| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #if V8_TARGET_ARCH_MIPS64 | 5 #if V8_TARGET_ARCH_MIPS64 |
| 6 | 6 |
| 7 #include "src/code-stubs.h" | 7 #include "src/code-stubs.h" |
| 8 #include "src/api-arguments.h" | 8 #include "src/api-arguments.h" |
| 9 #include "src/bootstrapper.h" | 9 #include "src/bootstrapper.h" |
| 10 #include "src/codegen.h" | 10 #include "src/codegen.h" |
| (...skipping 1432 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1443 | 1443 |
| 1444 StubRuntimeCallHelper call_helper; | 1444 StubRuntimeCallHelper call_helper; |
| 1445 char_at_generator.GenerateSlow(masm, PART_OF_IC_HANDLER, call_helper); | 1445 char_at_generator.GenerateSlow(masm, PART_OF_IC_HANDLER, call_helper); |
| 1446 | 1446 |
| 1447 __ bind(&miss); | 1447 __ bind(&miss); |
| 1448 PropertyAccessCompiler::TailCallBuiltin( | 1448 PropertyAccessCompiler::TailCallBuiltin( |
| 1449 masm, PropertyAccessCompiler::MissBuiltin(Code::KEYED_LOAD_IC)); | 1449 masm, PropertyAccessCompiler::MissBuiltin(Code::KEYED_LOAD_IC)); |
| 1450 } | 1450 } |
| 1451 | 1451 |
| 1452 | 1452 |
| 1453 void InstanceOfStub::Generate(MacroAssembler* masm) { | |
| 1454 Register const object = a1; // Object (lhs). | |
| 1455 Register const function = a0; // Function (rhs). | |
| 1456 Register const object_map = a2; // Map of {object}. | |
| 1457 Register const function_map = a3; // Map of {function}. | |
| 1458 Register const function_prototype = a4; // Prototype of {function}. | |
| 1459 Register const scratch = a5; | |
| 1460 | |
| 1461 DCHECK(object.is(InstanceOfDescriptor::LeftRegister())); | |
| 1462 DCHECK(function.is(InstanceOfDescriptor::RightRegister())); | |
| 1463 | |
| 1464 // Check if {object} is a smi. | |
| 1465 Label object_is_smi; | |
| 1466 __ JumpIfSmi(object, &object_is_smi); | |
| 1467 | |
| 1468 // Lookup the {function} and the {object} map in the global instanceof cache. | |
| 1469 // Note: This is safe because we clear the global instanceof cache whenever | |
| 1470 // we change the prototype of any object. | |
| 1471 Label fast_case, slow_case; | |
| 1472 __ ld(object_map, FieldMemOperand(object, HeapObject::kMapOffset)); | |
| 1473 __ LoadRoot(at, Heap::kInstanceofCacheFunctionRootIndex); | |
| 1474 __ Branch(&fast_case, ne, function, Operand(at)); | |
| 1475 __ LoadRoot(at, Heap::kInstanceofCacheMapRootIndex); | |
| 1476 __ Branch(&fast_case, ne, object_map, Operand(at)); | |
| 1477 __ Ret(USE_DELAY_SLOT); | |
| 1478 __ LoadRoot(v0, Heap::kInstanceofCacheAnswerRootIndex); // In delay slot. | |
| 1479 | |
| 1480 // If {object} is a smi we can safely return false if {function} is a JS | |
| 1481 // function, otherwise we have to miss to the runtime and throw an exception. | |
| 1482 __ bind(&object_is_smi); | |
| 1483 __ JumpIfSmi(function, &slow_case); | |
| 1484 __ GetObjectType(function, function_map, scratch); | |
| 1485 __ Branch(&slow_case, ne, scratch, Operand(JS_FUNCTION_TYPE)); | |
| 1486 __ Ret(USE_DELAY_SLOT); | |
| 1487 __ LoadRoot(v0, Heap::kFalseValueRootIndex); // In delay slot. | |
| 1488 | |
| 1489 // Fast-case: The {function} must be a valid JSFunction. | |
| 1490 __ bind(&fast_case); | |
| 1491 __ JumpIfSmi(function, &slow_case); | |
| 1492 __ GetObjectType(function, function_map, scratch); | |
| 1493 __ Branch(&slow_case, ne, scratch, Operand(JS_FUNCTION_TYPE)); | |
| 1494 | |
| 1495 // Go to the runtime if the function is not a constructor. | |
| 1496 __ lbu(scratch, FieldMemOperand(function_map, Map::kBitFieldOffset)); | |
| 1497 __ And(at, scratch, Operand(1 << Map::kIsConstructor)); | |
| 1498 __ Branch(&slow_case, eq, at, Operand(zero_reg)); | |
| 1499 | |
| 1500 // Ensure that {function} has an instance prototype. | |
| 1501 __ And(at, scratch, Operand(1 << Map::kHasNonInstancePrototype)); | |
| 1502 __ Branch(&slow_case, ne, at, Operand(zero_reg)); | |
| 1503 | |
| 1504 // Get the "prototype" (or initial map) of the {function}. | |
| 1505 __ ld(function_prototype, | |
| 1506 FieldMemOperand(function, JSFunction::kPrototypeOrInitialMapOffset)); | |
| 1507 __ AssertNotSmi(function_prototype); | |
| 1508 | |
| 1509 // Resolve the prototype if the {function} has an initial map. Afterwards the | |
| 1510 // {function_prototype} will be either the JSReceiver prototype object or the | |
| 1511 // hole value, which means that no instances of the {function} were created so | |
| 1512 // far and hence we should return false. | |
| 1513 Label function_prototype_valid; | |
| 1514 __ GetObjectType(function_prototype, scratch, scratch); | |
| 1515 __ Branch(&function_prototype_valid, ne, scratch, Operand(MAP_TYPE)); | |
| 1516 __ ld(function_prototype, | |
| 1517 FieldMemOperand(function_prototype, Map::kPrototypeOffset)); | |
| 1518 __ bind(&function_prototype_valid); | |
| 1519 __ AssertNotSmi(function_prototype); | |
| 1520 | |
| 1521 // Update the global instanceof cache with the current {object} map and | |
| 1522 // {function}. The cached answer will be set when it is known below. | |
| 1523 __ StoreRoot(function, Heap::kInstanceofCacheFunctionRootIndex); | |
| 1524 __ StoreRoot(object_map, Heap::kInstanceofCacheMapRootIndex); | |
| 1525 | |
| 1526 // Loop through the prototype chain looking for the {function} prototype. | |
| 1527 // Assume true, and change to false if not found. | |
| 1528 Register const object_instance_type = function_map; | |
| 1529 Register const map_bit_field = function_map; | |
| 1530 Register const null = scratch; | |
| 1531 Register const result = v0; | |
| 1532 | |
| 1533 Label done, loop, fast_runtime_fallback; | |
| 1534 __ LoadRoot(result, Heap::kTrueValueRootIndex); | |
| 1535 __ LoadRoot(null, Heap::kNullValueRootIndex); | |
| 1536 __ bind(&loop); | |
| 1537 | |
| 1538 // Check if the object needs to be access checked. | |
| 1539 __ lbu(map_bit_field, FieldMemOperand(object_map, Map::kBitFieldOffset)); | |
| 1540 __ And(map_bit_field, map_bit_field, Operand(1 << Map::kIsAccessCheckNeeded)); | |
| 1541 __ Branch(&fast_runtime_fallback, ne, map_bit_field, Operand(zero_reg)); | |
| 1542 // Check if the current object is a Proxy. | |
| 1543 __ lbu(object_instance_type, | |
| 1544 FieldMemOperand(object_map, Map::kInstanceTypeOffset)); | |
| 1545 __ Branch(&fast_runtime_fallback, eq, object_instance_type, | |
| 1546 Operand(JS_PROXY_TYPE)); | |
| 1547 | |
| 1548 __ ld(object, FieldMemOperand(object_map, Map::kPrototypeOffset)); | |
| 1549 __ Branch(&done, eq, object, Operand(function_prototype)); | |
| 1550 __ Branch(USE_DELAY_SLOT, &loop, ne, object, Operand(null)); | |
| 1551 __ ld(object_map, | |
| 1552 FieldMemOperand(object, HeapObject::kMapOffset)); // In delay slot. | |
| 1553 __ LoadRoot(result, Heap::kFalseValueRootIndex); | |
| 1554 __ bind(&done); | |
| 1555 __ Ret(USE_DELAY_SLOT); | |
| 1556 __ StoreRoot(result, | |
| 1557 Heap::kInstanceofCacheAnswerRootIndex); // In delay slot. | |
| 1558 | |
| 1559 // Found Proxy or access check needed: Call the runtime | |
| 1560 __ bind(&fast_runtime_fallback); | |
| 1561 __ Push(object, function_prototype); | |
| 1562 // Invalidate the instanceof cache. | |
| 1563 DCHECK(Smi::FromInt(0) == 0); | |
| 1564 __ StoreRoot(zero_reg, Heap::kInstanceofCacheFunctionRootIndex); | |
| 1565 __ TailCallRuntime(Runtime::kHasInPrototypeChain); | |
| 1566 | |
| 1567 // Slow-case: Call the %InstanceOf runtime function. | |
| 1568 __ bind(&slow_case); | |
| 1569 __ Push(object, function); | |
| 1570 __ TailCallRuntime(is_es6_instanceof() ? Runtime::kOrdinaryHasInstance | |
| 1571 : Runtime::kInstanceOf); | |
| 1572 } | |
| 1573 | |
| 1574 | |
| 1575 void FunctionPrototypeStub::Generate(MacroAssembler* masm) { | 1453 void FunctionPrototypeStub::Generate(MacroAssembler* masm) { |
| 1576 Label miss; | 1454 Label miss; |
| 1577 Register receiver = LoadDescriptor::ReceiverRegister(); | 1455 Register receiver = LoadDescriptor::ReceiverRegister(); |
| 1578 // Ensure that the vector and slot registers won't be clobbered before | 1456 // Ensure that the vector and slot registers won't be clobbered before |
| 1579 // calling the miss handler. | 1457 // calling the miss handler. |
| 1580 DCHECK(!AreAliased(a4, a5, LoadWithVectorDescriptor::VectorRegister(), | 1458 DCHECK(!AreAliased(a4, a5, LoadWithVectorDescriptor::VectorRegister(), |
| 1581 LoadWithVectorDescriptor::SlotRegister())); | 1459 LoadWithVectorDescriptor::SlotRegister())); |
| 1582 | 1460 |
| 1583 NamedLoadHandlerCompiler::GenerateLoadFunctionPrototype(masm, receiver, a4, | 1461 NamedLoadHandlerCompiler::GenerateLoadFunctionPrototype(masm, receiver, a4, |
| 1584 a5, &miss); | 1462 a5, &miss); |
| (...skipping 4195 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5780 kStackUnwindSpace, kInvalidStackOffset, | 5658 kStackUnwindSpace, kInvalidStackOffset, |
| 5781 return_value_operand, NULL); | 5659 return_value_operand, NULL); |
| 5782 } | 5660 } |
| 5783 | 5661 |
| 5784 #undef __ | 5662 #undef __ |
| 5785 | 5663 |
| 5786 } // namespace internal | 5664 } // namespace internal |
| 5787 } // namespace v8 | 5665 } // namespace v8 |
| 5788 | 5666 |
| 5789 #endif // V8_TARGET_ARCH_MIPS64 | 5667 #endif // V8_TARGET_ARCH_MIPS64 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1980483003:
[es6] Reintroduce the instanceof operator in the backends. (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master