| OLD | NEW |
|---|
| 1 // Copyright 2014 the V8 project authors. All rights reserved. | 1 // Copyright 2014 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/ic/ic-compiler.h" | 5 #include "src/ic/ic-compiler.h" |
| 6 | 6 |
| 7 #include "src/ic/handler-compiler.h" | 7 #include "src/ic/handler-compiler.h" |
| 8 #include "src/ic/ic-inl.h" | 8 #include "src/ic/ic-inl.h" |
| 9 | 9 |
| 10 namespace v8 { | 10 namespace v8 { |
| 11 namespace internal { | 11 namespace internal { |
| 12 | 12 |
| 13 Handle<Code> PropertyICCompiler::ComputeKeyedStoreMonomorphicHandler( | 13 Handle<Object> PropertyICCompiler::ComputeKeyedStoreMonomorphicHandler( |
| 14 Handle<Map> receiver_map, KeyedAccessStoreMode store_mode) { | 14 Handle<Map> receiver_map, KeyedAccessStoreMode store_mode) { |
| 15 Isolate* isolate = receiver_map->GetIsolate(); | 15 Isolate* isolate = receiver_map->GetIsolate(); |
| 16 | 16 |
| 17 DCHECK(store_mode == STANDARD_STORE || | 17 DCHECK(store_mode == STANDARD_STORE || |
| 18 store_mode == STORE_AND_GROW_NO_TRANSITION || | 18 store_mode == STORE_AND_GROW_NO_TRANSITION || |
| 19 store_mode == STORE_NO_TRANSITION_IGNORE_OUT_OF_BOUNDS || | 19 store_mode == STORE_NO_TRANSITION_IGNORE_OUT_OF_BOUNDS || |
| 20 store_mode == STORE_NO_TRANSITION_HANDLE_COW); | 20 store_mode == STORE_NO_TRANSITION_HANDLE_COW); |
| 21 | 21 |
| 22 PropertyICCompiler compiler(isolate); | 22 PropertyICCompiler compiler(isolate); |
| 23 Handle<Code> code = | 23 Handle<Object> handler = |
| 24 compiler.CompileKeyedStoreMonomorphicHandler(receiver_map, store_mode); | 24 compiler.CompileKeyedStoreMonomorphicHandler(receiver_map, store_mode); |
| 25 return code; | 25 return handler; |
| 26 } | 26 } |
| 27 | 27 |
| 28 void PropertyICCompiler::ComputeKeyedStorePolymorphicHandlers( | 28 void PropertyICCompiler::ComputeKeyedStorePolymorphicHandlers( |
| 29 MapHandleList* receiver_maps, MapHandleList* transitioned_maps, | 29 MapHandleList* receiver_maps, MapHandleList* transitioned_maps, |
| 30 CodeHandleList* handlers, KeyedAccessStoreMode store_mode) { | 30 List<Handle<Object>>* handlers, KeyedAccessStoreMode store_mode) { |
| 31 Isolate* isolate = receiver_maps->at(0)->GetIsolate(); | 31 Isolate* isolate = receiver_maps->at(0)->GetIsolate(); |
| 32 DCHECK(store_mode == STANDARD_STORE || | 32 DCHECK(store_mode == STANDARD_STORE || |
| 33 store_mode == STORE_AND_GROW_NO_TRANSITION || | 33 store_mode == STORE_AND_GROW_NO_TRANSITION || |
| 34 store_mode == STORE_NO_TRANSITION_IGNORE_OUT_OF_BOUNDS || | 34 store_mode == STORE_NO_TRANSITION_IGNORE_OUT_OF_BOUNDS || |
| 35 store_mode == STORE_NO_TRANSITION_HANDLE_COW); | 35 store_mode == STORE_NO_TRANSITION_HANDLE_COW); |
| 36 PropertyICCompiler compiler(isolate); | 36 PropertyICCompiler compiler(isolate); |
| 37 compiler.CompileKeyedStorePolymorphicHandlers( | 37 compiler.CompileKeyedStorePolymorphicHandlers( |
| 38 receiver_maps, transitioned_maps, handlers, store_mode); | 38 receiver_maps, transitioned_maps, handlers, store_mode); |
| 39 } | 39 } |
| 40 | 40 |
| 41 | |
| 42 void PropertyICCompiler::CompileKeyedStorePolymorphicHandlers( | 41 void PropertyICCompiler::CompileKeyedStorePolymorphicHandlers( |
| 43 MapHandleList* receiver_maps, MapHandleList* transitioned_maps, | 42 MapHandleList* receiver_maps, MapHandleList* transitioned_maps, |
| 44 CodeHandleList* handlers, KeyedAccessStoreMode store_mode) { | 43 List<Handle<Object>>* handlers, KeyedAccessStoreMode store_mode) { |
| 45 for (int i = 0; i < receiver_maps->length(); ++i) { | 44 for (int i = 0; i < receiver_maps->length(); ++i) { |
| 46 Handle<Map> receiver_map(receiver_maps->at(i)); | 45 Handle<Map> receiver_map(receiver_maps->at(i)); |
| 47 Handle<Code> cached_stub; | 46 Handle<Object> handler; |
| 48 Handle<Map> transitioned_map; | 47 Handle<Map> transitioned_map; |
| 49 { | 48 { |
| 50 Map* tmap = receiver_map->FindElementsKindTransitionedMap(receiver_maps); | 49 Map* tmap = receiver_map->FindElementsKindTransitionedMap(receiver_maps); |
| 51 if (tmap != nullptr) transitioned_map = handle(tmap); | 50 if (tmap != nullptr) transitioned_map = handle(tmap); |
| 52 } | 51 } |
| 53 | 52 |
| 54 // TODO(mvstanton): The code below is doing pessimistic elements | 53 // TODO(mvstanton): The code below is doing pessimistic elements |
| 55 // transitions. I would like to stop doing that and rely on Allocation Site | 54 // transitions. I would like to stop doing that and rely on Allocation Site |
| 56 // Tracking to do a better job of ensuring the data types are what they need | 55 // Tracking to do a better job of ensuring the data types are what they need |
| 57 // to be. Not all the elements are in place yet, pessimistic elements | 56 // to be. Not all the elements are in place yet, pessimistic elements |
| 58 // transitions are still important for performance. | 57 // transitions are still important for performance. |
| 59 if (!transitioned_map.is_null()) { | 58 if (!transitioned_map.is_null()) { |
| 60 bool is_js_array = receiver_map->instance_type() == JS_ARRAY_TYPE; | 59 bool is_js_array = receiver_map->instance_type() == JS_ARRAY_TYPE; |
| 61 ElementsKind elements_kind = receiver_map->elements_kind(); | 60 ElementsKind elements_kind = receiver_map->elements_kind(); |
| 62 TRACE_HANDLER_STATS(isolate(), | 61 TRACE_HANDLER_STATS(isolate(), |
| 63 KeyedStoreIC_ElementsTransitionAndStoreStub); | 62 KeyedStoreIC_ElementsTransitionAndStoreStub); |
| 64 cached_stub = | 63 Handle<Code> stub = |
| 65 ElementsTransitionAndStoreStub(isolate(), elements_kind, | 64 ElementsTransitionAndStoreStub(isolate(), elements_kind, |
| 66 transitioned_map->elements_kind(), | 65 transitioned_map->elements_kind(), |
| 67 is_js_array, store_mode).GetCode(); | 66 is_js_array, store_mode) |
| 67 .GetCode(); |
| 68 Handle<Object> validity_cell = |
| 69 Map::GetOrCreatePrototypeChainValidityCell(receiver_map, isolate()); |
| 70 if (validity_cell.is_null()) { |
| 71 handler = stub; |
| 72 } else { |
| 73 handler = isolate()->factory()->NewTuple2(validity_cell, stub); |
| 74 } |
| 75 |
| 68 } else if (receiver_map->instance_type() < FIRST_JS_RECEIVER_TYPE) { | 76 } else if (receiver_map->instance_type() < FIRST_JS_RECEIVER_TYPE) { |
| 69 // TODO(mvstanton): Consider embedding store_mode in the state of the slow | 77 // TODO(mvstanton): Consider embedding store_mode in the state of the slow |
| 70 // keyed store ic for uniformity. | 78 // keyed store ic for uniformity. |
| 71 TRACE_HANDLER_STATS(isolate(), KeyedStoreIC_SlowStub); | 79 TRACE_HANDLER_STATS(isolate(), KeyedStoreIC_SlowStub); |
| 72 cached_stub = isolate()->builtins()->KeyedStoreIC_Slow(); | 80 handler = isolate()->builtins()->KeyedStoreIC_Slow(); |
| 73 } else { | 81 } else { |
| 74 cached_stub = | 82 handler = CompileKeyedStoreMonomorphicHandler(receiver_map, store_mode); |
| 75 CompileKeyedStoreMonomorphicHandler(receiver_map, store_mode); | |
| 76 } | 83 } |
| 77 DCHECK(!cached_stub.is_null()); | 84 DCHECK(!handler.is_null()); |
| 78 handlers->Add(cached_stub); | 85 handlers->Add(handler); |
| 79 transitioned_maps->Add(transitioned_map); | 86 transitioned_maps->Add(transitioned_map); |
| 80 } | 87 } |
| 81 } | 88 } |
| 82 | 89 |
| 83 | 90 |
| 84 #define __ ACCESS_MASM(masm()) | 91 #define __ ACCESS_MASM(masm()) |
| 85 | 92 |
| 86 | 93 Handle<Object> PropertyICCompiler::CompileKeyedStoreMonomorphicHandler( |
| 87 Handle<Code> PropertyICCompiler::CompileKeyedStoreMonomorphicHandler( | |
| 88 Handle<Map> receiver_map, KeyedAccessStoreMode store_mode) { | 94 Handle<Map> receiver_map, KeyedAccessStoreMode store_mode) { |
| 89 ElementsKind elements_kind = receiver_map->elements_kind(); | 95 ElementsKind elements_kind = receiver_map->elements_kind(); |
| 90 bool is_jsarray = receiver_map->instance_type() == JS_ARRAY_TYPE; | 96 bool is_jsarray = receiver_map->instance_type() == JS_ARRAY_TYPE; |
| 91 Handle<Code> stub; | 97 Handle<Code> stub; |
| 92 if (receiver_map->has_sloppy_arguments_elements()) { | 98 if (receiver_map->has_sloppy_arguments_elements()) { |
| 93 TRACE_HANDLER_STATS(isolate(), KeyedStoreIC_KeyedStoreSloppyArgumentsStub); | 99 TRACE_HANDLER_STATS(isolate(), KeyedStoreIC_KeyedStoreSloppyArgumentsStub); |
| 94 stub = KeyedStoreSloppyArgumentsStub(isolate(), store_mode).GetCode(); | 100 stub = KeyedStoreSloppyArgumentsStub(isolate(), store_mode).GetCode(); |
| 95 } else if (receiver_map->has_fast_elements() || | 101 } else if (receiver_map->has_fast_elements() || |
| 96 receiver_map->has_fixed_typed_array_elements()) { | 102 receiver_map->has_fixed_typed_array_elements()) { |
| 97 TRACE_HANDLER_STATS(isolate(), KeyedStoreIC_StoreFastElementStub); | 103 TRACE_HANDLER_STATS(isolate(), KeyedStoreIC_StoreFastElementStub); |
| 98 stub = StoreFastElementStub(isolate(), is_jsarray, elements_kind, | 104 stub = StoreFastElementStub(isolate(), is_jsarray, elements_kind, |
| 99 store_mode).GetCode(); | 105 store_mode).GetCode(); |
| 100 } else { | 106 } else { |
| 101 TRACE_HANDLER_STATS(isolate(), KeyedStoreIC_StoreElementStub); | 107 TRACE_HANDLER_STATS(isolate(), KeyedStoreIC_StoreElementStub); |
| 102 stub = StoreElementStub(isolate(), elements_kind, store_mode).GetCode(); | 108 stub = StoreElementStub(isolate(), elements_kind, store_mode).GetCode(); |
| 103 } | 109 } |
| 104 return stub; | 110 Handle<Object> validity_cell = |
| 111 Map::GetOrCreatePrototypeChainValidityCell(receiver_map, isolate()); |
| 112 if (validity_cell.is_null()) { |
| 113 return stub; |
| 114 } |
| 115 return isolate()->factory()->NewTuple2(validity_cell, stub); |
| 105 } | 116 } |
| 106 | 117 |
| 107 | 118 |
| 108 #undef __ | 119 #undef __ |
| 109 } // namespace internal | 120 } // namespace internal |
| 110 } // namespace v8 | 121 } // namespace v8 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2534613002:
[ic] Use validity cells to protect keyed element stores against object's prototype chain modificati… (Closed)
