| OLD | NEW |
|---|
| 1 // Copyright 2014 the V8 project authors. All rights reserved. | 1 // Copyright 2014 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/v8.h" | 5 #include "src/v8.h" |
| 6 | 6 |
| 7 #if V8_TARGET_ARCH_MIPS | 7 #if V8_TARGET_ARCH_MIPS |
| 8 | 8 |
| 9 #include "src/ic/call-optimization.h" | 9 #include "src/ic/call-optimization.h" |
| 10 #include "src/ic/handler-compiler.h" | 10 #include "src/ic/handler-compiler.h" |
| (...skipping 400 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 411 !scratch2.is(scratch1)); | 411 !scratch2.is(scratch1)); |
| 412 | 412 |
| 413 // Keep track of the current object in register reg. | 413 // Keep track of the current object in register reg. |
| 414 Register reg = object_reg; | 414 Register reg = object_reg; |
| 415 int depth = 0; | 415 int depth = 0; |
| 416 | 416 |
| 417 Handle<JSObject> current = Handle<JSObject>::null(); | 417 Handle<JSObject> current = Handle<JSObject>::null(); |
| 418 if (receiver_map->IsJSGlobalObjectMap()) { | 418 if (receiver_map->IsJSGlobalObjectMap()) { |
| 419 current = isolate()->global_object(); | 419 current = isolate()->global_object(); |
| 420 } | 420 } |
| 421 |
| 422 // Check access rights to the global object. This has to happen after |
| 423 // the map check so that we know that the object is actually a global |
| 424 // object. |
| 425 // This allows us to install generated handlers for accesses to the |
| 426 // global proxy (as opposed to using slow ICs). See corresponding code |
| 427 // in LookupForRead(). |
| 428 if (receiver_map->IsJSGlobalProxyMap()) { |
| 429 __ CheckAccessGlobalProxy(reg, scratch2, miss); |
| 430 } |
| 431 |
| 421 Handle<JSObject> prototype = Handle<JSObject>::null(); | 432 Handle<JSObject> prototype = Handle<JSObject>::null(); |
| 422 Handle<Map> current_map = receiver_map; | 433 Handle<Map> current_map = receiver_map; |
| 423 Handle<Map> holder_map(holder()->map()); | 434 Handle<Map> holder_map(holder()->map()); |
| 424 // Traverse the prototype chain and check the maps in the prototype chain for | 435 // Traverse the prototype chain and check the maps in the prototype chain for |
| 425 // fast and global objects or do negative lookup for normal objects. | 436 // fast and global objects or do negative lookup for normal objects. |
| 426 while (!current_map.is_identical_to(holder_map)) { | 437 while (!current_map.is_identical_to(holder_map)) { |
| 427 ++depth; | 438 ++depth; |
| 428 | 439 |
| 429 // Only global objects and objects that do not require access | 440 // Only global objects and objects that do not require access |
| 430 // checks are allowed in stubs. | 441 // checks are allowed in stubs. |
| (...skipping 20 matching lines...) Expand all Loading... |
| 451 __ lw(reg, FieldMemOperand(scratch1, Map::kPrototypeOffset)); | 462 __ lw(reg, FieldMemOperand(scratch1, Map::kPrototypeOffset)); |
| 452 } else { | 463 } else { |
| 453 Register map_reg = scratch1; | 464 Register map_reg = scratch1; |
| 454 __ lw(map_reg, FieldMemOperand(reg, HeapObject::kMapOffset)); | 465 __ lw(map_reg, FieldMemOperand(reg, HeapObject::kMapOffset)); |
| 455 if (depth != 1 || check == CHECK_ALL_MAPS) { | 466 if (depth != 1 || check == CHECK_ALL_MAPS) { |
| 456 Handle<WeakCell> cell = Map::WeakCellForMap(current_map); | 467 Handle<WeakCell> cell = Map::WeakCellForMap(current_map); |
| 457 __ GetWeakValue(scratch2, cell); | 468 __ GetWeakValue(scratch2, cell); |
| 458 __ Branch(miss, ne, scratch2, Operand(map_reg)); | 469 __ Branch(miss, ne, scratch2, Operand(map_reg)); |
| 459 } | 470 } |
| 460 | 471 |
| 461 // Check access rights to the global object. This has to happen after | 472 if (current_map->IsJSGlobalObjectMap()) { |
| 462 // the map check so that we know that the object is actually a global | |
| 463 // object. | |
| 464 // This allows us to install generated handlers for accesses to the | |
| 465 // global proxy (as opposed to using slow ICs). See corresponding code | |
| 466 // in LookupForRead(). | |
| 467 if (current_map->IsJSGlobalProxyMap()) { | |
| 468 __ CheckAccessGlobalProxy(reg, scratch2, miss); | |
| 469 } else if (current_map->IsJSGlobalObjectMap()) { | |
| 470 GenerateCheckPropertyCell(masm(), Handle<JSGlobalObject>::cast(current), | 473 GenerateCheckPropertyCell(masm(), Handle<JSGlobalObject>::cast(current), |
| 471 name, scratch2, miss); | 474 name, scratch2, miss); |
| 472 } | 475 } |
| 473 | 476 |
| 474 reg = holder_reg; // From now on the object will be in holder_reg. | 477 reg = holder_reg; // From now on the object will be in holder_reg. |
| 475 | 478 |
| 476 __ lw(reg, FieldMemOperand(map_reg, Map::kPrototypeOffset)); | 479 __ lw(reg, FieldMemOperand(map_reg, Map::kPrototypeOffset)); |
| 477 } | 480 } |
| 478 | 481 |
| 479 // Go to the next object in the prototype chain. | 482 // Go to the next object in the prototype chain. |
| 480 current = prototype; | 483 current = prototype; |
| 481 current_map = handle(current->map()); | 484 current_map = handle(current->map()); |
| 482 } | 485 } |
| 483 | 486 |
| 484 // Log the check depth. | 487 // Log the check depth. |
| 485 LOG(isolate(), IntEvent("check-maps-depth", depth + 1)); | 488 LOG(isolate(), IntEvent("check-maps-depth", depth + 1)); |
| 486 | 489 |
| 487 if (depth != 0 || check == CHECK_ALL_MAPS) { | 490 if (depth != 0 || check == CHECK_ALL_MAPS) { |
| 488 // Check the holder map. | 491 // Check the holder map. |
| 489 __ lw(scratch1, FieldMemOperand(reg, HeapObject::kMapOffset)); | 492 __ lw(scratch1, FieldMemOperand(reg, HeapObject::kMapOffset)); |
| 490 Handle<WeakCell> cell = Map::WeakCellForMap(current_map); | 493 Handle<WeakCell> cell = Map::WeakCellForMap(current_map); |
| 491 __ GetWeakValue(scratch2, cell); | 494 __ GetWeakValue(scratch2, cell); |
| 492 __ Branch(miss, ne, scratch2, Operand(scratch1)); | 495 __ Branch(miss, ne, scratch2, Operand(scratch1)); |
| 493 } | 496 } |
| 494 | 497 |
| 495 // Perform security check for access to the global object. | |
| 496 DCHECK(current_map->IsJSGlobalProxyMap() || | |
| 497 !current_map->is_access_check_needed()); | |
| 498 if (current_map->IsJSGlobalProxyMap()) { | |
| 499 __ CheckAccessGlobalProxy(reg, scratch1, miss); | |
| 500 } | |
| 501 | |
| 502 // Return the register containing the holder. | 498 // Return the register containing the holder. |
| 503 return reg; | 499 return reg; |
| 504 } | 500 } |
| 505 | 501 |
| 506 | 502 |
| 507 void NamedLoadHandlerCompiler::FrontendFooter(Handle<Name> name, Label* miss) { | 503 void NamedLoadHandlerCompiler::FrontendFooter(Handle<Name> name, Label* miss) { |
| 508 if (!miss->is_unused()) { | 504 if (!miss->is_unused()) { |
| 509 Label success; | 505 Label success; |
| 510 __ Branch(&success); | 506 __ Branch(&success); |
| 511 __ bind(miss); | 507 __ bind(miss); |
| (...skipping 230 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 742 // Return the generated code. | 738 // Return the generated code. |
| 743 return GetCode(kind(), Code::NORMAL, name); | 739 return GetCode(kind(), Code::NORMAL, name); |
| 744 } | 740 } |
| 745 | 741 |
| 746 | 742 |
| 747 #undef __ | 743 #undef __ |
| 748 } | 744 } |
| 749 } // namespace v8::internal | 745 } // namespace v8::internal |
| 750 | 746 |
| 751 #endif // V8_TARGET_ARCH_MIPS | 747 #endif // V8_TARGET_ARCH_MIPS |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 958923002:
MIPS: Only dynamically perform access checks on the receiver if it's a JSGlobalProxy. (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master