Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(74)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/ic/x64/handler-compiler-x64.cc

Issue 965723002: Ensure we can reliably check the cell for validity of global property (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/ic/mips64/handler-compiler-mips64.cc ('k') | src/lookup.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 the V8 project authors. All rights reserved. 1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/v8.h" 5 #include "src/v8.h"
6 6
7 #if V8_TARGET_ARCH_X64 7 #if V8_TARGET_ARCH_X64
8 8
9 #include "src/ic/call-optimization.h" 9 #include "src/ic/call-optimization.h"
10 #include "src/ic/handler-compiler.h" 10 #include "src/ic/handler-compiler.h"
(...skipping 483 matching lines...) Expand 10 before | Expand all | Expand 10 after
494 // Go to the next object in the prototype chain. 494 // Go to the next object in the prototype chain.
495 current = prototype; 495 current = prototype;
496 current_map = handle(current->map()); 496 current_map = handle(current->map());
497 } 497 }
498 498
499 DCHECK(!current_map->IsJSGlobalProxyMap()); 499 DCHECK(!current_map->IsJSGlobalProxyMap());
500 500
501 // Log the check depth. 501 // Log the check depth.
502 LOG(isolate(), IntEvent("check-maps-depth", depth + 1)); 502 LOG(isolate(), IntEvent("check-maps-depth", depth + 1));
503 503
504 if (depth != 0 || check == CHECK_ALL_MAPS) { 504 if (!current_map->IsJSGlobalObjectMap() &&
505 (depth != 0 || check == CHECK_ALL_MAPS)) {
505 __ movp(scratch1, FieldOperand(reg, HeapObject::kMapOffset)); 506 __ movp(scratch1, FieldOperand(reg, HeapObject::kMapOffset));
506 Handle<WeakCell> cell = Map::WeakCellForMap(current_map); 507 Handle<WeakCell> cell = Map::WeakCellForMap(current_map);
507 __ CmpWeakValue(scratch1, cell, scratch2); 508 __ CmpWeakValue(scratch1, cell, scratch2);
508 __ j(not_equal, miss); 509 __ j(not_equal, miss);
509 } 510 }
510 511
511 // Return the register containing the holder. 512 // Return the register containing the holder.
512 return reg; 513 return reg;
513 } 514 }
514 515
(...skipping 204 matching lines...) Expand 10 before | Expand all | Expand 10 after
719 return GetCode(kind(), Code::FAST, name); 720 return GetCode(kind(), Code::FAST, name);
720 } 721 }
721 722
722 723
723 Register NamedStoreHandlerCompiler::value() { 724 Register NamedStoreHandlerCompiler::value() {
724 return StoreDescriptor::ValueRegister(); 725 return StoreDescriptor::ValueRegister();
725 } 726 }
726 727
727 728
728 Handle<Code> NamedLoadHandlerCompiler::CompileLoadGlobal( 729 Handle<Code> NamedLoadHandlerCompiler::CompileLoadGlobal(
729 Handle<PropertyCell> cell, Handle<Name> name, bool is_configurable) { 730 Handle<PropertyCell> cell, Handle<Name> name) {
730 Label miss; 731 Label miss;
731 if (IC::ICUseVector(kind())) { 732 if (IC::ICUseVector(kind())) {
732 PushVectorAndSlot(); 733 PushVectorAndSlot();
733 } 734 }
734 FrontendHeader(receiver(), name, &miss); 735 FrontendHeader(receiver(), name, &miss);
735 736
736 // Get the value from the cell. 737 // Get the value from the cell.
737 Register result = StoreDescriptor::ValueRegister(); 738 Register result = StoreDescriptor::ValueRegister();
738 Handle<WeakCell> weak_cell = factory()->NewWeakCell(cell); 739 Handle<WeakCell> weak_cell = factory()->NewWeakCell(cell);
739 __ LoadWeakValue(result, weak_cell, &miss); 740 __ LoadWeakValue(result, weak_cell, &miss);
740 __ movp(result, FieldOperand(result, PropertyCell::kValueOffset)); 741 __ movp(result, FieldOperand(result, PropertyCell::kValueOffset));
741 742
742 // Check for deleted property if property can actually be deleted. 743 __ CompareRoot(result, Heap::kTheHoleValueRootIndex);
743 if (is_configurable) { 744 __ j(equal, &miss);
744 __ CompareRoot(result, Heap::kTheHoleValueRootIndex);
745 __ j(equal, &miss);
746 } else if (FLAG_debug_code) {
747 __ CompareRoot(result, Heap::kTheHoleValueRootIndex);
748 __ Check(not_equal, kDontDeleteCellsCannotContainTheHole);
749 }
750 745
751 Counters* counters = isolate()->counters(); 746 Counters* counters = isolate()->counters();
752 __ IncrementCounter(counters->named_load_global_stub(), 1); 747 __ IncrementCounter(counters->named_load_global_stub(), 1);
753 if (IC::ICUseVector(kind())) { 748 if (IC::ICUseVector(kind())) {
754 DiscardVectorAndSlot(); 749 DiscardVectorAndSlot();
755 } 750 }
756 __ ret(0); 751 __ ret(0);
757 752
758 FrontendFooter(name, &miss); 753 FrontendFooter(name, &miss);
759 754
760 // Return the generated code. 755 // Return the generated code.
761 return GetCode(kind(), Code::NORMAL, name); 756 return GetCode(kind(), Code::NORMAL, name);
762 } 757 }
763 758
764 759
765 #undef __ 760 #undef __
766 } 761 }
767 } // namespace v8::internal 762 } // namespace v8::internal
768 763
769 #endif // V8_TARGET_ARCH_X64 764 #endif // V8_TARGET_ARCH_X64
OLDNEW
« no previous file with comments | « src/ic/mips64/handler-compiler-mips64.cc ('k') | src/lookup.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698