Use a dictionary-mode code cache on the map rather than a dual system.

src/ic/ic.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/ic/ic.h"
 
 #include "src/accessors.h"
 #include "src/api.h"
 #include "src/api-arguments.h"
 #include "src/arguments.h"
@@ skipping 20 matching lines @@
 namespace internal {
 
 char IC::TransitionMarkFromState(IC::State state) {
   switch (state) {
     case UNINITIALIZED:
       return '0';
     case PREMONOMORPHIC:
       return '.';
     case MONOMORPHIC:
       return '1';
-    case PROTOTYPE_FAILURE:
+    case RECOMPUTE_HANDLER:
       return '^';
     case POLYMORPHIC:
       return 'P';
     case MEGAMORPHIC:
       return 'N';
     case GENERIC:
       return 'G';
 
     // We never see the debugger states here, because the state is
     // computed from the original code - not the patched code. Let
@@ skipping 199 matching lines @@
         }
         return;
       case LookupIterator::ACCESSOR:
       case LookupIterator::INTEGER_INDEXED_EXOTIC:
       case LookupIterator::DATA:
         return;
     }
   }
 }
 
-
-bool IC::TryRemoveInvalidPrototypeDependentStub(Handle<Object> receiver,
-                                                Handle<String> name) {
-  if (!IsNameCompatibleWithPrototypeFailure(name)) return false;
+bool IC::ShouldRecomputeHandler(Handle<Object> receiver, Handle<String> name) {
+  if (!RecomputeHandlerForName(name)) return false;
   if (UseVector()) {
     maybe_handler_ = nexus()->FindHandlerForMap(receiver_map());
   } else {
     maybe_handler_ = target()->FindHandlerForMap(*receiver_map());
   }
 
   // The current map wasn't handled yet. There's no reason to stay monomorphic,
   // *unless* we're moving from a deprecated map to its replacement, or
   // to a more general elements kind.
   // TODO(verwaest): Check if the current map is actually what the old map
   // would transition to.
   if (maybe_handler_.is_null()) {
     if (!receiver_map()->IsJSObjectMap()) return false;
     Map* first_map = FirstTargetMap();
     if (first_map == NULL) return false;
     Handle<Map> old_map(first_map);
     if (old_map->is_deprecated()) return true;
     return IsMoreGeneralElementsKindTransition(old_map->elements_kind(),
                                                receiver_map()->elements_kind());
   }
 
-  CacheHolderFlag flag;
-  Handle<Map> ic_holder_map(GetICCacheHolder(receiver_map(), isolate(), &flag));
-
-  DCHECK(flag != kCacheOnReceiver || receiver->IsJSObject());
-  DCHECK(flag != kCacheOnPrototype || !receiver->IsJSReceiver());
-  DCHECK(flag != kCacheOnPrototypeReceiverIsDictionary);
-
-  if (state() == MONOMORPHIC) {
-    int index = ic_holder_map->IndexInCodeCache(*name, *target());
-    if (index >= 0) {
-      ic_holder_map->RemoveFromCodeCache(*name, *target(), index);
-    }
-  }
-
   if (receiver->IsJSGlobalObject()) {
     Handle<JSGlobalObject> global = Handle<JSGlobalObject>::cast(receiver);
     LookupIterator it(global, name, LookupIterator::OWN_SKIP_INTERCEPTOR);
     if (it.state() == LookupIterator::ACCESS_CHECK) return false;
     if (!it.IsFound()) return false;
     return it.property_details().cell_type() == PropertyCellType::kConstant;
   }
 
   return true;
 }
 
-
-bool IC::IsNameCompatibleWithPrototypeFailure(Handle<Object> name) {
+bool IC::RecomputeHandlerForName(Handle<Object> name) {
   if (target()->is_keyed_stub()) {
     // Determine whether the failure is due to a name failure.
     if (!name->IsName()) return false;
     Name* stub_name =
         UseVector() ? nexus()->FindFirstName() : target()->FindFirstName();
     if (*name != stub_name) return false;
   }
 
   return true;
 }
 
 
 void IC::UpdateState(Handle<Object> receiver, Handle<Object> name) {
   update_receiver_map(receiver);
   if (!name->IsString()) return;
   if (state() != MONOMORPHIC && state() != POLYMORPHIC) return;
   if (receiver->IsUndefined() || receiver->IsNull()) return;
 
   // Remove the target from the code cache if it became invalid
   // because of changes in the prototype chain to avoid hitting it
   // again.
-  if (TryRemoveInvalidPrototypeDependentStub(receiver,
-                                             Handle<String>::cast(name))) {
-    MarkPrototypeFailure(name);
-    return;
+  if (ShouldRecomputeHandler(receiver, Handle<String>::cast(name))) {
+    MarkRecomputeHandler(name);
   }
 }
 
 
 MaybeHandle<Object> IC::TypeError(MessageTemplate::Template index,
                                   Handle<Object> object, Handle<Object> key) {
   HandleScope scope(isolate());
   THROW_NEW_ERROR(isolate(), NewTypeError(index, key, object), Object);
 }
 
@@ skipping 27 matching lines @@
       }
       break;
     case MEGAMORPHIC:
     case GENERIC:
       if (new_state == MEGAMORPHIC || new_state == GENERIC) break;
       *generic_delta = -1;
       if (new_state == MONOMORPHIC || new_state == POLYMORPHIC) {
         *polymorphic_delta = 1;
       }
       break;
-    case PROTOTYPE_FAILURE:
+    case RECOMPUTE_HANDLER:
     case DEBUG_STUB:
       UNREACHABLE();
   }
 }
 
 
 void IC::OnTypeFeedbackChanged(Isolate* isolate, Address address,
                                State old_state, State new_state,
                                bool target_remains_ic_stub) {
   Code* host =
@@ skipping 57 matching lines @@
 }
 
 
 void IC::Clear(Isolate* isolate, Address address, Address constant_pool) {
   Code* target = GetTargetAtAddress(address, constant_pool);
 
   // Don't clear debug break inline cache as it will remove the break point.
   if (target->is_debug_stub()) return;
 
   switch (target->kind()) {
-    case Code::LOAD_IC:
-    case Code::KEYED_LOAD_IC:
-    case Code::STORE_IC:
-    case Code::KEYED_STORE_IC:
-      return;
     case Code::COMPARE_IC:
       return CompareIC::Clear(isolate, address, target, constant_pool);
+    case Code::BINARY_OP_IC:
     case Code::CALL_IC:  // CallICs are vector-based and cleared differently.
-    case Code::BINARY_OP_IC:
+    case Code::KEYED_LOAD_IC:
+    case Code::KEYED_STORE_IC:
+    case Code::LOAD_IC:
+    case Code::STORE_IC:
     case Code::TO_BOOLEAN_IC:
       // Clearing these is tricky and does not
       // make any performance difference.
       return;
     default:
       UNREACHABLE();
   }
 }
 
 
@@ skipping 20 matching lines @@
 }
 
 
 void LoadIC::Clear(Isolate* isolate, Code* host, LoadICNexus* nexus) {
   if (IsCleared(nexus)) return;
   nexus->ConfigurePremonomorphic();
   OnTypeFeedbackChanged(isolate, host);
 }
 
 
-void StoreIC::Clear(Isolate* isolate, Address address, Code* target,
-                    Address constant_pool) {
-  if (IsCleared(target)) return;
-  Code* code = PropertyICCompiler::FindPreMonomorphic(isolate, Code::STORE_IC,
-                                                      target->extra_ic_state());
-  SetTargetAtAddress(address, code, constant_pool);
-}
-
-
 void StoreIC::Clear(Isolate* isolate, Code* host, StoreICNexus* nexus) {
   if (IsCleared(nexus)) return;
   nexus->ConfigurePremonomorphic();
   OnTypeFeedbackChanged(isolate, host);
 }
 
 
-void KeyedStoreIC::Clear(Isolate* isolate, Address address, Code* target,
-                         Address constant_pool) {
-  if (IsCleared(target)) return;
-  Handle<Code> code = pre_monomorphic_stub(
-      isolate, StoreICState::GetLanguageMode(target->extra_ic_state()));
-  SetTargetAtAddress(address, *code, constant_pool);
-}
-
-
 void KeyedStoreIC::Clear(Isolate* isolate, Code* host,
                          KeyedStoreICNexus* nexus) {
   if (IsCleared(nexus)) return;
   nexus->ConfigurePremonomorphic();
   OnTypeFeedbackChanged(isolate, host);
 }
 
 
 void CompareIC::Clear(Isolate* isolate, Address address, Code* target,
                       Address constant_pool) {
@@ skipping 188 matching lines @@
       return false;
     }
   }
   receiver_maps->Add(new_receiver_map);
   return true;
 }
 
 
 bool IC::UpdatePolymorphicIC(Handle<Name> name, Handle<Code> code) {
   if (!code->is_handler()) return false;
-  if (target()->is_keyed_stub() && state() != PROTOTYPE_FAILURE) return false;
+  if (target()->is_keyed_stub() && state() != RECOMPUTE_HANDLER) return false;
   Handle<Map> map = receiver_map();
   MapHandleList maps;
   CodeHandleList handlers;
 
   TargetMaps(&maps);
   int number_of_maps = maps.length();
   int deprecated_maps = 0;
   int handler_to_overwrite = -1;
 
   for (int i = 0; i < number_of_maps; i++) {
@@ skipping 80 matching lines @@
   return transitioned_map == target_map;
 }
 
 
 void IC::PatchCache(Handle<Name> name, Handle<Code> code) {
   switch (state()) {
     case UNINITIALIZED:
     case PREMONOMORPHIC:
       UpdateMonomorphicIC(code, name);
       break;
-    case PROTOTYPE_FAILURE:
+    case RECOMPUTE_HANDLER:
     case MONOMORPHIC:
     case POLYMORPHIC:
-      if (!target()->is_keyed_stub() || state() == PROTOTYPE_FAILURE) {
+      if (!target()->is_keyed_stub() || state() == RECOMPUTE_HANDLER) {
         if (UpdatePolymorphicIC(name, code)) break;
         // For keyed stubs, we can't know whether old handlers were for the
         // same key.
         CopyICToMegamorphicCache(name);
       }
       if (UseVector()) {
         ConfigureVectorState(MEGAMORPHIC);
       } else {
         set_target(*megamorphic_stub());
       }
@@ skipping 40 matching lines @@
     return KeyedLoadICStub(isolate, LoadICState(extra_state)).GetCode();
   }
   return isolate->builtins()->KeyedLoadIC_Megamorphic();
 }
 
 
 static Handle<Code> KeyedStoreICInitializeStubHelper(
     Isolate* isolate, LanguageMode language_mode,
     InlineCacheState initialization_state) {
   switch (initialization_state) {
-    case UNINITIALIZED:
-      return is_strict(language_mode)
-                 ? isolate->builtins()->KeyedStoreIC_Initialize_Strict()
-                 : isolate->builtins()->KeyedStoreIC_Initialize();
-    case PREMONOMORPHIC:
-      return is_strict(language_mode)
-                 ? isolate->builtins()->KeyedStoreIC_PreMonomorphic_Strict()
-                 : isolate->builtins()->KeyedStoreIC_PreMonomorphic();
     case MEGAMORPHIC:
       return is_strict(language_mode)
                  ? isolate->builtins()->KeyedStoreIC_Megamorphic_Strict()
                  : isolate->builtins()->KeyedStoreIC_Megamorphic();
     default:
       UNREACHABLE();
   }
   return Handle<Code>();
 }
 
@@ skipping 134 matching lines @@
 
 
 Handle<Code> IC::ComputeHandler(LookupIterator* lookup, Handle<Object> value) {
   bool receiver_is_holder =
       lookup->GetReceiver().is_identical_to(lookup->GetHolder<JSObject>());
   CacheHolderFlag flag;
   Handle<Map> stub_holder_map = IC::GetHandlerCacheHolder(
       receiver_map(), receiver_is_holder, isolate(), &flag);
 
   Handle<Code> code = PropertyHandlerCompiler::Find(
-      lookup->name(), stub_holder_map, kind(), flag,
-      lookup->is_dictionary_holder() ? Code::NORMAL : Code::FAST);
+      lookup->name(), stub_holder_map, kind(), flag);
   // Use the cached value if it exists, and if it is different from the
   // handler that just missed.
   if (!code.is_null()) {
-    if (!maybe_handler_.is_null() &&
-        !maybe_handler_.ToHandleChecked().is_identical_to(code)) {
-      return code;
-    }
-    if (maybe_handler_.is_null()) {
+    Handle<Code> handler;
+    if (maybe_handler_.ToHandle(&handler)) {
+      if (!handler.is_identical_to(code)) return code;
+    } else {
       // maybe_handler_ is only populated for MONOMORPHIC and POLYMORPHIC ICs.
       // In MEGAMORPHIC case, check if the handler in the megamorphic stub
       // cache (which just missed) is different from the cached handler.
       if (state() == MEGAMORPHIC && lookup->GetReceiver()->IsHeapObject()) {
         Map* map = Handle<HeapObject>::cast(lookup->GetReceiver())->map();
         Code* megamorphic_cached_code =
             isolate()->stub_cache()->Get(*lookup->name(), map, code->flags());
         if (megamorphic_cached_code != *code) return code;
       } else {
         return code;
       }
     }
   }
 
   code = CompileHandler(lookup, value, flag);
   DCHECK(code->is_handler());
 
   // TODO(mvstanton): we'd only like to cache code on the map when it's custom
   // code compiled for this map, otherwise it's already cached in the global
   // code cache. We are also guarding against installing code with flags that
   // don't match the desired CacheHolderFlag computed above, which would lead to
   // invalid lookups later.
-  if (code->type() != Code::NORMAL &&
-      Code::ExtractCacheHolderFromFlags(code->flags()) == flag) {
+  bool is_normal = receiver_is_holder &&
+                   !lookup->GetHolder<JSReceiver>()->HasFastProperties();
+  if (!is_normal && Code::ExtractCacheHolderFromFlags(code->flags()) == flag) {
     Map::UpdateCodeCache(stub_holder_map, lookup->name(), code);
   }
 
   return code;
 }
 
 
 Handle<Code> LoadIC::CompileHandler(LookupIterator* lookup,
                                     Handle<Object> unused,
                                     CacheHolderFlag cache_holder) {
@@ skipping 518 matching lines @@
 Handle<Code> StoreIC::slow_stub() const {
   if (kind() == Code::STORE_IC) {
     return isolate()->builtins()->StoreIC_Slow();
   } else {
     DCHECK(kind() == Code::KEYED_STORE_IC);
     return isolate()->builtins()->KeyedStoreIC_Slow();
   }
 }
 
 
-Handle<Code> StoreIC::pre_monomorphic_stub(Isolate* isolate,
-                                           LanguageMode language_mode) {
-  ExtraICState state = ComputeExtraICState(language_mode);
-  return PropertyICCompiler::ComputeStore(isolate, PREMONOMORPHIC, state);
-}
-
-
 void StoreIC::UpdateCaches(LookupIterator* lookup, Handle<Object> value,
                            JSReceiver::StoreFromKeyed store_mode) {
   if (state() == UNINITIALIZED) {
     // This is the first time we execute this inline cache. Set the target to
     // the pre monomorphic stub to delay setting the monomorphic state.
     ConfigureVectorState(PREMONOMORPHIC);
     TRACE_IC("StoreIC", lookup->name());
     return;
   }
 
@@ skipping 160 matching lines @@
     case LookupIterator::JSPROXY:
     case LookupIterator::NOT_FOUND:
       UNREACHABLE();
   }
   return slow_stub();
 }
 
 
 Handle<Code> KeyedStoreIC::StoreElementStub(Handle<Map> receiver_map,
                                             KeyedAccessStoreMode store_mode) {
-  Handle<Code> null_handle;
-  // Don't handle megamorphic property accesses for INTERCEPTORS or
-  // ACCESSOR_CONSTANT
-  // via megamorphic stubs, since they don't have a map in their relocation info
-  // and so the stubs can't be harvested for the object needed for a map check.
-  if (target()->type() != Code::NORMAL) {
-    TRACE_GENERIC_IC(isolate(), "KeyedStoreIC", "non-NORMAL target type");
-    return megamorphic_stub();
-  }
-
   MapHandleList target_receiver_maps;
   TargetMaps(&target_receiver_maps);
   if (target_receiver_maps.length() == 0) {
     Handle<Map> monomorphic_map =
         ComputeTransitionedMap(receiver_map, store_mode);
     store_mode = GetNonTransitioningStoreMode(store_mode);
     Handle<Code> handler =
         PropertyICCompiler::ComputeKeyedStoreMonomorphicHandler(
             monomorphic_map, language_mode(), store_mode);
     ConfigureVectorState(Handle<Name>::null(), monomorphic_map, handler);
-    return null_handle;
+    return Handle<Code>();
   }
 
   // There are several special cases where an IC that is MONOMORPHIC can still
   // transition to a different GetNonTransitioningStoreMode IC that handles a
   // superset of the original IC. Handle those here if the receiver map hasn't
   // changed or it has transitioned to a more general kind.
   KeyedAccessStoreMode old_store_mode = GetKeyedAccessStoreMode();
   Handle<Map> previous_receiver_map = target_receiver_maps.at(0);
   if (state() == MONOMORPHIC) {
     Handle<Map> transitioned_receiver_map = receiver_map;
     if (IsTransitionStoreMode(store_mode)) {
       transitioned_receiver_map =
           ComputeTransitionedMap(receiver_map, store_mode);
     }
     if ((receiver_map.is_identical_to(previous_receiver_map) &&
          IsTransitionStoreMode(store_mode)) ||
         IsTransitionOfMonomorphicTarget(*previous_receiver_map,
                                         *transitioned_receiver_map)) {
       // If the "old" and "new" maps are in the same elements map family, or
       // if they at least come from the same origin for a transitioning store,
       // stay MONOMORPHIC and use the map for the most generic ElementsKind.
       store_mode = GetNonTransitioningStoreMode(store_mode);
       Handle<Code> handler =
           PropertyICCompiler::ComputeKeyedStoreMonomorphicHandler(
               transitioned_receiver_map, language_mode(), store_mode);
       ConfigureVectorState(Handle<Name>::null(), transitioned_receiver_map,
                            handler);
-      return null_handle;
+      return Handle<Code>();
     } else if (receiver_map.is_identical_to(previous_receiver_map) &&
                old_store_mode == STANDARD_STORE &&
                (store_mode == STORE_AND_GROW_NO_TRANSITION ||
                 store_mode == STORE_NO_TRANSITION_IGNORE_OUT_OF_BOUNDS ||
                 store_mode == STORE_NO_TRANSITION_HANDLE_COW)) {
       // A "normal" IC that handles stores can switch to a version that can
       // grow at the end of the array, handle OOB accesses or copy COW arrays
       // and still stay MONOMORPHIC.
       Handle<Code> handler =
           PropertyICCompiler::ComputeKeyedStoreMonomorphicHandler(
               receiver_map, language_mode(), store_mode);
       ConfigureVectorState(Handle<Name>::null(), receiver_map, handler);
-      return null_handle;
+      return Handle<Code>();
     }
   }
 
   DCHECK(state() != GENERIC);
 
   bool map_added =
       AddOneReceiverMapIfMissing(&target_receiver_maps, receiver_map);
 
   if (IsTransitionStoreMode(store_mode)) {
     Handle<Map> transitioned_receiver_map =
@@ skipping 44 matching lines @@
       return megamorphic_stub();
     }
   }
 
   MapHandleList transitioned_maps(target_receiver_maps.length());
   CodeHandleList handlers(target_receiver_maps.length());
   PropertyICCompiler::ComputeKeyedStorePolymorphicHandlers(
       &target_receiver_maps, &transitioned_maps, &handlers, store_mode,
       language_mode());
   ConfigureVectorState(&target_receiver_maps, &transitioned_maps, &handlers);
-  return null_handle;
+  return Handle<Code>();
 }
 
 
 Handle<Map> KeyedStoreIC::ComputeTransitionedMap(
     Handle<Map> map, KeyedAccessStoreMode store_mode) {
   switch (store_mode) {
     case STORE_TRANSITION_TO_OBJECT:
     case STORE_AND_GROW_TRANSITION_TO_OBJECT: {
       ElementsKind kind = IsFastHoleyElementsKind(map->elements_kind())
                               ? FAST_HOLEY_ELEMENTS
@@ skipping 990 matching lines @@
     KeyedLoadICNexus nexus(vector, vector_slot);
     KeyedLoadIC ic(IC::EXTRA_CALL_FRAME, isolate, &nexus);
     ic.UpdateState(receiver, key);
     ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result, ic.Load(receiver, key));
   }
 
   return *result;
 }
 }  // namespace internal
 }  // namespace v8