[LoadIC] Handle simple field loads in the dispatcher

src/ic/ic.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/ic/ic.h"
 
 #include "src/accessors.h"
 #include "src/api-arguments-inl.h"
 #include "src/api.h"
 #include "src/arguments.h"
@@ skipping 523 matching lines @@
       nexus->ConfigureMegamorphicKeyed(key->IsName() ? PROPERTY : ELEMENT);
     }
   } else {
     UNREACHABLE();
   }
 
   vector_set_ = true;
   OnTypeFeedbackChanged(isolate(), get_host());
 }
 
-
 void IC::ConfigureVectorState(Handle<Name> name, Handle<Map> map,
-                              Handle<Code> handler) {
+                              Handle<Object> handler) {
   DCHECK(UseVector());
   if (kind() == Code::LOAD_IC) {
     LoadICNexus* nexus = casted_nexus<LoadICNexus>();
     nexus->ConfigureMonomorphic(map, handler);
   } else if (kind() == Code::LOAD_GLOBAL_IC) {
     LoadGlobalICNexus* nexus = casted_nexus<LoadGlobalICNexus>();
-    nexus->ConfigureHandlerMode(handler);
+    nexus->ConfigureHandlerMode(Handle<Code>::cast(handler));
   } else if (kind() == Code::KEYED_LOAD_IC) {
     KeyedLoadICNexus* nexus = casted_nexus<KeyedLoadICNexus>();
-    nexus->ConfigureMonomorphic(name, map, handler);
+    nexus->ConfigureMonomorphic(name, map, Handle<Code>::cast(handler));
   } else if (kind() == Code::STORE_IC) {
     StoreICNexus* nexus = casted_nexus<StoreICNexus>();
-    nexus->ConfigureMonomorphic(map, handler);
+    nexus->ConfigureMonomorphic(map, Handle<Code>::cast(handler));
   } else {
     DCHECK(kind() == Code::KEYED_STORE_IC);
     KeyedStoreICNexus* nexus = casted_nexus<KeyedStoreICNexus>();
-    nexus->ConfigureMonomorphic(name, map, handler);
+    nexus->ConfigureMonomorphic(name, map, Handle<Code>::cast(handler));
   }
 
   vector_set_ = true;
   OnTypeFeedbackChanged(isolate(), get_host());
 }
 
-
 void IC::ConfigureVectorState(Handle<Name> name, MapHandleList* maps,
-                              CodeHandleList* handlers) {
+                              List<Handle<Object>>* handlers) {
   DCHECK(UseVector());
   if (kind() == Code::LOAD_IC) {
     LoadICNexus* nexus = casted_nexus<LoadICNexus>();
     nexus->ConfigurePolymorphic(maps, handlers);
   } else if (kind() == Code::KEYED_LOAD_IC) {
     KeyedLoadICNexus* nexus = casted_nexus<KeyedLoadICNexus>();
     nexus->ConfigurePolymorphic(name, maps, handlers);
   } else if (kind() == Code::STORE_IC) {
     StoreICNexus* nexus = casted_nexus<StoreICNexus>();
     nexus->ConfigurePolymorphic(maps, handlers);
@@ skipping 96 matching lines @@
   for (int current = 0; current < receiver_maps->length(); ++current) {
     if (!receiver_maps->at(current).is_null() &&
         receiver_maps->at(current).is_identical_to(new_receiver_map)) {
       return false;
     }
   }
   receiver_maps->Add(new_receiver_map);
   return true;
 }
 
-
-bool IC::UpdatePolymorphicIC(Handle<Name> name, Handle<Code> code) {
-  if (!code->is_handler()) return false;
+bool IC::UpdatePolymorphicIC(Handle<Name> name, Handle<Object> code) {
+  if (!(code->IsSmi() ||

[Igor Sheludko, 2016/07/15 10:44:18]

It is hard to understand this "if". How about:

DCHECK(code->IsSmi() || code->IsCode());
if (!code->IsSmi() && !Code::cast(*code)->is_handler())) {
  return false;
}

[Jakob Kummerow, 2016/07/15 14:16:42]

Done.

+        (code->IsCode() && Handle<Code>::cast(code)->is_handler()))) {
+    return false;
+  }
   if (is_keyed() && state() != RECOMPUTE_HANDLER) return false;
   Handle<Map> map = receiver_map();
   MapHandleList maps;
-  CodeHandleList handlers;
+  List<Handle<Object>> handlers;
 
   TargetMaps(&maps);
   int number_of_maps = maps.length();
   int deprecated_maps = 0;
   int handler_to_overwrite = -1;
 
   for (int i = 0; i < number_of_maps; i++) {
     Handle<Map> current_map = maps.at(i);
     if (current_map->is_deprecated()) {
       // Filter out deprecated maps to ensure their instances get migrated.
@@ skipping 34 matching lines @@
       maps.Add(map);
       handlers.Add(code);
     }
 
     ConfigureVectorState(name, &maps, &handlers);
   }
 
   return true;
 }
 
-
-void IC::UpdateMonomorphicIC(Handle<Code> handler, Handle<Name> name) {
-  DCHECK(handler->is_handler());
+void IC::UpdateMonomorphicIC(Handle<Object> handler, Handle<Name> name) {
+  DCHECK(handler->IsSmi() ||
+         (handler->IsCode() && Handle<Code>::cast(handler)->is_handler()));
   ConfigureVectorState(name, receiver_map(), handler);
 }
 
 
 void IC::CopyICToMegamorphicCache(Handle<Name> name) {
   MapHandleList maps;
-  CodeHandleList handlers;
+  List<Handle<Object>> handlers;
   TargetMaps(&maps);
   if (!nexus()->FindHandlers(&handlers, maps.length())) return;
   for (int i = 0; i < maps.length(); i++) {
     UpdateMegamorphicCache(*maps.at(i), *name, *handlers.at(i));
   }
 }
 
 
 bool IC::IsTransitionOfMonomorphicTarget(Map* source_map, Map* target_map) {
   if (source_map == NULL) return true;
   if (target_map == NULL) return false;
   ElementsKind target_elements_kind = target_map->elements_kind();
   bool more_general_transition = IsMoreGeneralElementsKindTransition(
       source_map->elements_kind(), target_elements_kind);
   Map* transitioned_map = nullptr;
   if (more_general_transition) {
     MapHandleList map_list;
     map_list.Add(handle(target_map));
     transitioned_map = source_map->FindElementsKindTransitionedMap(&map_list);
   }
   return transitioned_map == target_map;
 }
 
-
-void IC::PatchCache(Handle<Name> name, Handle<Code> code) {
+void IC::PatchCache(Handle<Name> name, Handle<Object> code) {
+  DCHECK(code->IsCode() || (kind() == Code::LOAD_IC && code->IsSmi()));
   switch (state()) {
     case UNINITIALIZED:
     case PREMONOMORPHIC:
       UpdateMonomorphicIC(code, name);
       break;
     case RECOMPUTE_HANDLER:
     case MONOMORPHIC:
       if (kind() == Code::LOAD_GLOBAL_IC) {
         UpdateMonomorphicIC(code, name);
         break;
@@ skipping 47 matching lines @@
 
 
 Handle<Code> KeyedStoreIC::ChooseMegamorphicStub(Isolate* isolate,
                                                  ExtraICState extra_state) {
   LanguageMode mode = StoreICState::GetLanguageMode(extra_state);
   return is_strict(mode)
              ? isolate->builtins()->KeyedStoreIC_Megamorphic_Strict()
              : isolate->builtins()->KeyedStoreIC_Megamorphic();
 }
 
-
-Handle<Code> LoadIC::SimpleFieldLoad(FieldIndex index) {
+Handle<Object> LoadIC::SimpleFieldLoad(FieldIndex index) {
+  if (kind() == Code::LOAD_IC && FLAG_tf_load_ic_stub) {
+    return handle(Smi::FromInt(index.GetLoadByFieldOffset()), isolate());
+  }
+  DCHECK(kind() == Code::KEYED_LOAD_IC || !FLAG_tf_load_ic_stub);
   TRACE_HANDLER_STATS(isolate(), LoadIC_LoadFieldStub);
   LoadFieldStub stub(isolate(), index);
   return stub.GetCode();
 }
 
 
 bool IsCompatibleReceiver(LookupIterator* lookup, Handle<Map> receiver_map) {
   DCHECK(lookup->state() == LookupIterator::ACCESSOR);
   Isolate* isolate = lookup->isolate();
   Handle<Object> accessors = lookup->GetAccessors();
@@ skipping 34 matching lines @@
 
 void LoadIC::UpdateCaches(LookupIterator* lookup) {
   if (state() == UNINITIALIZED && kind() != Code::LOAD_GLOBAL_IC) {
     // This is the first time we execute this inline cache. Set the target to
     // the pre monomorphic stub to delay setting the monomorphic state.
     ConfigureVectorState(PREMONOMORPHIC, Handle<Object>());
     TRACE_IC("LoadIC", lookup->name());
     return;
   }
 
-  Handle<Code> code;
+  Handle<Object> code;
   if (lookup->state() == LookupIterator::JSPROXY ||
       lookup->state() == LookupIterator::ACCESS_CHECK) {
     code = slow_stub();
   } else if (!lookup->IsFound()) {
     if (kind() == Code::LOAD_IC || kind() == Code::LOAD_GLOBAL_IC) {
       code = NamedLoadHandlerCompiler::ComputeLoadNonexistent(lookup->name(),
                                                               receiver_map());
       // TODO(jkummerow/verwaest): Introduce a builtin that handles this case.
       if (code.is_null()) code = slow_stub();
     } else {
@@ skipping 54 matching lines @@
     case Code::KEYED_STORE_IC:
       return isolate()->store_stub_cache();
 
     default:
       break;
   }
   UNREACHABLE();
   return nullptr;
 }
 
-void IC::UpdateMegamorphicCache(Map* map, Name* name, Code* code) {
-  stub_cache()->Set(name, map, code);
+void IC::UpdateMegamorphicCache(Map* map, Name* name, Object* code) {
+  if (code->IsSmi()) {
+    // TODO(jkummerow): Support Smis in the code cache.
+    Handle<Map> map_handle(map, isolate());
+    Handle<Name> name_handle(name, isolate());
+    FieldIndex index =
+        FieldIndex::ForLoadByFieldOffset(map, Smi::cast(code)->value());
+    TRACE_HANDLER_STATS(isolate(), LoadIC_LoadFieldStub);
+    LoadFieldStub stub(isolate(), index);
+    Code* handler = *stub.GetCode();
+    stub_cache()->Set(*name_handle, *map_handle, handler);
+    return;
+  }
+  DCHECK(code->IsCode());
+  stub_cache()->Set(name, map, Code::cast(code));
 }
 
-
-Handle<Code> IC::ComputeHandler(LookupIterator* lookup, Handle<Object> value) {
+Handle<Object> IC::ComputeHandler(LookupIterator* lookup,
+                                  Handle<Object> value) {
   // Try to find a globally shared handler stub.
-  Handle<Code> code = GetMapIndependentHandler(lookup);
-  if (!code.is_null()) return code;
+  Handle<Object> handler_or_index = GetMapIndependentHandler(lookup);
+  if (!handler_or_index.is_null()) {
+    DCHECK(handler_or_index->IsCode() || handler_or_index->IsSmi());
+    return handler_or_index;
+  }
 
   // Otherwise check the map's handler cache for a map-specific handler, and
   // compile one if the cache comes up empty.
   bool receiver_is_holder =
       lookup->GetReceiver().is_identical_to(lookup->GetHolder<JSObject>());
   CacheHolderFlag flag;
   Handle<Map> stub_holder_map;
   if (kind() == Code::LOAD_IC || kind() == Code::LOAD_GLOBAL_IC ||
       kind() == Code::KEYED_LOAD_IC) {
     stub_holder_map = IC::GetHandlerCacheHolder(
         receiver_map(), receiver_is_holder, isolate(), &flag);
   } else {
     DCHECK(kind() == Code::STORE_IC || kind() == Code::KEYED_STORE_IC);
     // Store handlers cannot be cached on prototypes.
     flag = kCacheOnReceiver;
     stub_holder_map = receiver_map();
   }
 
-  code = PropertyHandlerCompiler::Find(lookup->name(), stub_holder_map, kind(),
-                                       flag);
+  Handle<Code> code = PropertyHandlerCompiler::Find(
+      lookup->name(), stub_holder_map, kind(), flag);
   // Use the cached value if it exists, and if it is different from the
   // handler that just missed.
   if (!code.is_null()) {
-    Handle<Code> handler;
+    Handle<Object> handler;
     if (maybe_handler_.ToHandle(&handler)) {
       if (!handler.is_identical_to(code)) {
         TRACE_HANDLER_STATS(isolate(), IC_HandlerCacheHit);
         return code;
       }
     } else {
       // maybe_handler_ is only populated for MONOMORPHIC and POLYMORPHIC ICs.
       // In MEGAMORPHIC case, check if the handler in the megamorphic stub
       // cache (which just missed) is different from the cached handler.
       if (state() == MEGAMORPHIC && lookup->GetReceiver()->IsHeapObject()) {
@@ skipping 12 matching lines @@
   }
 
   code = CompileHandler(lookup, value, flag);
   DCHECK(code->is_handler());
   DCHECK(Code::ExtractCacheHolderFromFlags(code->flags()) == flag);
   Map::UpdateCodeCache(stub_holder_map, lookup->name(), code);
 
   return code;
 }
 
-Handle<Code> LoadIC::GetMapIndependentHandler(LookupIterator* lookup) {
+Handle<Object> LoadIC::GetMapIndependentHandler(LookupIterator* lookup) {
   Handle<Object> receiver = lookup->GetReceiver();
   if (receiver->IsString() &&
       Name::Equals(isolate()->factory()->length_string(), lookup->name())) {
     FieldIndex index = FieldIndex::ForInObjectOffset(String::kLengthOffset);
     return SimpleFieldLoad(index);
   }
 
   if (receiver->IsStringWrapper() &&
       Name::Equals(isolate()->factory()->length_string(), lookup->name())) {
     TRACE_HANDLER_STATS(isolate(), LoadIC_StringLengthStub);
@@ skipping 323 matching lines @@
     return;
   }
 
   // If the maximum number of receiver maps has been exceeded, use the generic
   // version of the IC.
   if (target_receiver_maps.length() > kMaxKeyedPolymorphism) {
     TRACE_GENERIC_IC(isolate(), "KeyedLoadIC", "max polymorph exceeded");
     return;
   }
 
-  CodeHandleList handlers(target_receiver_maps.length());
+  List<Handle<Object>> handlers(target_receiver_maps.length());
   TRACE_HANDLER_STATS(isolate(), KeyedLoadIC_PolymorphicElement);
   ElementHandlerCompiler compiler(isolate());
   compiler.CompileElementHandlers(&target_receiver_maps, &handlers);
   ConfigureVectorState(Handle<Name>(), &target_receiver_maps, &handlers);
 }
 
 
 MaybeHandle<Object> KeyedLoadIC::Load(Handle<Object> object,
                                       Handle<Object> key) {
   if (MigrateDeprecated(object)) {
@@ skipping 196 matching lines @@
     // the pre monomorphic stub to delay setting the monomorphic state.
     ConfigureVectorState(PREMONOMORPHIC, Handle<Object>());
     TRACE_IC("StoreIC", lookup->name());
     return;
   }
 
   bool use_ic = LookupForWrite(lookup, value, store_mode);
   if (!use_ic) {
     TRACE_GENERIC_IC(isolate(), "StoreIC", "LookupForWrite said 'false'");
   }
-  Handle<Code> code = use_ic ? ComputeHandler(lookup, value) : slow_stub();
+  Handle<Code> code =
+      use_ic ? Handle<Code>::cast(ComputeHandler(lookup, value)) : slow_stub();
 
   PatchCache(lookup->name(), code);
   TRACE_IC("StoreIC", lookup->name());
 }
 
 
 static Handle<Code> PropertyCellStoreHandler(
     Isolate* isolate, Handle<JSObject> receiver, Handle<JSGlobalObject> holder,
     Handle<Name> name, Handle<PropertyCell> cell, PropertyCellType type) {
   auto constant_type = Nothing<PropertyCellConstantType>();
   if (type == PropertyCellType::kConstantType) {
     constant_type = Just(cell->GetConstantType());
   }
   StoreGlobalStub stub(isolate, type, constant_type,
                        receiver->IsJSGlobalProxy());
   auto code = stub.GetCodeCopyFromTemplate(holder, cell);
   // TODO(verwaest): Move caching of these NORMAL stubs outside as well.
   HeapObject::UpdateMapCodeCache(receiver, name, code);
   return code;
 }
 
-Handle<Code> StoreIC::GetMapIndependentHandler(LookupIterator* lookup) {
+Handle<Object> StoreIC::GetMapIndependentHandler(LookupIterator* lookup) {
   DCHECK_NE(LookupIterator::JSPROXY, lookup->state());
 
   // This is currently guaranteed by checks in StoreIC::Store.
   Handle<JSObject> receiver = Handle<JSObject>::cast(lookup->GetReceiver());
   Handle<JSObject> holder = lookup->GetHolder<JSObject>();
   DCHECK(!receiver->IsAccessCheckNeeded() || lookup->name()->IsPrivate());
 
   switch (lookup->state()) {
     case LookupIterator::TRANSITION: {
       auto store_target = lookup->GetStoreTarget();
@@ skipping 1351 matching lines @@
     DCHECK_EQ(FeedbackVectorSlotKind::KEYED_LOAD_IC,
               vector->GetKind(vector_slot));
     KeyedLoadICNexus nexus(vector, vector_slot);
     KeyedLoadIC ic(IC::EXTRA_CALL_FRAME, isolate, &nexus);
     ic.UpdateState(receiver, key);
     RETURN_RESULT_OR_FAILURE(isolate, ic.Load(receiver, key));
   }
 }
 }  // namespace internal
 }  // namespace v8