j(equal, &call_runtime); | |
| 999 | |
| 1000 // Check cache validity in generated code. This is a fast case for | 993 // Check cache validity in generated code. This is a fast case for |
| 1001 // the JSObject::IsSimpleEnum cache validity checks. If we cannot | 994 // the JSObject::IsSimpleEnum cache validity checks. If we cannot |
| 1002 // guarantee cache validity, call the runtime system to check cache | 995 // guarantee cache validity, call the runtime system to check cache |
| 1003 // validity or get the property names in a fixed array. | 996 // validity or get the property names in a fixed array. |
| 997 // Note: Proxies never have an enum cache, so will always take the |
| 998 // slow path. |
| 999 Label call_runtime, use_cache, fixed_array; |
| 1004 __ CheckEnumCache(&call_runtime); | 1000 __ CheckEnumCache(&call_runtime); |
| 1005 | 1001 |
| 1006 __ mov(eax, FieldOperand(eax, HeapObject::kMapOffset)); | 1002 __ mov(eax, FieldOperand(eax, HeapObject::kMapOffset)); |
| 1007 __ jmp(&use_cache, Label::kNear); | 1003 __ jmp(&use_cache, Label::kNear); |
| 1008 | 1004 |
| 1009 // Get the set of properties to enumerate. | 1005 // Get the set of properties to enumerate. |
| 1010 __ bind(&call_runtime); | 1006 __ bind(&call_runtime); |
| 1011 __ push(eax); | 1007 __ push(eax); |
| 1012 __ CallRuntime(Runtime::kGetPropertyNamesFast); | 1008 __ CallRuntime(Runtime::kGetPropertyNamesFast); |
| 1013 PrepareForBailoutForId(stmt->EnumId(), TOS_REG); | 1009 PrepareForBailoutForId(stmt->EnumId(), TOS_REG); |
| (...skipping 3720 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4734 Assembler::target_address_at(call_target_address, | 4730 Assembler::target_address_at(call_target_address, |
| 4735 unoptimized_code)); | 4731 unoptimized_code)); |
| 4736 return OSR_AFTER_STACK_CHECK; | 4732 return OSR_AFTER_STACK_CHECK; |
| 4737 } | 4733 } |
| 4738 | 4734 |
| 4739 | 4735 |
| 4740 } // namespace internal | 4736 } // namespace internal |
| 4741 } // namespace v8 | 4737 } // namespace v8 |
| 4742 | 4738 |
| 4743 #endif // V8_TARGET_ARCH_X87 | 4739 #endif // V8_TARGET_ARCH_X87 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1611113002:
X87: [for-in] Sanitize for-in optimizations and fix bailout points. (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master