Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(84)

Side by Side Diff: src/ic.cc

Issue 176793003: Reland and fix "Allow ICs to be generated for own global proxy." (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Fix and regression test Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « src/code-stubs-hydrogen.cc ('k') | src/isolate.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 1054 matching lines...) Expand 10 before | Expand all | Expand 10 after
1065 Handle<Code> stub = generic_stub(); 1065 Handle<Code> stub = generic_stub();
1066 1066
1067 // Check for non-string values that can be converted into an 1067 // Check for non-string values that can be converted into an
1068 // internalized string directly or is representable as a smi. 1068 // internalized string directly or is representable as a smi.
1069 key = TryConvertKey(key, isolate()); 1069 key = TryConvertKey(key, isolate());
1070 1070
1071 if (key->IsInternalizedString()) { 1071 if (key->IsInternalizedString()) {
1072 maybe_object = LoadIC::Load(object, Handle<String>::cast(key)); 1072 maybe_object = LoadIC::Load(object, Handle<String>::cast(key));
1073 if (maybe_object->IsFailure()) return maybe_object; 1073 if (maybe_object->IsFailure()) return maybe_object;
1074 } else if (FLAG_use_ic && !object->IsAccessCheckNeeded()) { 1074 } else if (FLAG_use_ic && !object->IsAccessCheckNeeded()) {
1075 ASSERT(!object->IsJSGlobalProxy()); 1075 ASSERT(!object->IsAccessCheckNeeded());
1076 if (object->IsString() && key->IsNumber()) { 1076 if (object->IsString() && key->IsNumber()) {
1077 if (state() == UNINITIALIZED) stub = string_stub(); 1077 if (state() == UNINITIALIZED) stub = string_stub();
1078 } else if (object->IsJSObject()) { 1078 } else if (object->IsJSObject()) {
1079 Handle<JSObject> receiver = Handle<JSObject>::cast(object); 1079 Handle<JSObject> receiver = Handle<JSObject>::cast(object);
1080 if (receiver->elements()->map() == 1080 if (receiver->elements()->map() ==
1081 isolate()->heap()->non_strict_arguments_elements_map()) { 1081 isolate()->heap()->non_strict_arguments_elements_map()) {
1082 stub = non_strict_arguments_stub(); 1082 stub = non_strict_arguments_stub();
1083 } else if (receiver->HasIndexedInterceptor()) { 1083 } else if (receiver->HasIndexedInterceptor()) {
1084 stub = indexed_interceptor_stub(); 1084 stub = indexed_interceptor_stub();
1085 } else if (!key->ToSmi()->IsFailure() && 1085 } else if (!key->ToSmi()->IsFailure() &&
(...skipping 18 matching lines...) Expand all
1104 1104
1105 1105
1106 static bool LookupForWrite(Handle<JSObject> receiver, 1106 static bool LookupForWrite(Handle<JSObject> receiver,
1107 Handle<String> name, 1107 Handle<String> name,
1108 Handle<Object> value, 1108 Handle<Object> value,
1109 LookupResult* lookup, 1109 LookupResult* lookup,
1110 IC* ic) { 1110 IC* ic) {
1111 Handle<JSObject> holder = receiver; 1111 Handle<JSObject> holder = receiver;
1112 receiver->Lookup(*name, lookup); 1112 receiver->Lookup(*name, lookup);
1113 if (lookup->IsFound()) { 1113 if (lookup->IsFound()) {
1114 if (lookup->IsReadOnly() || !lookup->IsCacheable()) return false; 1114 if (lookup->IsInterceptor() && !HasInterceptorSetter(lookup->holder())) {
1115 1115 receiver->LocalLookupRealNamedProperty(*name, lookup);
1116 if (lookup->holder() == *receiver) { 1116 if (!lookup->IsFound()) return false;
1117 if (lookup->IsInterceptor() && !HasInterceptorSetter(*receiver)) {
1118 receiver->LocalLookupRealNamedProperty(*name, lookup);
1119 return lookup->IsFound() &&
1120 !lookup->IsReadOnly() &&
1121 lookup->CanHoldValue(value) &&
1122 lookup->IsCacheable();
1123 }
1124 return lookup->CanHoldValue(value);
1125 } 1117 }
1126 1118
1119 if (lookup->IsReadOnly() || !lookup->IsCacheable()) return false;
1120 if (lookup->holder() == *receiver) return lookup->CanHoldValue(value);
1127 if (lookup->IsPropertyCallbacks()) return true; 1121 if (lookup->IsPropertyCallbacks()) return true;
1128 // JSGlobalProxy always goes via the runtime, so it's safe to cache. 1122 // JSGlobalProxy either stores on the global object in the prototype, or
1129 if (receiver->IsJSGlobalProxy()) return true; 1123 // goes into the runtime if access checks are needed, so this is always
1124 // safe.
1125 if (receiver->IsJSGlobalProxy()) {
1126 return lookup->holder() == receiver->GetPrototype();
1127 }
1130 // Currently normal holders in the prototype chain are not supported. They 1128 // Currently normal holders in the prototype chain are not supported. They
1131 // would require a runtime positive lookup and verification that the details 1129 // would require a runtime positive lookup and verification that the details
1132 // have not changed. 1130 // have not changed.
1133 if (lookup->IsInterceptor() || lookup->IsNormal()) return false; 1131 if (lookup->IsInterceptor() || lookup->IsNormal()) return false;
1134 holder = Handle<JSObject>(lookup->holder(), lookup->isolate()); 1132 holder = Handle<JSObject>(lookup->holder(), lookup->isolate());
1135 } 1133 }
1136 1134
1137 // While normally LookupTransition gets passed the receiver, in this case we 1135 // While normally LookupTransition gets passed the receiver, in this case we
1138 // pass the holder of the property that we overwrite. This keeps the holder in 1136 // pass the holder of the property that we overwrite. This keeps the holder in
1139 // the LookupResult intact so we can later use it to generate a prototype 1137 // the LookupResult intact so we can later use it to generate a prototype
(...skipping 164 matching lines...) Expand 10 before | Expand all | Expand 10 after
1304 PatchCache(CurrentTypeOf(receiver, isolate()), name, code); 1302 PatchCache(CurrentTypeOf(receiver, isolate()), name, code);
1305 TRACE_IC("StoreIC", name); 1303 TRACE_IC("StoreIC", name);
1306 } 1304 }
1307 1305
1308 1306
1309 Handle<Code> StoreIC::CompileHandler(LookupResult* lookup, 1307 Handle<Code> StoreIC::CompileHandler(LookupResult* lookup,
1310 Handle<Object> object, 1308 Handle<Object> object,
1311 Handle<String> name, 1309 Handle<String> name,
1312 Handle<Object> value, 1310 Handle<Object> value,
1313 InlineCacheHolderFlag cache_holder) { 1311 InlineCacheHolderFlag cache_holder) {
1314 if (object->IsJSGlobalProxy()) return slow_stub(); 1312 if (object->IsAccessCheckNeeded()) return slow_stub();
1315 ASSERT(cache_holder == OWN_MAP); 1313 ASSERT(cache_holder == OWN_MAP);
1316 // This is currently guaranteed by checks in StoreIC::Store. 1314 // This is currently guaranteed by checks in StoreIC::Store.
1317 Handle<JSObject> receiver = Handle<JSObject>::cast(object); 1315 Handle<JSObject> receiver = Handle<JSObject>::cast(object);
1318 1316
1319 Handle<JSObject> holder(lookup->holder()); 1317 Handle<JSObject> holder(lookup->holder());
1320 // Handlers do not use strict mode. 1318 // Handlers do not use strict mode.
1321 StoreStubCompiler compiler(isolate(), kNonStrictMode, kind()); 1319 StoreStubCompiler compiler(isolate(), kNonStrictMode, kind());
1322 switch (lookup->type()) { 1320 switch (lookup->type()) {
1323 case FIELD: 1321 case FIELD:
1324 return compiler.CompileStoreField(receiver, lookup, name); 1322 return compiler.CompileStoreField(receiver, lookup, name);
1325 case TRANSITION: { 1323 case TRANSITION: {
1326 // Explicitly pass in the receiver map since LookupForWrite may have 1324 // Explicitly pass in the receiver map since LookupForWrite may have
1327 // stored something else than the receiver in the holder. 1325 // stored something else than the receiver in the holder.
1328 Handle<Map> transition(lookup->GetTransitionTarget()); 1326 Handle<Map> transition(lookup->GetTransitionTarget());
1329 PropertyDetails details = transition->GetLastDescriptorDetails(); 1327 PropertyDetails details = transition->GetLastDescriptorDetails();
1330 1328
1331 if (details.type() == CALLBACKS || details.attributes() != NONE) break; 1329 if (details.type() == CALLBACKS || details.attributes() != NONE) break;
1332 1330
1333 return compiler.CompileStoreTransition( 1331 return compiler.CompileStoreTransition(
1334 receiver, lookup, transition, name); 1332 receiver, lookup, transition, name);
1335 } 1333 }
1336 case NORMAL: 1334 case NORMAL:
1337 if (kind() == Code::KEYED_STORE_IC) break; 1335 if (kind() == Code::KEYED_STORE_IC) break;
1338 if (receiver->IsGlobalObject()) { 1336 if (receiver->IsJSGlobalProxy() || receiver->IsGlobalObject()) {
1339 // The stub generated for the global object picks the value directly 1337 // The stub generated for the global object picks the value directly
1340 // from the property cell. So the property must be directly on the 1338 // from the property cell. So the property must be directly on the
1341 // global object. 1339 // global object.
1342 Handle<GlobalObject> global = Handle<GlobalObject>::cast(receiver); 1340 Handle<GlobalObject> global = receiver->IsJSGlobalProxy()
1341 ? handle(GlobalObject::cast(receiver->GetPrototype()))
1342 : Handle<GlobalObject>::cast(receiver);
1343 Handle<PropertyCell> cell(global->GetPropertyCell(lookup), isolate()); 1343 Handle<PropertyCell> cell(global->GetPropertyCell(lookup), isolate());
1344 Handle<HeapType> union_type = PropertyCell::UpdatedType(cell, value); 1344 Handle<HeapType> union_type = PropertyCell::UpdatedType(cell, value);
1345 StoreGlobalStub stub(union_type->IsConstant()); 1345 StoreGlobalStub stub(
1346 1346 union_type->IsConstant(), receiver->IsJSGlobalProxy());
1347 Handle<Code> code = stub.GetCodeCopyFromTemplate( 1347 Handle<Code> code = stub.GetCodeCopyFromTemplate(
1348 isolate(), receiver->map(), *cell); 1348 isolate(), *global, *cell);
1349 // TODO(verwaest): Move caching of these NORMAL stubs outside as well. 1349 // TODO(verwaest): Move caching of these NORMAL stubs outside as well.
1350 HeapObject::UpdateMapCodeCache(receiver, name, code); 1350 HeapObject::UpdateMapCodeCache(receiver, name, code);
1351 return code; 1351 return code;
1352 } 1352 }
1353 ASSERT(holder.is_identical_to(receiver)); 1353 ASSERT(holder.is_identical_to(receiver));
1354 return isolate()->builtins()->StoreIC_Normal(); 1354 return isolate()->builtins()->StoreIC_Normal();
1355 case CALLBACKS: { 1355 case CALLBACKS: {
1356 if (kind() == Code::KEYED_STORE_IC) break; 1356 if (kind() == Code::KEYED_STORE_IC) break;
1357 Handle<Object> callback(lookup->GetCallbackObject(), isolate()); 1357 Handle<Object> callback(lookup->GetCallbackObject(), isolate());
1358 if (callback->IsExecutableAccessorInfo()) { 1358 if (callback->IsExecutableAccessorInfo()) {
(...skipping 20 matching lines...) Expand all
1379 receiver, holder, name, Handle<JSFunction>::cast(setter)); 1379 receiver, holder, name, Handle<JSFunction>::cast(setter));
1380 } 1380 }
1381 // TODO(dcarney): Handle correctly. 1381 // TODO(dcarney): Handle correctly.
1382 if (callback->IsDeclaredAccessorInfo()) break; 1382 if (callback->IsDeclaredAccessorInfo()) break;
1383 ASSERT(callback->IsForeign()); 1383 ASSERT(callback->IsForeign());
1384 // No IC support for old-style native accessors. 1384 // No IC support for old-style native accessors.
1385 break; 1385 break;
1386 } 1386 }
1387 case INTERCEPTOR: 1387 case INTERCEPTOR:
1388 if (kind() == Code::KEYED_STORE_IC) break; 1388 if (kind() == Code::KEYED_STORE_IC) break;
1389 ASSERT(HasInterceptorSetter(*receiver)); 1389 ASSERT(HasInterceptorSetter(*holder));
1390 return compiler.CompileStoreInterceptor(receiver, name); 1390 return compiler.CompileStoreInterceptor(receiver, name);
1391 case CONSTANT: 1391 case CONSTANT:
1392 break; 1392 break;
1393 case NONEXISTENT: 1393 case NONEXISTENT:
1394 case HANDLER: 1394 case HANDLER:
1395 UNREACHABLE(); 1395 UNREACHABLE();
1396 break; 1396 break;
1397 } 1397 }
1398 return slow_stub(); 1398 return slow_stub();
1399 } 1399 }
(...skipping 275 matching lines...) Expand 10 before | Expand all | Expand 10 after
1675 JSObject::cast(*object)->map()->is_observed()); 1675 JSObject::cast(*object)->map()->is_observed());
1676 if (use_ic && !object->IsSmi()) { 1676 if (use_ic && !object->IsSmi()) {
1677 // Don't use ICs for maps of the objects in Array's prototype chain. We 1677 // Don't use ICs for maps of the objects in Array's prototype chain. We
1678 // expect to be able to trap element sets to objects with those maps in 1678 // expect to be able to trap element sets to objects with those maps in
1679 // the runtime to enable optimization of element hole access. 1679 // the runtime to enable optimization of element hole access.
1680 Handle<HeapObject> heap_object = Handle<HeapObject>::cast(object); 1680 Handle<HeapObject> heap_object = Handle<HeapObject>::cast(object);
1681 if (heap_object->map()->IsMapInArrayPrototypeChain()) use_ic = false; 1681 if (heap_object->map()->IsMapInArrayPrototypeChain()) use_ic = false;
1682 } 1682 }
1683 1683
1684 if (use_ic) { 1684 if (use_ic) {
1685 ASSERT(!object->IsJSGlobalProxy()); 1685 ASSERT(!object->IsAccessCheckNeeded());
1686 1686
1687 if (object->IsJSObject()) { 1687 if (object->IsJSObject()) {
1688 Handle<JSObject> receiver = Handle<JSObject>::cast(object); 1688 Handle<JSObject> receiver = Handle<JSObject>::cast(object);
1689 bool key_is_smi_like = key->IsSmi() || !key->ToSmi()->IsFailure(); 1689 bool key_is_smi_like = key->IsSmi() || !key->ToSmi()->IsFailure();
1690 if (receiver->elements()->map() == 1690 if (receiver->elements()->map() ==
1691 isolate()->heap()->non_strict_arguments_elements_map()) { 1691 isolate()->heap()->non_strict_arguments_elements_map()) {
1692 stub = non_strict_arguments_stub(); 1692 stub = non_strict_arguments_stub();
1693 } else if (key_is_smi_like && 1693 } else if (key_is_smi_like &&
1694 !(target().is_identical_to(non_strict_arguments_stub()))) { 1694 !(target().is_identical_to(non_strict_arguments_stub()))) {
1695 // We should go generic if receiver isn't a dictionary, but our 1695 // We should go generic if receiver isn't a dictionary, but our
(...skipping 1117 matching lines...) Expand 10 before | Expand all | Expand 10 after
2813 #undef ADDR 2813 #undef ADDR
2814 }; 2814 };
2815 2815
2816 2816
2817 Address IC::AddressFromUtilityId(IC::UtilityId id) { 2817 Address IC::AddressFromUtilityId(IC::UtilityId id) {
2818 return IC_utilities[id]; 2818 return IC_utilities[id];
2819 } 2819 }
2820 2820
2821 2821
2822 } } // namespace v8::internal 2822 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « src/code-stubs-hydrogen.cc ('k') | src/isolate.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698