| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #if V8_TARGET_ARCH_X64 | 5 #if V8_TARGET_ARCH_X64 |
| 6 | 6 |
| 7 #include "src/ast/scopes.h" | 7 #include "src/ast/scopes.h" |
| 8 #include "src/code-factory.h" | 8 #include "src/code-factory.h" |
| 9 #include "src/code-stubs.h" | 9 #include "src/code-stubs.h" |
| 10 #include "src/codegen.h" | 10 #include "src/codegen.h" |
| (...skipping 972 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 983 void FullCodeGenerator::VisitForInStatement(ForInStatement* stmt) { | 983 void FullCodeGenerator::VisitForInStatement(ForInStatement* stmt) { |
| 984 Comment cmnt(masm_, "[ ForInStatement"); | 984 Comment cmnt(masm_, "[ ForInStatement"); |
| 985 SetStatementPosition(stmt, SKIP_BREAK); | 985 SetStatementPosition(stmt, SKIP_BREAK); |
| 986 | 986 |
| 987 FeedbackVectorSlot slot = stmt->ForInFeedbackSlot(); | 987 FeedbackVectorSlot slot = stmt->ForInFeedbackSlot(); |
| 988 | 988 |
| 989 Label loop, exit; | 989 Label loop, exit; |
| 990 ForIn loop_statement(this, stmt); | 990 ForIn loop_statement(this, stmt); |
| 991 increment_loop_depth(); | 991 increment_loop_depth(); |
| 992 | 992 |
| 993 // Get the object to enumerate over. If the object is null or undefined, skip | 993 // Get the object to enumerate over. |
| 994 // over the loop. See ECMA-262 version 5, section 12.6.4. | |
| 995 SetExpressionAsStatementPosition(stmt->enumerable()); | 994 SetExpressionAsStatementPosition(stmt->enumerable()); |
| 996 VisitForAccumulatorValue(stmt->enumerable()); | 995 VisitForAccumulatorValue(stmt->enumerable()); |
| 997 __ CompareRoot(rax, Heap::kUndefinedValueRootIndex); | |
| 998 __ j(equal, &exit); | |
| 999 Register null_value = rdi; | |
| 1000 __ LoadRoot(null_value, Heap::kNullValueRootIndex); | |
| 1001 __ cmpp(rax, null_value); | |
| 1002 __ j(equal, &exit); | |
| 1003 | 996 |
| 1004 PrepareForBailoutForId(stmt->PrepareId(), TOS_REG); | 997 // If the object is null or undefined, skip over the loop, otherwise convert |
| 1005 | 998 // it to a JS receiver. See ECMA-262 version 5, section 12.6.4. |
| 1006 // Convert the object to a JS object. | |
| 1007 Label convert, done_convert; | 999 Label convert, done_convert; |
| 1008 __ JumpIfSmi(rax, &convert, Label::kNear); | 1000 __ JumpIfSmi(rax, &convert, Label::kNear); |
| 1009 __ CmpObjectType(rax, FIRST_JS_RECEIVER_TYPE, rcx); | 1001 __ CmpObjectType(rax, FIRST_JS_RECEIVER_TYPE, rcx); |
| 1010 __ j(above_equal, &done_convert, Label::kNear); | 1002 __ j(above_equal, &done_convert, Label::kNear); |
| 1003 __ CompareRoot(rax, Heap::kNullValueRootIndex); |
| 1004 __ j(equal, &exit); |
| 1005 __ CompareRoot(rax, Heap::kUndefinedValueRootIndex); |
| 1006 __ j(equal, &exit); |
| 1011 __ bind(&convert); | 1007 __ bind(&convert); |
| 1012 ToObjectStub stub(isolate()); | 1008 ToObjectStub stub(isolate()); |
| 1013 __ CallStub(&stub); | 1009 __ CallStub(&stub); |
| 1014 __ bind(&done_convert); | 1010 __ bind(&done_convert); |
| 1015 PrepareForBailoutForId(stmt->ToObjectId(), TOS_REG); | 1011 PrepareForBailoutForId(stmt->ToObjectId(), TOS_REG); |
| 1016 __ Push(rax); | 1012 __ Push(rax); |
| 1017 | 1013 |
| 1018 // Check for proxies. | |
| 1019 Label call_runtime; | |
| 1020 __ CmpObjectType(rax, JS_PROXY_TYPE, rcx); | |
| 1021 __ j(equal, &call_runtime); | |
| 1022 | |
| 1023 // Check cache validity in generated code. This is a fast case for | 1014 // Check cache validity in generated code. This is a fast case for |
| 1024 // the JSObject::IsSimpleEnum cache validity checks. If we cannot | 1015 // the JSObject::IsSimpleEnum cache validity checks. If we cannot |
| 1025 // guarantee cache validity, call the runtime system to check cache | 1016 // guarantee cache validity, call the runtime system to check cache |
| 1026 // validity or get the property names in a fixed array. | 1017 // validity or get the property names in a fixed array. |
| 1027 __ CheckEnumCache(null_value, &call_runtime); | 1018 // Note: Proxies never have an enum cache, so will always take the |
| 1019 // slow path. |
| 1020 Label call_runtime; |
| 1021 __ CheckEnumCache(&call_runtime); |
| 1028 | 1022 |
| 1029 // The enum cache is valid. Load the map of the object being | 1023 // The enum cache is valid. Load the map of the object being |
| 1030 // iterated over and use the cache for the iteration. | 1024 // iterated over and use the cache for the iteration. |
| 1031 Label use_cache; | 1025 Label use_cache; |
| 1032 __ movp(rax, FieldOperand(rax, HeapObject::kMapOffset)); | 1026 __ movp(rax, FieldOperand(rax, HeapObject::kMapOffset)); |
| 1033 __ jmp(&use_cache, Label::kNear); | 1027 __ jmp(&use_cache, Label::kNear); |
| 1034 | 1028 |
| 1035 // Get the set of properties to enumerate. | 1029 // Get the set of properties to enumerate. |
| 1036 __ bind(&call_runtime); | 1030 __ bind(&call_runtime); |
| 1037 __ Push(rax); // Duplicate the enumerable object on the stack. | 1031 __ Push(rax); // Duplicate the enumerable object on the stack. |
| (...skipping 3708 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4746 Assembler::target_address_at(call_target_address, | 4740 Assembler::target_address_at(call_target_address, |
| 4747 unoptimized_code)); | 4741 unoptimized_code)); |
| 4748 return OSR_AFTER_STACK_CHECK; | 4742 return OSR_AFTER_STACK_CHECK; |
| 4749 } | 4743 } |
| 4750 | 4744 |
| 4751 | 4745 |
| 4752 } // namespace internal | 4746 } // namespace internal |
| 4753 } // namespace v8 | 4747 } // namespace v8 |
| 4754 | 4748 |
| 4755 #endif // V8_TARGET_ARCH_X64 | 4749 #endif // V8_TARGET_ARCH_X64 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1618613002:
[for-in] Sanitize for-in optimizations and fix bailout points. (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master