Rewrite StoreIC handling using the LookupIterator. Continued from patch 494153002

src/objects.cc

 // Copyright 2013 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/v8.h"
 
 #include "src/accessors.h"
 #include "src/allocation-site-scopes.h"
 #include "src/api.h"
 #include "src/arguments.h"
@@ skipping 90 matching lines @@
   return fun->IsJSFunction() ||
          (fun->IsHeapObject() &&
           HeapObject::cast(fun)->map()->has_instance_call_handler());
 }
 
 
 MaybeHandle<Object> Object::GetProperty(LookupIterator* it) {
   for (; it->IsFound(); it->Next()) {
     switch (it->state()) {
       case LookupIterator::NOT_FOUND:
+      case LookupIterator::TRANSITION:
         UNREACHABLE();
       case LookupIterator::JSPROXY:
         return JSProxy::GetPropertyWithHandler(it->GetHolder<JSProxy>(),
                                                it->GetReceiver(), it->name());
       case LookupIterator::INTERCEPTOR: {
         MaybeHandle<Object> maybe_result = JSObject::GetPropertyWithInterceptor(
             it->GetHolder<JSObject>(), it->GetReceiver(), it->name());
         if (!maybe_result.is_null()) return maybe_result;
         if (it->isolate()->has_pending_exception()) return maybe_result;
         break;
@@ skipping 22 matching lines @@
 Handle<Object> JSObject::GetDataProperty(Handle<JSObject> object,
                                          Handle<Name> key) {
   LookupIterator it(object, key, LookupIterator::CHECK_DERIVED_PROPERTY);
   return GetDataProperty(&it);
 }
 
 
 Handle<Object> JSObject::GetDataProperty(LookupIterator* it) {
   for (; it->IsFound(); it->Next()) {
     switch (it->state()) {
-      case LookupIterator::NOT_FOUND:
       case LookupIterator::ACCESS_CHECK:
       case LookupIterator::INTERCEPTOR:
+      case LookupIterator::NOT_FOUND:
+      case LookupIterator::TRANSITION:
         UNREACHABLE();
       case LookupIterator::JSPROXY:
         it->NotFound();
         return it->isolate()->factory()->undefined_value();
       case LookupIterator::PROPERTY:
         if (!it->HasProperty()) continue;
         switch (it->property_kind()) {
           case LookupIterator::DATA:
             return it->GetDataValue();
           case LookupIterator::ACCESSOR:
@@ skipping 2541 matching lines @@
     if (proto_map->is_deprecated() && JSObject::TryMigrateInstance(holder)) {
       proto_map = Handle<Map>(holder->map());
     }
   }
   return TryUpdateInternal(map);
 }
 
 
 // static
 Handle<Map> Map::Update(Handle<Map> map) {
+  if (!map->is_deprecated()) return map;
   return GeneralizeRepresentation(map, 0, Representation::None(),
                                   HeapType::None(map->GetIsolate()),
                                   ALLOW_AS_CONSTANT);
 }
 
 
 // static
 MaybeHandle<Map> Map::TryUpdateInternal(Handle<Map> old_map) {
   DisallowHeapAllocation no_allocation;
   DisallowDeoptimization no_deoptimization(old_map->GetIsolate());
@@ skipping 160 matching lines @@
                                              it->GetAccessors(), strict_mode);
             }
             break;
           case LookupIterator::DATA:
             if (it->HolderIsReceiverOrHiddenPrototype()) {
               return SetDataProperty(it, value);
             }
         }
         done = true;
         break;
+
+      case LookupIterator::TRANSITION:
+        done = true;
+        break;
     }
 
     if (done) break;
   }
 
+  // If the receiver is the JSGlobalObject, the store was contextual. In case
+  // the property did not exist yet on the global object itself, we have to
+  // throw a reference error in strict mode.
+  if (it->GetReceiver()->IsJSGlobalObject() && strict_mode == STRICT) {
+    Handle<Object> args[1] = {it->name()};
+    Handle<Object> error = it->isolate()->factory()->NewReferenceError(
+        "not_defined", HandleVector(args, 1));
+    return it->isolate()->Throw<Object>(error);
+  }
+
   return AddDataProperty(it, value, NONE, strict_mode, store_mode);
 }
 
 
 MaybeHandle<Object> Object::WriteToReadOnlyProperty(LookupIterator* it,
                                                     Handle<Object> value,
                                                     StrictMode strict_mode) {
   if (strict_mode != STRICT) return value;
 
   Handle<Object> args[] = {it->name(), it->GetReceiver()};
@@ skipping 41 matching lines @@
 MaybeHandle<Object> Object::AddDataProperty(LookupIterator* it,
                                             Handle<Object> value,
                                             PropertyAttributes attributes,
                                             StrictMode strict_mode,
                                             StoreFromKeyed store_mode) {
   DCHECK(!it->GetReceiver()->IsJSProxy());
   if (!it->GetReceiver()->IsJSObject()) {
     // TODO(verwaest): Throw a TypeError with a more specific message.
     return WriteToReadOnlyProperty(it, value, strict_mode);
   }
-  Handle<JSObject> receiver = Handle<JSObject>::cast(it->GetReceiver());
+
+  Handle<JSObject> receiver = it->GetStoreTarget();
 
   // If the receiver is a JSGlobalProxy, store on the prototype (JSGlobalObject)
   // instead. If the prototype is Null, the proxy is detached.
-  if (receiver->IsJSGlobalProxy()) {
-    // Trying to assign to a detached proxy.
-    PrototypeIterator iter(it->isolate(), receiver);
-    if (iter.IsAtEnd()) return value;
-    receiver =
-        Handle<JSGlobalObject>::cast(PrototypeIterator::GetCurrent(iter));
-  }
+  if (receiver->IsJSGlobalProxy()) return value;
 
-  if (!it->name().is_identical_to(it->isolate()->factory()->hidden_string()) &&
-      !receiver->map()->is_extensible()) {
+  // Possibly migrate to the most up-to-date map that will be able to store
+  // |value| under it->name() with |attributes|.
+  it->PrepareTransitionToDataProperty(value, attributes, store_mode);
+  if (it->state() != LookupIterator::TRANSITION) {
     if (strict_mode == SLOPPY) return value;
 
     Handle<Object> args[1] = {it->name()};
     Handle<Object> error = it->factory()->NewTypeError(
         "object_not_extensible", HandleVector(args, ARRAY_SIZE(args)));
     return it->isolate()->Throw<Object>(error);
   }
-
-  // Possibly migrate to the most up-to-date map that will be able to store
-  // |value| under it->name() with |attributes|.
-  it->TransitionToDataProperty(value, attributes, store_mode);
+  it->ApplyTransitionToDataProperty();
 
   // TODO(verwaest): Encapsulate dictionary handling better.
   if (receiver->map()->is_dictionary_map()) {
     // TODO(verwaest): Probably should ensure this is done beforehand.
     it->InternalizeName();
     JSObject::AddSlowProperty(receiver, it->name(), value, attributes);
   } else {
     // Write the property value.
     it->WriteDataValue(value);
   }
@@ skipping 374 matching lines @@
 }
 
 
 Handle<Map> JSObject::GetElementsTransitionMap(Handle<JSObject> object,
                                                ElementsKind to_kind) {
   Handle<Map> map(object->map());
   return Map::TransitionElementsTo(map, to_kind);
 }
 
 
-void JSObject::LookupOwnRealNamedProperty(Handle<Name> name,
-                                          LookupResult* result) {
-  DisallowHeapAllocation no_gc;
-  if (IsJSGlobalProxy()) {
-    PrototypeIterator iter(GetIsolate(), this);
-    if (iter.IsAtEnd()) return result->NotFound();
-    DCHECK(iter.GetCurrent()->IsJSGlobalObject());
-    return JSObject::cast(iter.GetCurrent())
-        ->LookupOwnRealNamedProperty(name, result);
-  }
-
-  if (HasFastProperties()) {
-    map()->LookupDescriptor(this, *name, result);
-    // A property or a map transition was found. We return all of these result
-    // types because LookupOwnRealNamedProperty is used when setting
-    // properties where map transitions are handled.
-    DCHECK(!result->IsFound() ||
-           (result->holder() == this && result->IsFastPropertyType()));
-    return;
-  }
-
-  int entry = property_dictionary()->FindEntry(name);
-  if (entry != NameDictionary::kNotFound) {
-    Object* value = property_dictionary()->ValueAt(entry);
-    if (IsGlobalObject()) {
-      PropertyDetails d = property_dictionary()->DetailsAt(entry);
-      if (d.IsDeleted() || PropertyCell::cast(value)->value()->IsTheHole()) {
-        result->NotFound();
-        return;
-      }
-      value = PropertyCell::cast(value)->value();
-    }
-    result->DictionaryResult(this, entry);
-    return;
-  }
-
-  result->NotFound();
-}
-
-
 Maybe<bool> JSProxy::HasPropertyWithHandler(Handle<JSProxy> proxy,
                                             Handle<Name> name) {
   Isolate* isolate = proxy->GetIsolate();
 
   // TODO(rossberg): adjust once there is a story for symbols vs proxies.
   if (name->IsSymbol()) return maybe(false);
 
   Handle<Object> args[] = { name };
   Handle<Object> result;
   ASSIGN_RETURN_ON_EXCEPTION_VALUE(
@@ skipping 408 matching lines @@
     Handle<Object> value,
     PropertyAttributes attributes,
     ExecutableAccessorInfoHandling handling) {
   DCHECK(!value->IsTheHole());
   LookupIterator it(object, name,
                     LookupIterator::CHECK_HIDDEN_SKIP_INTERCEPTOR);
   bool is_observed = object->map()->is_observed() &&
                      *name != it.isolate()->heap()->hidden_string();
   for (; it.IsFound(); it.Next()) {
     switch (it.state()) {
+      case LookupIterator::INTERCEPTOR:
+      case LookupIterator::JSPROXY:
       case LookupIterator::NOT_FOUND:
-      case LookupIterator::JSPROXY:
-      case LookupIterator::INTERCEPTOR:
+      case LookupIterator::TRANSITION:
         UNREACHABLE();
 
       case LookupIterator::ACCESS_CHECK:
         if (!it.isolate()->MayNamedAccess(object, name, v8::ACCESS_SET)) {
           return SetPropertyWithFailedAccessCheck(&it, value, SLOPPY);
         }
         break;
 
       case LookupIterator::PROPERTY: {
         if (!it.HasProperty()) break;
@@ skipping 152 matching lines @@
   LookupIterator it(object, name, LookupIterator::CHECK_HIDDEN);
   return GetPropertyAttributes(&it);
 }
 
 
 Maybe<PropertyAttributes> JSReceiver::GetPropertyAttributes(
     LookupIterator* it) {
   for (; it->IsFound(); it->Next()) {
     switch (it->state()) {
       case LookupIterator::NOT_FOUND:
+      case LookupIterator::TRANSITION:
         UNREACHABLE();
       case LookupIterator::JSPROXY:
         return JSProxy::GetPropertyAttributesWithHandler(
             it->GetHolder<JSProxy>(), it->GetReceiver(), it->name());
       case LookupIterator::INTERCEPTOR: {
         Maybe<PropertyAttributes> result =
             JSObject::GetPropertyAttributesWithInterceptor(
                 it->GetHolder<JSObject>(), it->GetReceiver(), it->name());
         if (!result.has_value) return result;
         if (result.value != ABSENT) return result;
@@ skipping 919 matching lines @@
           ? LookupIterator::CHECK_HIDDEN_SKIP_INTERCEPTOR
           : LookupIterator::CHECK_HIDDEN;
 
   LookupIterator it(object, name, config);
 
   bool is_observed = object->map()->is_observed() &&
                      *name != it.isolate()->heap()->hidden_string();
 
   for (; it.IsFound(); it.Next()) {
     switch (it.state()) {
+      case LookupIterator::JSPROXY:
       case LookupIterator::NOT_FOUND:
-      case LookupIterator::JSPROXY:
+      case LookupIterator::TRANSITION:
         UNREACHABLE();
       case LookupIterator::ACCESS_CHECK:
         if (it.HasAccess(v8::ACCESS_DELETE)) break;
         it.isolate()->ReportFailedAccessCheck(it.GetHolder<JSObject>(),
                                               v8::ACCESS_DELETE);
         RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(it.isolate(), Object);
         return it.isolate()->factory()->false_value();
       case LookupIterator::INTERCEPTOR: {
         MaybeHandle<Object> maybe_result =
             JSObject::DeletePropertyWithInterceptor(it.GetHolder<JSObject>(),
@@ skipping 727 matching lines @@
   for (int i = 0; i < number_of_own_descriptors; i++) {
     if (descs->GetType(i) == FIELD) {
       int current_index = descs->GetFieldIndex(i);
       if (current_index > max_index) max_index = current_index;
     }
   }
   return max_index + 1;
 }
 
 
-void JSReceiver::LookupOwn(Handle<Name> name, LookupResult* result) {
-  DisallowHeapAllocation no_gc;
-  DCHECK(name->IsName());
-
-  if (IsJSGlobalProxy()) {
-    PrototypeIterator iter(GetIsolate(), this);
-    if (iter.IsAtEnd()) return result->NotFound();
-    DCHECK(iter.GetCurrent()->IsJSGlobalObject());
-    return JSReceiver::cast(iter.GetCurrent())->LookupOwn(name, result);
-  }
-
-  if (IsJSProxy()) {
-    result->HandlerResult(JSProxy::cast(this));
-    return;
-  }
-
-  // Do not use inline caching if the object is a non-global object
-  // that requires access checks.
-  if (IsAccessCheckNeeded()) {
-    result->DisallowCaching();
-  }
-
-  JSObject* js_object = JSObject::cast(this);
-
-  // Check for lookup interceptor except when bootstrapping.
-  if (js_object->HasNamedInterceptor() &&
-      !GetIsolate()->bootstrapper()->IsActive()) {
-    result->InterceptorResult(js_object);
-    return;
-  }
-
-  js_object->LookupOwnRealNamedProperty(name, result);
-}
-
-
-void JSReceiver::Lookup(Handle<Name> name, LookupResult* result) {
-  DisallowHeapAllocation no_gc;
-  // Ecma-262 3rd 8.6.2.4
-  for (PrototypeIterator iter(GetIsolate(), this,
-                              PrototypeIterator::START_AT_RECEIVER);
-       !iter.IsAtEnd(); iter.Advance()) {
-    JSReceiver::cast(iter.GetCurrent())->LookupOwn(name, result);
-    if (result->IsFound()) return;
-    if (name->IsOwn()) {
-      result->NotFound();
-      return;
-    }
-  }
-  result->NotFound();
-}
-
-
 static bool ContainsOnlyValidKeys(Handle<FixedArray> array) {
   int len = array->length();
   for (int i = 0; i < len; i++) {
     Object* e = array->get(i);
     if (!(e->IsString() || e->IsNumber())) return false;
   }
   return true;
 }
 
 
@@ skipping 615 matching lines @@
                           isolate);
           }
         }
       }
     }
   } else {
     LookupIterator it(object, name,
                       LookupIterator::CHECK_DERIVED_SKIP_INTERCEPTOR);
     for (; it.IsFound(); it.Next()) {
       switch (it.state()) {
+        case LookupIterator::INTERCEPTOR:
         case LookupIterator::NOT_FOUND:
-        case LookupIterator::INTERCEPTOR:
+        case LookupIterator::TRANSITION:
           UNREACHABLE();
 
         case LookupIterator::ACCESS_CHECK:
           if (it.HasAccess(v8::ACCESS_HAS)) continue;
           isolate->ReportFailedAccessCheck(it.GetHolder<JSObject>(),
                                            v8::ACCESS_HAS);
           RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
           return isolate->factory()->undefined_value();
 
         case LookupIterator::JSPROXY:
@@ skipping 416 matching lines @@
   return false;
 }
 
 
 Handle<Map> Map::PrepareForDataProperty(Handle<Map> map, int descriptor,
                                         Handle<Object> value) {
   // Dictionaries can store any property value.
   if (map->is_dictionary_map()) return map;
 
   // Migrate to the newest map before storing the property.
-  if (map->is_deprecated()) map = Update(map);
+  map = Update(map);
 
   Handle<DescriptorArray> descriptors(map->instance_descriptors());
 
   if (descriptors->CanHoldValue(descriptor, *value)) return map;
 
   Isolate* isolate = map->GetIsolate();
   Representation representation = value->OptimalRepresentation();
   Handle<HeapType> type = value->OptimalType(isolate, representation);
 
   return GeneralizeRepresentation(map, descriptor, representation, type,
                                   FORCE_FIELD);
 }
 
 
 Handle<Map> Map::TransitionToDataProperty(Handle<Map> map, Handle<Name> name,
                                           Handle<Object> value,
                                           PropertyAttributes attributes,
                                           StoreFromKeyed store_mode) {
   // Dictionary maps can always have additional data properties.
   if (map->is_dictionary_map()) return map;
 
-  // Migrate to the newest map before transitioning to the new property.
-  if (map->is_deprecated()) map = Update(map);
+  // Migrate to the newest map before storing the property.
+  map = Update(map);
 
   int index = map->SearchTransition(*name);
   if (index != TransitionArray::kNotFound) {
     Handle<Map> transition(map->GetTransition(index));
     int descriptor = transition->LastAdded();
 
     // TODO(verwaest): Handle attributes better.
     DescriptorArray* descriptors = transition->instance_descriptors();
     if (descriptors->GetDetails(descriptor).attributes() != attributes) {
-      return CopyGeneralizeAllRepresentations(transition, descriptor,
-                                              FORCE_FIELD, attributes,
-                                              "attributes mismatch");
+      return Map::Normalize(map, CLEAR_INOBJECT_PROPERTIES);
     }
 
     return Map::PrepareForDataProperty(transition, descriptor, value);
   }
 
   TransitionFlag flag = INSERT_TRANSITION;
   MaybeHandle<Map> maybe_map;
   if (value->IsJSFunction()) {
     maybe_map = Map::CopyWithConstant(map, name, value, attributes, flag);
   } else if (!map->TooManyFastProperties(store_mode)) {
@@ skipping 34 matching lines @@
 
   // Dictionary maps can always have additional data properties.
   if (map->is_dictionary_map()) {
     // For global objects, property cells are inlined. We need to change the
     // map.
     if (map->IsGlobalObjectMap()) return Copy(map);
     return map;
   }
 
   // Migrate to the newest map before transitioning to the new property.
-  if (map->is_deprecated()) map = Update(map);
+  map = Update(map);
 
   PropertyNormalizationMode mode = map->is_prototype_map()
                                        ? KEEP_INOBJECT_PROPERTIES
                                        : CLEAR_INOBJECT_PROPERTIES;
 
   int index = map->SearchTransition(*name);
   if (index != TransitionArray::kNotFound) {
     Handle<Map> transition(map->GetTransition(index));
     DescriptorArray* descriptors = transition->instance_descriptors();
     // Fast path, assume that we're modifying the last added descriptor.
@@ skipping 9612 matching lines @@
 #define ERROR_MESSAGES_TEXTS(C, T) T,
   static const char* error_messages_[] = {
       ERROR_MESSAGES_LIST(ERROR_MESSAGES_TEXTS)
   };
 #undef ERROR_MESSAGES_TEXTS
   return error_messages_[reason];
 }
 
 
 } }  // namespace v8::internal