2008-09-09 20:08:45 +00:00
|
|
|
// Copyright 2006-2008 the V8 project authors. All rights reserved.
|
2008-07-03 15:10:15 +00:00
|
|
|
// Redistribution and use in source and binary forms, with or without
|
|
|
|
|
// modification, are permitted provided that the following conditions are
|
|
|
|
|
// met:
|
|
|
|
|
//
|
|
|
|
|
// * Redistributions of source code must retain the above copyright
|
|
|
|
|
// notice, this list of conditions and the following disclaimer.
|
|
|
|
|
// * Redistributions in binary form must reproduce the above
|
|
|
|
|
// copyright notice, this list of conditions and the following
|
|
|
|
|
// disclaimer in the documentation and/or other materials provided
|
|
|
|
|
// with the distribution.
|
|
|
|
|
// * Neither the name of Google Inc. nor the names of its
|
|
|
|
|
// contributors may be used to endorse or promote products derived
|
|
|
|
|
// from this software without specific prior written permission.
|
|
|
|
|
//
|
|
|
|
|
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
|
|
|
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
|
|
|
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
|
|
|
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
|
|
|
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
|
|
|
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
|
|
|
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
|
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
|
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
|
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
|
|
|
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
|
|
|
|
|
#include "v8.h"
|
|
|
|
|
|
|
|
|
|
#include "accessors.h"
|
|
|
|
|
#include "api.h"
|
|
|
|
|
#include "arguments.h"
|
|
|
|
|
#include "execution.h"
|
|
|
|
|
#include "ic-inl.h"
|
|
|
|
|
#include "runtime.h"
|
|
|
|
|
#include "stub-cache.h"
|
|
|
|
|
|
2009-05-25 10:05:56 +00:00
|
|
|
namespace v8 {
|
|
|
|
|
namespace internal {
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
|
#ifdef DEBUG
|
|
|
|
|
static char TransitionMarkFromState(IC::State state) {
|
|
|
|
|
switch (state) {
|
|
|
|
|
case UNINITIALIZED: return '0';
|
2008-11-17 05:50:52 +00:00
|
|
|
case UNINITIALIZED_IN_LOOP: return 'L';
|
2009-04-28 10:40:36 +00:00
|
|
|
case PREMONOMORPHIC: return 'P';
|
2008-07-03 15:10:15 +00:00
|
|
|
case MONOMORPHIC: return '1';
|
|
|
|
|
case MONOMORPHIC_PROTOTYPE_FAILURE: return '^';
|
|
|
|
|
case MEGAMORPHIC: return 'N';
|
|
|
|
|
|
|
|
|
|
// We never see the debugger states here, because the state is
|
|
|
|
|
// computed from the original code - not the patched code. Let
|
|
|
|
|
// these cases fall through to the unreachable code below.
|
|
|
|
|
case DEBUG_BREAK: break;
|
|
|
|
|
case DEBUG_PREPARE_STEP_IN: break;
|
|
|
|
|
}
|
|
|
|
|
UNREACHABLE();
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void IC::TraceIC(const char* type,
|
|
|
|
|
Handle<String> name,
|
|
|
|
|
State old_state,
|
|
|
|
|
Code* new_target) {
|
|
|
|
|
if (FLAG_trace_ic) {
|
2008-09-18 10:22:46 +00:00
|
|
|
State new_state = StateFrom(new_target, Heap::undefined_value());
|
2008-07-03 15:10:15 +00:00
|
|
|
PrintF("[%s (%c->%c) ", type,
|
|
|
|
|
TransitionMarkFromState(old_state),
|
|
|
|
|
TransitionMarkFromState(new_state));
|
|
|
|
|
name->Print();
|
|
|
|
|
PrintF("]\n");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
IC::IC(FrameDepth depth) {
|
|
|
|
|
// To improve the performance of the (much used) IC code, we unfold
|
|
|
|
|
// a few levels of the stack frame iteration code. This yields a
|
|
|
|
|
// ~35% speedup when running DeltaBlue with the '--nouse-ic' flag.
|
|
|
|
|
const Address entry = Top::c_entry_fp(Top::GetCurrentThread());
|
|
|
|
|
Address* pc_address =
|
|
|
|
|
reinterpret_cast<Address*>(entry + ExitFrameConstants::kCallerPCOffset);
|
|
|
|
|
Address fp = Memory::Address_at(entry + ExitFrameConstants::kCallerFPOffset);
|
|
|
|
|
// If there's another JavaScript frame on the stack, we need to look
|
|
|
|
|
// one frame further down the stack to find the frame pointer and
|
|
|
|
|
// the return address stack slot.
|
|
|
|
|
if (depth == EXTRA_CALL_FRAME) {
|
|
|
|
|
const int kCallerPCOffset = StandardFrameConstants::kCallerPCOffset;
|
|
|
|
|
pc_address = reinterpret_cast<Address*>(fp + kCallerPCOffset);
|
|
|
|
|
fp = Memory::Address_at(fp + StandardFrameConstants::kCallerFPOffset);
|
|
|
|
|
}
|
|
|
|
|
#ifdef DEBUG
|
|
|
|
|
StackFrameIterator it;
|
|
|
|
|
for (int i = 0; i < depth + 1; i++) it.Advance();
|
|
|
|
|
StackFrame* frame = it.frame();
|
|
|
|
|
ASSERT(fp == frame->fp() && pc_address == frame->pc_address());
|
|
|
|
|
#endif
|
|
|
|
|
fp_ = fp;
|
|
|
|
|
pc_address_ = pc_address;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2009-04-20 16:36:13 +00:00
|
|
|
#ifdef ENABLE_DEBUGGER_SUPPORT
|
2008-07-03 15:10:15 +00:00
|
|
|
Address IC::OriginalCodeAddress() {
|
|
|
|
|
HandleScope scope;
|
|
|
|
|
// Compute the JavaScript frame for the frame pointer of this IC
|
|
|
|
|
// structure. We need this to be able to find the function
|
|
|
|
|
// corresponding to the frame.
|
|
|
|
|
StackFrameIterator it;
|
|
|
|
|
while (it.frame()->fp() != this->fp()) it.Advance();
|
|
|
|
|
JavaScriptFrame* frame = JavaScriptFrame::cast(it.frame());
|
|
|
|
|
// Find the function on the stack and both the active code for the
|
|
|
|
|
// function and the original code.
|
|
|
|
|
JSFunction* function = JSFunction::cast(frame->function());
|
|
|
|
|
Handle<SharedFunctionInfo> shared(function->shared());
|
|
|
|
|
Code* code = shared->code();
|
|
|
|
|
ASSERT(Debug::HasDebugInfo(shared));
|
|
|
|
|
Code* original_code = Debug::GetDebugInfo(shared)->original_code();
|
|
|
|
|
ASSERT(original_code->IsCode());
|
|
|
|
|
// Get the address of the call site in the active code. This is the
|
|
|
|
|
// place where the call to DebugBreakXXX is and where the IC
|
|
|
|
|
// normally would be.
|
|
|
|
|
Address addr = pc() - Assembler::kTargetAddrToReturnAddrDist;
|
|
|
|
|
// Return the address in the original code. This is the place where
|
2009-01-15 19:08:34 +00:00
|
|
|
// the call which has been overwritten by the DebugBreakXXX resides
|
2008-07-03 15:10:15 +00:00
|
|
|
// and the place where the inline cache system should look.
|
|
|
|
|
int delta = original_code->instruction_start() - code->instruction_start();
|
|
|
|
|
return addr + delta;
|
|
|
|
|
}
|
2009-04-20 16:36:13 +00:00
|
|
|
#endif
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2008-09-18 10:22:46 +00:00
|
|
|
IC::State IC::StateFrom(Code* target, Object* receiver) {
|
|
|
|
|
IC::State state = target->ic_state();
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2008-09-18 10:22:46 +00:00
|
|
|
if (state != MONOMORPHIC) return state;
|
|
|
|
|
if (receiver->IsUndefined() || receiver->IsNull()) return state;
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
|
Map* map = GetCodeCacheMapForObject(receiver);
|
|
|
|
|
|
|
|
|
|
// Decide whether the inline cache failed because of changes to the
|
|
|
|
|
// receiver itself or changes to one of its prototypes.
|
|
|
|
|
//
|
|
|
|
|
// If there are changes to the receiver itself, the map of the
|
|
|
|
|
// receiver will have changed and the current target will not be in
|
|
|
|
|
// the receiver map's code cache. Therefore, if the current target
|
|
|
|
|
// is in the receiver map's code cache, the inline cache failed due
|
|
|
|
|
// to prototype check failure.
|
2008-09-18 10:22:46 +00:00
|
|
|
int index = map->IndexInCodeCache(target);
|
|
|
|
|
if (index >= 0) {
|
2008-07-03 15:10:15 +00:00
|
|
|
// For keyed load/store, the most likely cause of cache failure is
|
|
|
|
|
// that the key has changed. We do not distinguish between
|
|
|
|
|
// prototype and non-prototype failures for keyed access.
|
|
|
|
|
Code::Kind kind = target->kind();
|
|
|
|
|
if (kind == Code::KEYED_LOAD_IC || kind == Code::KEYED_STORE_IC) {
|
|
|
|
|
return MONOMORPHIC;
|
|
|
|
|
}
|
|
|
|
|
|
2008-09-16 12:41:36 +00:00
|
|
|
// Remove the target from the code cache to avoid hitting the same
|
|
|
|
|
// invalid stub again.
|
|
|
|
|
map->RemoveFromCodeCache(index);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
|
return MONOMORPHIC_PROTOTYPE_FAILURE;
|
|
|
|
|
}
|
2008-09-16 09:21:22 +00:00
|
|
|
|
|
|
|
|
// The builtins object is special. It only changes when JavaScript
|
|
|
|
|
// builtins are loaded lazily. It is important to keep inline
|
|
|
|
|
// caches for the builtins object monomorphic. Therefore, if we get
|
|
|
|
|
// an inline cache miss for the builtins object after lazily loading
|
2008-09-18 11:18:27 +00:00
|
|
|
// JavaScript builtins, we return uninitialized as the state to
|
|
|
|
|
// force the inline cache back to monomorphic state.
|
2008-09-16 09:21:22 +00:00
|
|
|
if (receiver->IsJSBuiltinsObject()) {
|
|
|
|
|
return UNINITIALIZED;
|
|
|
|
|
}
|
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
return MONOMORPHIC;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-09-22 13:57:03 +00:00
|
|
|
RelocInfo::Mode IC::ComputeMode() {
|
2008-07-03 15:10:15 +00:00
|
|
|
Address addr = address();
|
|
|
|
|
Code* code = Code::cast(Heap::FindCodeObject(addr));
|
|
|
|
|
for (RelocIterator it(code, RelocInfo::kCodeTargetMask);
|
|
|
|
|
!it.done(); it.next()) {
|
|
|
|
|
RelocInfo* info = it.rinfo();
|
|
|
|
|
if (info->pc() == addr) return info->rmode();
|
|
|
|
|
}
|
|
|
|
|
UNREACHABLE();
|
2008-09-22 13:57:03 +00:00
|
|
|
return RelocInfo::NONE;
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Failure* IC::TypeError(const char* type,
|
|
|
|
|
Handle<Object> object,
|
|
|
|
|
Handle<String> name) {
|
|
|
|
|
HandleScope scope;
|
|
|
|
|
Handle<Object> args[2] = { name, object };
|
|
|
|
|
Handle<Object> error = Factory::NewTypeError(type, HandleVector(args, 2));
|
|
|
|
|
return Top::Throw(*error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Failure* IC::ReferenceError(const char* type, Handle<String> name) {
|
|
|
|
|
HandleScope scope;
|
|
|
|
|
Handle<Object> error =
|
|
|
|
|
Factory::NewReferenceError(type, HandleVector(&name, 1));
|
|
|
|
|
return Top::Throw(*error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void IC::Clear(Address address) {
|
|
|
|
|
Code* target = GetTargetAtAddress(address);
|
|
|
|
|
|
|
|
|
|
// Don't clear debug break inline cache as it will remove the break point.
|
2008-07-30 08:49:36 +00:00
|
|
|
if (target->ic_state() == DEBUG_BREAK) return;
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
|
switch (target->kind()) {
|
|
|
|
|
case Code::LOAD_IC: return LoadIC::Clear(address, target);
|
|
|
|
|
case Code::KEYED_LOAD_IC: return KeyedLoadIC::Clear(address, target);
|
|
|
|
|
case Code::STORE_IC: return StoreIC::Clear(address, target);
|
|
|
|
|
case Code::KEYED_STORE_IC: return KeyedStoreIC::Clear(address, target);
|
|
|
|
|
case Code::CALL_IC: return CallIC::Clear(address, target);
|
|
|
|
|
default: UNREACHABLE();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void CallIC::Clear(Address address, Code* target) {
|
2008-11-17 05:50:52 +00:00
|
|
|
State state = target->ic_state();
|
|
|
|
|
if (state == UNINITIALIZED || state == UNINITIALIZED_IN_LOOP) return;
|
2008-07-03 15:10:15 +00:00
|
|
|
Code* code = StubCache::FindCallInitialize(target->arguments_count());
|
|
|
|
|
SetTargetAtAddress(address, code);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void KeyedLoadIC::Clear(Address address, Code* target) {
|
2008-07-30 08:49:36 +00:00
|
|
|
if (target->ic_state() == UNINITIALIZED) return;
|
2008-12-22 12:56:32 +00:00
|
|
|
// Make sure to also clear the map used in inline fast cases. If we
|
|
|
|
|
// do not clear these maps, cached code can keep objects alive
|
|
|
|
|
// through the embedded maps.
|
2009-04-21 14:48:54 +00:00
|
|
|
ClearInlinedVersion(address);
|
2008-07-03 15:10:15 +00:00
|
|
|
SetTargetAtAddress(address, initialize_stub());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void LoadIC::Clear(Address address, Code* target) {
|
2008-07-30 08:49:36 +00:00
|
|
|
if (target->ic_state() == UNINITIALIZED) return;
|
2009-04-28 10:40:36 +00:00
|
|
|
ClearInlinedVersion(address);
|
2008-07-03 15:10:15 +00:00
|
|
|
SetTargetAtAddress(address, initialize_stub());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void StoreIC::Clear(Address address, Code* target) {
|
2008-07-30 08:49:36 +00:00
|
|
|
if (target->ic_state() == UNINITIALIZED) return;
|
2008-07-03 15:10:15 +00:00
|
|
|
SetTargetAtAddress(address, initialize_stub());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void KeyedStoreIC::Clear(Address address, Code* target) {
|
2008-07-30 08:49:36 +00:00
|
|
|
if (target->ic_state() == UNINITIALIZED) return;
|
2008-07-03 15:10:15 +00:00
|
|
|
SetTargetAtAddress(address, initialize_stub());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-09-08 16:47:23 +00:00
|
|
|
Object* CallIC::TryCallAsFunction(Object* object) {
|
|
|
|
|
HandleScope scope;
|
|
|
|
|
Handle<Object> target(object);
|
|
|
|
|
Handle<Object> delegate = Execution::GetFunctionDelegate(target);
|
|
|
|
|
|
|
|
|
|
if (delegate->IsJSFunction()) {
|
|
|
|
|
// Patch the receiver and use the delegate as the function to
|
|
|
|
|
// invoke. This is used for invoking objects as if they were
|
|
|
|
|
// functions.
|
|
|
|
|
const int argc = this->target()->arguments_count();
|
|
|
|
|
StackFrameLocator locator;
|
|
|
|
|
JavaScriptFrame* frame = locator.FindJavaScriptFrame(0);
|
|
|
|
|
int index = frame->ComputeExpressionsCount() - (argc + 1);
|
|
|
|
|
frame->SetExpression(index, *target);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return *delegate;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-09-18 10:22:46 +00:00
|
|
|
Object* CallIC::LoadFunction(State state,
|
|
|
|
|
Handle<Object> object,
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<String> name) {
|
|
|
|
|
// If the object is undefined or null it's illegal to try to get any
|
|
|
|
|
// of its properties; throw a TypeError in that case.
|
|
|
|
|
if (object->IsUndefined() || object->IsNull()) {
|
|
|
|
|
return TypeError("non_object_property_call", object, name);
|
|
|
|
|
}
|
|
|
|
|
|
2008-09-08 16:47:23 +00:00
|
|
|
Object* result = Heap::the_hole_value();
|
|
|
|
|
|
|
|
|
|
// Check if the name is trivially convertible to an index and get
|
|
|
|
|
// the element if so.
|
|
|
|
|
uint32_t index;
|
|
|
|
|
if (name->AsArrayIndex(&index)) {
|
|
|
|
|
result = object->GetElement(index);
|
|
|
|
|
if (result->IsJSFunction()) return result;
|
|
|
|
|
|
|
|
|
|
// Try to find a suitable function delegate for the object at hand.
|
|
|
|
|
result = TryCallAsFunction(result);
|
|
|
|
|
if (result->IsJSFunction()) return result;
|
|
|
|
|
|
|
|
|
|
// Otherwise, it will fail in the lookup step.
|
|
|
|
|
}
|
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
// Lookup the property in the object.
|
|
|
|
|
LookupResult lookup;
|
|
|
|
|
object->Lookup(*name, &lookup);
|
|
|
|
|
|
|
|
|
|
if (!lookup.IsValid()) {
|
|
|
|
|
// If the object does not have the requested property, check which
|
|
|
|
|
// exception we need to throw.
|
|
|
|
|
if (is_contextual()) {
|
|
|
|
|
return ReferenceError("not_defined", name);
|
|
|
|
|
}
|
|
|
|
|
return TypeError("undefined_method", object, name);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Lookup is valid: Update inline cache and stub cache.
|
|
|
|
|
if (FLAG_use_ic && lookup.IsLoaded()) {
|
2008-09-18 10:22:46 +00:00
|
|
|
UpdateCaches(&lookup, state, object, name);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (lookup.type() == INTERCEPTOR) {
|
|
|
|
|
// Get the property.
|
|
|
|
|
PropertyAttributes attr;
|
|
|
|
|
result = object->GetProperty(*name, &attr);
|
|
|
|
|
if (result->IsFailure()) return result;
|
|
|
|
|
// If the object does not have the requested property, check which
|
|
|
|
|
// exception we need to throw.
|
|
|
|
|
if (attr == ABSENT) {
|
|
|
|
|
if (is_contextual()) {
|
|
|
|
|
return ReferenceError("not_defined", name);
|
|
|
|
|
}
|
|
|
|
|
return TypeError("undefined_method", object, name);
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
// Lookup is valid and no interceptors are involved. Get the
|
|
|
|
|
// property.
|
|
|
|
|
result = object->GetProperty(*name);
|
|
|
|
|
if (result->IsFailure()) return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ASSERT(result != Heap::the_hole_value());
|
|
|
|
|
|
|
|
|
|
if (result->IsJSFunction()) {
|
|
|
|
|
// Check if there is an optimized (builtin) version of the function.
|
|
|
|
|
// Ignored this will degrade performance for Array.prototype.{push,pop}.
|
|
|
|
|
// Please note we only return the optimized function iff
|
|
|
|
|
// the JSObject has FastElements.
|
|
|
|
|
if (object->IsJSObject() && JSObject::cast(*object)->HasFastElements()) {
|
|
|
|
|
Object* opt = Top::LookupSpecialFunction(JSObject::cast(*object),
|
|
|
|
|
lookup.holder(),
|
|
|
|
|
JSFunction::cast(result));
|
|
|
|
|
if (opt->IsJSFunction()) return opt;
|
|
|
|
|
}
|
|
|
|
|
|
2009-04-20 16:36:13 +00:00
|
|
|
#ifdef ENABLE_DEBUGGER_SUPPORT
|
2008-12-18 14:32:49 +00:00
|
|
|
// Handle stepping into a function if step into is active.
|
|
|
|
|
if (Debug::StepInActive()) {
|
2008-12-18 09:39:18 +00:00
|
|
|
// Protect the result in a handle as the debugger can allocate and might
|
|
|
|
|
// cause GC.
|
|
|
|
|
HandleScope scope;
|
2008-12-18 14:32:49 +00:00
|
|
|
Handle<JSFunction> function(JSFunction::cast(result));
|
|
|
|
|
Debug::HandleStepIn(function, fp(), false);
|
|
|
|
|
return *function;
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
2009-04-20 16:36:13 +00:00
|
|
|
#endif
|
2008-12-18 09:39:18 +00:00
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Try to find a suitable function delegate for the object at hand.
|
2008-09-08 16:47:23 +00:00
|
|
|
result = TryCallAsFunction(result);
|
|
|
|
|
return result->IsJSFunction() ?
|
|
|
|
|
result : TypeError("property_not_function", object, name);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void CallIC::UpdateCaches(LookupResult* lookup,
|
2008-09-18 10:22:46 +00:00
|
|
|
State state,
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<Object> object,
|
|
|
|
|
Handle<String> name) {
|
|
|
|
|
ASSERT(lookup->IsLoaded());
|
|
|
|
|
// Bail out if we didn't find a result.
|
|
|
|
|
if (!lookup->IsValid() || !lookup->IsCacheable()) return;
|
|
|
|
|
|
|
|
|
|
// Compute the number of arguments.
|
|
|
|
|
int argc = target()->arguments_count();
|
2008-09-18 10:22:46 +00:00
|
|
|
Object* code = NULL;
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2008-09-18 10:22:46 +00:00
|
|
|
if (state == UNINITIALIZED) {
|
|
|
|
|
// This is the first time we execute this inline cache.
|
|
|
|
|
// Set the target to the pre monomorphic stub to delay
|
|
|
|
|
// setting the monomorphic state.
|
|
|
|
|
code = StubCache::ComputeCallPreMonomorphic(argc);
|
|
|
|
|
} else if (state == MONOMORPHIC) {
|
|
|
|
|
code = StubCache::ComputeCallMegamorphic(argc);
|
|
|
|
|
} else {
|
|
|
|
|
// Compute monomorphic stub.
|
|
|
|
|
switch (lookup->type()) {
|
|
|
|
|
case FIELD: {
|
|
|
|
|
int index = lookup->GetFieldIndex();
|
|
|
|
|
code = StubCache::ComputeCallField(argc, *name, *object,
|
|
|
|
|
lookup->holder(), index);
|
|
|
|
|
break;
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
2008-09-18 10:22:46 +00:00
|
|
|
case CONSTANT_FUNCTION: {
|
|
|
|
|
// Get the constant function and compute the code stub for this
|
|
|
|
|
// call; used for rewriting to monomorphic state and making sure
|
|
|
|
|
// that the code stub is in the stub cache.
|
|
|
|
|
JSFunction* function = lookup->GetConstantFunction();
|
|
|
|
|
code = StubCache::ComputeCallConstant(argc, *name, *object,
|
|
|
|
|
lookup->holder(), function);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
case NORMAL: {
|
|
|
|
|
// There is only one shared stub for calling normalized
|
|
|
|
|
// properties. It does not traverse the prototype chain, so the
|
|
|
|
|
// property must be found in the receiver for the stub to be
|
|
|
|
|
// applicable.
|
|
|
|
|
if (!object->IsJSObject()) return;
|
|
|
|
|
Handle<JSObject> receiver = Handle<JSObject>::cast(object);
|
|
|
|
|
if (lookup->holder() != *receiver) return;
|
|
|
|
|
code = StubCache::ComputeCallNormal(argc, *name, *receiver);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
case INTERCEPTOR: {
|
|
|
|
|
code = StubCache::ComputeCallInterceptor(argc, *name, *object,
|
|
|
|
|
lookup->holder());
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
default:
|
|
|
|
|
return;
|
|
|
|
|
}
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If we're unable to compute the stub (not enough memory left), we
|
|
|
|
|
// simply avoid updating the caches.
|
|
|
|
|
if (code->IsFailure()) return;
|
|
|
|
|
|
|
|
|
|
// Patch the call site depending on the state of the cache.
|
2008-11-17 05:50:52 +00:00
|
|
|
if (state == UNINITIALIZED || state == UNINITIALIZED_IN_LOOP ||
|
|
|
|
|
state == PREMONOMORPHIC || state == MONOMORPHIC ||
|
|
|
|
|
state == MONOMORPHIC_PROTOTYPE_FAILURE) {
|
2008-07-03 15:10:15 +00:00
|
|
|
set_target(Code::cast(code));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef DEBUG
|
|
|
|
|
TraceIC("CallIC", name, state, target());
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-09-18 10:22:46 +00:00
|
|
|
Object* LoadIC::Load(State state, Handle<Object> object, Handle<String> name) {
|
2008-07-03 15:10:15 +00:00
|
|
|
// If the object is undefined or null it's illegal to try to get any
|
|
|
|
|
// of its properties; throw a TypeError in that case.
|
|
|
|
|
if (object->IsUndefined() || object->IsNull()) {
|
|
|
|
|
return TypeError("non_object_property_load", object, name);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (FLAG_use_ic) {
|
2008-10-27 14:36:08 +00:00
|
|
|
// Use specialized code for getting the length of strings and
|
|
|
|
|
// string wrapper objects. The length property of string wrapper
|
|
|
|
|
// objects is read-only and therefore always returns the length of
|
|
|
|
|
// the underlying string value. See ECMA-262 15.5.5.1.
|
|
|
|
|
if ((object->IsString() || object->IsStringWrapper()) &&
|
|
|
|
|
name->Equals(Heap::length_symbol())) {
|
|
|
|
|
HandleScope scope;
|
|
|
|
|
// Get the string if we have a string wrapper object.
|
|
|
|
|
if (object->IsJSValue()) {
|
|
|
|
|
object = Handle<Object>(Handle<JSValue>::cast(object)->value());
|
|
|
|
|
}
|
2008-07-03 15:10:15 +00:00
|
|
|
#ifdef DEBUG
|
|
|
|
|
if (FLAG_trace_ic) PrintF("[LoadIC : +#length /string]\n");
|
|
|
|
|
#endif
|
|
|
|
|
Code* target = NULL;
|
2008-10-27 12:39:34 +00:00
|
|
|
target = Builtins::builtin(Builtins::LoadIC_StringLength);
|
2008-07-03 15:10:15 +00:00
|
|
|
set_target(target);
|
|
|
|
|
StubCache::Set(*name, HeapObject::cast(*object)->map(), target);
|
|
|
|
|
return Smi::FromInt(String::cast(*object)->length());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Use specialized code for getting the length of arrays.
|
|
|
|
|
if (object->IsJSArray() && name->Equals(Heap::length_symbol())) {
|
|
|
|
|
#ifdef DEBUG
|
|
|
|
|
if (FLAG_trace_ic) PrintF("[LoadIC : +#length /array]\n");
|
|
|
|
|
#endif
|
|
|
|
|
Code* target = Builtins::builtin(Builtins::LoadIC_ArrayLength);
|
|
|
|
|
set_target(target);
|
|
|
|
|
StubCache::Set(*name, HeapObject::cast(*object)->map(), target);
|
|
|
|
|
return JSArray::cast(*object)->length();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Use specialized code for getting prototype of functions.
|
|
|
|
|
if (object->IsJSFunction() && name->Equals(Heap::prototype_symbol())) {
|
|
|
|
|
#ifdef DEBUG
|
|
|
|
|
if (FLAG_trace_ic) PrintF("[LoadIC : +#prototype /function]\n");
|
|
|
|
|
#endif
|
|
|
|
|
Code* target = Builtins::builtin(Builtins::LoadIC_FunctionPrototype);
|
|
|
|
|
set_target(target);
|
|
|
|
|
StubCache::Set(*name, HeapObject::cast(*object)->map(), target);
|
|
|
|
|
return Accessors::FunctionGetPrototype(*object, 0);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check if the name is trivially convertible to an index and get
|
|
|
|
|
// the element if so.
|
|
|
|
|
uint32_t index;
|
|
|
|
|
if (name->AsArrayIndex(&index)) return object->GetElement(index);
|
|
|
|
|
|
|
|
|
|
// Named lookup in the object.
|
|
|
|
|
LookupResult lookup;
|
|
|
|
|
object->Lookup(*name, &lookup);
|
|
|
|
|
|
|
|
|
|
// If lookup is invalid, check if we need to throw an exception.
|
|
|
|
|
if (!lookup.IsValid()) {
|
|
|
|
|
if (FLAG_strict || is_contextual()) {
|
|
|
|
|
return ReferenceError("not_defined", name);
|
|
|
|
|
}
|
2008-12-09 09:19:02 +00:00
|
|
|
LOG(SuspectReadEvent(*name, *object));
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
2009-04-28 10:40:36 +00:00
|
|
|
bool can_be_inlined =
|
|
|
|
|
FLAG_use_ic &&
|
|
|
|
|
state == PREMONOMORPHIC &&
|
|
|
|
|
lookup.IsValid() &&
|
|
|
|
|
lookup.IsLoaded() &&
|
|
|
|
|
lookup.IsCacheable() &&
|
|
|
|
|
lookup.holder() == *object &&
|
|
|
|
|
lookup.type() == FIELD &&
|
|
|
|
|
!object->IsAccessCheckNeeded();
|
|
|
|
|
|
|
|
|
|
if (can_be_inlined) {
|
|
|
|
|
Map* map = lookup.holder()->map();
|
|
|
|
|
// Property's index in the properties array. If negative we have
|
|
|
|
|
// an inobject property.
|
|
|
|
|
int index = lookup.GetFieldIndex() - map->inobject_properties();
|
|
|
|
|
if (index < 0) {
|
|
|
|
|
// Index is an offset from the end of the object.
|
|
|
|
|
int offset = map->instance_size() + (index * kPointerSize);
|
|
|
|
|
if (PatchInlinedLoad(address(), map, offset)) {
|
|
|
|
|
set_target(megamorphic_stub());
|
|
|
|
|
return lookup.holder()->FastPropertyAt(lookup.GetFieldIndex());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
// Update inline cache and stub cache.
|
|
|
|
|
if (FLAG_use_ic && lookup.IsLoaded()) {
|
2008-09-18 10:22:46 +00:00
|
|
|
UpdateCaches(&lookup, state, object, name);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
PropertyAttributes attr;
|
|
|
|
|
if (lookup.IsValid() && lookup.type() == INTERCEPTOR) {
|
|
|
|
|
// Get the property.
|
|
|
|
|
Object* result = object->GetProperty(*object, &lookup, *name, &attr);
|
|
|
|
|
if (result->IsFailure()) return result;
|
|
|
|
|
// If the property is not present, check if we need to throw an
|
|
|
|
|
// exception.
|
|
|
|
|
if (attr == ABSENT && is_contextual()) {
|
|
|
|
|
return ReferenceError("not_defined", name);
|
|
|
|
|
}
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Get the property.
|
|
|
|
|
return object->GetProperty(*object, &lookup, *name, &attr);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void LoadIC::UpdateCaches(LookupResult* lookup,
|
2008-09-18 10:22:46 +00:00
|
|
|
State state,
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<Object> object,
|
|
|
|
|
Handle<String> name) {
|
|
|
|
|
ASSERT(lookup->IsLoaded());
|
|
|
|
|
// Bail out if we didn't find a result.
|
|
|
|
|
if (!lookup->IsValid() || !lookup->IsCacheable()) return;
|
|
|
|
|
|
|
|
|
|
// Loading properties from values is not common, so don't try to
|
|
|
|
|
// deal with non-JS objects here.
|
|
|
|
|
if (!object->IsJSObject()) return;
|
|
|
|
|
Handle<JSObject> receiver = Handle<JSObject>::cast(object);
|
|
|
|
|
|
|
|
|
|
// Compute the code stub for this load.
|
2008-09-18 10:22:46 +00:00
|
|
|
Object* code = NULL;
|
2008-07-03 15:10:15 +00:00
|
|
|
if (state == UNINITIALIZED) {
|
|
|
|
|
// This is the first time we execute this inline cache.
|
|
|
|
|
// Set the target to the pre monomorphic stub to delay
|
|
|
|
|
// setting the monomorphic state.
|
|
|
|
|
code = pre_monomorphic_stub();
|
2008-09-18 10:22:46 +00:00
|
|
|
} else {
|
2008-07-03 15:10:15 +00:00
|
|
|
// Compute monomorphic stub.
|
|
|
|
|
switch (lookup->type()) {
|
|
|
|
|
case FIELD: {
|
|
|
|
|
code = StubCache::ComputeLoadField(*name, *receiver,
|
|
|
|
|
lookup->holder(),
|
|
|
|
|
lookup->GetFieldIndex());
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
case CONSTANT_FUNCTION: {
|
|
|
|
|
Object* constant = lookup->GetConstantFunction();
|
|
|
|
|
code = StubCache::ComputeLoadConstant(*name, *receiver,
|
|
|
|
|
lookup->holder(), constant);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
case NORMAL: {
|
|
|
|
|
// There is only one shared stub for loading normalized
|
|
|
|
|
// properties. It does not traverse the prototype chain, so the
|
|
|
|
|
// property must be found in the receiver for the stub to be
|
|
|
|
|
// applicable.
|
|
|
|
|
if (lookup->holder() != *receiver) return;
|
|
|
|
|
code = StubCache::ComputeLoadNormal(*name, *receiver);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
case CALLBACKS: {
|
|
|
|
|
if (!lookup->GetCallbackObject()->IsAccessorInfo()) return;
|
|
|
|
|
AccessorInfo* callback =
|
|
|
|
|
AccessorInfo::cast(lookup->GetCallbackObject());
|
|
|
|
|
if (v8::ToCData<Address>(callback->getter()) == 0) return;
|
|
|
|
|
code = StubCache::ComputeLoadCallback(*name, *receiver,
|
|
|
|
|
lookup->holder(), callback);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
case INTERCEPTOR: {
|
|
|
|
|
code = StubCache::ComputeLoadInterceptor(*name, *receiver,
|
|
|
|
|
lookup->holder());
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
default:
|
|
|
|
|
return;
|
|
|
|
|
}
|
2008-09-18 06:55:14 +00:00
|
|
|
}
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2008-09-18 10:22:46 +00:00
|
|
|
// If we're unable to compute the stub (not enough memory left), we
|
|
|
|
|
// simply avoid updating the caches.
|
|
|
|
|
if (code->IsFailure()) return;
|
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
// Patch the call site depending on the state of the cache.
|
|
|
|
|
if (state == UNINITIALIZED || state == PREMONOMORPHIC ||
|
|
|
|
|
state == MONOMORPHIC_PROTOTYPE_FAILURE) {
|
|
|
|
|
set_target(Code::cast(code));
|
2008-09-18 06:55:14 +00:00
|
|
|
} else if (state == MONOMORPHIC) {
|
2008-09-18 10:22:46 +00:00
|
|
|
set_target(megamorphic_stub());
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef DEBUG
|
|
|
|
|
TraceIC("LoadIC", name, state, target());
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-09-18 10:22:46 +00:00
|
|
|
Object* KeyedLoadIC::Load(State state,
|
|
|
|
|
Handle<Object> object,
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<Object> key) {
|
|
|
|
|
if (key->IsSymbol()) {
|
|
|
|
|
Handle<String> name = Handle<String>::cast(key);
|
|
|
|
|
|
|
|
|
|
// If the object is undefined or null it's illegal to try to get any
|
|
|
|
|
// of its properties; throw a TypeError in that case.
|
|
|
|
|
if (object->IsUndefined() || object->IsNull()) {
|
|
|
|
|
return TypeError("non_object_property_load", object, name);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (FLAG_use_ic) {
|
|
|
|
|
// Use specialized code for getting the length of strings.
|
|
|
|
|
if (object->IsString() && name->Equals(Heap::length_symbol())) {
|
|
|
|
|
Handle<String> string = Handle<String>::cast(object);
|
|
|
|
|
Object* code = NULL;
|
2008-10-27 12:39:34 +00:00
|
|
|
code = StubCache::ComputeKeyedLoadStringLength(*name, *string);
|
2008-07-03 15:10:15 +00:00
|
|
|
if (code->IsFailure()) return code;
|
|
|
|
|
set_target(Code::cast(code));
|
|
|
|
|
#ifdef DEBUG
|
2008-09-18 10:22:46 +00:00
|
|
|
TraceIC("KeyedLoadIC", name, state, target());
|
2008-07-03 15:10:15 +00:00
|
|
|
#endif
|
|
|
|
|
return Smi::FromInt(string->length());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Use specialized code for getting the length of arrays.
|
|
|
|
|
if (object->IsJSArray() && name->Equals(Heap::length_symbol())) {
|
|
|
|
|
Handle<JSArray> array = Handle<JSArray>::cast(object);
|
|
|
|
|
Object* code = StubCache::ComputeKeyedLoadArrayLength(*name, *array);
|
|
|
|
|
if (code->IsFailure()) return code;
|
|
|
|
|
set_target(Code::cast(code));
|
|
|
|
|
#ifdef DEBUG
|
2008-09-18 10:22:46 +00:00
|
|
|
TraceIC("KeyedLoadIC", name, state, target());
|
2008-07-03 15:10:15 +00:00
|
|
|
#endif
|
|
|
|
|
return JSArray::cast(*object)->length();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Use specialized code for getting prototype of functions.
|
|
|
|
|
if (object->IsJSFunction() && name->Equals(Heap::prototype_symbol())) {
|
|
|
|
|
Handle<JSFunction> function = Handle<JSFunction>::cast(object);
|
|
|
|
|
Object* code =
|
|
|
|
|
StubCache::ComputeKeyedLoadFunctionPrototype(*name, *function);
|
|
|
|
|
if (code->IsFailure()) return code;
|
|
|
|
|
set_target(Code::cast(code));
|
|
|
|
|
#ifdef DEBUG
|
2008-09-18 10:22:46 +00:00
|
|
|
TraceIC("KeyedLoadIC", name, state, target());
|
2008-07-03 15:10:15 +00:00
|
|
|
#endif
|
|
|
|
|
return Accessors::FunctionGetPrototype(*object, 0);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check if the name is trivially convertible to an index and get
|
|
|
|
|
// the element or char if so.
|
|
|
|
|
uint32_t index = 0;
|
|
|
|
|
if (name->AsArrayIndex(&index)) {
|
|
|
|
|
HandleScope scope;
|
|
|
|
|
// Rewrite to the generic keyed load stub.
|
|
|
|
|
if (FLAG_use_ic) set_target(generic_stub());
|
|
|
|
|
return Runtime::GetElementOrCharAt(object, index);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Named lookup.
|
|
|
|
|
LookupResult lookup;
|
|
|
|
|
object->Lookup(*name, &lookup);
|
|
|
|
|
|
|
|
|
|
// If lookup is invalid, check if we need to throw an exception.
|
|
|
|
|
if (!lookup.IsValid()) {
|
|
|
|
|
if (FLAG_strict || is_contextual()) {
|
|
|
|
|
return ReferenceError("not_defined", name);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Update the inline cache.
|
|
|
|
|
if (FLAG_use_ic && lookup.IsLoaded()) {
|
2008-09-18 10:22:46 +00:00
|
|
|
UpdateCaches(&lookup, state, object, name);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
PropertyAttributes attr;
|
|
|
|
|
if (lookup.IsValid() && lookup.type() == INTERCEPTOR) {
|
|
|
|
|
// Get the property.
|
|
|
|
|
Object* result = object->GetProperty(*object, &lookup, *name, &attr);
|
|
|
|
|
if (result->IsFailure()) return result;
|
|
|
|
|
// If the property is not present, check if we need to throw an
|
|
|
|
|
// exception.
|
|
|
|
|
if (attr == ABSENT && is_contextual()) {
|
|
|
|
|
return ReferenceError("not_defined", name);
|
|
|
|
|
}
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return object->GetProperty(*object, &lookup, *name, &attr);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Do not use ICs for objects that require access checks (including
|
|
|
|
|
// the global object).
|
|
|
|
|
bool use_ic = FLAG_use_ic && !object->IsAccessCheckNeeded();
|
|
|
|
|
|
2008-12-22 12:56:32 +00:00
|
|
|
if (use_ic) {
|
|
|
|
|
set_target(generic_stub());
|
|
|
|
|
// For JSObjects that are not value wrappers and that do not have
|
|
|
|
|
// indexed interceptors, we initialize the inlined fast case (if
|
|
|
|
|
// present) by patching the inlined map check.
|
|
|
|
|
if (object->IsJSObject() &&
|
|
|
|
|
!object->IsJSValue() &&
|
|
|
|
|
!JSObject::cast(*object)->HasIndexedInterceptor()) {
|
|
|
|
|
Map* map = JSObject::cast(*object)->map();
|
2009-04-28 10:40:36 +00:00
|
|
|
PatchInlinedLoad(address(), map);
|
2008-12-22 12:56:32 +00:00
|
|
|
}
|
|
|
|
|
}
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
|
// Get the property.
|
2008-08-28 09:55:41 +00:00
|
|
|
return Runtime::GetObjectProperty(object, key);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-09-18 10:22:46 +00:00
|
|
|
void KeyedLoadIC::UpdateCaches(LookupResult* lookup, State state,
|
|
|
|
|
Handle<Object> object, Handle<String> name) {
|
2008-07-03 15:10:15 +00:00
|
|
|
ASSERT(lookup->IsLoaded());
|
|
|
|
|
// Bail out if we didn't find a result.
|
|
|
|
|
if (!lookup->IsValid() || !lookup->IsCacheable()) return;
|
|
|
|
|
|
|
|
|
|
if (!object->IsJSObject()) return;
|
|
|
|
|
Handle<JSObject> receiver = Handle<JSObject>::cast(object);
|
|
|
|
|
|
2008-09-18 06:55:14 +00:00
|
|
|
// Compute the code stub for this load.
|
2008-09-18 10:22:46 +00:00
|
|
|
Object* code = NULL;
|
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
if (state == UNINITIALIZED) {
|
|
|
|
|
// This is the first time we execute this inline cache.
|
|
|
|
|
// Set the target to the pre monomorphic stub to delay
|
|
|
|
|
// setting the monomorphic state.
|
|
|
|
|
code = pre_monomorphic_stub();
|
|
|
|
|
} else {
|
|
|
|
|
// Compute a monomorphic stub.
|
|
|
|
|
switch (lookup->type()) {
|
|
|
|
|
case FIELD: {
|
|
|
|
|
code = StubCache::ComputeKeyedLoadField(*name, *receiver,
|
|
|
|
|
lookup->holder(),
|
|
|
|
|
lookup->GetFieldIndex());
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
case CONSTANT_FUNCTION: {
|
|
|
|
|
Object* constant = lookup->GetConstantFunction();
|
|
|
|
|
code = StubCache::ComputeKeyedLoadConstant(*name, *receiver,
|
|
|
|
|
lookup->holder(), constant);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
case CALLBACKS: {
|
|
|
|
|
if (!lookup->GetCallbackObject()->IsAccessorInfo()) return;
|
|
|
|
|
AccessorInfo* callback =
|
|
|
|
|
AccessorInfo::cast(lookup->GetCallbackObject());
|
|
|
|
|
if (v8::ToCData<Address>(callback->getter()) == 0) return;
|
|
|
|
|
code = StubCache::ComputeKeyedLoadCallback(*name, *receiver,
|
|
|
|
|
lookup->holder(), callback);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
case INTERCEPTOR: {
|
|
|
|
|
code = StubCache::ComputeKeyedLoadInterceptor(*name, *receiver,
|
|
|
|
|
lookup->holder());
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
default: {
|
|
|
|
|
// Always rewrite to the generic case so that we do not
|
|
|
|
|
// repeatedly try to rewrite.
|
|
|
|
|
code = generic_stub();
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If we're unable to compute the stub (not enough memory left), we
|
|
|
|
|
// simply avoid updating the caches.
|
|
|
|
|
if (code->IsFailure()) return;
|
|
|
|
|
|
|
|
|
|
// Patch the call site depending on the state of the cache. Make
|
|
|
|
|
// sure to always rewrite from monomorphic to megamorphic.
|
|
|
|
|
ASSERT(state != MONOMORPHIC_PROTOTYPE_FAILURE);
|
|
|
|
|
if (state == UNINITIALIZED || state == PREMONOMORPHIC) {
|
|
|
|
|
set_target(Code::cast(code));
|
|
|
|
|
} else if (state == MONOMORPHIC) {
|
|
|
|
|
set_target(megamorphic_stub());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef DEBUG
|
|
|
|
|
TraceIC("KeyedLoadIC", name, state, target());
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-09-18 10:22:46 +00:00
|
|
|
Object* StoreIC::Store(State state,
|
|
|
|
|
Handle<Object> object,
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<String> name,
|
|
|
|
|
Handle<Object> value) {
|
|
|
|
|
// If the object is undefined or null it's illegal to try to set any
|
|
|
|
|
// properties on it; throw a TypeError in that case.
|
|
|
|
|
if (object->IsUndefined() || object->IsNull()) {
|
|
|
|
|
return TypeError("non_object_property_store", object, name);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Ignore stores where the receiver is not a JSObject.
|
|
|
|
|
if (!object->IsJSObject()) return *value;
|
|
|
|
|
Handle<JSObject> receiver = Handle<JSObject>::cast(object);
|
|
|
|
|
|
|
|
|
|
// Check if the given name is an array index.
|
|
|
|
|
uint32_t index;
|
|
|
|
|
if (name->AsArrayIndex(&index)) {
|
2008-08-28 09:55:41 +00:00
|
|
|
HandleScope scope;
|
|
|
|
|
Handle<Object> result = SetElement(receiver, index, value);
|
|
|
|
|
if (result.is_null()) return Failure::Exception();
|
2008-07-03 15:10:15 +00:00
|
|
|
return *value;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Lookup the property locally in the receiver.
|
|
|
|
|
LookupResult lookup;
|
|
|
|
|
receiver->LocalLookup(*name, &lookup);
|
|
|
|
|
|
|
|
|
|
// Update inline cache and stub cache.
|
|
|
|
|
if (FLAG_use_ic && lookup.IsLoaded()) {
|
2008-09-18 10:22:46 +00:00
|
|
|
UpdateCaches(&lookup, state, receiver, name, value);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Set the property.
|
|
|
|
|
return receiver->SetProperty(*name, *value, NONE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void StoreIC::UpdateCaches(LookupResult* lookup,
|
2008-09-18 10:22:46 +00:00
|
|
|
State state,
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<JSObject> receiver,
|
|
|
|
|
Handle<String> name,
|
|
|
|
|
Handle<Object> value) {
|
|
|
|
|
ASSERT(lookup->IsLoaded());
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
// Skip JSGlobalProxy.
|
|
|
|
|
if (receiver->IsJSGlobalProxy()) return;
|
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
// Bail out if we didn't find a result.
|
|
|
|
|
if (!lookup->IsValid() || !lookup->IsCacheable()) return;
|
|
|
|
|
|
|
|
|
|
// If the property is read-only, we leave the IC in its current
|
|
|
|
|
// state.
|
|
|
|
|
if (lookup->IsReadOnly()) return;
|
|
|
|
|
|
|
|
|
|
// If the property has a non-field type allowing map transitions
|
|
|
|
|
// where there is extra room in the object, we leave the IC in its
|
|
|
|
|
// current state.
|
|
|
|
|
PropertyType type = lookup->type();
|
|
|
|
|
|
|
|
|
|
// Compute the code stub for this store; used for rewriting to
|
|
|
|
|
// monomorphic state and making sure that the code stub is in the
|
|
|
|
|
// stub cache.
|
2008-09-18 10:22:46 +00:00
|
|
|
Object* code = NULL;
|
2008-07-03 15:10:15 +00:00
|
|
|
switch (type) {
|
|
|
|
|
case FIELD: {
|
|
|
|
|
code = StubCache::ComputeStoreField(*name, *receiver,
|
|
|
|
|
lookup->GetFieldIndex());
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
case MAP_TRANSITION: {
|
|
|
|
|
if (lookup->GetAttributes() != NONE) return;
|
|
|
|
|
HandleScope scope;
|
2008-10-03 09:16:12 +00:00
|
|
|
ASSERT(type == MAP_TRANSITION);
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<Map> transition(lookup->GetTransitionMap());
|
|
|
|
|
int index = transition->PropertyIndexFor(*name);
|
|
|
|
|
code = StubCache::ComputeStoreField(*name, *receiver, index, *transition);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
case CALLBACKS: {
|
|
|
|
|
if (!lookup->GetCallbackObject()->IsAccessorInfo()) return;
|
|
|
|
|
AccessorInfo* callback = AccessorInfo::cast(lookup->GetCallbackObject());
|
|
|
|
|
if (v8::ToCData<Address>(callback->setter()) == 0) return;
|
|
|
|
|
code = StubCache::ComputeStoreCallback(*name, *receiver, callback);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
case INTERCEPTOR: {
|
|
|
|
|
code = StubCache::ComputeStoreInterceptor(*name, *receiver);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
default:
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If we're unable to compute the stub (not enough memory left), we
|
|
|
|
|
// simply avoid updating the caches.
|
|
|
|
|
if (code->IsFailure()) return;
|
|
|
|
|
|
|
|
|
|
// Patch the call site depending on the state of the cache.
|
|
|
|
|
if (state == UNINITIALIZED || state == MONOMORPHIC_PROTOTYPE_FAILURE) {
|
|
|
|
|
set_target(Code::cast(code));
|
|
|
|
|
} else if (state == MONOMORPHIC) {
|
2008-10-03 09:16:12 +00:00
|
|
|
// Only move to mega morphic if the target changes.
|
|
|
|
|
if (target() != Code::cast(code)) set_target(megamorphic_stub());
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef DEBUG
|
|
|
|
|
TraceIC("StoreIC", name, state, target());
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-09-18 10:22:46 +00:00
|
|
|
Object* KeyedStoreIC::Store(State state,
|
|
|
|
|
Handle<Object> object,
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<Object> key,
|
|
|
|
|
Handle<Object> value) {
|
|
|
|
|
if (key->IsSymbol()) {
|
|
|
|
|
Handle<String> name = Handle<String>::cast(key);
|
|
|
|
|
|
|
|
|
|
// If the object is undefined or null it's illegal to try to set any
|
|
|
|
|
// properties on it; throw a TypeError in that case.
|
|
|
|
|
if (object->IsUndefined() || object->IsNull()) {
|
|
|
|
|
return TypeError("non_object_property_store", object, name);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Ignore stores where the receiver is not a JSObject.
|
|
|
|
|
if (!object->IsJSObject()) return *value;
|
|
|
|
|
Handle<JSObject> receiver = Handle<JSObject>::cast(object);
|
|
|
|
|
|
|
|
|
|
// Check if the given name is an array index.
|
|
|
|
|
uint32_t index;
|
|
|
|
|
if (name->AsArrayIndex(&index)) {
|
2008-08-28 09:55:41 +00:00
|
|
|
HandleScope scope;
|
|
|
|
|
Handle<Object> result = SetElement(receiver, index, value);
|
|
|
|
|
if (result.is_null()) return Failure::Exception();
|
2008-07-03 15:10:15 +00:00
|
|
|
return *value;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Lookup the property locally in the receiver.
|
|
|
|
|
LookupResult lookup;
|
|
|
|
|
receiver->LocalLookup(*name, &lookup);
|
|
|
|
|
|
|
|
|
|
// Update inline cache and stub cache.
|
|
|
|
|
if (FLAG_use_ic && lookup.IsLoaded()) {
|
2008-09-18 10:22:46 +00:00
|
|
|
UpdateCaches(&lookup, state, receiver, name, value);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Set the property.
|
|
|
|
|
return receiver->SetProperty(*name, *value, NONE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Do not use ICs for objects that require access checks (including
|
|
|
|
|
// the global object).
|
|
|
|
|
bool use_ic = FLAG_use_ic && !object->IsAccessCheckNeeded();
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
ASSERT(!(use_ic && object->IsJSGlobalProxy()));
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
|
if (use_ic) set_target(generic_stub());
|
|
|
|
|
|
|
|
|
|
// Set the property.
|
|
|
|
|
return Runtime::SetObjectProperty(object, key, value, NONE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void KeyedStoreIC::UpdateCaches(LookupResult* lookup,
|
2008-09-18 10:22:46 +00:00
|
|
|
State state,
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<JSObject> receiver,
|
|
|
|
|
Handle<String> name,
|
|
|
|
|
Handle<Object> value) {
|
|
|
|
|
ASSERT(lookup->IsLoaded());
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
|
|
|
|
|
// Skip JSGlobalProxy.
|
|
|
|
|
if (receiver->IsJSGlobalProxy()) return;
|
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
// Bail out if we didn't find a result.
|
|
|
|
|
if (!lookup->IsValid() || !lookup->IsCacheable()) return;
|
|
|
|
|
|
|
|
|
|
// If the property is read-only, we leave the IC in its current
|
|
|
|
|
// state.
|
|
|
|
|
if (lookup->IsReadOnly()) return;
|
|
|
|
|
|
|
|
|
|
// If the property has a non-field type allowing map transitions
|
|
|
|
|
// where there is extra room in the object, we leave the IC in its
|
|
|
|
|
// current state.
|
|
|
|
|
PropertyType type = lookup->type();
|
|
|
|
|
|
|
|
|
|
// Compute the code stub for this store; used for rewriting to
|
|
|
|
|
// monomorphic state and making sure that the code stub is in the
|
|
|
|
|
// stub cache.
|
2008-09-18 10:22:46 +00:00
|
|
|
Object* code = NULL;
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
|
case FIELD: {
|
|
|
|
|
code = StubCache::ComputeKeyedStoreField(*name, *receiver,
|
|
|
|
|
lookup->GetFieldIndex());
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
case MAP_TRANSITION: {
|
|
|
|
|
if (lookup->GetAttributes() == NONE) {
|
|
|
|
|
HandleScope scope;
|
2008-10-03 09:16:12 +00:00
|
|
|
ASSERT(type == MAP_TRANSITION);
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<Map> transition(lookup->GetTransitionMap());
|
|
|
|
|
int index = transition->PropertyIndexFor(*name);
|
|
|
|
|
code = StubCache::ComputeKeyedStoreField(*name, *receiver,
|
|
|
|
|
index, *transition);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
// fall through.
|
|
|
|
|
}
|
|
|
|
|
default: {
|
|
|
|
|
// Always rewrite to the generic case so that we do not
|
|
|
|
|
// repeatedly try to rewrite.
|
|
|
|
|
code = generic_stub();
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If we're unable to compute the stub (not enough memory left), we
|
|
|
|
|
// simply avoid updating the caches.
|
|
|
|
|
if (code->IsFailure()) return;
|
|
|
|
|
|
|
|
|
|
// Patch the call site depending on the state of the cache. Make
|
|
|
|
|
// sure to always rewrite from monomorphic to megamorphic.
|
|
|
|
|
ASSERT(state != MONOMORPHIC_PROTOTYPE_FAILURE);
|
|
|
|
|
if (state == UNINITIALIZED || state == PREMONOMORPHIC) {
|
|
|
|
|
set_target(Code::cast(code));
|
|
|
|
|
} else if (state == MONOMORPHIC) {
|
|
|
|
|
set_target(megamorphic_stub());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef DEBUG
|
|
|
|
|
TraceIC("KeyedStoreIC", name, state, target());
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// ----------------------------------------------------------------------------
|
|
|
|
|
// Static IC stub generators.
|
|
|
|
|
//
|
|
|
|
|
|
|
|
|
|
// Used from ic_<arch>.cc.
|
|
|
|
|
Object* CallIC_Miss(Arguments args) {
|
|
|
|
|
NoHandleAllocation na;
|
|
|
|
|
ASSERT(args.length() == 2);
|
|
|
|
|
CallIC ic;
|
2008-09-18 10:22:46 +00:00
|
|
|
IC::State state = IC::StateFrom(ic.target(), args[0]);
|
2008-11-17 05:50:52 +00:00
|
|
|
Object* result =
|
|
|
|
|
ic.LoadFunction(state, args.at<Object>(0), args.at<String>(1));
|
|
|
|
|
if (state != UNINITIALIZED_IN_LOOP || !result->IsJSFunction())
|
|
|
|
|
return result;
|
|
|
|
|
|
|
|
|
|
// Compile the function with the knowledge that it's called from
|
|
|
|
|
// within a loop. This enables further optimization of the function.
|
|
|
|
|
HandleScope scope;
|
|
|
|
|
Handle<JSFunction> function = Handle<JSFunction>(JSFunction::cast(result));
|
|
|
|
|
if (!function->is_compiled()) CompileLazyInLoop(function, CLEAR_EXCEPTION);
|
|
|
|
|
return *function;
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void CallIC::GenerateInitialize(MacroAssembler* masm, int argc) {
|
|
|
|
|
Generate(masm, argc, ExternalReference(IC_Utility(kCallIC_Miss)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void CallIC::GeneratePreMonomorphic(MacroAssembler* masm, int argc) {
|
|
|
|
|
Generate(masm, argc, ExternalReference(IC_Utility(kCallIC_Miss)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void CallIC::GenerateMiss(MacroAssembler* masm, int argc) {
|
|
|
|
|
Generate(masm, argc, ExternalReference(IC_Utility(kCallIC_Miss)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Used from ic_<arch>.cc.
|
|
|
|
|
Object* LoadIC_Miss(Arguments args) {
|
|
|
|
|
NoHandleAllocation na;
|
|
|
|
|
ASSERT(args.length() == 2);
|
|
|
|
|
LoadIC ic;
|
2008-09-18 10:22:46 +00:00
|
|
|
IC::State state = IC::StateFrom(ic.target(), args[0]);
|
|
|
|
|
return ic.Load(state, args.at<Object>(0), args.at<String>(1));
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void LoadIC::GenerateInitialize(MacroAssembler* masm) {
|
|
|
|
|
Generate(masm, ExternalReference(IC_Utility(kLoadIC_Miss)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void LoadIC::GeneratePreMonomorphic(MacroAssembler* masm) {
|
|
|
|
|
Generate(masm, ExternalReference(IC_Utility(kLoadIC_Miss)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Used from ic_<arch>.cc
|
|
|
|
|
Object* KeyedLoadIC_Miss(Arguments args) {
|
|
|
|
|
NoHandleAllocation na;
|
|
|
|
|
ASSERT(args.length() == 2);
|
|
|
|
|
KeyedLoadIC ic;
|
2008-09-18 10:22:46 +00:00
|
|
|
IC::State state = IC::StateFrom(ic.target(), args[0]);
|
|
|
|
|
return ic.Load(state, args.at<Object>(0), args.at<Object>(1));
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void KeyedLoadIC::GenerateInitialize(MacroAssembler* masm) {
|
|
|
|
|
Generate(masm, ExternalReference(IC_Utility(kKeyedLoadIC_Miss)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void KeyedLoadIC::GeneratePreMonomorphic(MacroAssembler* masm) {
|
|
|
|
|
Generate(masm, ExternalReference(IC_Utility(kKeyedLoadIC_Miss)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Used from ic_<arch>.cc.
|
|
|
|
|
Object* StoreIC_Miss(Arguments args) {
|
|
|
|
|
NoHandleAllocation na;
|
|
|
|
|
ASSERT(args.length() == 3);
|
|
|
|
|
StoreIC ic;
|
2008-09-18 10:22:46 +00:00
|
|
|
IC::State state = IC::StateFrom(ic.target(), args[0]);
|
|
|
|
|
return ic.Store(state, args.at<Object>(0), args.at<String>(1),
|
|
|
|
|
args.at<Object>(2));
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-10-03 09:16:12 +00:00
|
|
|
// Extend storage is called in a store inline cache when
|
|
|
|
|
// it is necessary to extend the properties array of a
|
|
|
|
|
// JSObject.
|
2008-10-07 09:28:04 +00:00
|
|
|
Object* SharedStoreIC_ExtendStorage(Arguments args) {
|
2008-10-03 09:16:12 +00:00
|
|
|
NoHandleAllocation na;
|
|
|
|
|
ASSERT(args.length() == 3);
|
|
|
|
|
|
|
|
|
|
// Convert the parameters
|
|
|
|
|
JSObject* object = JSObject::cast(args[0]);
|
|
|
|
|
Map* transition = Map::cast(args[1]);
|
|
|
|
|
Object* value = args[2];
|
|
|
|
|
|
|
|
|
|
// Check the object has run out out property space.
|
|
|
|
|
ASSERT(object->HasFastProperties());
|
|
|
|
|
ASSERT(object->map()->unused_property_fields() == 0);
|
|
|
|
|
|
|
|
|
|
// Expand the properties array.
|
|
|
|
|
FixedArray* old_storage = object->properties();
|
|
|
|
|
int new_unused = transition->unused_property_fields();
|
|
|
|
|
int new_size = old_storage->length() + new_unused + 1;
|
|
|
|
|
Object* result = old_storage->CopySize(new_size);
|
|
|
|
|
if (result->IsFailure()) return result;
|
|
|
|
|
FixedArray* new_storage = FixedArray::cast(result);
|
|
|
|
|
new_storage->set(old_storage->length(), value);
|
|
|
|
|
|
2009-01-15 19:08:34 +00:00
|
|
|
// Set the new property value and do the map transition.
|
2008-10-03 09:16:12 +00:00
|
|
|
object->set_properties(new_storage);
|
|
|
|
|
object->set_map(transition);
|
|
|
|
|
|
|
|
|
|
// Return the stored value.
|
|
|
|
|
return value;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
void StoreIC::GenerateInitialize(MacroAssembler* masm) {
|
|
|
|
|
Generate(masm, ExternalReference(IC_Utility(kStoreIC_Miss)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void StoreIC::GenerateMiss(MacroAssembler* masm) {
|
|
|
|
|
Generate(masm, ExternalReference(IC_Utility(kStoreIC_Miss)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Used from ic_<arch>.cc.
|
|
|
|
|
Object* KeyedStoreIC_Miss(Arguments args) {
|
|
|
|
|
NoHandleAllocation na;
|
|
|
|
|
ASSERT(args.length() == 3);
|
|
|
|
|
KeyedStoreIC ic;
|
2008-09-18 10:22:46 +00:00
|
|
|
IC::State state = IC::StateFrom(ic.target(), args[0]);
|
|
|
|
|
return ic.Store(state, args.at<Object>(0), args.at<Object>(1),
|
|
|
|
|
args.at<Object>(2));
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void KeyedStoreIC::GenerateInitialize(MacroAssembler* masm) {
|
|
|
|
|
Generate(masm, ExternalReference(IC_Utility(kKeyedStoreIC_Miss)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void KeyedStoreIC::GenerateMiss(MacroAssembler* masm) {
|
|
|
|
|
Generate(masm, ExternalReference(IC_Utility(kKeyedStoreIC_Miss)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static Address IC_utilities[] = {
|
|
|
|
|
#define ADDR(name) FUNCTION_ADDR(name),
|
|
|
|
|
IC_UTIL_LIST(ADDR)
|
|
|
|
|
NULL
|
|
|
|
|
#undef ADDR
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Address IC::AddressFromUtilityId(IC::UtilityId id) {
|
|
|
|
|
return IC_utilities[id];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
} } // namespace v8::internal
|
