| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #if V8_TARGET_ARCH_IA32 | 5 #if V8_TARGET_ARCH_IA32 |
| 6 | 6 |
| 7 #include "src/ast/scopes.h" | 7 #include "src/ast/scopes.h" |
| 8 #include "src/code-factory.h" | 8 #include "src/code-factory.h" |
| 9 #include "src/code-stubs.h" | 9 #include "src/code-stubs.h" |
| 10 #include "src/codegen.h" | 10 #include "src/codegen.h" |
| (...skipping 959 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 970 void FullCodeGenerator::VisitForInStatement(ForInStatement* stmt) { | 970 void FullCodeGenerator::VisitForInStatement(ForInStatement* stmt) { |
| 971 Comment cmnt(masm_, "[ ForInStatement"); | 971 Comment cmnt(masm_, "[ ForInStatement"); |
| 972 SetStatementPosition(stmt, SKIP_BREAK); | 972 SetStatementPosition(stmt, SKIP_BREAK); |
| 973 | 973 |
| 974 FeedbackVectorSlot slot = stmt->ForInFeedbackSlot(); | 974 FeedbackVectorSlot slot = stmt->ForInFeedbackSlot(); |
| 975 | 975 |
| 976 Label loop, exit; | 976 Label loop, exit; |
| 977 ForIn loop_statement(this, stmt); | 977 ForIn loop_statement(this, stmt); |
| 978 increment_loop_depth(); | 978 increment_loop_depth(); |
| 979 | 979 |
| 980 // Get the object to enumerate over. If the object is null or undefined, skip | 980 // Get the object to enumerate over. |
| 981 // over the loop. See ECMA-262 version 5, section 12.6.4. | |
| 982 SetExpressionAsStatementPosition(stmt->enumerable()); | 981 SetExpressionAsStatementPosition(stmt->enumerable()); |
| 983 VisitForAccumulatorValue(stmt->enumerable()); | 982 VisitForAccumulatorValue(stmt->enumerable()); |
| 983 |
| 984 // If the object is null or undefined, skip over the loop, otherwise convert |
| 985 // it to a JS receiver. See ECMA-262 version 5, section 12.6.4. |
| 986 Label convert, done_convert; |
| 987 __ JumpIfSmi(eax, &convert, Label::kNear); |
| 988 __ CmpObjectType(eax, FIRST_JS_RECEIVER_TYPE, ecx); |
| 989 __ j(above_equal, &done_convert, Label::kNear); |
| 984 __ cmp(eax, isolate()->factory()->undefined_value()); | 990 __ cmp(eax, isolate()->factory()->undefined_value()); |
| 985 __ j(equal, &exit); | 991 __ j(equal, &exit); |
| 986 __ cmp(eax, isolate()->factory()->null_value()); | 992 __ cmp(eax, isolate()->factory()->null_value()); |
| 987 __ j(equal, &exit); | 993 __ j(equal, &exit); |
| 988 | |
| 989 PrepareForBailoutForId(stmt->PrepareId(), TOS_REG); | |
| 990 | |
| 991 // Convert the object to a JS object. | |
| 992 Label convert, done_convert; | |
| 993 __ JumpIfSmi(eax, &convert, Label::kNear); | |
| 994 __ CmpObjectType(eax, FIRST_JS_RECEIVER_TYPE, ecx); | |
| 995 __ j(above_equal, &done_convert, Label::kNear); | |
| 996 __ bind(&convert); | 994 __ bind(&convert); |
| 997 ToObjectStub stub(isolate()); | 995 ToObjectStub stub(isolate()); |
| 998 __ CallStub(&stub); | 996 __ CallStub(&stub); |
| 999 __ bind(&done_convert); | 997 __ bind(&done_convert); |
| 1000 PrepareForBailoutForId(stmt->ToObjectId(), TOS_REG); | 998 PrepareForBailoutForId(stmt->ToObjectId(), TOS_REG); |
| 1001 __ push(eax); | 999 __ push(eax); |
| 1002 | 1000 |
| 1003 // Check for proxies. | |
| 1004 Label call_runtime, use_cache, fixed_array; | |
| 1005 __ CmpObjectType(eax, JS_PROXY_TYPE, ecx); | |
| 1006 __ j(equal, &call_runtime); | |
| 1007 | |
| 1008 // Check cache validity in generated code. This is a fast case for | 1001 // Check cache validity in generated code. This is a fast case for |
| 1009 // the JSObject::IsSimpleEnum cache validity checks. If we cannot | 1002 // the JSObject::IsSimpleEnum cache validity checks. If we cannot |
| 1010 // guarantee cache validity, call the runtime system to check cache | 1003 // guarantee cache validity, call the runtime system to check cache |
| 1011 // validity or get the property names in a fixed array. | 1004 // validity or get the property names in a fixed array. |
| 1005 // Note: Proxies never have an enum cache, so will always take the |
| 1006 // slow path. |
| 1007 Label call_runtime, use_cache, fixed_array; |
| 1012 __ CheckEnumCache(&call_runtime); | 1008 __ CheckEnumCache(&call_runtime); |
| 1013 | 1009 |
| 1014 __ mov(eax, FieldOperand(eax, HeapObject::kMapOffset)); | 1010 __ mov(eax, FieldOperand(eax, HeapObject::kMapOffset)); |
| 1015 __ jmp(&use_cache, Label::kNear); | 1011 __ jmp(&use_cache, Label::kNear); |
| 1016 | 1012 |
| 1017 // Get the set of properties to enumerate. | 1013 // Get the set of properties to enumerate. |
| 1018 __ bind(&call_runtime); | 1014 __ bind(&call_runtime); |
| 1019 __ push(eax); | 1015 __ push(eax); |
| 1020 __ CallRuntime(Runtime::kGetPropertyNamesFast); | 1016 __ CallRuntime(Runtime::kGetPropertyNamesFast); |
| 1021 PrepareForBailoutForId(stmt->EnumId(), TOS_REG); | 1017 PrepareForBailoutForId(stmt->EnumId(), TOS_REG); |
| (...skipping 3720 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4742 Assembler::target_address_at(call_target_address, | 4738 Assembler::target_address_at(call_target_address, |
| 4743 unoptimized_code)); | 4739 unoptimized_code)); |
| 4744 return OSR_AFTER_STACK_CHECK; | 4740 return OSR_AFTER_STACK_CHECK; |
| 4745 } | 4741 } |
| 4746 | 4742 |
| 4747 | 4743 |
| 4748 } // namespace internal | 4744 } // namespace internal |
| 4749 } // namespace v8 | 4745 } // namespace v8 |
| 4750 | 4746 |
| 4751 #endif // V8_TARGET_ARCH_IA32 | 4747 #endif // V8_TARGET_ARCH_IA32 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1618613002:
[for-in] Sanitize for-in optimizations and fix bailout points. (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master