2008-09-09 20:08:45 +00:00
|
|
|
// Copyright 2006-2008 the V8 project authors. All rights reserved.
|
2008-07-03 15:10:15 +00:00
|
|
|
// Redistribution and use in source and binary forms, with or without
|
|
|
|
// modification, are permitted provided that the following conditions are
|
|
|
|
// met:
|
|
|
|
//
|
|
|
|
// * Redistributions of source code must retain the above copyright
|
|
|
|
// notice, this list of conditions and the following disclaimer.
|
|
|
|
// * Redistributions in binary form must reproduce the above
|
|
|
|
// copyright notice, this list of conditions and the following
|
|
|
|
// disclaimer in the documentation and/or other materials provided
|
|
|
|
// with the distribution.
|
|
|
|
// * Neither the name of Google Inc. nor the names of its
|
|
|
|
// contributors may be used to endorse or promote products derived
|
|
|
|
// from this software without specific prior written permission.
|
|
|
|
//
|
|
|
|
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
|
|
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
|
|
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
|
|
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
|
|
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
|
|
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
|
|
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
|
|
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
|
|
|
#ifndef V8_MACRO_ASSEMBLER_IA32_H_
|
|
|
|
#define V8_MACRO_ASSEMBLER_IA32_H_
|
|
|
|
|
|
|
|
#include "assembler.h"
|
|
|
|
|
|
|
|
namespace v8 { namespace internal {
|
|
|
|
|
2009-02-27 13:00:32 +00:00
|
|
|
// Forward declaration.
|
|
|
|
class JumpTarget;
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2009-02-27 13:00:32 +00:00
|
|
|
|
|
|
|
// Helper types to make flags easier to read at call sites.
|
2008-07-03 15:10:15 +00:00
|
|
|
enum InvokeFlag {
|
|
|
|
CALL_FUNCTION,
|
|
|
|
JUMP_FUNCTION
|
|
|
|
};
|
|
|
|
|
|
|
|
enum CodeLocation {
|
|
|
|
IN_JAVASCRIPT,
|
|
|
|
IN_JS_ENTRY,
|
|
|
|
IN_C_ENTRY
|
|
|
|
};
|
|
|
|
|
|
|
|
enum HandlerType {
|
|
|
|
TRY_CATCH_HANDLER,
|
|
|
|
TRY_FINALLY_HANDLER,
|
|
|
|
JS_ENTRY_HANDLER
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
// MacroAssembler implements a collection of frequently used macros.
|
|
|
|
class MacroAssembler: public Assembler {
|
|
|
|
public:
|
|
|
|
MacroAssembler(void* buffer, int size);
|
|
|
|
|
|
|
|
// ---------------------------------------------------------------------------
|
|
|
|
// GC Support
|
|
|
|
|
|
|
|
// Set the remembered set bit for [object+offset].
|
|
|
|
// object is the object being stored into, value is the object being stored.
|
|
|
|
// If offset is zero, then the scratch register contains the array index into
|
|
|
|
// the elements array represented as a Smi.
|
|
|
|
// All registers are clobbered by the operation.
|
|
|
|
void RecordWrite(Register object,
|
|
|
|
int offset,
|
|
|
|
Register value,
|
|
|
|
Register scratch);
|
|
|
|
|
|
|
|
|
|
|
|
// ---------------------------------------------------------------------------
|
|
|
|
// Debugger Support
|
|
|
|
|
|
|
|
void SaveRegistersToMemory(RegList regs);
|
|
|
|
void RestoreRegistersFromMemory(RegList regs);
|
|
|
|
void PushRegistersFromMemory(RegList regs);
|
|
|
|
void PopRegistersToMemory(RegList regs);
|
|
|
|
void CopyRegistersFromStackToMemory(Register base,
|
|
|
|
Register scratch,
|
|
|
|
RegList regs);
|
|
|
|
|
|
|
|
|
|
|
|
// ---------------------------------------------------------------------------
|
|
|
|
// Activation frames
|
|
|
|
|
2008-10-10 09:09:38 +00:00
|
|
|
void EnterInternalFrame() { EnterFrame(StackFrame::INTERNAL); }
|
|
|
|
void LeaveInternalFrame() { LeaveFrame(StackFrame::INTERNAL); }
|
|
|
|
|
|
|
|
void EnterConstructFrame() { EnterFrame(StackFrame::CONSTRUCT); }
|
|
|
|
void LeaveConstructFrame() { LeaveFrame(StackFrame::CONSTRUCT); }
|
2008-09-23 08:19:26 +00:00
|
|
|
|
|
|
|
// Enter specific kind of exit frame; either EXIT or
|
|
|
|
// EXIT_DEBUG. Expects the number of arguments in register eax and
|
|
|
|
// sets up the number of arguments in register edi and the pointer
|
|
|
|
// to the first argument in register esi.
|
|
|
|
void EnterExitFrame(StackFrame::Type type);
|
|
|
|
|
|
|
|
// Leave the current exit frame. Expects the return value in
|
|
|
|
// register eax:edx (untouched) and the pointer to the first
|
|
|
|
// argument in register esi.
|
2008-09-23 12:21:54 +00:00
|
|
|
void LeaveExitFrame(StackFrame::Type type);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
|
|
|
|
// ---------------------------------------------------------------------------
|
|
|
|
// JavaScript invokes
|
|
|
|
|
|
|
|
// Invoke the JavaScript function code by either calling or jumping.
|
|
|
|
void InvokeCode(const Operand& code,
|
|
|
|
const ParameterCount& expected,
|
|
|
|
const ParameterCount& actual,
|
|
|
|
InvokeFlag flag);
|
|
|
|
|
|
|
|
void InvokeCode(Handle<Code> code,
|
|
|
|
const ParameterCount& expected,
|
|
|
|
const ParameterCount& actual,
|
2008-09-22 13:57:03 +00:00
|
|
|
RelocInfo::Mode rmode,
|
2008-07-03 15:10:15 +00:00
|
|
|
InvokeFlag flag);
|
|
|
|
|
|
|
|
// Invoke the JavaScript function in the given register. Changes the
|
|
|
|
// current context to the context in the function before invoking.
|
|
|
|
void InvokeFunction(Register function,
|
|
|
|
const ParameterCount& actual,
|
|
|
|
InvokeFlag flag);
|
|
|
|
|
|
|
|
// Invoke specified builtin JavaScript function. Adds an entry to
|
|
|
|
// the unresolved list if the name does not resolve.
|
|
|
|
void InvokeBuiltin(Builtins::JavaScript id, InvokeFlag flag);
|
|
|
|
|
|
|
|
// Store the code object for the given builtin in the target register.
|
|
|
|
void GetBuiltinEntry(Register target, Builtins::JavaScript id);
|
|
|
|
|
|
|
|
// Expression support
|
|
|
|
void Set(Register dst, const Immediate& x);
|
|
|
|
void Set(const Operand& dst, const Immediate& x);
|
|
|
|
|
2009-03-09 14:00:51 +00:00
|
|
|
// Compare object type for heap object.
|
|
|
|
// Incoming register is heap_object and outgoing register is map.
|
|
|
|
void CmpObjectType(Register heap_object, InstanceType type, Register map);
|
|
|
|
|
|
|
|
// Compare instance type for map.
|
|
|
|
void CmpInstanceType(Register map, InstanceType type);
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
// FCmp is similar to integer cmp, but requires unsigned
|
|
|
|
// jcc instructions (je, ja, jae, jb, jbe, je, and jz).
|
|
|
|
void FCmp();
|
|
|
|
|
|
|
|
// ---------------------------------------------------------------------------
|
|
|
|
// Exception handling
|
|
|
|
|
|
|
|
// Push a new try handler and link into try handler chain.
|
|
|
|
// The return address must be pushed before calling this helper.
|
|
|
|
// On exit, eax contains TOS (next_sp).
|
|
|
|
void PushTryHandler(CodeLocation try_location, HandlerType type);
|
|
|
|
|
|
|
|
|
|
|
|
// ---------------------------------------------------------------------------
|
|
|
|
// Inline caching support
|
|
|
|
|
|
|
|
// Generates code that verifies that the maps of objects in the
|
|
|
|
// prototype chain of object hasn't changed since the code was
|
|
|
|
// generated and branches to the miss label if any map has. If
|
|
|
|
// necessary the function also generates code for security check
|
|
|
|
// in case of global object holders. The scratch and holder
|
|
|
|
// registers are always clobbered, but the object register is only
|
|
|
|
// clobbered if it the same as the holder register. The function
|
|
|
|
// returns a register containing the holder - either object_reg or
|
|
|
|
// holder_reg.
|
|
|
|
Register CheckMaps(JSObject* object, Register object_reg,
|
|
|
|
JSObject* holder, Register holder_reg,
|
|
|
|
Register scratch, Label* miss);
|
|
|
|
|
|
|
|
// Generate code for checking access rights - used for security checks
|
|
|
|
// on access to global objects across environments. The holder register
|
|
|
|
// is left untouched, but the scratch register is clobbered.
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
void CheckAccessGlobalProxy(Register holder_reg,
|
|
|
|
Register scratch,
|
|
|
|
Label* miss);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
|
|
|
|
// ---------------------------------------------------------------------------
|
|
|
|
// Support functions.
|
|
|
|
|
|
|
|
// Check if result is zero and op is negative.
|
|
|
|
void NegativeZeroTest(Register result, Register op, Label* then_label);
|
|
|
|
|
2009-02-27 13:00:32 +00:00
|
|
|
// Check if result is zero and op is negative in code using jump targets.
|
|
|
|
void NegativeZeroTest(CodeGenerator* cgen,
|
|
|
|
Register result,
|
|
|
|
Register op,
|
|
|
|
JumpTarget* then_target);
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
// Check if result is zero and any of op1 and op2 are negative.
|
|
|
|
// Register scratch is destroyed, and it must be different from op2.
|
|
|
|
void NegativeZeroTest(Register result, Register op1, Register op2,
|
|
|
|
Register scratch, Label* then_label);
|
|
|
|
|
2008-10-08 13:33:16 +00:00
|
|
|
// Try to get function prototype of a function and puts the value in
|
|
|
|
// the result register. Checks that the function really is a
|
|
|
|
// function and jumps to the miss label if the fast checks fail. The
|
|
|
|
// function register will be untouched; the other registers may be
|
|
|
|
// clobbered.
|
|
|
|
void TryGetFunctionPrototype(Register function,
|
|
|
|
Register result,
|
|
|
|
Register scratch,
|
|
|
|
Label* miss);
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
// Generates code for reporting that an illegal operation has
|
2008-10-06 06:41:10 +00:00
|
|
|
// occurred.
|
|
|
|
void IllegalOperation(int num_arguments);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
// ---------------------------------------------------------------------------
|
|
|
|
// Runtime calls
|
|
|
|
|
|
|
|
// Call a code stub.
|
|
|
|
void CallStub(CodeStub* stub);
|
|
|
|
|
|
|
|
// Return from a code stub after popping its arguments.
|
|
|
|
void StubReturn(int argc);
|
|
|
|
|
|
|
|
// Call a runtime routine.
|
|
|
|
// Eventually this should be used for all C calls.
|
|
|
|
void CallRuntime(Runtime::Function* f, int num_arguments);
|
|
|
|
|
|
|
|
// Convenience function: Same as above, but takes the fid instead.
|
|
|
|
void CallRuntime(Runtime::FunctionId id, int num_arguments);
|
|
|
|
|
|
|
|
// Tail call of a runtime routine (jump).
|
|
|
|
// Like JumpToBuiltin, but also takes care of passing the number
|
2008-08-13 09:32:07 +00:00
|
|
|
// of arguments.
|
|
|
|
void TailCallRuntime(const ExternalReference& ext, int num_arguments);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
// Jump to the builtin routine.
|
|
|
|
void JumpToBuiltin(const ExternalReference& ext);
|
|
|
|
|
2008-09-23 08:19:26 +00:00
|
|
|
|
|
|
|
// ---------------------------------------------------------------------------
|
|
|
|
// Utilities
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
void Ret();
|
|
|
|
|
|
|
|
struct Unresolved {
|
|
|
|
int pc;
|
|
|
|
uint32_t flags; // see Bootstrapper::FixupFlags decoders/encoders.
|
|
|
|
const char* name;
|
|
|
|
};
|
|
|
|
List<Unresolved>* unresolved() { return &unresolved_; }
|
|
|
|
|
2009-02-25 16:52:15 +00:00
|
|
|
Handle<Object> CodeObject() { return code_object_; }
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
// ---------------------------------------------------------------------------
|
|
|
|
// StatsCounter support
|
|
|
|
|
|
|
|
void SetCounter(StatsCounter* counter, int value);
|
|
|
|
void IncrementCounter(StatsCounter* counter, int value);
|
|
|
|
void DecrementCounter(StatsCounter* counter, int value);
|
|
|
|
|
|
|
|
|
|
|
|
// ---------------------------------------------------------------------------
|
|
|
|
// Debugging
|
|
|
|
|
|
|
|
// Calls Abort(msg) if the condition cc is not satisfied.
|
|
|
|
// Use --debug_code to enable.
|
|
|
|
void Assert(Condition cc, const char* msg);
|
|
|
|
|
|
|
|
// Like Assert(), but always enabled.
|
|
|
|
void Check(Condition cc, const char* msg);
|
|
|
|
|
|
|
|
// Print a message to stdout and abort execution.
|
|
|
|
void Abort(const char* msg);
|
|
|
|
|
|
|
|
// Verify restrictions about code generated in stubs.
|
|
|
|
void set_generating_stub(bool value) { generating_stub_ = value; }
|
|
|
|
bool generating_stub() { return generating_stub_; }
|
2008-07-30 08:49:36 +00:00
|
|
|
void set_allow_stub_calls(bool value) { allow_stub_calls_ = value; }
|
|
|
|
bool allow_stub_calls() { return allow_stub_calls_; }
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
private:
|
|
|
|
List<Unresolved> unresolved_;
|
|
|
|
bool generating_stub_;
|
2008-07-30 08:49:36 +00:00
|
|
|
bool allow_stub_calls_;
|
2009-02-25 16:52:15 +00:00
|
|
|
Handle<Object> code_object_; // This handle will be patched with the code
|
|
|
|
// code object on installation.
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
// Helper functions for generating invokes.
|
|
|
|
void InvokePrologue(const ParameterCount& expected,
|
|
|
|
const ParameterCount& actual,
|
|
|
|
Handle<Code> code_constant,
|
|
|
|
const Operand& code_operand,
|
|
|
|
Label* done,
|
|
|
|
InvokeFlag flag);
|
2008-09-12 03:29:06 +00:00
|
|
|
|
|
|
|
// Get the code for the given builtin. Returns if able to resolve
|
|
|
|
// the function in the 'resolved' flag.
|
|
|
|
Handle<Code> ResolveBuiltin(Builtins::JavaScript id, bool* resolved);
|
2008-10-10 09:09:38 +00:00
|
|
|
|
|
|
|
// Activation support.
|
|
|
|
void EnterFrame(StackFrame::Type type);
|
|
|
|
void LeaveFrame(StackFrame::Type type);
|
2008-07-03 15:10:15 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
// The code patcher is used to patch (typically) small parts of code e.g. for
|
|
|
|
// debugging and other types of instrumentation. When using the code patcher
|
|
|
|
// the exact number of bytes specified must be emitted. Is not legal to emit
|
|
|
|
// relocation information. If any of these constraints are violated it causes
|
|
|
|
// an assertion.
|
|
|
|
class CodePatcher {
|
|
|
|
public:
|
|
|
|
CodePatcher(byte* address, int size);
|
|
|
|
virtual ~CodePatcher();
|
|
|
|
|
|
|
|
// Macro assembler to emit code.
|
|
|
|
MacroAssembler* masm() { return &masm_; }
|
|
|
|
|
|
|
|
private:
|
|
|
|
byte* address_; // The address of the code being patched.
|
|
|
|
int size_; // Number of bytes of the expected patch size.
|
|
|
|
MacroAssembler masm_; // Macro assembler used to generate the code.
|
|
|
|
};
|
|
|
|
|
2008-12-19 13:12:43 +00:00
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
// -----------------------------------------------------------------------------
|
|
|
|
// Static helper functions.
|
|
|
|
|
|
|
|
// Generate an Operand for loading a field from an object.
|
|
|
|
static inline Operand FieldOperand(Register object, int offset) {
|
|
|
|
return Operand(object, offset - kHeapObjectTag);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-07-30 08:49:36 +00:00
|
|
|
// Generate an Operand for loading an indexed field from an object.
|
|
|
|
static inline Operand FieldOperand(Register object,
|
|
|
|
Register index,
|
|
|
|
ScaleFactor scale,
|
|
|
|
int offset) {
|
|
|
|
return Operand(object, index, scale, offset - kHeapObjectTag);
|
|
|
|
}
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
} } // namespace v8::internal
|
|
|
|
|
|
|
|
#endif // V8_MACRO_ASSEMBLER_IA32_H_
|