Introduce a PrototypeIterator template and use it all over the place

src/builtins.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/v8.h"
 
 #include "src/api.h"
 #include "src/arguments.h"
 #include "src/base/once.h"
 #include "src/bootstrapper.h"
 #include "src/builtins.h"
 #include "src/cpu-profiler.h"
 #include "src/gdb-jit.h"
 #include "src/heap-profiler.h"
 #include "src/ic-inl.h"
 #include "src/mark-compact.h"
+#include "src/prototype-iterator.h"
 #include "src/stub-cache.h"
 #include "src/vm-state-inl.h"
 
 namespace v8 {
 namespace internal {
 
 namespace {
 
 // Arguments object passed to C++ builtins.
 template <BuiltinExtraArguments extra_args>
@@ skipping 219 matching lines @@
 
 
 static bool ArrayPrototypeHasNoElements(Heap* heap,
                                         Context* native_context,
                                         JSObject* array_proto) {
   DisallowHeapAllocation no_gc;
   // This method depends on non writability of Object and Array prototype
   // fields.
   if (array_proto->elements() != heap->empty_fixed_array()) return false;
   // Object.prototype
-  Object* proto = array_proto->GetPrototype();
+  Object* proto = SAFE_GET_PROTOTYPE_FAST(array_proto);
   if (proto == heap->null_value()) return false;
   array_proto = JSObject::cast(proto);
   if (array_proto != native_context->initial_object_prototype()) return false;
   if (array_proto->elements() != heap->empty_fixed_array()) return false;
-  return array_proto->GetPrototype()->IsNull();
+  return SAFE_GET_PROTOTYPE_FAST(array_proto)->IsNull();
 }
 
 
 // Returns empty handle if not applicable.
 MUST_USE_RESULT
 static inline MaybeHandle<FixedArrayBase> EnsureJSArrayWithWritableFastElements(
     Isolate* isolate,
     Handle<Object> receiver,
     Arguments* args,
     int first_added_arg) {
@@ skipping 52 matching lines @@
 }
 
 
 static inline bool IsJSArrayFastElementMovingAllowed(Heap* heap,
                                                      JSArray* receiver) {
   if (!FLAG_clever_optimizations) return false;
   DisallowHeapAllocation no_gc;
   Context* native_context = heap->isolate()->context()->native_context();
   JSObject* array_proto =
       JSObject::cast(native_context->array_function()->prototype());
-  return receiver->GetPrototype() == array_proto &&
+  return SAFE_GET_PROTOTYPE_FAST(receiver) == array_proto &&
          ArrayPrototypeHasNoElements(heap, native_context, array_proto);
 }
 
 
 MUST_USE_RESULT static Object* CallJsBuiltin(
     Isolate* isolate,
     const char* name,
     BuiltinArguments<NO_EXTRA_ARGUMENTS> args) {
   HandleScope handleScope(isolate);
 
@@ skipping 649 matching lines @@
       return CallJsBuiltin(isolate, "ArrayConcatJS", args);
     }
 
     // Iterate through all the arguments performing checks
     // and calculating total length.
     bool is_holey = false;
     for (int i = 0; i < n_arguments; i++) {
       Object* arg = args[i];
       if (!arg->IsJSArray() ||
           !JSArray::cast(arg)->HasFastElements() ||
-          JSArray::cast(arg)->GetPrototype() != array_proto) {
+          SAFE_GET_PROTOTYPE_FAST(JSArray::cast(arg)) != array_proto) {
         AllowHeapAllocation allow_allocation;
         return CallJsBuiltin(isolate, "ArrayConcatJS", args);
       }
       int len = Smi::cast(JSArray::cast(arg)->length())->value();
 
       // We shouldn't overflow when adding another len.
       const int kHalfOfMaxInt = 1 << (kBitsPerInt - 2);
       STATIC_ASSERT(FixedArray::kMaxLength < kHalfOfMaxInt);
       USE(kHalfOfMaxInt);
       result_len += len;
@@ skipping 69 matching lines @@
 // -----------------------------------------------------------------------------
 //
 
 
 // Searches the hidden prototype chain of the given object for the first
 // object that is an instance of the given type.  If no such object can
 // be found then Heap::null_value() is returned.
 static inline Object* FindHidden(Heap* heap,
                                  Object* object,
                                  FunctionTemplateInfo* type) {
-  if (type->IsTemplateFor(object)) return object;
-  Object* proto = object->GetPrototype(heap->isolate());
-  if (proto->IsJSObject() &&
-      JSObject::cast(proto)->map()->is_hidden_prototype()) {
-    return FindHidden(heap, proto, type);
+  for (PrototypeIterator<STORE_AS_POINTER, TYPE_BASED_WALK, END_AT_NON_HIDDEN>
+           iter(heap->isolate(), object); !iter.IsAtEnd(); iter.Advance()) {
+    if (type->IsTemplateFor(iter.GetCurrent())) return iter.GetCurrent();
   }
   return heap->null_value();
 }
 
 
 // Returns the holder JSObject if the function can legally be called
 // with this receiver.  Returns Heap::null_value() if the call is
 // illegal.  Any arguments that don't fit the expected type is
 // overwritten with undefined.  Note that holder and the arguments are
 // implicitly rewritten with the first object in the hidden prototype
@@ skipping 604 matching lines @@
 }
 BUILTIN_LIST_C(DEFINE_BUILTIN_ACCESSOR_C)
 BUILTIN_LIST_A(DEFINE_BUILTIN_ACCESSOR_A)
 BUILTIN_LIST_H(DEFINE_BUILTIN_ACCESSOR_H)
 BUILTIN_LIST_DEBUG_A(DEFINE_BUILTIN_ACCESSOR_A)
 #undef DEFINE_BUILTIN_ACCESSOR_C
 #undef DEFINE_BUILTIN_ACCESSOR_A
 
 
 } }  // namespace v8::internal