Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(599)

Unified Diff: src/ic/x64/handler-compiler-x64.cc

Issue 908213002: Use Cells to check prototype chain validity (disabled by default). (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: fix arm64 typo (and rebase, sorry) Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « src/ic/mips64/handler-compiler-mips64.cc ('k') | src/objects.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/ic/x64/handler-compiler-x64.cc
diff --git a/src/ic/x64/handler-compiler-x64.cc b/src/ic/x64/handler-compiler-x64.cc
index b6add9d2bc1469ec421706c39ffe7bf7b2dcf08f..8288d8943d0e353b63977a5170bc27d3bff5420d 100644
--- a/src/ic/x64/handler-compiler-x64.cc
+++ b/src/ic/x64/handler-compiler-x64.cc
@@ -413,8 +413,8 @@ void NamedStoreHandlerCompiler::GenerateFieldTypeChecks(HeapType* field_type,
Register PropertyHandlerCompiler::CheckPrototypes(
Register object_reg, Register holder_reg, Register scratch1,
- Register scratch2, Handle<Name> name, Label* miss,
- PrototypeCheckType check) {
+ Register scratch2, Handle<Name> name, Label* miss, PrototypeCheckType check,
+ ReturnHolder return_what) {
Handle<Map> receiver_map = map();
// Make sure there's no overlap between holder and object registers.
@@ -422,6 +422,31 @@ Register PropertyHandlerCompiler::CheckPrototypes(
DCHECK(!scratch2.is(object_reg) && !scratch2.is(holder_reg) &&
!scratch2.is(scratch1));
+ if (FLAG_eliminate_prototype_chain_checks) {
+ Handle<Cell> validity_cell =
+ Map::GetOrCreatePrototypeChainValidityCell(receiver_map, isolate());
+ if (!validity_cell.is_null()) {
+ DCHECK_EQ(Smi::FromInt(Map::kPrototypeChainValid),
+ validity_cell->value());
+ __ Move(scratch1, validity_cell, RelocInfo::CELL);
+ // Move(..., CELL) loads the payload's address!
+ __ SmiCompare(Operand(scratch1, 0),
+ Smi::FromInt(Map::kPrototypeChainValid));
+ __ j(not_equal, miss);
+ }
+
+ // The prototype chain of primitives (and their JSValue wrappers) depends
+ // on the native context, which can't be guarded by validity cells.
+ // |object_reg| holds the native context specific prototype in this case;
+ // we need to check its map.
+ if (check == CHECK_ALL_MAPS) {
+ __ movp(scratch1, FieldOperand(object_reg, HeapObject::kMapOffset));
+ Handle<WeakCell> cell = Map::WeakCellForMap(receiver_map);
+ __ CmpWeakValue(scratch1, cell, scratch2);
+ __ j(not_equal, miss);
+ }
+ }
+
// Keep track of the current object in register reg. On the first
// iteration, reg is an alias for object_reg, on later iterations,
// it is an alias for holder_reg.
@@ -468,30 +493,37 @@ Register PropertyHandlerCompiler::CheckPrototypes(
current->property_dictionary()->FindEntry(name) ==
NameDictionary::kNotFound);
+ if (FLAG_eliminate_prototype_chain_checks && depth > 1) {
+ // TODO(jkummerow): Cache and re-use weak cell.
+ __ LoadWeakValue(reg, isolate()->factory()->NewWeakCell(current), miss);
+ }
GenerateDictionaryNegativeLookup(masm(), miss, reg, name, scratch1,
scratch2);
- __ movp(scratch1, FieldOperand(reg, HeapObject::kMapOffset));
- reg = holder_reg; // From now on the object will be in holder_reg.
- __ movp(reg, FieldOperand(scratch1, Map::kPrototypeOffset));
+ if (!FLAG_eliminate_prototype_chain_checks) {
+ __ movp(scratch1, FieldOperand(reg, HeapObject::kMapOffset));
+ __ movp(holder_reg, FieldOperand(scratch1, Map::kPrototypeOffset));
+ }
} else {
Register map_reg = scratch1;
- __ movp(map_reg, FieldOperand(reg, HeapObject::kMapOffset));
-
+ if (!FLAG_eliminate_prototype_chain_checks) {
+ __ movp(map_reg, FieldOperand(reg, HeapObject::kMapOffset));
+ }
if (current_map->IsJSGlobalObjectMap()) {
GenerateCheckPropertyCell(masm(), Handle<JSGlobalObject>::cast(current),
name, scratch2, miss);
- } else if (depth != 1 || check == CHECK_ALL_MAPS) {
+ } else if (!FLAG_eliminate_prototype_chain_checks &&
+ (depth != 1 || check == CHECK_ALL_MAPS)) {
Handle<WeakCell> cell = Map::WeakCellForMap(current_map);
__ CmpWeakValue(map_reg, cell, scratch2);
__ j(not_equal, miss);
}
-
- reg = holder_reg; // From now on the object will be in holder_reg.
-
- __ movp(reg, FieldOperand(map_reg, Map::kPrototypeOffset));
+ if (!FLAG_eliminate_prototype_chain_checks) {
+ __ movp(holder_reg, FieldOperand(map_reg, Map::kPrototypeOffset));
+ }
}
+ reg = holder_reg; // From now on the object will be in holder_reg.
// Go to the next object in the prototype chain.
current = prototype;
current_map = handle(current->map());
@@ -502,15 +534,22 @@ Register PropertyHandlerCompiler::CheckPrototypes(
// Log the check depth.
LOG(isolate(), IntEvent("check-maps-depth", depth + 1));
- if (depth != 0 || check == CHECK_ALL_MAPS) {
+ if (!FLAG_eliminate_prototype_chain_checks &&
+ (depth != 0 || check == CHECK_ALL_MAPS)) {
+ // Check the holder map.
__ movp(scratch1, FieldOperand(reg, HeapObject::kMapOffset));
Handle<WeakCell> cell = Map::WeakCellForMap(current_map);
__ CmpWeakValue(scratch1, cell, scratch2);
__ j(not_equal, miss);
}
+ bool return_holder = return_what == RETURN_HOLDER;
+ if (FLAG_eliminate_prototype_chain_checks && return_holder && depth != 0) {
+ __ LoadWeakValue(reg, isolate()->factory()->NewWeakCell(current), miss);
+ }
+
// Return the register containing the holder.
- return reg;
+ return return_holder ? reg : no_reg;
}
@@ -732,7 +771,7 @@ Handle<Code> NamedLoadHandlerCompiler::CompileLoadGlobal(
if (IC::ICUseVector(kind())) {
PushVectorAndSlot();
}
- FrontendHeader(receiver(), name, &miss);
+ FrontendHeader(receiver(), name, &miss, DONT_RETURN_ANYTHING);
// Get the value from the cell.
Register result = StoreDescriptor::ValueRegister();
« no previous file with comments | « src/ic/mips64/handler-compiler-mips64.cc ('k') | src/objects.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698