| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #if V8_TARGET_ARCH_MIPS | 5 #if V8_TARGET_ARCH_MIPS |
| 6 | 6 |
| 7 #include "src/code-stubs.h" | 7 #include "src/code-stubs.h" |
| 8 #include "src/api-arguments.h" | 8 #include "src/api-arguments.h" |
| 9 #include "src/base/bits.h" | 9 #include "src/base/bits.h" |
| 10 #include "src/bootstrapper.h" | 10 #include "src/bootstrapper.h" |
| (...skipping 1436 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1447 | 1447 |
| 1448 StubRuntimeCallHelper call_helper; | 1448 StubRuntimeCallHelper call_helper; |
| 1449 char_at_generator.GenerateSlow(masm, PART_OF_IC_HANDLER, call_helper); | 1449 char_at_generator.GenerateSlow(masm, PART_OF_IC_HANDLER, call_helper); |
| 1450 | 1450 |
| 1451 __ bind(&miss); | 1451 __ bind(&miss); |
| 1452 PropertyAccessCompiler::TailCallBuiltin( | 1452 PropertyAccessCompiler::TailCallBuiltin( |
| 1453 masm, PropertyAccessCompiler::MissBuiltin(Code::KEYED_LOAD_IC)); | 1453 masm, PropertyAccessCompiler::MissBuiltin(Code::KEYED_LOAD_IC)); |
| 1454 } | 1454 } |
| 1455 | 1455 |
| 1456 | 1456 |
| 1457 void InstanceOfStub::Generate(MacroAssembler* masm) { | |
| 1458 Register const object = a1; // Object (lhs). | |
| 1459 Register const function = a0; // Function (rhs). | |
| 1460 Register const object_map = a2; // Map of {object}. | |
| 1461 Register const function_map = a3; // Map of {function}. | |
| 1462 Register const function_prototype = t0; // Prototype of {function}. | |
| 1463 Register const scratch = t1; | |
| 1464 | |
| 1465 DCHECK(object.is(InstanceOfDescriptor::LeftRegister())); | |
| 1466 DCHECK(function.is(InstanceOfDescriptor::RightRegister())); | |
| 1467 | |
| 1468 // Check if {object} is a smi. | |
| 1469 Label object_is_smi; | |
| 1470 __ JumpIfSmi(object, &object_is_smi); | |
| 1471 | |
| 1472 // Lookup the {function} and the {object} map in the global instanceof cache. | |
| 1473 // Note: This is safe because we clear the global instanceof cache whenever | |
| 1474 // we change the prototype of any object. | |
| 1475 Label fast_case, slow_case; | |
| 1476 __ lw(object_map, FieldMemOperand(object, HeapObject::kMapOffset)); | |
| 1477 __ LoadRoot(at, Heap::kInstanceofCacheFunctionRootIndex); | |
| 1478 __ Branch(&fast_case, ne, function, Operand(at)); | |
| 1479 __ LoadRoot(at, Heap::kInstanceofCacheMapRootIndex); | |
| 1480 __ Branch(&fast_case, ne, object_map, Operand(at)); | |
| 1481 __ Ret(USE_DELAY_SLOT); | |
| 1482 __ LoadRoot(v0, Heap::kInstanceofCacheAnswerRootIndex); // In delay slot. | |
| 1483 | |
| 1484 // If {object} is a smi we can safely return false if {function} is a JS | |
| 1485 // function, otherwise we have to miss to the runtime and throw an exception. | |
| 1486 __ bind(&object_is_smi); | |
| 1487 __ JumpIfSmi(function, &slow_case); | |
| 1488 __ GetObjectType(function, function_map, scratch); | |
| 1489 __ Branch(&slow_case, ne, scratch, Operand(JS_FUNCTION_TYPE)); | |
| 1490 __ Ret(USE_DELAY_SLOT); | |
| 1491 __ LoadRoot(v0, Heap::kFalseValueRootIndex); // In delay slot. | |
| 1492 | |
| 1493 // Fast-case: The {function} must be a valid JSFunction. | |
| 1494 __ bind(&fast_case); | |
| 1495 __ JumpIfSmi(function, &slow_case); | |
| 1496 __ GetObjectType(function, function_map, scratch); | |
| 1497 __ Branch(&slow_case, ne, scratch, Operand(JS_FUNCTION_TYPE)); | |
| 1498 | |
| 1499 // Go to the runtime if the function is not a constructor. | |
| 1500 __ lbu(scratch, FieldMemOperand(function_map, Map::kBitFieldOffset)); | |
| 1501 __ And(at, scratch, Operand(1 << Map::kIsConstructor)); | |
| 1502 __ Branch(&slow_case, eq, at, Operand(zero_reg)); | |
| 1503 | |
| 1504 // Ensure that {function} has an instance prototype. | |
| 1505 __ And(at, scratch, Operand(1 << Map::kHasNonInstancePrototype)); | |
| 1506 __ Branch(&slow_case, ne, at, Operand(zero_reg)); | |
| 1507 | |
| 1508 // Get the "prototype" (or initial map) of the {function}. | |
| 1509 __ lw(function_prototype, | |
| 1510 FieldMemOperand(function, JSFunction::kPrototypeOrInitialMapOffset)); | |
| 1511 __ AssertNotSmi(function_prototype); | |
| 1512 | |
| 1513 // Resolve the prototype if the {function} has an initial map. Afterwards the | |
| 1514 // {function_prototype} will be either the JSReceiver prototype object or the | |
| 1515 // hole value, which means that no instances of the {function} were created so | |
| 1516 // far and hence we should return false. | |
| 1517 Label function_prototype_valid; | |
| 1518 __ GetObjectType(function_prototype, scratch, scratch); | |
| 1519 __ Branch(&function_prototype_valid, ne, scratch, Operand(MAP_TYPE)); | |
| 1520 __ lw(function_prototype, | |
| 1521 FieldMemOperand(function_prototype, Map::kPrototypeOffset)); | |
| 1522 __ bind(&function_prototype_valid); | |
| 1523 __ AssertNotSmi(function_prototype); | |
| 1524 | |
| 1525 // Update the global instanceof cache with the current {object} map and | |
| 1526 // {function}. The cached answer will be set when it is known below. | |
| 1527 __ StoreRoot(function, Heap::kInstanceofCacheFunctionRootIndex); | |
| 1528 __ StoreRoot(object_map, Heap::kInstanceofCacheMapRootIndex); | |
| 1529 | |
| 1530 // Loop through the prototype chain looking for the {function} prototype. | |
| 1531 // Assume true, and change to false if not found. | |
| 1532 Register const object_instance_type = function_map; | |
| 1533 Register const map_bit_field = function_map; | |
| 1534 Register const null = scratch; | |
| 1535 Register const result = v0; | |
| 1536 | |
| 1537 Label done, loop, fast_runtime_fallback; | |
| 1538 __ LoadRoot(result, Heap::kTrueValueRootIndex); | |
| 1539 __ LoadRoot(null, Heap::kNullValueRootIndex); | |
| 1540 __ bind(&loop); | |
| 1541 | |
| 1542 // Check if the object needs to be access checked. | |
| 1543 __ lbu(map_bit_field, FieldMemOperand(object_map, Map::kBitFieldOffset)); | |
| 1544 __ And(map_bit_field, map_bit_field, Operand(1 << Map::kIsAccessCheckNeeded)); | |
| 1545 __ Branch(&fast_runtime_fallback, ne, map_bit_field, Operand(zero_reg)); | |
| 1546 // Check if the current object is a Proxy. | |
| 1547 __ lbu(object_instance_type, | |
| 1548 FieldMemOperand(object_map, Map::kInstanceTypeOffset)); | |
| 1549 __ Branch(&fast_runtime_fallback, eq, object_instance_type, | |
| 1550 Operand(JS_PROXY_TYPE)); | |
| 1551 | |
| 1552 __ lw(object, FieldMemOperand(object_map, Map::kPrototypeOffset)); | |
| 1553 __ Branch(&done, eq, object, Operand(function_prototype)); | |
| 1554 __ Branch(USE_DELAY_SLOT, &loop, ne, object, Operand(null)); | |
| 1555 __ lw(object_map, | |
| 1556 FieldMemOperand(object, HeapObject::kMapOffset)); // In delay slot. | |
| 1557 __ LoadRoot(result, Heap::kFalseValueRootIndex); | |
| 1558 __ bind(&done); | |
| 1559 __ Ret(USE_DELAY_SLOT); | |
| 1560 __ StoreRoot(result, | |
| 1561 Heap::kInstanceofCacheAnswerRootIndex); // In delay slot. | |
| 1562 | |
| 1563 // Found Proxy or access check needed: Call the runtime | |
| 1564 __ bind(&fast_runtime_fallback); | |
| 1565 __ Push(object, function_prototype); | |
| 1566 // Invalidate the instanceof cache. | |
| 1567 DCHECK(Smi::FromInt(0) == 0); | |
| 1568 __ StoreRoot(zero_reg, Heap::kInstanceofCacheFunctionRootIndex); | |
| 1569 __ TailCallRuntime(Runtime::kHasInPrototypeChain); | |
| 1570 | |
| 1571 // Slow-case: Call the %InstanceOf runtime function. | |
| 1572 __ bind(&slow_case); | |
| 1573 __ Push(object, function); | |
| 1574 __ TailCallRuntime(is_es6_instanceof() ? Runtime::kOrdinaryHasInstance | |
| 1575 : Runtime::kInstanceOf); | |
| 1576 } | |
| 1577 | |
| 1578 | |
| 1579 void FunctionPrototypeStub::Generate(MacroAssembler* masm) { | 1457 void FunctionPrototypeStub::Generate(MacroAssembler* masm) { |
| 1580 Label miss; | 1458 Label miss; |
| 1581 Register receiver = LoadDescriptor::ReceiverRegister(); | 1459 Register receiver = LoadDescriptor::ReceiverRegister(); |
| 1582 // Ensure that the vector and slot registers won't be clobbered before | 1460 // Ensure that the vector and slot registers won't be clobbered before |
| 1583 // calling the miss handler. | 1461 // calling the miss handler. |
| 1584 DCHECK(!AreAliased(t0, t1, LoadWithVectorDescriptor::VectorRegister(), | 1462 DCHECK(!AreAliased(t0, t1, LoadWithVectorDescriptor::VectorRegister(), |
| 1585 LoadWithVectorDescriptor::SlotRegister())); | 1463 LoadWithVectorDescriptor::SlotRegister())); |
| 1586 | 1464 |
| 1587 NamedLoadHandlerCompiler::GenerateLoadFunctionPrototype(masm, receiver, t0, | 1465 NamedLoadHandlerCompiler::GenerateLoadFunctionPrototype(masm, receiver, t0, |
| 1588 t1, &miss); | 1466 t1, &miss); |
| (...skipping 4159 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5748 kStackUnwindSpace, kInvalidStackOffset, | 5626 kStackUnwindSpace, kInvalidStackOffset, |
| 5749 return_value_operand, NULL); | 5627 return_value_operand, NULL); |
| 5750 } | 5628 } |
| 5751 | 5629 |
| 5752 #undef __ | 5630 #undef __ |
| 5753 | 5631 |
| 5754 } // namespace internal | 5632 } // namespace internal |
| 5755 } // namespace v8 | 5633 } // namespace v8 |
| 5756 | 5634 |
| 5757 #endif // V8_TARGET_ARCH_MIPS | 5635 #endif // V8_TARGET_ARCH_MIPS |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1980483003:
[es6] Reintroduce the instanceof operator in the backends. (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master