| OLD | NEW |
|---|
| 1 // Copyright 2014 the V8 project authors. All rights reserved. | 1 // Copyright 2014 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/v8.h" | 5 #include "src/v8.h" |
| 6 | 6 |
| 7 #if V8_TARGET_ARCH_IA32 | 7 #if V8_TARGET_ARCH_IA32 |
| 8 | 8 |
| 9 #include "src/ic/call-optimization.h" | 9 #include "src/ic/call-optimization.h" |
| 10 #include "src/ic/handler-compiler.h" | 10 #include "src/ic/handler-compiler.h" |
| (...skipping 396 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 407 } | 407 } |
| 408 __ j(equal, &do_store, Label::kNear); | 408 __ j(equal, &do_store, Label::kNear); |
| 409 } | 409 } |
| 410 __ bind(&do_store); | 410 __ bind(&do_store); |
| 411 } | 411 } |
| 412 } | 412 } |
| 413 | 413 |
| 414 | 414 |
| 415 Register PropertyHandlerCompiler::CheckPrototypes( | 415 Register PropertyHandlerCompiler::CheckPrototypes( |
| 416 Register object_reg, Register holder_reg, Register scratch1, | 416 Register object_reg, Register holder_reg, Register scratch1, |
| 417 Register scratch2, Handle<Name> name, Label* miss, | 417 Register scratch2, Handle<Name> name, Label* miss, PrototypeCheckType check, |
| 418 PrototypeCheckType check) { | 418 ReturnHolder return_what) { |
| 419 Handle<Map> receiver_map = map(); | 419 Handle<Map> receiver_map = map(); |
| 420 | 420 |
| 421 // Make sure there's no overlap between holder and object registers. | 421 // Make sure there's no overlap between holder and object registers. |
| 422 DCHECK(!scratch1.is(object_reg) && !scratch1.is(holder_reg)); | 422 DCHECK(!scratch1.is(object_reg) && !scratch1.is(holder_reg)); |
| 423 DCHECK(!scratch2.is(object_reg) && !scratch2.is(holder_reg) && | 423 DCHECK(!scratch2.is(object_reg) && !scratch2.is(holder_reg) && |
| 424 !scratch2.is(scratch1)); | 424 !scratch2.is(scratch1)); |
| 425 | 425 |
| 426 if (FLAG_eliminate_prototype_chain_checks) { |
| 427 Handle<Cell> validity_cell = |
| 428 Map::GetOrCreatePrototypeChainValidityCell(receiver_map, isolate()); |
| 429 if (!validity_cell.is_null()) { |
| 430 DCHECK_EQ(Smi::FromInt(Map::kPrototypeChainValid), |
| 431 validity_cell->value()); |
| 432 // Operand::ForCell(...) points to the cell's payload! |
| 433 __ cmp(Operand::ForCell(validity_cell), |
| 434 Immediate(Smi::FromInt(Map::kPrototypeChainValid))); |
| 435 __ j(not_equal, miss); |
| 436 } |
| 437 |
| 438 // The prototype chain of primitives (and their JSValue wrappers) depends |
| 439 // on the native context, which can't be guarded by validity cells. |
| 440 // |object_reg| holds the native context specific prototype in this case; |
| 441 // we need to check its map. |
| 442 if (check == CHECK_ALL_MAPS) { |
| 443 __ mov(scratch1, FieldOperand(object_reg, HeapObject::kMapOffset)); |
| 444 Handle<WeakCell> cell = Map::WeakCellForMap(receiver_map); |
| 445 __ CmpWeakValue(scratch1, cell, scratch2); |
| 446 __ j(not_equal, miss); |
| 447 } |
| 448 } |
| 449 |
| 426 // Keep track of the current object in register reg. | 450 // Keep track of the current object in register reg. |
| 427 Register reg = object_reg; | 451 Register reg = object_reg; |
| 428 int depth = 0; | 452 int depth = 0; |
| 429 | 453 |
| 430 Handle<JSObject> current = Handle<JSObject>::null(); | 454 Handle<JSObject> current = Handle<JSObject>::null(); |
| 431 if (receiver_map->IsJSGlobalObjectMap()) { | 455 if (receiver_map->IsJSGlobalObjectMap()) { |
| 432 current = isolate()->global_object(); | 456 current = isolate()->global_object(); |
| 433 } | 457 } |
| 434 | 458 |
| 435 // Check access rights to the global object. This has to happen after | 459 // Check access rights to the global object. This has to happen after |
| (...skipping 24 matching lines...) Expand all Loading... |
| 460 !current_map->IsJSGlobalObjectMap()) { | 484 !current_map->IsJSGlobalObjectMap()) { |
| 461 DCHECK(!current_map->IsJSGlobalProxyMap()); // Proxy maps are fast. | 485 DCHECK(!current_map->IsJSGlobalProxyMap()); // Proxy maps are fast. |
| 462 if (!name->IsUniqueName()) { | 486 if (!name->IsUniqueName()) { |
| 463 DCHECK(name->IsString()); | 487 DCHECK(name->IsString()); |
| 464 name = factory()->InternalizeString(Handle<String>::cast(name)); | 488 name = factory()->InternalizeString(Handle<String>::cast(name)); |
| 465 } | 489 } |
| 466 DCHECK(current.is_null() || | 490 DCHECK(current.is_null() || |
| 467 current->property_dictionary()->FindEntry(name) == | 491 current->property_dictionary()->FindEntry(name) == |
| 468 NameDictionary::kNotFound); | 492 NameDictionary::kNotFound); |
| 469 | 493 |
| 494 if (FLAG_eliminate_prototype_chain_checks && depth > 1) { |
| 495 // TODO(jkummerow): Cache and re-use weak cell. |
| 496 __ LoadWeakValue(reg, isolate()->factory()->NewWeakCell(current), miss); |
| 497 } |
| 470 GenerateDictionaryNegativeLookup(masm(), miss, reg, name, scratch1, | 498 GenerateDictionaryNegativeLookup(masm(), miss, reg, name, scratch1, |
| 471 scratch2); | 499 scratch2); |
| 472 | 500 |
| 473 __ mov(scratch1, FieldOperand(reg, HeapObject::kMapOffset)); | 501 if (!FLAG_eliminate_prototype_chain_checks) { |
| 474 reg = holder_reg; // From now on the object will be in holder_reg. | 502 __ mov(scratch1, FieldOperand(reg, HeapObject::kMapOffset)); |
| 475 __ mov(reg, FieldOperand(scratch1, Map::kPrototypeOffset)); | 503 __ mov(holder_reg, FieldOperand(scratch1, Map::kPrototypeOffset)); |
| 504 } |
| 476 } else { | 505 } else { |
| 477 Register map_reg = scratch1; | 506 Register map_reg = scratch1; |
| 478 __ mov(map_reg, FieldOperand(reg, HeapObject::kMapOffset)); | 507 if (!FLAG_eliminate_prototype_chain_checks) { |
| 508 __ mov(map_reg, FieldOperand(reg, HeapObject::kMapOffset)); |
| 509 } |
| 479 if (current_map->IsJSGlobalObjectMap()) { | 510 if (current_map->IsJSGlobalObjectMap()) { |
| 480 GenerateCheckPropertyCell(masm(), Handle<JSGlobalObject>::cast(current), | 511 GenerateCheckPropertyCell(masm(), Handle<JSGlobalObject>::cast(current), |
| 481 name, scratch2, miss); | 512 name, scratch2, miss); |
| 482 } else if (depth != 1 || check == CHECK_ALL_MAPS) { | 513 } else if (!FLAG_eliminate_prototype_chain_checks && |
| 514 (depth != 1 || check == CHECK_ALL_MAPS)) { |
| 483 Handle<WeakCell> cell = Map::WeakCellForMap(current_map); | 515 Handle<WeakCell> cell = Map::WeakCellForMap(current_map); |
| 484 __ CmpWeakValue(map_reg, cell, scratch2); | 516 __ CmpWeakValue(map_reg, cell, scratch2); |
| 485 __ j(not_equal, miss); | 517 __ j(not_equal, miss); |
| 486 } | 518 } |
| 487 | 519 if (!FLAG_eliminate_prototype_chain_checks) { |
| 488 reg = holder_reg; // From now on the object will be in holder_reg. | 520 __ mov(holder_reg, FieldOperand(map_reg, Map::kPrototypeOffset)); |
| 489 __ mov(reg, FieldOperand(map_reg, Map::kPrototypeOffset)); | 521 } |
| 490 } | 522 } |
| 491 | 523 |
| 524 reg = holder_reg; // From now on the object will be in holder_reg. |
| 492 // Go to the next object in the prototype chain. | 525 // Go to the next object in the prototype chain. |
| 493 current = prototype; | 526 current = prototype; |
| 494 current_map = handle(current->map()); | 527 current_map = handle(current->map()); |
| 495 } | 528 } |
| 496 | 529 |
| 497 DCHECK(!current_map->IsJSGlobalProxyMap()); | 530 DCHECK(!current_map->IsJSGlobalProxyMap()); |
| 498 | 531 |
| 499 // Log the check depth. | 532 // Log the check depth. |
| 500 LOG(isolate(), IntEvent("check-maps-depth", depth + 1)); | 533 LOG(isolate(), IntEvent("check-maps-depth", depth + 1)); |
| 501 | 534 |
| 502 if (depth != 0 || check == CHECK_ALL_MAPS) { | 535 if (!FLAG_eliminate_prototype_chain_checks && |
| 536 (depth != 0 || check == CHECK_ALL_MAPS)) { |
| 503 // Check the holder map. | 537 // Check the holder map. |
| 504 __ mov(scratch1, FieldOperand(reg, HeapObject::kMapOffset)); | 538 __ mov(scratch1, FieldOperand(reg, HeapObject::kMapOffset)); |
| 505 Handle<WeakCell> cell = Map::WeakCellForMap(current_map); | 539 Handle<WeakCell> cell = Map::WeakCellForMap(current_map); |
| 506 __ CmpWeakValue(scratch1, cell, scratch2); | 540 __ CmpWeakValue(scratch1, cell, scratch2); |
| 507 __ j(not_equal, miss); | 541 __ j(not_equal, miss); |
| 508 } | 542 } |
| 509 | 543 |
| 544 bool return_holder = return_what == RETURN_HOLDER; |
| 545 if (FLAG_eliminate_prototype_chain_checks && return_holder && depth != 0) { |
| 546 __ LoadWeakValue(reg, isolate()->factory()->NewWeakCell(current), miss); |
| 547 } |
| 548 |
| 510 // Return the register containing the holder. | 549 // Return the register containing the holder. |
| 511 return reg; | 550 return return_holder ? reg : no_reg; |
| 512 } | 551 } |
| 513 | 552 |
| 514 | 553 |
| 515 void NamedLoadHandlerCompiler::FrontendFooter(Handle<Name> name, Label* miss) { | 554 void NamedLoadHandlerCompiler::FrontendFooter(Handle<Name> name, Label* miss) { |
| 516 if (!miss->is_unused()) { | 555 if (!miss->is_unused()) { |
| 517 Label success; | 556 Label success; |
| 518 __ jmp(&success); | 557 __ jmp(&success); |
| 519 __ bind(miss); | 558 __ bind(miss); |
| 520 if (IC::ICUseVector(kind())) { | 559 if (IC::ICUseVector(kind())) { |
| 521 DCHECK(kind() == Code::LOAD_IC); | 560 DCHECK(kind() == Code::LOAD_IC); |
| (...skipping 209 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 731 return StoreDescriptor::ValueRegister(); | 770 return StoreDescriptor::ValueRegister(); |
| 732 } | 771 } |
| 733 | 772 |
| 734 | 773 |
| 735 Handle<Code> NamedLoadHandlerCompiler::CompileLoadGlobal( | 774 Handle<Code> NamedLoadHandlerCompiler::CompileLoadGlobal( |
| 736 Handle<PropertyCell> cell, Handle<Name> name, bool is_configurable) { | 775 Handle<PropertyCell> cell, Handle<Name> name, bool is_configurable) { |
| 737 Label miss; | 776 Label miss; |
| 738 if (IC::ICUseVector(kind())) { | 777 if (IC::ICUseVector(kind())) { |
| 739 PushVectorAndSlot(); | 778 PushVectorAndSlot(); |
| 740 } | 779 } |
| 741 FrontendHeader(receiver(), name, &miss); | 780 FrontendHeader(receiver(), name, &miss, DONT_RETURN_ANYTHING); |
| 742 // Get the value from the cell. | 781 // Get the value from the cell. |
| 743 Register result = StoreDescriptor::ValueRegister(); | 782 Register result = StoreDescriptor::ValueRegister(); |
| 744 Handle<WeakCell> weak_cell = factory()->NewWeakCell(cell); | 783 Handle<WeakCell> weak_cell = factory()->NewWeakCell(cell); |
| 745 __ LoadWeakValue(result, weak_cell, &miss); | 784 __ LoadWeakValue(result, weak_cell, &miss); |
| 746 __ mov(result, FieldOperand(result, PropertyCell::kValueOffset)); | 785 __ mov(result, FieldOperand(result, PropertyCell::kValueOffset)); |
| 747 | 786 |
| 748 // Check for deleted property if property can actually be deleted. | 787 // Check for deleted property if property can actually be deleted. |
| 749 if (is_configurable) { | 788 if (is_configurable) { |
| 750 __ cmp(result, factory()->the_hole_value()); | 789 __ cmp(result, factory()->the_hole_value()); |
| 751 __ j(equal, &miss); | 790 __ j(equal, &miss); |
| (...skipping 15 matching lines...) Expand all Loading... |
| 767 // Return the generated code. | 806 // Return the generated code. |
| 768 return GetCode(kind(), Code::NORMAL, name); | 807 return GetCode(kind(), Code::NORMAL, name); |
| 769 } | 808 } |
| 770 | 809 |
| 771 | 810 |
| 772 #undef __ | 811 #undef __ |
| 773 } | 812 } |
| 774 } // namespace v8::internal | 813 } // namespace v8::internal |
| 775 | 814 |
| 776 #endif // V8_TARGET_ARCH_IA32 | 815 #endif // V8_TARGET_ARCH_IA32 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 908213002:
Use Cells to check prototype chain validity (disabled by default). (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master