Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/ic/arm64/handler-compiler-arm64.cc

Issue 965723002: Ensure we can reliably check the cell for validity of global property (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/ic/arm/handler-compiler-arm.cc ('k') | src/ic/handler-compiler.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 the V8 project authors. All rights reserved. 1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/v8.h" 5 #include "src/v8.h"
6 6
7 #if V8_TARGET_ARCH_ARM64 7 #if V8_TARGET_ARCH_ARM64
8 8
9 #include "src/ic/call-optimization.h" 9 #include "src/ic/call-optimization.h"
10 #include "src/ic/handler-compiler.h" 10 #include "src/ic/handler-compiler.h"
(...skipping 316 matching lines...) Expand 10 before | Expand all | Expand 10 after
327 ExternalReference(IC_Utility(IC::kKeyedStoreIC_Slow), masm->isolate()); 327 ExternalReference(IC_Utility(IC::kKeyedStoreIC_Slow), masm->isolate());
328 __ TailCallExternalReference(ref, 3, 1); 328 __ TailCallExternalReference(ref, 3, 1);
329 } 329 }
330 330
331 331
332 #undef __ 332 #undef __
333 #define __ ACCESS_MASM(masm()) 333 #define __ ACCESS_MASM(masm())
334 334
335 335
336 Handle<Code> NamedLoadHandlerCompiler::CompileLoadGlobal( 336 Handle<Code> NamedLoadHandlerCompiler::CompileLoadGlobal(
337 Handle<PropertyCell> cell, Handle<Name> name, bool is_configurable) { 337 Handle<PropertyCell> cell, Handle<Name> name) {
338 Label miss; 338 Label miss;
339 if (IC::ICUseVector(kind())) { 339 if (IC::ICUseVector(kind())) {
340 PushVectorAndSlot(); 340 PushVectorAndSlot();
341 } 341 }
342 FrontendHeader(receiver(), name, &miss); 342 FrontendHeader(receiver(), name, &miss);
343 343
344 // Get the value from the cell. 344 // Get the value from the cell.
345 Register result = StoreDescriptor::ValueRegister(); 345 Register result = StoreDescriptor::ValueRegister();
346 Handle<WeakCell> weak_cell = factory()->NewWeakCell(cell); 346 Handle<WeakCell> weak_cell = factory()->NewWeakCell(cell);
347 __ LoadWeakValue(result, weak_cell, &miss); 347 __ LoadWeakValue(result, weak_cell, &miss);
348 __ Ldr(result, FieldMemOperand(result, Cell::kValueOffset)); 348 __ Ldr(result, FieldMemOperand(result, Cell::kValueOffset));
349 349
350 // Check for deleted property if property can actually be deleted. 350 __ JumpIfRoot(result, Heap::kTheHoleValueRootIndex, &miss);
351 if (is_configurable) {
352 __ JumpIfRoot(result, Heap::kTheHoleValueRootIndex, &miss);
353 }
354 351
355 Counters* counters = isolate()->counters(); 352 Counters* counters = isolate()->counters();
356 __ IncrementCounter(counters->named_load_global_stub(), 1, x1, x3); 353 __ IncrementCounter(counters->named_load_global_stub(), 1, x1, x3);
357 if (IC::ICUseVector(kind())) { 354 if (IC::ICUseVector(kind())) {
358 DiscardVectorAndSlot(); 355 DiscardVectorAndSlot();
359 } 356 }
360 __ Ret(); 357 __ Ret();
361 358
362 FrontendFooter(name, &miss); 359 FrontendFooter(name, &miss);
363 360
(...skipping 177 matching lines...) Expand 10 before | Expand all | Expand 10 after
541 current = prototype; 538 current = prototype;
542 current_map = handle(current->map()); 539 current_map = handle(current->map());
543 } 540 }
544 541
545 DCHECK(!current_map->IsJSGlobalProxyMap()); 542 DCHECK(!current_map->IsJSGlobalProxyMap());
546 543
547 // Log the check depth. 544 // Log the check depth.
548 LOG(isolate(), IntEvent("check-maps-depth", depth + 1)); 545 LOG(isolate(), IntEvent("check-maps-depth", depth + 1));
549 546
550 // Check the holder map. 547 // Check the holder map.
551 if (depth != 0 || check == CHECK_ALL_MAPS) { 548 if (!current_map->IsJSGlobalObjectMap() &&
549 (depth != 0 || check == CHECK_ALL_MAPS)) {
552 // Check the holder map. 550 // Check the holder map.
553 __ Ldr(scratch1, FieldMemOperand(reg, HeapObject::kMapOffset)); 551 __ Ldr(scratch1, FieldMemOperand(reg, HeapObject::kMapOffset));
554 Handle<WeakCell> cell = Map::WeakCellForMap(current_map); 552 Handle<WeakCell> cell = Map::WeakCellForMap(current_map);
555 __ CmpWeakValue(scratch1, cell, scratch2); 553 __ CmpWeakValue(scratch1, cell, scratch2);
556 __ B(ne, miss); 554 __ B(ne, miss);
557 } 555 }
558 556
559 // Return the register containing the holder. 557 // Return the register containing the holder.
560 return reg; 558 return reg;
561 } 559 }
(...skipping 199 matching lines...) Expand 10 before | Expand all | Expand 10 after
761 // Return the generated code. 759 // Return the generated code.
762 return GetCode(kind(), Code::FAST, name); 760 return GetCode(kind(), Code::FAST, name);
763 } 761 }
764 762
765 763
766 #undef __ 764 #undef __
767 } 765 }
768 } // namespace v8::internal 766 } // namespace v8::internal
769 767
770 #endif // V8_TARGET_ARCH_IA32 768 #endif // V8_TARGET_ARCH_IA32
OLDNEW
« no previous file with comments | « src/ic/arm/handler-compiler-arm.cc ('k') | src/ic/handler-compiler.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698