[runtime] Use JSBuiltinsConstructStub for InternalArray

Part of ongoing work to remove the construct_stub field of the SFI.

Generate_InternalArrayConstructor was actually incorrect for packed
internal arrays, where it would instead create a regular internal array
because it loaded the constructor function from the context every time.

Ultimately InternalArray should be removed, or the constructor ported
to CSA in the meantime. But for now, it is off the critical path for
the construct_stub removal.

Also fix a bug: Runtime_NewArray expects a type_info parameter, which
should be in rbx (on x64). Because we now go through
JSBuiltinsConstructStubHelper first, rbx is loaded with a value that
doesn't look like a heap object, which causes a crash in NewArray.
Fix that by first loading undefined explicitly (which is what the
ArrayConstructor builtin does already).

Bug: v8:7503
Change-Id: Ic92fa8864b0af2d32200eb0176ba55ccff03b114
Reviewed-on: https://chromium-review.googlesource.com/970823
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52072}
This commit is contained in:
Peter Marshall 2018-03-20 16:16:56 +01:00 committed by Commit Bot
parent 6bc4bfea65
commit 1d597f03a6
9 changed files with 10 additions and 69 deletions

View File

@ -4475,9 +4475,8 @@ Handle<JSFunction> Genesis::InstallInternalArray(Handle<JSObject> target,
InstallFunction(target, name, JS_ARRAY_TYPE, JSArray::kSize, 0, prototype, InstallFunction(target, name, JS_ARRAY_TYPE, JSArray::kSize, 0, prototype,
Builtins::kInternalArrayConstructor); Builtins::kInternalArrayConstructor);
InternalArrayConstructorStub internal_array_constructor_stub(isolate()); array_function->shared()->SetConstructStub(
Handle<Code> code = internal_array_constructor_stub.GetCode(); *BUILTIN_CODE(isolate_, JSBuiltinsConstructStub));
array_function->shared()->SetConstructStub(*code);
array_function->shared()->DontAdaptArguments(); array_function->shared()->DontAdaptArguments();
Handle<Map> original_map(array_function->initial_map()); Handle<Map> original_map(array_function->initial_map());

View File

@ -88,13 +88,6 @@ void Builtins::Generate_AdaptorWithBuiltinExitFrame(MacroAssembler* masm) {
AdaptorWithExitFrameType(masm, BUILTIN_EXIT); AdaptorWithExitFrameType(masm, BUILTIN_EXIT);
} }
// Load the built-in InternalArray function from the current context.
static void GenerateLoadInternalArrayFunction(MacroAssembler* masm,
Register result) {
// Load the InternalArray function from the current native context.
__ LoadNativeContextSlot(Context::INTERNAL_ARRAY_FUNCTION_INDEX, result);
}
// Load the built-in Array function from the current context. // Load the built-in Array function from the current context.
static void GenerateLoadArrayFunction(MacroAssembler* masm, Register result) { static void GenerateLoadArrayFunction(MacroAssembler* masm, Register result) {
// Load the Array function from the current native context. // Load the Array function from the current native context.
@ -109,9 +102,6 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
// ----------------------------------- // -----------------------------------
Label generic_array_code, one_or_more_arguments, two_or_more_arguments; Label generic_array_code, one_or_more_arguments, two_or_more_arguments;
// Get the InternalArray function.
GenerateLoadInternalArrayFunction(masm, r1);
if (FLAG_debug_code) { if (FLAG_debug_code) {
// Initial map for the builtin InternalArray functions should be maps. // Initial map for the builtin InternalArray functions should be maps.
__ ldr(r2, FieldMemOperand(r1, JSFunction::kPrototypeOrInitialMapOffset)); __ ldr(r2, FieldMemOperand(r1, JSFunction::kPrototypeOrInitialMapOffset));
@ -124,6 +114,7 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
// Run the native code for the InternalArray function called as a normal // Run the native code for the InternalArray function called as a normal
// function. // function.
// tail call a stub // tail call a stub
__ LoadRoot(r2, Heap::kUndefinedValueRootIndex);
InternalArrayConstructorStub stub(masm->isolate()); InternalArrayConstructorStub stub(masm->isolate());
__ TailCallStub(&stub); __ TailCallStub(&stub);
} }

View File

@ -25,13 +25,6 @@ static void GenerateLoadArrayFunction(MacroAssembler* masm, Register result) {
__ LoadNativeContextSlot(Context::ARRAY_FUNCTION_INDEX, result); __ LoadNativeContextSlot(Context::ARRAY_FUNCTION_INDEX, result);
} }
// Load the built-in InternalArray function from the current context.
static void GenerateLoadInternalArrayFunction(MacroAssembler* masm,
Register result) {
// Load the InternalArray function from the native context.
__ LoadNativeContextSlot(Context::INTERNAL_ARRAY_FUNCTION_INDEX, result);
}
void Builtins::Generate_Adaptor(MacroAssembler* masm, Address address, void Builtins::Generate_Adaptor(MacroAssembler* masm, Address address,
ExitFrameType exit_frame_type) { ExitFrameType exit_frame_type) {
__ Mov(x5, ExternalReference(address, masm->isolate())); __ Mov(x5, ExternalReference(address, masm->isolate()));
@ -104,9 +97,6 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
ASM_LOCATION("Builtins::Generate_InternalArrayConstructor"); ASM_LOCATION("Builtins::Generate_InternalArrayConstructor");
Label generic_array_code; Label generic_array_code;
// Get the InternalArray function.
GenerateLoadInternalArrayFunction(masm, x1);
if (FLAG_debug_code) { if (FLAG_debug_code) {
// Initial map for the builtin InternalArray functions should be maps. // Initial map for the builtin InternalArray functions should be maps.
__ Ldr(x10, FieldMemOperand(x1, JSFunction::kPrototypeOrInitialMapOffset)); __ Ldr(x10, FieldMemOperand(x1, JSFunction::kPrototypeOrInitialMapOffset));
@ -118,6 +108,7 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
// Run the native code for the InternalArray function called as a normal // Run the native code for the InternalArray function called as a normal
// function. // function.
__ LoadRoot(x2, Heap::kUndefinedValueRootIndex);
InternalArrayConstructorStub stub(masm->isolate()); InternalArrayConstructorStub stub(masm->isolate());
__ TailCallStub(&stub); __ TailCallStub(&stub);
} }

View File

@ -1809,9 +1809,6 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
// ----------------------------------- // -----------------------------------
Label generic_array_code; Label generic_array_code;
// Get the InternalArray function.
__ LoadGlobalFunction(Context::INTERNAL_ARRAY_FUNCTION_INDEX, edi);
if (FLAG_debug_code) { if (FLAG_debug_code) {
// Initial map for the builtin InternalArray function should be a map. // Initial map for the builtin InternalArray function should be a map.
__ mov(ebx, FieldOperand(edi, JSFunction::kPrototypeOrInitialMapOffset)); __ mov(ebx, FieldOperand(edi, JSFunction::kPrototypeOrInitialMapOffset));
@ -1827,6 +1824,7 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
// Run the native code for the InternalArray function called as a normal // Run the native code for the InternalArray function called as a normal
// function. // function.
// tail call a stub // tail call a stub
__ mov(ebx, masm->isolate()->factory()->undefined_value());
InternalArrayConstructorStub stub(masm->isolate()); InternalArrayConstructorStub stub(masm->isolate());
__ TailCallStub(&stub); __ TailCallStub(&stub);
} }

View File

@ -82,13 +82,6 @@ void Builtins::Generate_AdaptorWithBuiltinExitFrame(MacroAssembler* masm) {
AdaptorWithExitFrameType(masm, BUILTIN_EXIT); AdaptorWithExitFrameType(masm, BUILTIN_EXIT);
} }
// Load the built-in InternalArray function from the current context.
static void GenerateLoadInternalArrayFunction(MacroAssembler* masm,
Register result) {
// Load the InternalArray function from the native context.
__ LoadNativeContextSlot(Context::INTERNAL_ARRAY_FUNCTION_INDEX, result);
}
// Load the built-in Array function from the current context. // Load the built-in Array function from the current context.
static void GenerateLoadArrayFunction(MacroAssembler* masm, Register result) { static void GenerateLoadArrayFunction(MacroAssembler* masm, Register result) {
// Load the Array function from the native context. // Load the Array function from the native context.
@ -103,9 +96,6 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
// ----------------------------------- // -----------------------------------
Label generic_array_code, one_or_more_arguments, two_or_more_arguments; Label generic_array_code, one_or_more_arguments, two_or_more_arguments;
// Get the InternalArray function.
GenerateLoadInternalArrayFunction(masm, a1);
if (FLAG_debug_code) { if (FLAG_debug_code) {
// Initial map for the builtin InternalArray functions should be maps. // Initial map for the builtin InternalArray functions should be maps.
__ lw(a2, FieldMemOperand(a1, JSFunction::kPrototypeOrInitialMapOffset)); __ lw(a2, FieldMemOperand(a1, JSFunction::kPrototypeOrInitialMapOffset));
@ -120,6 +110,7 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
// Run the native code for the InternalArray function called as a normal // Run the native code for the InternalArray function called as a normal
// function. // function.
// Tail call a stub. // Tail call a stub.
__ LoadRoot(a2, Heap::kUndefinedValueRootIndex);
InternalArrayConstructorStub stub(masm->isolate()); InternalArrayConstructorStub stub(masm->isolate());
__ TailCallStub(&stub); __ TailCallStub(&stub);
} }

View File

@ -82,13 +82,6 @@ void Builtins::Generate_AdaptorWithBuiltinExitFrame(MacroAssembler* masm) {
AdaptorWithExitFrameType(masm, BUILTIN_EXIT); AdaptorWithExitFrameType(masm, BUILTIN_EXIT);
} }
// Load the built-in InternalArray function from the current context.
static void GenerateLoadInternalArrayFunction(MacroAssembler* masm,
Register result) {
// Load the InternalArray function from the native context.
__ LoadNativeContextSlot(Context::INTERNAL_ARRAY_FUNCTION_INDEX, result);
}
// Load the built-in Array function from the current context. // Load the built-in Array function from the current context.
static void GenerateLoadArrayFunction(MacroAssembler* masm, Register result) { static void GenerateLoadArrayFunction(MacroAssembler* masm, Register result) {
// Load the Array function from the native context. // Load the Array function from the native context.
@ -103,9 +96,6 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
// ----------------------------------- // -----------------------------------
Label generic_array_code, one_or_more_arguments, two_or_more_arguments; Label generic_array_code, one_or_more_arguments, two_or_more_arguments;
// Get the InternalArray function.
GenerateLoadInternalArrayFunction(masm, a1);
if (FLAG_debug_code) { if (FLAG_debug_code) {
// Initial map for the builtin InternalArray functions should be maps. // Initial map for the builtin InternalArray functions should be maps.
__ Ld(a2, FieldMemOperand(a1, JSFunction::kPrototypeOrInitialMapOffset)); __ Ld(a2, FieldMemOperand(a1, JSFunction::kPrototypeOrInitialMapOffset));
@ -120,6 +110,7 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
// Run the native code for the InternalArray function called as a normal // Run the native code for the InternalArray function called as a normal
// function. // function.
// Tail call a stub. // Tail call a stub.
__ LoadRoot(a2, Heap::kUndefinedValueRootIndex);
InternalArrayConstructorStub stub(masm->isolate()); InternalArrayConstructorStub stub(masm->isolate());
__ TailCallStub(&stub); __ TailCallStub(&stub);
} }

View File

@ -81,13 +81,6 @@ void Builtins::Generate_AdaptorWithBuiltinExitFrame(MacroAssembler* masm) {
AdaptorWithExitFrameType(masm, BUILTIN_EXIT); AdaptorWithExitFrameType(masm, BUILTIN_EXIT);
} }
// Load the built-in InternalArray function from the current context.
static void GenerateLoadInternalArrayFunction(MacroAssembler* masm,
Register result) {
// Load the InternalArray function from the current native context.
__ LoadNativeContextSlot(Context::INTERNAL_ARRAY_FUNCTION_INDEX, result);
}
// Load the built-in Array function from the current context. // Load the built-in Array function from the current context.
static void GenerateLoadArrayFunction(MacroAssembler* masm, Register result) { static void GenerateLoadArrayFunction(MacroAssembler* masm, Register result) {
// Load the Array function from the current native context. // Load the Array function from the current native context.
@ -102,9 +95,6 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
// ----------------------------------- // -----------------------------------
Label generic_array_code, one_or_more_arguments, two_or_more_arguments; Label generic_array_code, one_or_more_arguments, two_or_more_arguments;
// Get the InternalArray function.
GenerateLoadInternalArrayFunction(masm, r4);
if (FLAG_debug_code) { if (FLAG_debug_code) {
// Initial map for the builtin InternalArray functions should be maps. // Initial map for the builtin InternalArray functions should be maps.
__ LoadP(r5, FieldMemOperand(r4, JSFunction::kPrototypeOrInitialMapOffset)); __ LoadP(r5, FieldMemOperand(r4, JSFunction::kPrototypeOrInitialMapOffset));
@ -118,6 +108,7 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
// Run the native code for the InternalArray function called as a normal // Run the native code for the InternalArray function called as a normal
// function. // function.
// tail call a stub // tail call a stub
__ LoadRoot(r5, Heap::kUndefinedValueRootIndex);
InternalArrayConstructorStub stub(masm->isolate()); InternalArrayConstructorStub stub(masm->isolate());
__ TailCallStub(&stub); __ TailCallStub(&stub);
} }

View File

@ -81,13 +81,6 @@ void Builtins::Generate_AdaptorWithBuiltinExitFrame(MacroAssembler* masm) {
AdaptorWithExitFrameType(masm, BUILTIN_EXIT); AdaptorWithExitFrameType(masm, BUILTIN_EXIT);
} }
// Load the built-in InternalArray function from the current context.
static void GenerateLoadInternalArrayFunction(MacroAssembler* masm,
Register result) {
// Load the InternalArray function from the current native context.
__ LoadNativeContextSlot(Context::INTERNAL_ARRAY_FUNCTION_INDEX, result);
}
// Load the built-in Array function from the current context. // Load the built-in Array function from the current context.
static void GenerateLoadArrayFunction(MacroAssembler* masm, Register result) { static void GenerateLoadArrayFunction(MacroAssembler* masm, Register result) {
// Load the Array function from the current native context. // Load the Array function from the current native context.
@ -102,9 +95,6 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
// ----------------------------------- // -----------------------------------
Label generic_array_code, one_or_more_arguments, two_or_more_arguments; Label generic_array_code, one_or_more_arguments, two_or_more_arguments;
// Get the InternalArray function.
GenerateLoadInternalArrayFunction(masm, r3);
if (FLAG_debug_code) { if (FLAG_debug_code) {
// Initial map for the builtin InternalArray functions should be maps. // Initial map for the builtin InternalArray functions should be maps.
__ LoadP(r4, FieldMemOperand(r3, JSFunction::kPrototypeOrInitialMapOffset)); __ LoadP(r4, FieldMemOperand(r3, JSFunction::kPrototypeOrInitialMapOffset));
@ -118,6 +108,7 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
// Run the native code for the InternalArray function called as a normal // Run the native code for the InternalArray function called as a normal
// function. // function.
// tail call a stub // tail call a stub
__ LoadRoot(r4, Heap::kUndefinedValueRootIndex);
InternalArrayConstructorStub stub(masm->isolate()); InternalArrayConstructorStub stub(masm->isolate());
__ TailCallStub(&stub); __ TailCallStub(&stub);
} }

View File

@ -1793,9 +1793,6 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
// ----------------------------------- // -----------------------------------
Label generic_array_code; Label generic_array_code;
// Get the InternalArray function.
__ LoadNativeContextSlot(Context::INTERNAL_ARRAY_FUNCTION_INDEX, rdi);
if (FLAG_debug_code) { if (FLAG_debug_code) {
// Initial map for the builtin InternalArray functions should be maps. // Initial map for the builtin InternalArray functions should be maps.
__ movp(rbx, FieldOperand(rdi, JSFunction::kPrototypeOrInitialMapOffset)); __ movp(rbx, FieldOperand(rdi, JSFunction::kPrototypeOrInitialMapOffset));
@ -1811,6 +1808,7 @@ void Builtins::Generate_InternalArrayConstructor(MacroAssembler* masm) {
// Run the native code for the InternalArray function called as a normal // Run the native code for the InternalArray function called as a normal
// function. // function.
// tail call a stub // tail call a stub
__ LoadRoot(rbx, Heap::kUndefinedValueRootIndex);
InternalArrayConstructorStub stub(masm->isolate()); InternalArrayConstructorStub stub(masm->isolate());
__ TailCallStub(&stub); __ TailCallStub(&stub);
} }