[runtime] Use JSBuiltinsConstructStub for InternalArray
Part of ongoing work to remove the construct_stub field of the SFI. Generate_InternalArrayConstructor was actually incorrect for packed internal arrays, where it would instead create a regular internal array because it loaded the constructor function from the context every time. Ultimately InternalArray should be removed, or the constructor ported to CSA in the meantime. But for now, it is off the critical path for the construct_stub removal. Also fix a bug: Runtime_NewArray expects a type_info parameter, which should be in rbx (on x64). Because we now go through JSBuiltinsConstructStubHelper first, rbx is loaded with a value that doesn't look like a heap object, which causes a crash in NewArray. Fix that by first loading undefined explicitly (which is what the ArrayConstructor builtin does already). Bug: v8:7503 Change-Id: Ic92fa8864b0af2d32200eb0176ba55ccff03b114 Reviewed-on: https://chromium-review.googlesource.com/970823 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#52072}
This commit is contained in:
Peter Marshall
Commit Bot
parent
6bc4bfea65
commit
1d597f03a6
@ -4475,9 +4475,8 @@ Handle<JSFunction> Genesis::InstallInternalArray(Handle<JSObject> target,
|
||||
InstallFunction(target, name, JS_ARRAY_TYPE, JSArray::kSize, 0, prototype,
|
||||
Builtins::kInternalArrayConstructor);
|
||||
|
||||
InternalArrayConstructorStub internal_array_constructor_stub(isolate());
|
||||
Handle<Code> code = internal_array_constructor_stub.GetCode();
|
||||
array_function->shared()->SetConstructStub(*code);
|
||||
array_function->shared()->SetConstructStub(
|
||||
*BUILTIN_CODE(isolate_, JSBuiltinsConstructStub));
|
||||
array_function->shared()->DontAdaptArguments();
|
||||
|
||||
Handle<Map> original_map(array_function->initial_map());
|
||||
|
||||
@ -88,13 +88,6 @@ void Builtins::Generate_AdaptorWithBuiltinExitFrame(MacroAssembler* masm) {
|
||||
AdaptorWithExitFrameType(masm, BUILTIN_EXIT);
|
||||
}
|
||||
|
||||
// Load the built-in InternalArray function from the current context.
|
||||
static void GenerateLoadInternalArrayFunction(MacroAssembler* masm,
|
||||
Register result) {
|
||||
// Load the InternalArray function from the current native context.
|
||||
__ LoadNativeContextSlot(Context::INTERNAL_ARRAY_FUNCTION_INDEX, result);
|
||||
}
|
||||
|
||||
// Load the built-in Array function from the current context.
|
||||
static void GenerateLoadArrayFunction(MacroAssembler* masm, Register result) {
|
||||
// Load the Array function from the current native context.
|
||||
@ -109,9 +102,6 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
|
||||
// -----------------------------------
|
||||
Label generic_array_code, one_or_more_arguments, two_or_more_arguments;
|
||||
|
||||
// Get the InternalArray function.
|
||||
GenerateLoadInternalArrayFunction(masm, r1);
|
||||
|
||||
if (FLAG_debug_code) {
|
||||
// Initial map for the builtin InternalArray functions should be maps.
|
||||
__ ldr(r2, FieldMemOperand(r1, JSFunction::kPrototypeOrInitialMapOffset));
|
||||
@ -124,6 +114,7 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
|
||||
// Run the native code for the InternalArray function called as a normal
|
||||
// function.
|
||||
// tail call a stub
|
||||
__ LoadRoot(r2, Heap::kUndefinedValueRootIndex);
|
||||
InternalArrayConstructorStub stub(masm->isolate());
|
||||
__ TailCallStub(&stub);
|
||||
}
|
||||
|
||||
@ -25,13 +25,6 @@ static void GenerateLoadArrayFunction(MacroAssembler* masm, Register result) {
|
||||
__ LoadNativeContextSlot(Context::ARRAY_FUNCTION_INDEX, result);
|
||||
}
|
||||
|
||||
// Load the built-in InternalArray function from the current context.
|
||||
static void GenerateLoadInternalArrayFunction(MacroAssembler* masm,
|
||||
Register result) {
|
||||
// Load the InternalArray function from the native context.
|
||||
__ LoadNativeContextSlot(Context::INTERNAL_ARRAY_FUNCTION_INDEX, result);
|
||||
}
|
||||
|
||||
void Builtins::Generate_Adaptor(MacroAssembler* masm, Address address,
|
||||
ExitFrameType exit_frame_type) {
|
||||
__ Mov(x5, ExternalReference(address, masm->isolate()));
|
||||
@ -104,9 +97,6 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
|
||||
ASM_LOCATION("Builtins::Generate_InternalArrayConstructor");
|
||||
Label generic_array_code;
|
||||
|
||||
// Get the InternalArray function.
|
||||
GenerateLoadInternalArrayFunction(masm, x1);
|
||||
|
||||
if (FLAG_debug_code) {
|
||||
// Initial map for the builtin InternalArray functions should be maps.
|
||||
__ Ldr(x10, FieldMemOperand(x1, JSFunction::kPrototypeOrInitialMapOffset));
|
||||
@ -118,6 +108,7 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
|
||||
|
||||
// Run the native code for the InternalArray function called as a normal
|
||||
// function.
|
||||
__ LoadRoot(x2, Heap::kUndefinedValueRootIndex);
|
||||
InternalArrayConstructorStub stub(masm->isolate());
|
||||
__ TailCallStub(&stub);
|
||||
}
|
||||
|
||||
@ -1809,9 +1809,6 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
|
||||
// -----------------------------------
|
||||
Label generic_array_code;
|
||||
|
||||
// Get the InternalArray function.
|
||||
__ LoadGlobalFunction(Context::INTERNAL_ARRAY_FUNCTION_INDEX, edi);
|
||||
|
||||
if (FLAG_debug_code) {
|
||||
// Initial map for the builtin InternalArray function should be a map.
|
||||
__ mov(ebx, FieldOperand(edi, JSFunction::kPrototypeOrInitialMapOffset));
|
||||
@ -1827,6 +1824,7 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
|
||||
// Run the native code for the InternalArray function called as a normal
|
||||
// function.
|
||||
// tail call a stub
|
||||
__ mov(ebx, masm->isolate()->factory()->undefined_value());
|
||||
InternalArrayConstructorStub stub(masm->isolate());
|
||||
__ TailCallStub(&stub);
|
||||
}
|
||||
|
||||
@ -82,13 +82,6 @@ void Builtins::Generate_AdaptorWithBuiltinExitFrame(MacroAssembler* masm) {
|
||||
AdaptorWithExitFrameType(masm, BUILTIN_EXIT);
|
||||
}
|
||||
|
||||
// Load the built-in InternalArray function from the current context.
|
||||
static void GenerateLoadInternalArrayFunction(MacroAssembler* masm,
|
||||
Register result) {
|
||||
// Load the InternalArray function from the native context.
|
||||
__ LoadNativeContextSlot(Context::INTERNAL_ARRAY_FUNCTION_INDEX, result);
|
||||
}
|
||||
|
||||
// Load the built-in Array function from the current context.
|
||||
static void GenerateLoadArrayFunction(MacroAssembler* masm, Register result) {
|
||||
// Load the Array function from the native context.
|
||||
@ -103,9 +96,6 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
|
||||
// -----------------------------------
|
||||
Label generic_array_code, one_or_more_arguments, two_or_more_arguments;
|
||||
|
||||
// Get the InternalArray function.
|
||||
GenerateLoadInternalArrayFunction(masm, a1);
|
||||
|
||||
if (FLAG_debug_code) {
|
||||
// Initial map for the builtin InternalArray functions should be maps.
|
||||
__ lw(a2, FieldMemOperand(a1, JSFunction::kPrototypeOrInitialMapOffset));
|
||||
@ -120,6 +110,7 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
|
||||
// Run the native code for the InternalArray function called as a normal
|
||||
// function.
|
||||
// Tail call a stub.
|
||||
__ LoadRoot(a2, Heap::kUndefinedValueRootIndex);
|
||||
InternalArrayConstructorStub stub(masm->isolate());
|
||||
__ TailCallStub(&stub);
|
||||
}
|
||||
|
||||
@ -82,13 +82,6 @@ void Builtins::Generate_AdaptorWithBuiltinExitFrame(MacroAssembler* masm) {
|
||||
AdaptorWithExitFrameType(masm, BUILTIN_EXIT);
|
||||
}
|
||||
|
||||
// Load the built-in InternalArray function from the current context.
|
||||
static void GenerateLoadInternalArrayFunction(MacroAssembler* masm,
|
||||
Register result) {
|
||||
// Load the InternalArray function from the native context.
|
||||
__ LoadNativeContextSlot(Context::INTERNAL_ARRAY_FUNCTION_INDEX, result);
|
||||
}
|
||||
|
||||
// Load the built-in Array function from the current context.
|
||||
static void GenerateLoadArrayFunction(MacroAssembler* masm, Register result) {
|
||||
// Load the Array function from the native context.
|
||||
@ -103,9 +96,6 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
|
||||
// -----------------------------------
|
||||
Label generic_array_code, one_or_more_arguments, two_or_more_arguments;
|
||||
|
||||
// Get the InternalArray function.
|
||||
GenerateLoadInternalArrayFunction(masm, a1);
|
||||
|
||||
if (FLAG_debug_code) {
|
||||
// Initial map for the builtin InternalArray functions should be maps.
|
||||
__ Ld(a2, FieldMemOperand(a1, JSFunction::kPrototypeOrInitialMapOffset));
|
||||
@ -120,6 +110,7 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
|
||||
// Run the native code for the InternalArray function called as a normal
|
||||
// function.
|
||||
// Tail call a stub.
|
||||
__ LoadRoot(a2, Heap::kUndefinedValueRootIndex);
|
||||
InternalArrayConstructorStub stub(masm->isolate());
|
||||
__ TailCallStub(&stub);
|
||||
}
|
||||
|
||||
@ -81,13 +81,6 @@ void Builtins::Generate_AdaptorWithBuiltinExitFrame(MacroAssembler* masm) {
|
||||
AdaptorWithExitFrameType(masm, BUILTIN_EXIT);
|
||||
}
|
||||
|
||||
// Load the built-in InternalArray function from the current context.
|
||||
static void GenerateLoadInternalArrayFunction(MacroAssembler* masm,
|
||||
Register result) {
|
||||
// Load the InternalArray function from the current native context.
|
||||
__ LoadNativeContextSlot(Context::INTERNAL_ARRAY_FUNCTION_INDEX, result);
|
||||
}
|
||||
|
||||
// Load the built-in Array function from the current context.
|
||||
static void GenerateLoadArrayFunction(MacroAssembler* masm, Register result) {
|
||||
// Load the Array function from the current native context.
|
||||
@ -102,9 +95,6 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
|
||||
// -----------------------------------
|
||||
Label generic_array_code, one_or_more_arguments, two_or_more_arguments;
|
||||
|
||||
// Get the InternalArray function.
|
||||
GenerateLoadInternalArrayFunction(masm, r4);
|
||||
|
||||
if (FLAG_debug_code) {
|
||||
// Initial map for the builtin InternalArray functions should be maps.
|
||||
__ LoadP(r5, FieldMemOperand(r4, JSFunction::kPrototypeOrInitialMapOffset));
|
||||
@ -118,6 +108,7 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
|
||||
// Run the native code for the InternalArray function called as a normal
|
||||
// function.
|
||||
// tail call a stub
|
||||
__ LoadRoot(r5, Heap::kUndefinedValueRootIndex);
|
||||
InternalArrayConstructorStub stub(masm->isolate());
|
||||
__ TailCallStub(&stub);
|
||||
}
|
||||
|
||||
@ -81,13 +81,6 @@ void Builtins::Generate_AdaptorWithBuiltinExitFrame(MacroAssembler* masm) {
|
||||
AdaptorWithExitFrameType(masm, BUILTIN_EXIT);
|
||||
}
|
||||
|
||||
// Load the built-in InternalArray function from the current context.
|
||||
static void GenerateLoadInternalArrayFunction(MacroAssembler* masm,
|
||||
Register result) {
|
||||
// Load the InternalArray function from the current native context.
|
||||
__ LoadNativeContextSlot(Context::INTERNAL_ARRAY_FUNCTION_INDEX, result);
|
||||
}
|
||||
|
||||
// Load the built-in Array function from the current context.
|
||||
static void GenerateLoadArrayFunction(MacroAssembler* masm, Register result) {
|
||||
// Load the Array function from the current native context.
|
||||
@ -102,9 +95,6 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
|
||||
// -----------------------------------
|
||||
Label generic_array_code, one_or_more_arguments, two_or_more_arguments;
|
||||
|
||||
// Get the InternalArray function.
|
||||
GenerateLoadInternalArrayFunction(masm, r3);
|
||||
|
||||
if (FLAG_debug_code) {
|
||||
// Initial map for the builtin InternalArray functions should be maps.
|
||||
__ LoadP(r4, FieldMemOperand(r3, JSFunction::kPrototypeOrInitialMapOffset));
|
||||
@ -118,6 +108,7 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
|
||||
// Run the native code for the InternalArray function called as a normal
|
||||
// function.
|
||||
// tail call a stub
|
||||
__ LoadRoot(r4, Heap::kUndefinedValueRootIndex);
|
||||
InternalArrayConstructorStub stub(masm->isolate());
|
||||
__ TailCallStub(&stub);
|
||||
}
|
||||
|
||||
@ -1793,9 +1793,6 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
|
||||
// -----------------------------------
|
||||
Label generic_array_code;
|
||||
|
||||
// Get the InternalArray function.
|
||||
__ LoadNativeContextSlot(Context::INTERNAL_ARRAY_FUNCTION_INDEX, rdi);
|
||||
|
||||
if (FLAG_debug_code) {
|
||||
// Initial map for the builtin InternalArray functions should be maps.
|
||||
__ movp(rbx, FieldOperand(rdi, JSFunction::kPrototypeOrInitialMapOffset));
|
||||
@ -1811,6 +1808,7 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
|
||||
// Run the native code for the InternalArray function called as a normal
|
||||
// function.
|
||||
// tail call a stub
|
||||
__ LoadRoot(rbx, Heap::kUndefinedValueRootIndex);
|
||||
InternalArrayConstructorStub stub(masm->isolate());
|
||||
__ TailCallStub(&stub);
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user