[maglev] Check for strings in polymorphic loads
Bug: v8:7700 Change-Id: Id3d523446f5061a78a46d1c52cf8f8339566356d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4212402 Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/main@{#85626}
This commit is contained in:
Victor Gomes
V8 LUCI CQ
parent
31487e43a6
commit
7f4a04671a
@ -519,6 +519,20 @@ inline void MaglevAssembler::CompareObjectTypeRange(Register heap_object,
|
||||
CompareInstanceTypeRange(scratch, scratch, lower_limit, higher_limit);
|
||||
}
|
||||
|
||||
inline void MaglevAssembler::CompareInstanceTypeRange(
|
||||
Register map, InstanceType lower_limit, InstanceType higher_limit) {
|
||||
ScratchRegisterScope temps(this);
|
||||
Register scratch = temps.Acquire();
|
||||
CompareInstanceTypeRange(map, scratch, lower_limit, higher_limit);
|
||||
}
|
||||
|
||||
inline void MaglevAssembler::CompareInstanceTypeRange(
|
||||
Register map, Register instance_type_out, InstanceType lower_limit,
|
||||
InstanceType higher_limit) {
|
||||
MacroAssembler::CompareInstanceTypeRange(map, instance_type_out, lower_limit,
|
||||
higher_limit);
|
||||
}
|
||||
|
||||
inline void MaglevAssembler::CompareTagged(Register reg,
|
||||
Handle<HeapObject> obj) {
|
||||
ScratchRegisterScope temps(this);
|
||||
|
||||
@ -201,6 +201,12 @@ class MaglevAssembler : public MacroAssembler {
|
||||
InstanceType lower_limit,
|
||||
InstanceType higher_limit);
|
||||
|
||||
inline void CompareInstanceTypeRange(Register map, InstanceType lower_limit,
|
||||
InstanceType higher_limit);
|
||||
inline void CompareInstanceTypeRange(Register map, Register instance_type_out,
|
||||
InstanceType lower_limit,
|
||||
InstanceType higher_limit);
|
||||
|
||||
inline void CompareTagged(Register reg, Handle<HeapObject> obj);
|
||||
|
||||
inline void CompareInt32(Register reg, int32_t imm);
|
||||
|
||||
@ -2005,23 +2005,6 @@ bool MaglevGraphBuilder::TryBuildPropertyAccess(
|
||||
}
|
||||
}
|
||||
|
||||
namespace {
|
||||
bool HasOnlyStringMaps(base::Vector<const compiler::MapRef> maps) {
|
||||
for (compiler::MapRef map : maps) {
|
||||
if (!map.IsStringMap()) return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
bool HasOnlyNumberMaps(base::Vector<const compiler::MapRef> maps) {
|
||||
for (compiler::MapRef map : maps) {
|
||||
if (map.instance_type() != HEAP_NUMBER_TYPE) return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
} // namespace
|
||||
|
||||
bool MaglevGraphBuilder::TryBuildNamedAccess(
|
||||
ValueNode* receiver, ValueNode* lookup_start_object,
|
||||
compiler::NamedAccessFeedback const& feedback,
|
||||
|
||||
@ -988,26 +988,25 @@ void EmitPolymorphicAccesses(MaglevAssembler* masm, NodeT* node,
|
||||
for (const PolymorphicAccessInfo& access_info : node->access_infos()) {
|
||||
Label next;
|
||||
Label map_found;
|
||||
bool has_heap_number_map = false;
|
||||
auto& maps = access_info.maps();
|
||||
|
||||
for (auto it = access_info.maps().begin(); it != access_info.maps().end();
|
||||
++it) {
|
||||
if (it->IsHeapNumberMap()) {
|
||||
has_heap_number_map = true;
|
||||
}
|
||||
__ CompareTagged(object_map, it->object());
|
||||
if (it == access_info.maps().end() - 1) {
|
||||
__ JumpIf(kNotEqual, &next);
|
||||
// Fallthrough... to map_found.
|
||||
} else {
|
||||
__ JumpIf(kEqual, &map_found);
|
||||
}
|
||||
}
|
||||
|
||||
// Bind number case here if one of the maps is HeapNumber.
|
||||
if (has_heap_number_map) {
|
||||
if (HasOnlyNumberMaps(base::VectorOf(maps))) {
|
||||
DCHECK(!is_number.is_bound());
|
||||
__ bind(&is_number);
|
||||
} else if (HasOnlyStringMaps(base::VectorOf(maps))) {
|
||||
__ CompareInstanceTypeRange(object, FIRST_STRING_TYPE, LAST_STRING_TYPE);
|
||||
__ JumpIf(kUnsignedGreaterThan, &next);
|
||||
// Fallthrough... to map_found.
|
||||
} else {
|
||||
for (auto it = maps.begin(); it != maps.end(); ++it) {
|
||||
__ CompareTagged(object_map, it->object());
|
||||
if (it == maps.end() - 1) {
|
||||
__ JumpIf(kNotEqual, &next);
|
||||
// Fallthrough... to map_found.
|
||||
} else {
|
||||
__ JumpIf(kEqual, &map_found);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
__ bind(&map_found);
|
||||
|
||||
@ -463,6 +463,20 @@ inline std::ostream& operator<<(std::ostream& os,
|
||||
return os;
|
||||
}
|
||||
|
||||
inline bool HasOnlyStringMaps(base::Vector<const compiler::MapRef> maps) {
|
||||
for (compiler::MapRef map : maps) {
|
||||
if (!map.IsStringMap()) return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
inline bool HasOnlyNumberMaps(base::Vector<const compiler::MapRef> maps) {
|
||||
for (compiler::MapRef map : maps) {
|
||||
if (map.instance_type() != HEAP_NUMBER_TYPE) return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
#define DEF_FORWARD_DECLARATION(type, ...) class type;
|
||||
NODE_BASE_LIST(DEF_FORWARD_DECLARATION)
|
||||
#undef DEF_FORWARD_DECLARATION
|
||||
|
||||
@ -405,6 +405,17 @@ inline void MaglevAssembler::CompareObjectTypeRange(Register heap_object,
|
||||
higher_limit);
|
||||
}
|
||||
|
||||
inline void MaglevAssembler::CompareInstanceTypeRange(
|
||||
Register map, InstanceType lower_limit, InstanceType higher_limit) {
|
||||
CompareInstanceTypeRange(map, kScratchRegister, lower_limit, higher_limit);
|
||||
}
|
||||
|
||||
inline void MaglevAssembler::CompareInstanceTypeRange(
|
||||
Register map, Register instance_type_out, InstanceType lower_limit,
|
||||
InstanceType higher_limit) {
|
||||
CmpInstanceTypeRange(map, instance_type_out, lower_limit, higher_limit);
|
||||
}
|
||||
|
||||
inline void MaglevAssembler::CompareTagged(Register reg,
|
||||
Handle<HeapObject> obj) {
|
||||
Cmp(reg, obj);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user