[ic] Data handlers for loads of non-existent properties.

src/ic/ic.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/ic/ic.h"
 
 #include <iostream>
 
 #include "src/accessors.h"
 #include "src/api-arguments-inl.h"
@@ skipping 841 matching lines @@
   LoadFieldStub stub(isolate(), index);
   return stub.GetCode();
 }
 
 namespace {
 
 template <bool fill_array>
 int InitPrototypeChecks(Isolate* isolate, Handle<Map> receiver_map,
                         Handle<JSObject> holder, Handle<FixedArray> array,
                         Handle<Name> name) {
-  DCHECK(holder->HasFastProperties());
+  DCHECK(holder.is_null() || holder->HasFastProperties());
 
   // The following kinds of receiver maps require custom handler compilation.
   if (receiver_map->IsJSGlobalObjectMap()) {
     return -1;
   }
   // We don't encode the requirement to check access rights because we already
   // passed the access check for current native context and the access
   // can't be revoked.
 
   HandleScope scope(isolate);
   int checks_count = 0;
 
-  // Switch to custom compiled handler if the prototype chain contains global
-  // or dictionary objects.
+  // Create/count entries for each global or dictionary prototype appeared in
+  // the prototype chain contains from receiver till holder.
   for (PrototypeIterator iter(receiver_map); !iter.IsAtEnd(); iter.Advance()) {
     Handle<JSObject> current = PrototypeIterator::GetCurrent<JSObject>(iter);
-    if (*current == *holder) break;
+    if (holder.is_identical_to(current)) break;
     Handle<Map> current_map(current->map(), isolate);
 
     if (current_map->IsJSGlobalObjectMap()) {
       if (fill_array) {
         Handle<JSGlobalObject> global = Handle<JSGlobalObject>::cast(current);
         Handle<PropertyCell> cell = JSGlobalObject::EnsureEmptyPropertyCell(
             global, name, PropertyCellType::kInvalidated);
         DCHECK(cell->value()->IsTheHole(isolate));
         Handle<WeakCell> weak_cell = isolate->factory()->NewWeakCell(cell);
         array->set(LoadHandler::kFirstPrototypeIndex + checks_count,
@@ skipping 53 matching lines @@
   Handle<FixedArray> handler_array(isolate()->factory()->NewFixedArray(
       LoadHandler::kFirstPrototypeIndex + checks_count, TENURED));
   handler_array->set(LoadHandler::kSmiHandlerIndex, *smi_handler);
   handler_array->set(LoadHandler::kValidityCellIndex, *validity_cell);
   handler_array->set(LoadHandler::kHolderCellIndex, *holder_cell);
   InitPrototypeChecks<true>(isolate(), receiver_map, holder, handler_array,
                             name);
   return handler_array;
 }
 
+Handle<Object> LoadIC::SimpleLoadNonExistent(Handle<Map> receiver_map,
+                                             Handle<Name> name) {
+  Handle<JSObject> holder;  // null handle
+  int checks_count = GetPrototypeCheckCount(receiver_map, holder);
+  DCHECK_LE(0, checks_count);
+  DCHECK(!receiver_map->IsJSGlobalObjectMap());
+
+  Handle<Object> smi_handler = LoadHandler::LoadNonExistent(
+      isolate(), receiver_map->is_dictionary_map());
+
+  Handle<Object> validity_cell =
+      Map::GetOrCreatePrototypeChainValidityCell(receiver_map, isolate());
+  if (validity_cell.is_null()) {
+    // This must be a case when receiver's prototype is null.
+    DCHECK_EQ(*isolate()->factory()->null_value(),
+              receiver_map->GetPrototypeChainRootMap(isolate())->prototype());
+    DCHECK_EQ(0, checks_count);
+    validity_cell = handle(Smi::FromInt(0), isolate());
+  }
+
+  Factory* factory = isolate()->factory();
+  if (checks_count == 0) {
+    return factory->NewTuple3(factory->null_value(), smi_handler,
+                              validity_cell);
+  }
+  Handle<FixedArray> handler_array(factory->NewFixedArray(
+      LoadHandler::kFirstPrototypeIndex + checks_count, TENURED));
+  handler_array->set(LoadHandler::kSmiHandlerIndex, *smi_handler);
+  handler_array->set(LoadHandler::kValidityCellIndex, *validity_cell);
+  handler_array->set(LoadHandler::kHolderCellIndex, *factory->null_value());
+  InitPrototypeChecks<true>(isolate(), receiver_map, holder, handler_array,
+                            name);
+  return handler_array;
+}
+
 bool IsCompatibleReceiver(LookupIterator* lookup, Handle<Map> receiver_map) {
   DCHECK(lookup->state() == LookupIterator::ACCESSOR);
   Isolate* isolate = lookup->isolate();
   Handle<Object> accessors = lookup->GetAccessors();
   if (accessors->IsAccessorInfo()) {
     Handle<AccessorInfo> info = Handle<AccessorInfo>::cast(accessors);
     if (info->getter() != NULL &&
         !AccessorInfo::IsCompatibleReceiverMap(isolate, info, receiver_map)) {
       return false;
     }
@@ skipping 34 matching lines @@
     ConfigureVectorState(PREMONOMORPHIC, Handle<Object>());
     TRACE_IC("LoadIC", lookup->name());
     return;
   }
 
   Handle<Object> code;
   if (lookup->state() == LookupIterator::JSPROXY ||
       lookup->state() == LookupIterator::ACCESS_CHECK) {
     code = slow_stub();
   } else if (!lookup->IsFound()) {
-    if (kind() == Code::LOAD_IC || kind() == Code::LOAD_GLOBAL_IC) {
+    if (kind() == Code::LOAD_IC) {
+      TRACE_HANDLER_STATS(isolate(), LoadIC_LoadNonexistentDH);
+      code = SimpleLoadNonExistent(receiver_map(), lookup->name());
+    } else if (kind() == Code::LOAD_GLOBAL_IC) {
       code = NamedLoadHandlerCompiler::ComputeLoadNonexistent(lookup->name(),
                                                               receiver_map());
       // TODO(jkummerow/verwaest): Introduce a builtin that handles this case.
       if (code.is_null()) code = slow_stub();
     } else {
       code = slow_stub();
     }
   } else {
     if (kind() == Code::LOAD_GLOBAL_IC &&
         lookup->state() == LookupIterator::DATA &&
@@ skipping 2116 matching lines @@
     DCHECK_EQ(LookupIterator::INTERCEPTOR, it.state());
     it.Next();
     ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result,
                                        Object::GetProperty(&it));
   }
 
   return *result;
 }
 }  // namespace internal
 }  // namespace v8