| OLD | NEW |
|---|
| 1 // Copyright 2014 the V8 project authors. All rights reserved. | 1 // Copyright 2014 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/v8.h" | 5 #include "src/v8.h" |
| 6 | 6 |
| 7 #if V8_TARGET_ARCH_ARM64 | 7 #if V8_TARGET_ARCH_ARM64 |
| 8 | 8 |
| 9 #include "src/ic/call-optimization.h" | 9 #include "src/ic/call-optimization.h" |
| 10 #include "src/ic/handler-compiler.h" | 10 #include "src/ic/handler-compiler.h" |
| (...skipping 321 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 332 #undef __ | 332 #undef __ |
| 333 #define __ ACCESS_MASM(masm()) | 333 #define __ ACCESS_MASM(masm()) |
| 334 | 334 |
| 335 | 335 |
| 336 Handle<Code> NamedLoadHandlerCompiler::CompileLoadGlobal( | 336 Handle<Code> NamedLoadHandlerCompiler::CompileLoadGlobal( |
| 337 Handle<PropertyCell> cell, Handle<Name> name, bool is_configurable) { | 337 Handle<PropertyCell> cell, Handle<Name> name, bool is_configurable) { |
| 338 Label miss; | 338 Label miss; |
| 339 if (IC::ICUseVector(kind())) { | 339 if (IC::ICUseVector(kind())) { |
| 340 PushVectorAndSlot(); | 340 PushVectorAndSlot(); |
| 341 } | 341 } |
| 342 FrontendHeader(receiver(), name, &miss); | 342 FrontendHeader(receiver(), name, &miss, DONT_RETURN_ANYTHING); |
| 343 | 343 |
| 344 // Get the value from the cell. | 344 // Get the value from the cell. |
| 345 Register result = StoreDescriptor::ValueRegister(); | 345 Register result = StoreDescriptor::ValueRegister(); |
| 346 Handle<WeakCell> weak_cell = factory()->NewWeakCell(cell); | 346 Handle<WeakCell> weak_cell = factory()->NewWeakCell(cell); |
| 347 __ LoadWeakValue(result, weak_cell, &miss); | 347 __ LoadWeakValue(result, weak_cell, &miss); |
| 348 __ Ldr(result, FieldMemOperand(result, PropertyCell::kValueOffset)); | 348 __ Ldr(result, FieldMemOperand(result, PropertyCell::kValueOffset)); |
| 349 | 349 |
| 350 // Check for deleted property if property can actually be deleted. | 350 // Check for deleted property if property can actually be deleted. |
| 351 if (is_configurable) { | 351 if (is_configurable) { |
| 352 __ JumpIfRoot(result, Heap::kTheHoleValueRootIndex, &miss); | 352 __ JumpIfRoot(result, Heap::kTheHoleValueRootIndex, &miss); |
| (...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 454 } | 454 } |
| 455 __ B(eq, &do_store); | 455 __ B(eq, &do_store); |
| 456 } | 456 } |
| 457 __ Bind(&do_store); | 457 __ Bind(&do_store); |
| 458 } | 458 } |
| 459 } | 459 } |
| 460 | 460 |
| 461 | 461 |
| 462 Register PropertyHandlerCompiler::CheckPrototypes( | 462 Register PropertyHandlerCompiler::CheckPrototypes( |
| 463 Register object_reg, Register holder_reg, Register scratch1, | 463 Register object_reg, Register holder_reg, Register scratch1, |
| 464 Register scratch2, Handle<Name> name, Label* miss, | 464 Register scratch2, Handle<Name> name, Label* miss, PrototypeCheckType check, |
| 465 PrototypeCheckType check) { | 465 ReturnHolder return_what) { |
| 466 Handle<Map> receiver_map = map(); | 466 Handle<Map> receiver_map = map(); |
| 467 | 467 |
| 468 // object_reg and holder_reg registers can alias. | 468 // object_reg and holder_reg registers can alias. |
| 469 DCHECK(!AreAliased(object_reg, scratch1, scratch2)); | 469 DCHECK(!AreAliased(object_reg, scratch1, scratch2)); |
| 470 DCHECK(!AreAliased(holder_reg, scratch1, scratch2)); | 470 DCHECK(!AreAliased(holder_reg, scratch1, scratch2)); |
| 471 | 471 |
| 472 if (FLAG_eliminate_prototype_chain_checks) { |
| 473 Handle<Cell> validity_cell = |
| 474 Map::GetOrCreatePrototypeChainValidityCell(receiver_map, isolate()); |
| 475 if (!validity_cell.is_null()) { |
| 476 DCHECK_EQ(Smi::FromInt(Map::kPrototypeChainValid), |
| 477 validity_cell->value()); |
| 478 __ Mov(scratch1, Operand(validity_cell)); |
| 479 __ Ldr(scratch1, FieldMemOperand(scratch1, Cell::kValueOffset)); |
| 480 __ Cmp(scratch1, Operand(Smi::FromInt(Map::kPrototypeChainValid))); |
| 481 __ B(ne, miss); |
| 482 } |
| 483 |
| 484 // The prototype chain of primitives (and their JSValue wrappers) depends |
| 485 // on the native context, which can't be guarded by validity cells. |
| 486 // |object_reg| holds the native context specific prototype in this case; |
| 487 // we need to check its map. |
| 488 if (check == CHECK_ALL_MAPS) { |
| 489 __ Ldr(scratch1, FieldMemOperand(object_reg, HeapObject::kMapOffset)); |
| 490 Handle<WeakCell> cell = Map::WeakCellForMap(receiver_map); |
| 491 __ CmpWeakValue(scratch1, cell, scratch2); |
| 492 __ B(ne, miss); |
| 493 } |
| 494 } |
| 495 |
| 472 // Keep track of the current object in register reg. | 496 // Keep track of the current object in register reg. |
| 473 Register reg = object_reg; | 497 Register reg = object_reg; |
| 474 int depth = 0; | 498 int depth = 0; |
| 475 | 499 |
| 476 Handle<JSObject> current = Handle<JSObject>::null(); | 500 Handle<JSObject> current = Handle<JSObject>::null(); |
| 477 if (receiver_map->IsJSGlobalObjectMap()) { | 501 if (receiver_map->IsJSGlobalObjectMap()) { |
| 478 current = isolate()->global_object(); | 502 current = isolate()->global_object(); |
| 479 } | 503 } |
| 480 | 504 |
| 481 // Check access rights to the global object. This has to happen after | 505 // Check access rights to the global object. This has to happen after |
| (...skipping 24 matching lines...) Expand all Loading... |
| 506 if (current_map->is_dictionary_map() && | 530 if (current_map->is_dictionary_map() && |
| 507 !current_map->IsJSGlobalObjectMap()) { | 531 !current_map->IsJSGlobalObjectMap()) { |
| 508 DCHECK(!current_map->IsJSGlobalProxyMap()); // Proxy maps are fast. | 532 DCHECK(!current_map->IsJSGlobalProxyMap()); // Proxy maps are fast. |
| 509 if (!name->IsUniqueName()) { | 533 if (!name->IsUniqueName()) { |
| 510 DCHECK(name->IsString()); | 534 DCHECK(name->IsString()); |
| 511 name = factory()->InternalizeString(Handle<String>::cast(name)); | 535 name = factory()->InternalizeString(Handle<String>::cast(name)); |
| 512 } | 536 } |
| 513 DCHECK(current.is_null() || (current->property_dictionary()->FindEntry( | 537 DCHECK(current.is_null() || (current->property_dictionary()->FindEntry( |
| 514 name) == NameDictionary::kNotFound)); | 538 name) == NameDictionary::kNotFound)); |
| 515 | 539 |
| 540 if (FLAG_eliminate_prototype_chain_checks && depth > 1) { |
| 541 // TODO(jkummerow): Cache and re-use weak cell. |
| 542 __ LoadWeakValue(reg, isolate()->factory()->NewWeakCell(current), miss); |
| 543 } |
| 516 GenerateDictionaryNegativeLookup(masm(), miss, reg, name, scratch1, | 544 GenerateDictionaryNegativeLookup(masm(), miss, reg, name, scratch1, |
| 517 scratch2); | 545 scratch2); |
| 518 | 546 |
| 519 __ Ldr(scratch1, FieldMemOperand(reg, HeapObject::kMapOffset)); | 547 if (!FLAG_eliminate_prototype_chain_checks) { |
| 520 reg = holder_reg; // From now on the object will be in holder_reg. | 548 __ Ldr(scratch1, FieldMemOperand(reg, HeapObject::kMapOffset)); |
| 521 __ Ldr(reg, FieldMemOperand(scratch1, Map::kPrototypeOffset)); | 549 __ Ldr(holder_reg, FieldMemOperand(scratch1, Map::kPrototypeOffset)); |
| 550 } |
| 522 } else { | 551 } else { |
| 523 Register map_reg = scratch1; | 552 Register map_reg = scratch1; |
| 524 __ Ldr(map_reg, FieldMemOperand(reg, HeapObject::kMapOffset)); | 553 if (!FLAG_eliminate_prototype_chain_checks) { |
| 525 | 554 __ Ldr(map_reg, FieldMemOperand(reg, HeapObject::kMapOffset)); |
| 555 } |
| 526 if (current_map->IsJSGlobalObjectMap()) { | 556 if (current_map->IsJSGlobalObjectMap()) { |
| 527 GenerateCheckPropertyCell(masm(), Handle<JSGlobalObject>::cast(current), | 557 GenerateCheckPropertyCell(masm(), Handle<JSGlobalObject>::cast(current), |
| 528 name, scratch2, miss); | 558 name, scratch2, miss); |
| 529 } else if (depth != 1 || check == CHECK_ALL_MAPS) { | 559 } else if (!FLAG_eliminate_prototype_chain_checks && |
| 560 (depth != 1 || check == CHECK_ALL_MAPS)) { |
| 530 Handle<WeakCell> cell = Map::WeakCellForMap(current_map); | 561 Handle<WeakCell> cell = Map::WeakCellForMap(current_map); |
| 531 __ CmpWeakValue(map_reg, cell, scratch2); | 562 __ CmpWeakValue(map_reg, cell, scratch2); |
| 532 __ B(ne, miss); | 563 __ B(ne, miss); |
| 533 } | 564 } |
| 534 | 565 if (!FLAG_eliminate_prototype_chain_checks) { |
| 535 reg = holder_reg; // From now on the object will be in holder_reg. | 566 __ Ldr(holder_reg, FieldMemOperand(map_reg, Map::kPrototypeOffset)); |
| 536 | 567 } |
| 537 __ Ldr(reg, FieldMemOperand(map_reg, Map::kPrototypeOffset)); | |
| 538 } | 568 } |
| 539 | 569 |
| 570 reg = holder_reg; // From now on the object will be in holder_reg. |
| 540 // Go to the next object in the prototype chain. | 571 // Go to the next object in the prototype chain. |
| 541 current = prototype; | 572 current = prototype; |
| 542 current_map = handle(current->map()); | 573 current_map = handle(current->map()); |
| 543 } | 574 } |
| 544 | 575 |
| 545 DCHECK(!current_map->IsJSGlobalProxyMap()); | 576 DCHECK(!current_map->IsJSGlobalProxyMap()); |
| 546 | 577 |
| 547 // Log the check depth. | 578 // Log the check depth. |
| 548 LOG(isolate(), IntEvent("check-maps-depth", depth + 1)); | 579 LOG(isolate(), IntEvent("check-maps-depth", depth + 1)); |
| 549 | 580 |
| 550 // Check the holder map. | 581 if (!FLAG_eliminate_prototype_chain_checks && |
| 551 if (depth != 0 || check == CHECK_ALL_MAPS) { | 582 (depth != 0 || check == CHECK_ALL_MAPS)) { |
| 552 // Check the holder map. | 583 // Check the holder map. |
| 553 __ Ldr(scratch1, FieldMemOperand(reg, HeapObject::kMapOffset)); | 584 __ Ldr(scratch1, FieldMemOperand(reg, HeapObject::kMapOffset)); |
| 554 Handle<WeakCell> cell = Map::WeakCellForMap(current_map); | 585 Handle<WeakCell> cell = Map::WeakCellForMap(current_map); |
| 555 __ CmpWeakValue(scratch1, cell, scratch2); | 586 __ CmpWeakValue(scratch1, cell, scratch2); |
| 556 __ B(ne, miss); | 587 __ B(ne, miss); |
| 557 } | 588 } |
| 558 | 589 |
| 590 bool return_holder = return_what == RETURN_HOLDER; |
| 591 if (FLAG_eliminate_prototype_chain_checks && return_holder && depth != 0) { |
| 592 __ LoadWeakValue(reg, isolate()->factory()->NewWeakCell(current), miss); |
| 593 } |
| 594 |
| 559 // Return the register containing the holder. | 595 // Return the register containing the holder. |
| 560 return reg; | 596 return return_holder ? reg : no_reg; |
| 561 } | 597 } |
| 562 | 598 |
| 563 | 599 |
| 564 void NamedLoadHandlerCompiler::FrontendFooter(Handle<Name> name, Label* miss) { | 600 void NamedLoadHandlerCompiler::FrontendFooter(Handle<Name> name, Label* miss) { |
| 565 if (!miss->is_unused()) { | 601 if (!miss->is_unused()) { |
| 566 Label success; | 602 Label success; |
| 567 __ B(&success); | 603 __ B(&success); |
| 568 | 604 |
| 569 __ Bind(miss); | 605 __ Bind(miss); |
| 570 if (IC::ICUseVector(kind())) { | 606 if (IC::ICUseVector(kind())) { |
| (...skipping 190 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 761 // Return the generated code. | 797 // Return the generated code. |
| 762 return GetCode(kind(), Code::FAST, name); | 798 return GetCode(kind(), Code::FAST, name); |
| 763 } | 799 } |
| 764 | 800 |
| 765 | 801 |
| 766 #undef __ | 802 #undef __ |
| 767 } | 803 } |
| 768 } // namespace v8::internal | 804 } // namespace v8::internal |
| 769 | 805 |
| 770 #endif // V8_TARGET_ARCH_IA32 | 806 #endif // V8_TARGET_ARCH_IA32 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 908213002:
Use Cells to check prototype chain validity (disabled by default). (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master