Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(86)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/ic/x64/handler-compiler-x64.cc

Issue 2455953002: [ic] Remove unnecessary access rights checks from the IC handlers. (Closed)
Patch Set: Addressing comments and rebasing Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/ic/s390/handler-compiler-s390.cc ('k') | src/ic/x87/handler-compiler-x87.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 the V8 project authors. All rights reserved. 1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #if V8_TARGET_ARCH_X64 5 #if V8_TARGET_ARCH_X64
6 6
7 #include "src/ic/handler-compiler.h" 7 #include "src/ic/handler-compiler.h"
8 8
9 #include "src/api-arguments.h" 9 #include "src/api-arguments.h"
10 #include "src/field-type.h" 10 #include "src/field-type.h"
(...skipping 428 matching lines...) Expand 10 before | Expand all | Expand 10 after
439 // iteration, reg is an alias for object_reg, on later iterations, 439 // iteration, reg is an alias for object_reg, on later iterations,
440 // it is an alias for holder_reg. 440 // it is an alias for holder_reg.
441 Register reg = object_reg; 441 Register reg = object_reg;
442 int depth = 0; 442 int depth = 0;
443 443
444 Handle<JSObject> current = Handle<JSObject>::null(); 444 Handle<JSObject> current = Handle<JSObject>::null();
445 if (receiver_map->IsJSGlobalObjectMap()) { 445 if (receiver_map->IsJSGlobalObjectMap()) {
446 current = isolate()->global_object(); 446 current = isolate()->global_object();
447 } 447 }
448 448
449 // Check access rights to the global object. This has to happen after
450 // the map check so that we know that the object is actually a global
451 // object.
452 // This allows us to install generated handlers for accesses to the
453 // global proxy (as opposed to using slow ICs). See corresponding code
454 // in LookupForRead().
455 if (receiver_map->IsJSGlobalProxyMap()) {
456 __ CheckAccessGlobalProxy(reg, scratch2, miss);
457 }
458
459 Handle<JSObject> prototype = Handle<JSObject>::null(); 449 Handle<JSObject> prototype = Handle<JSObject>::null();
460 Handle<Map> current_map = receiver_map; 450 Handle<Map> current_map = receiver_map;
461 Handle<Map> holder_map(holder()->map()); 451 Handle<Map> holder_map(holder()->map());
462 // Traverse the prototype chain and check the maps in the prototype chain for 452 // Traverse the prototype chain and check the maps in the prototype chain for
463 // fast and global objects or do negative lookup for normal objects. 453 // fast and global objects or do negative lookup for normal objects.
464 while (!current_map.is_identical_to(holder_map)) { 454 while (!current_map.is_identical_to(holder_map)) {
465 ++depth; 455 ++depth;
466 456
467 // Only global objects and objects that do not require access
468 // checks are allowed in stubs.
469 DCHECK(current_map->IsJSGlobalProxyMap() ||
470 !current_map->is_access_check_needed());
471
472 prototype = handle(JSObject::cast(current_map->prototype())); 457 prototype = handle(JSObject::cast(current_map->prototype()));
473 if (current_map->IsJSGlobalObjectMap()) { 458 if (current_map->IsJSGlobalObjectMap()) {
474 GenerateCheckPropertyCell(masm(), Handle<JSGlobalObject>::cast(current), 459 GenerateCheckPropertyCell(masm(), Handle<JSGlobalObject>::cast(current),
475 name, scratch2, miss); 460 name, scratch2, miss);
476 } else if (current_map->is_dictionary_map()) { 461 } else if (current_map->is_dictionary_map()) {
477 DCHECK(!current_map->IsJSGlobalProxyMap()); // Proxy maps are fast. 462 DCHECK(!current_map->IsJSGlobalProxyMap()); // Proxy maps are fast.
478 DCHECK(name->IsUniqueName()); 463 DCHECK(name->IsUniqueName());
479 DCHECK(current.is_null() || 464 DCHECK(current.is_null() ||
480 current->property_dictionary()->FindEntry(name) == 465 current->property_dictionary()->FindEntry(name) ==
481 NameDictionary::kNotFound); 466 NameDictionary::kNotFound);
(...skipping 210 matching lines...) Expand 10 before | Expand all | Expand 10 after
692 // Return the generated code. 677 // Return the generated code.
693 return GetCode(kind(), name); 678 return GetCode(kind(), name);
694 } 679 }
695 680
696 681
697 #undef __ 682 #undef __
698 } // namespace internal 683 } // namespace internal
699 } // namespace v8 684 } // namespace v8
700 685
701 #endif // V8_TARGET_ARCH_X64 686 #endif // V8_TARGET_ARCH_X64
OLDNEW
« no previous file with comments | « src/ic/s390/handler-compiler-s390.cc ('k') | src/ic/x87/handler-compiler-x87.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698