Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(388)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/ic/arm64/handler-compiler-arm64.cc

Issue 2455953002: [ic] Remove unnecessary access rights checks from the IC handlers. (Closed)
Patch Set: Addressing comments and rebasing Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/ic/arm/handler-compiler-arm.cc ('k') | src/ic/ia32/handler-compiler-ia32.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 the V8 project authors. All rights reserved. 1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #if V8_TARGET_ARCH_ARM64 5 #if V8_TARGET_ARCH_ARM64
6 6
7 #include "src/ic/handler-compiler.h" 7 #include "src/ic/handler-compiler.h"
8 8
9 #include "src/api-arguments.h" 9 #include "src/api-arguments.h"
10 #include "src/field-type.h" 10 #include "src/field-type.h"
(...skipping 460 matching lines...) Expand 10 before | Expand all | Expand 10 after
471 471
472 // Keep track of the current object in register reg. 472 // Keep track of the current object in register reg.
473 Register reg = object_reg; 473 Register reg = object_reg;
474 int depth = 0; 474 int depth = 0;
475 475
476 Handle<JSObject> current = Handle<JSObject>::null(); 476 Handle<JSObject> current = Handle<JSObject>::null();
477 if (receiver_map->IsJSGlobalObjectMap()) { 477 if (receiver_map->IsJSGlobalObjectMap()) {
478 current = isolate()->global_object(); 478 current = isolate()->global_object();
479 } 479 }
480 480
481 // Check access rights to the global object. This has to happen after
482 // the map check so that we know that the object is actually a global
483 // object.
484 // This allows us to install generated handlers for accesses to the
485 // global proxy (as opposed to using slow ICs). See corresponding code
486 // in LookupForRead().
487 if (receiver_map->IsJSGlobalProxyMap()) {
488 UseScratchRegisterScope temps(masm());
489 __ CheckAccessGlobalProxy(reg, scratch2, temps.AcquireX(), miss);
490 }
491
492 Handle<JSObject> prototype = Handle<JSObject>::null(); 481 Handle<JSObject> prototype = Handle<JSObject>::null();
493 Handle<Map> current_map = receiver_map; 482 Handle<Map> current_map = receiver_map;
494 Handle<Map> holder_map(holder()->map()); 483 Handle<Map> holder_map(holder()->map());
495 // Traverse the prototype chain and check the maps in the prototype chain for 484 // Traverse the prototype chain and check the maps in the prototype chain for
496 // fast and global objects or do negative lookup for normal objects. 485 // fast and global objects or do negative lookup for normal objects.
497 while (!current_map.is_identical_to(holder_map)) { 486 while (!current_map.is_identical_to(holder_map)) {
498 ++depth; 487 ++depth;
499 488
500 // Only global objects and objects that do not require access
501 // checks are allowed in stubs.
502 DCHECK(current_map->IsJSGlobalProxyMap() ||
503 !current_map->is_access_check_needed());
504
505 prototype = handle(JSObject::cast(current_map->prototype())); 489 prototype = handle(JSObject::cast(current_map->prototype()));
506 if (current_map->IsJSGlobalObjectMap()) { 490 if (current_map->IsJSGlobalObjectMap()) {
507 GenerateCheckPropertyCell(masm(), Handle<JSGlobalObject>::cast(current), 491 GenerateCheckPropertyCell(masm(), Handle<JSGlobalObject>::cast(current),
508 name, scratch2, miss); 492 name, scratch2, miss);
509 } else if (current_map->is_dictionary_map()) { 493 } else if (current_map->is_dictionary_map()) {
510 DCHECK(!current_map->IsJSGlobalProxyMap()); // Proxy maps are fast. 494 DCHECK(!current_map->IsJSGlobalProxyMap()); // Proxy maps are fast.
511 DCHECK(name->IsUniqueName()); 495 DCHECK(name->IsUniqueName());
512 DCHECK(current.is_null() || (current->property_dictionary()->FindEntry( 496 DCHECK(current.is_null() || (current->property_dictionary()->FindEntry(
513 name) == NameDictionary::kNotFound)); 497 name) == NameDictionary::kNotFound));
514 498
(...skipping 171 matching lines...) Expand 10 before | Expand all | Expand 10 after
686 // Return the generated code. 670 // Return the generated code.
687 return GetCode(kind(), name); 671 return GetCode(kind(), name);
688 } 672 }
689 673
690 674
691 #undef __ 675 #undef __
692 } // namespace internal 676 } // namespace internal
693 } // namespace v8 677 } // namespace v8
694 678
695 #endif // V8_TARGET_ARCH_IA32 679 #endif // V8_TARGET_ARCH_IA32
OLDNEW
« no previous file with comments | « src/ic/arm/handler-compiler-arm.cc ('k') | src/ic/ia32/handler-compiler-ia32.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698