| OLD | NEW |
|---|
| 1 // Copyright 2014 the V8 project authors. All rights reserved. | 1 // Copyright 2014 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/v8.h" | 5 #include "src/v8.h" |
| 6 | 6 |
| 7 #if V8_TARGET_ARCH_MIPS64 | 7 #if V8_TARGET_ARCH_MIPS64 |
| 8 | 8 |
| 9 #include "src/ic/call-optimization.h" | 9 #include "src/ic/call-optimization.h" |
| 10 #include "src/ic/handler-compiler.h" | 10 #include "src/ic/handler-compiler.h" |
| (...skipping 401 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 412 !scratch2.is(scratch1)); | 412 !scratch2.is(scratch1)); |
| 413 | 413 |
| 414 // Keep track of the current object in register reg. | 414 // Keep track of the current object in register reg. |
| 415 Register reg = object_reg; | 415 Register reg = object_reg; |
| 416 int depth = 0; | 416 int depth = 0; |
| 417 | 417 |
| 418 Handle<JSObject> current = Handle<JSObject>::null(); | 418 Handle<JSObject> current = Handle<JSObject>::null(); |
| 419 if (receiver_map->IsJSGlobalObjectMap()) { | 419 if (receiver_map->IsJSGlobalObjectMap()) { |
| 420 current = isolate()->global_object(); | 420 current = isolate()->global_object(); |
| 421 } | 421 } |
| 422 |
| 423 // Check access rights to the global object. This has to happen after |
| 424 // the map check so that we know that the object is actually a global |
| 425 // object. |
| 426 // This allows us to install generated handlers for accesses to the |
| 427 // global proxy (as opposed to using slow ICs). See corresponding code |
| 428 // in LookupForRead(). |
| 429 if (receiver_map->IsJSGlobalProxyMap()) { |
| 430 __ CheckAccessGlobalProxy(reg, scratch2, miss); |
| 431 } |
| 432 |
| 422 Handle<JSObject> prototype = Handle<JSObject>::null(); | 433 Handle<JSObject> prototype = Handle<JSObject>::null(); |
| 423 Handle<Map> current_map = receiver_map; | 434 Handle<Map> current_map = receiver_map; |
| 424 Handle<Map> holder_map(holder()->map()); | 435 Handle<Map> holder_map(holder()->map()); |
| 425 // Traverse the prototype chain and check the maps in the prototype chain for | 436 // Traverse the prototype chain and check the maps in the prototype chain for |
| 426 // fast and global objects or do negative lookup for normal objects. | 437 // fast and global objects or do negative lookup for normal objects. |
| 427 while (!current_map.is_identical_to(holder_map)) { | 438 while (!current_map.is_identical_to(holder_map)) { |
| 428 ++depth; | 439 ++depth; |
| 429 | 440 |
| 430 // Only global objects and objects that do not require access | 441 // Only global objects and objects that do not require access |
| 431 // checks are allowed in stubs. | 442 // checks are allowed in stubs. |
| (...skipping 20 matching lines...) Expand all Loading... |
| 452 __ ld(reg, FieldMemOperand(scratch1, Map::kPrototypeOffset)); | 463 __ ld(reg, FieldMemOperand(scratch1, Map::kPrototypeOffset)); |
| 453 } else { | 464 } else { |
| 454 Register map_reg = scratch1; | 465 Register map_reg = scratch1; |
| 455 __ ld(map_reg, FieldMemOperand(reg, HeapObject::kMapOffset)); | 466 __ ld(map_reg, FieldMemOperand(reg, HeapObject::kMapOffset)); |
| 456 if (depth != 1 || check == CHECK_ALL_MAPS) { | 467 if (depth != 1 || check == CHECK_ALL_MAPS) { |
| 457 Handle<WeakCell> cell = Map::WeakCellForMap(current_map); | 468 Handle<WeakCell> cell = Map::WeakCellForMap(current_map); |
| 458 __ GetWeakValue(scratch2, cell); | 469 __ GetWeakValue(scratch2, cell); |
| 459 __ Branch(miss, ne, scratch2, Operand(map_reg)); | 470 __ Branch(miss, ne, scratch2, Operand(map_reg)); |
| 460 } | 471 } |
| 461 | 472 |
| 462 // Check access rights to the global object. This has to happen after | 473 if (current_map->IsJSGlobalObjectMap()) { |
| 463 // the map check so that we know that the object is actually a global | |
| 464 // object. | |
| 465 // This allows us to install generated handlers for accesses to the | |
| 466 // global proxy (as opposed to using slow ICs). See corresponding code | |
| 467 // in LookupForRead(). | |
| 468 if (current_map->IsJSGlobalProxyMap()) { | |
| 469 __ CheckAccessGlobalProxy(reg, scratch2, miss); | |
| 470 } else if (current_map->IsJSGlobalObjectMap()) { | |
| 471 GenerateCheckPropertyCell(masm(), Handle<JSGlobalObject>::cast(current), | 474 GenerateCheckPropertyCell(masm(), Handle<JSGlobalObject>::cast(current), |
| 472 name, scratch2, miss); | 475 name, scratch2, miss); |
| 473 } | 476 } |
| 474 | 477 |
| 475 reg = holder_reg; // From now on the object will be in holder_reg. | 478 reg = holder_reg; // From now on the object will be in holder_reg. |
| 476 | 479 |
| 477 __ ld(reg, FieldMemOperand(map_reg, Map::kPrototypeOffset)); | 480 __ ld(reg, FieldMemOperand(map_reg, Map::kPrototypeOffset)); |
| 478 } | 481 } |
| 479 | 482 |
| 480 // Go to the next object in the prototype chain. | 483 // Go to the next object in the prototype chain. |
| 481 current = prototype; | 484 current = prototype; |
| 482 current_map = handle(current->map()); | 485 current_map = handle(current->map()); |
| 483 } | 486 } |
| 484 | 487 |
| 485 // Log the check depth. | 488 // Log the check depth. |
| 486 LOG(isolate(), IntEvent("check-maps-depth", depth + 1)); | 489 LOG(isolate(), IntEvent("check-maps-depth", depth + 1)); |
| 487 | 490 |
| 488 if (depth != 0 || check == CHECK_ALL_MAPS) { | 491 if (depth != 0 || check == CHECK_ALL_MAPS) { |
| 489 // Check the holder map. | 492 // Check the holder map. |
| 490 __ ld(scratch1, FieldMemOperand(reg, HeapObject::kMapOffset)); | 493 __ ld(scratch1, FieldMemOperand(reg, HeapObject::kMapOffset)); |
| 491 Handle<WeakCell> cell = Map::WeakCellForMap(current_map); | 494 Handle<WeakCell> cell = Map::WeakCellForMap(current_map); |
| 492 __ GetWeakValue(scratch2, cell); | 495 __ GetWeakValue(scratch2, cell); |
| 493 __ Branch(miss, ne, scratch2, Operand(scratch1)); | 496 __ Branch(miss, ne, scratch2, Operand(scratch1)); |
| 494 } | 497 } |
| 495 | 498 |
| 496 // Perform security check for access to the global object. | |
| 497 DCHECK(current_map->IsJSGlobalProxyMap() || | |
| 498 !current_map->is_access_check_needed()); | |
| 499 if (current_map->IsJSGlobalProxyMap()) { | |
| 500 __ CheckAccessGlobalProxy(reg, scratch1, miss); | |
| 501 } | |
| 502 | |
| 503 // Return the register containing the holder. | 499 // Return the register containing the holder. |
| 504 return reg; | 500 return reg; |
| 505 } | 501 } |
| 506 | 502 |
| 507 | 503 |
| 508 void NamedLoadHandlerCompiler::FrontendFooter(Handle<Name> name, Label* miss) { | 504 void NamedLoadHandlerCompiler::FrontendFooter(Handle<Name> name, Label* miss) { |
| 509 if (!miss->is_unused()) { | 505 if (!miss->is_unused()) { |
| 510 Label success; | 506 Label success; |
| 511 __ Branch(&success); | 507 __ Branch(&success); |
| 512 __ bind(miss); | 508 __ bind(miss); |
| (...skipping 230 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 743 // Return the generated code. | 739 // Return the generated code. |
| 744 return GetCode(kind(), Code::NORMAL, name); | 740 return GetCode(kind(), Code::NORMAL, name); |
| 745 } | 741 } |
| 746 | 742 |
| 747 | 743 |
| 748 #undef __ | 744 #undef __ |
| 749 } | 745 } |
| 750 } // namespace v8::internal | 746 } // namespace v8::internal |
| 751 | 747 |
| 752 #endif // V8_TARGET_ARCH_MIPS64 | 748 #endif // V8_TARGET_ARCH_MIPS64 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 958923002:
MIPS: Only dynamically perform access checks on the receiver if it's a JSGlobalProxy. (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master