Begin to handlify the stub cache.

src/ic.cc

 // Copyright 2011 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 831 matching lines @@
   if (FLAG_use_ic) {
     // Use specialized code for getting the length of strings and
     // string wrapper objects.  The length property of string wrapper
     // objects is read-only and therefore always returns the length of
     // the underlying string value.  See ECMA-262 15.5.5.1.
     if ((object->IsString() || object->IsStringWrapper()) &&
         name->Equals(isolate()->heap()->length_symbol())) {
       AssertNoAllocation no_allocation;
       Code* stub = NULL;
       if (state == UNINITIALIZED) {
-        stub = pre_monomorphic_stub();
+        stub = *pre_monomorphic_stub();
       } else if (state == PREMONOMORPHIC) {
         if (object->IsString()) {
           stub = isolate()->builtins()->builtin(
               Builtins::kLoadIC_StringLength);
         } else {
           stub = isolate()->builtins()->builtin(
               Builtins::kLoadIC_StringWrapperLength);
         }
       } else if (state == MONOMORPHIC && object->IsStringWrapper()) {
         stub = isolate()->builtins()->builtin(
             Builtins::kLoadIC_StringWrapperLength);
       } else if (state != MEGAMORPHIC) {
-        stub = megamorphic_stub();
+        stub = *megamorphic_stub();
       }
       if (stub != NULL) {
         set_target(stub);
 #ifdef DEBUG
         if (FLAG_trace_ic) PrintF("[LoadIC : +#length /string]\n");
 #endif
       }
       // Get the string if we have a string wrapper object.
       if (object->IsJSValue()) {
         return Smi::FromInt(
             String::cast(Handle<JSValue>::cast(object)->value())->length());
       }
       return Smi::FromInt(String::cast(*object)->length());
     }
 
     // Use specialized code for getting the length of arrays.
     if (object->IsJSArray() &&
         name->Equals(isolate()->heap()->length_symbol())) {
       AssertNoAllocation no_allocation;
       Code* stub = NULL;
       if (state == UNINITIALIZED) {
-        stub = pre_monomorphic_stub();
+        stub = *pre_monomorphic_stub();
       } else if (state == PREMONOMORPHIC) {
         stub = isolate()->builtins()->builtin(
             Builtins::kLoadIC_ArrayLength);
       } else if (state != MEGAMORPHIC) {
-        stub = megamorphic_stub();
+        stub = *megamorphic_stub();
       }
       if (stub != NULL) {
         set_target(stub);
 #ifdef DEBUG
         if (FLAG_trace_ic) PrintF("[LoadIC : +#length /array]\n");
 #endif
       }
       return JSArray::cast(*object)->length();
     }
 
     // Use specialized code for getting prototype of functions.
     if (object->IsJSFunction() &&
         name->Equals(isolate()->heap()->prototype_symbol()) &&
         JSFunction::cast(*object)->should_have_prototype()) {
       { AssertNoAllocation no_allocation;
         Code* stub = NULL;
         if (state == UNINITIALIZED) {
-          stub = pre_monomorphic_stub();
+          stub = *pre_monomorphic_stub();
         } else if (state == PREMONOMORPHIC) {
           stub = isolate()->builtins()->builtin(
               Builtins::kLoadIC_FunctionPrototype);
         } else if (state != MEGAMORPHIC) {
-          stub = megamorphic_stub();
+          stub = *megamorphic_stub();
         }
         if (stub != NULL) {
           set_target(stub);
 #ifdef DEBUG
           if (FLAG_trace_ic) PrintF("[LoadIC : +#prototype /function]\n");
 #endif
         }
       }
       return Accessors::FunctionGetPrototype(*object, 0);
     }
@@ skipping 11 matching lines @@
   // If we did not find a property, check if we need to throw an exception.
   if (!lookup.IsProperty()) {
     if (IsContextual(object)) {
       return ReferenceError("not_defined", name);
     }
     LOG(isolate(), SuspectReadEvent(*name, *object));
   }
 
   // Update inline cache and stub cache.
   if (FLAG_use_ic) {
     UpdateCaches(&lookup, state, object, name);

[ulan, 2011/10/13 17:36:10]

Can lookup.holder() become stale if this call causes GC?

I've been getting flaky craches until I handlified it.

[fschneider, 2011/10/14 07:42:11]

I think you're right, because LookupResult has a raw pointer to the object and
it is used after this call (e.g. passed into GetProperty)

   }
 
   PropertyAttributes attr;
   if (lookup.IsProperty() &&
       (lookup.type() == INTERCEPTOR || lookup.type() == HANDLER)) {
     // Get the property.
     Object* result;
     { MaybeObject* maybe_result =
           object->GetProperty(*object, &lookup, *name, &attr);
       if (!maybe_result->ToObject(&result)) return maybe_result;
@@ skipping 19 matching lines @@
   if (!lookup->IsCacheable()) return;
 
   // Loading properties from values is not common, so don't try to
   // deal with non-JS objects here.
   if (!object->IsJSObject()) return;
   Handle<JSObject> receiver = Handle<JSObject>::cast(object);
 
   if (HasNormalObjectsInPrototypeChain(isolate(), lookup, *object)) return;
 
   // Compute the code stub for this load.
-  MaybeObject* maybe_code = NULL;
-  Object* code;
+  HandleScope scope(isolate());

[Kevin Millikin (Chromium), 2011/09/29 09:21:32]

Before, we created this handle scope only in the case of a stub cache lookup
miss, when we actually compiled a stub.  Now, we always create it here.

That's a bit more overhead but we've already gone to the runtime and decided to
patch code, so I don't think it will be significant.

+  Handle<Code> code;
   if (state == UNINITIALIZED) {
     // This is the first time we execute this inline cache.
     // Set the target to the pre monomorphic stub to delay
     // setting the monomorphic state.
-    maybe_code = pre_monomorphic_stub();
+    code = pre_monomorphic_stub();
   } else if (!lookup->IsProperty()) {
     // Nonexistent property. The result is undefined.
-    maybe_code = isolate()->stub_cache()->ComputeLoadNonexistent(*name,
-                                                                 *receiver);
+    code = isolate()->stub_cache()->ComputeLoadNonexistent(name, receiver);
   } else {
     // Compute monomorphic stub.
+    Handle<JSObject> holder(lookup->holder());
     switch (lookup->type()) {
-      case FIELD: {
-        maybe_code = isolate()->stub_cache()->ComputeLoadField(
-            *name,
-            *receiver,
-            lookup->holder(),
-            lookup->GetFieldIndex());
+      case FIELD:
+        code = isolate()->stub_cache()->ComputeLoadField(
+            name, receiver, holder, lookup->GetFieldIndex());
+        break;
+      case CONSTANT_FUNCTION: {
+        Handle<Object> constant(lookup->GetConstantFunction());
+        code = isolate()->stub_cache()->ComputeLoadConstant(
+            name, receiver, holder, constant);
         break;
       }
-      case CONSTANT_FUNCTION: {
-        Object* constant = lookup->GetConstantFunction();
-        maybe_code = isolate()->stub_cache()->ComputeLoadConstant(
-            *name, *receiver, lookup->holder(), constant);
-        break;
-      }
-      case NORMAL: {
-        if (lookup->holder()->IsGlobalObject()) {
-          GlobalObject* global = GlobalObject::cast(lookup->holder());
-          JSGlobalPropertyCell* cell =
-              JSGlobalPropertyCell::cast(global->GetPropertyCell(lookup));
-          maybe_code = isolate()->stub_cache()->ComputeLoadGlobal(*name,
-                                                    *receiver,
-                                                    global,
-                                                    cell,
-                                                    lookup->IsDontDelete());
+      case NORMAL:
+        if (holder->IsGlobalObject()) {
+          Handle<GlobalObject> global = Handle<GlobalObject>::cast(holder);
+          Handle<JSGlobalPropertyCell> cell(global->GetPropertyCell(lookup));
+          code = isolate()->stub_cache()->ComputeLoadGlobal(
+              name, receiver, global, cell, lookup->IsDontDelete());
         } else {
           // There is only one shared stub for loading normalized
           // properties. It does not traverse the prototype chain, so the
           // property must be found in the receiver for the stub to be
           // applicable.
-          if (lookup->holder() != *receiver) return;
-          maybe_code = isolate()->stub_cache()->ComputeLoadNormal();
+          if (!holder.is_identical_to(receiver)) return;
+          code = isolate()->stub_cache()->ComputeLoadNormal();
         }
         break;
-      }
       case CALLBACKS: {
-        if (!lookup->GetCallbackObject()->IsAccessorInfo()) return;
-        AccessorInfo* callback =
-            AccessorInfo::cast(lookup->GetCallbackObject());
+        Handle<Object> callback_object(lookup->GetCallbackObject());
+        if (!callback_object->IsAccessorInfo()) return;
+        Handle<AccessorInfo> callback =
+            Handle<AccessorInfo>::cast(callback_object);
         if (v8::ToCData<Address>(callback->getter()) == 0) return;
-        maybe_code = isolate()->stub_cache()->ComputeLoadCallback(
-            *name, *receiver, lookup->holder(), callback);
+        code = isolate()->stub_cache()->ComputeLoadCallback(
+            name, receiver, holder, callback);
         break;
       }
-      case INTERCEPTOR: {
-        ASSERT(HasInterceptorGetter(lookup->holder()));
-        maybe_code = isolate()->stub_cache()->ComputeLoadInterceptor(
-            *name, *receiver, lookup->holder());
+      case INTERCEPTOR:
+        ASSERT(HasInterceptorGetter(*holder));
+        code = isolate()->stub_cache()->ComputeLoadInterceptor(
+            name, receiver, holder);
         break;
-      }
       default:
         return;
     }
   }
 
-  // If we're unable to compute the stub (not enough memory left), we
-  // simply avoid updating the caches.
-  if (maybe_code == NULL || !maybe_code->ToObject(&code)) return;
-
   // Patch the call site depending on the state of the cache.
-  if (state == UNINITIALIZED || state == PREMONOMORPHIC ||
+  if (state == UNINITIALIZED ||
+      state == PREMONOMORPHIC ||
       state == MONOMORPHIC_PROTOTYPE_FAILURE) {
-    set_target(Code::cast(code));
+    set_target(*code);
   } else if (state == MONOMORPHIC) {
-    set_target(megamorphic_stub());
+    set_target(*megamorphic_stub());
   } else if (state == MEGAMORPHIC) {
     // Cache code holding map should be consistent with
     // GenerateMonomorphicCacheProbe.
-    Map* map = JSObject::cast(object->IsJSObject() ? *object :
-                              object->GetPrototype())->map();
-
-    isolate()->stub_cache()->Set(*name, map, Code::cast(code));
+    isolate()->stub_cache()->Set(*name, receiver->map(), *code);
   }
 
 #ifdef DEBUG
   TraceIC("LoadIC", name, state, target());
 #endif
 }
 
 
 MaybeObject* KeyedLoadIC::GetElementStubWithoutMapCheck(
     bool is_js_array,
     ElementsKind elements_kind) {
   return KeyedLoadElementStub(elements_kind).TryGetCode();
 }
 
 
 MaybeObject* KeyedLoadIC::ConstructMegamorphicStub(
     MapList* receiver_maps,
     CodeList* targets,
     StrictModeFlag strict_mode) {
   Object* object;
-  KeyedLoadStubCompiler compiler;
+  HandleScope scope(isolate());
+  KeyedLoadStubCompiler compiler(isolate());
   MaybeObject* maybe_code = compiler.CompileLoadMegamorphic(receiver_maps,
                                                             targets);
   if (!maybe_code->ToObject(&object)) return maybe_code;
   isolate()->counters()->keyed_load_polymorphic_stubs()->Increment();
   PROFILE(isolate(), CodeCreateEvent(
       Logger::KEYED_LOAD_MEGAMORPHIC_IC_TAG,
       Code::cast(object), 0));
   return object;
 }
 
@@ skipping 606 matching lines @@
     ElementsKind elements_kind) {
   return KeyedStoreElementStub(is_js_array, elements_kind).TryGetCode();
 }
 
 
 MaybeObject* KeyedStoreIC::ConstructMegamorphicStub(
     MapList* receiver_maps,
     CodeList* targets,
     StrictModeFlag strict_mode) {
   Object* object;
-  KeyedStoreStubCompiler compiler(strict_mode);
+  HandleScope scope(isolate());
+  KeyedStoreStubCompiler compiler(isolate(), strict_mode);
   MaybeObject* maybe_code = compiler.CompileStoreMegamorphic(receiver_maps,
                                                              targets);
   if (!maybe_code->ToObject(&object)) return maybe_code;
   isolate()->counters()->keyed_store_polymorphic_stubs()->Increment();
   PROFILE(isolate(), CodeCreateEvent(
       Logger::KEYED_STORE_MEGAMORPHIC_IC_TAG,
       Code::cast(object), 0));
   return object;
 }
 
@@ skipping 778 matching lines @@
 #undef ADDR
 };
 
 
 Address IC::AddressFromUtilityId(IC::UtilityId id) {
   return IC_utilities[id];
 }
 
 
 } }  // namespace v8::internal