From b251f147828de8ba8df6befcd54e0a3c5680da72 Mon Sep 17 00:00:00 2001 From: "kaznacheev@chromium.org" Date: Wed, 16 Jun 2010 10:03:47 +0000 Subject: [PATCH] Port KeyedCallIC implementation to x64 and ARM. Also edited ic-ia32.cc for clarity and better formatting. Review URL: http://codereview.chromium.org/2853003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4873 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/arm/codegen-arm.cc | 38 ++- src/arm/full-codegen-arm.cc | 51 ++- src/arm/ic-arm.cc | 409 ++++++++++++++++++------ src/arm/stub-cache-arm.cc | 20 ++ src/arm/virtual-frame-arm.cc | 1 + src/ia32/ic-ia32.cc | 134 ++++---- src/x64/codegen-x64.cc | 38 ++- src/x64/full-codegen-x64.cc | 62 ++-- src/x64/ic-x64.cc | 480 ++++++++++++++++++++++------- src/x64/stub-cache-x64.cc | 21 ++ src/x64/virtual-frame-x64.cc | 19 ++ src/x64/virtual-frame-x64.h | 2 + test/mjsunit/keyed-call-generic.js | 17 + 13 files changed, 955 insertions(+), 337 deletions(-) diff --git a/src/arm/codegen-arm.cc b/src/arm/codegen-arm.cc index a2eb7173ce..27eec4b424 100644 --- a/src/arm/codegen-arm.cc +++ b/src/arm/codegen-arm.cc @@ -4088,28 +4088,34 @@ void CodeGenerator::VisitCall(Call* node) { VirtualFrame::SpilledScope spilled_scope(frame_); Load(property->obj()); - if (!property->is_synthetic()) { - // Duplicate receiver for later use. - __ ldr(r0, MemOperand(sp, 0)); - frame_->EmitPush(r0); - } - Load(property->key()); - EmitKeyedLoad(); - // Put the function below the receiver. if (property->is_synthetic()) { + Load(property->key()); + EmitKeyedLoad(); + // Put the function below the receiver. // Use the global receiver. frame_->EmitPush(r0); // Function. LoadGlobalReceiver(r0); + // Call the function. + CallWithArguments(args, RECEIVER_MIGHT_BE_VALUE, node->position()); + frame_->EmitPush(r0); } else { - // Switch receiver and function. - frame_->EmitPop(r1); // Receiver. - frame_->EmitPush(r0); // Function. - frame_->EmitPush(r1); // Receiver. - } + // Load the arguments. + int arg_count = args->length(); + for (int i = 0; i < arg_count; i++) { + Load(args->at(i)); + } - // Call the function. - CallWithArguments(args, RECEIVER_MIGHT_BE_VALUE, node->position()); - frame_->EmitPush(r0); + // Set the name register and call the IC initialization code. + Load(property->key()); + frame_->EmitPop(r2); // Function name. + + InLoopFlag in_loop = loop_nesting() > 0 ? IN_LOOP : NOT_IN_LOOP; + Handle stub = ComputeKeyedCallInitialize(arg_count, in_loop); + CodeForSourcePosition(node->position()); + frame_->CallCodeObject(stub, RelocInfo::CODE_TARGET, arg_count + 1); + __ ldr(cp, frame_->Context()); + frame_->EmitPush(r0); + } } } else { diff --git a/src/arm/full-codegen-arm.cc b/src/arm/full-codegen-arm.cc index e61966399d..58d737834b 100644 --- a/src/arm/full-codegen-arm.cc +++ b/src/arm/full-codegen-arm.cc @@ -1648,6 +1648,30 @@ void FullCodeGenerator::EmitCallWithIC(Call* expr, } +void FullCodeGenerator::EmitKeyedCallWithIC(Call* expr, + Expression* key, + RelocInfo::Mode mode) { + // Code common for calls using the IC. + ZoneList* args = expr->arguments(); + int arg_count = args->length(); + for (int i = 0; i < arg_count; i++) { + VisitForValue(args->at(i), kStack); + } + VisitForValue(key, kAccumulator); + __ mov(r2, r0); + // Record source position for debugger. + SetSourcePosition(expr->position()); + // Call the IC initialization code. + InLoopFlag in_loop = (loop_depth() > 0) ? IN_LOOP : NOT_IN_LOOP; + Handle ic = CodeGenerator::ComputeKeyedCallInitialize(arg_count, + in_loop); + __ Call(ic, mode); + // Restore context register. + __ ldr(cp, MemOperand(fp, StandardFrameConstants::kContextOffset)); + Apply(context_, r0); +} + + void FullCodeGenerator::EmitCallWithStub(Call* expr) { // Code common for calls using the call stub. ZoneList* args = expr->arguments(); @@ -1743,35 +1767,28 @@ void FullCodeGenerator::VisitCall(Call* expr) { VisitForValue(prop->obj(), kStack); EmitCallWithIC(expr, key->handle(), RelocInfo::CODE_TARGET); } else { - // Call to a keyed property, use keyed load IC followed by function - // call. + // Call to a keyed property. + // For a synthetic property use keyed load IC followed by function call, + // for a regular property use keyed CallIC. VisitForValue(prop->obj(), kStack); - VisitForValue(prop->key(), kAccumulator); - // Record source code position for IC call. - SetSourcePosition(prop->position()); if (prop->is_synthetic()) { + VisitForValue(prop->key(), kAccumulator); + // Record source code position for IC call. + SetSourcePosition(prop->position()); __ pop(r1); // We do not need to keep the receiver. - } else { - __ ldr(r1, MemOperand(sp, 0)); // Keep receiver, to call function on. - } - Handle ic(Builtins::builtin(Builtins::KeyedLoadIC_Initialize)); - __ Call(ic, RelocInfo::CODE_TARGET); - if (prop->is_synthetic()) { + Handle ic(Builtins::builtin(Builtins::KeyedLoadIC_Initialize)); + __ Call(ic, RelocInfo::CODE_TARGET); // Push result (function). __ push(r0); // Push Global receiver. __ ldr(r1, CodeGenerator::GlobalObject()); __ ldr(r1, FieldMemOperand(r1, GlobalObject::kGlobalReceiverOffset)); __ push(r1); + EmitCallWithStub(expr); } else { - // Pop receiver. - __ pop(r1); - // Push result (function). - __ push(r0); - __ push(r1); + EmitKeyedCallWithIC(expr, prop->key(), RelocInfo::CODE_TARGET); } - EmitCallWithStub(expr); } } else { // Call to some other expression. If the expression is an anonymous diff --git a/src/arm/ic-arm.cc b/src/arm/ic-arm.cc index ab34949354..5eb98b12ba 100644 --- a/src/arm/ic-arm.cc +++ b/src/arm/ic-arm.cc @@ -167,16 +167,22 @@ static void GenerateNumberDictionaryLoad(MacroAssembler* masm, Label* miss, Register elements, Register key, + Register result, Register t0, Register t1, Register t2) { // Register use: // - // elements - holds the slow-case elements of the receiver and is unchanged. + // elements - holds the slow-case elements of the receiver on entry. + // Unchanged unless 'result' is the same register. // - // key - holds the smi key on entry and is unchanged if a branch is - // performed to the miss label. - // Holds the result on exit if the load succeeded. + // key - holds the smi key on entry. + // Unchanged unless 'result' is the same register. + // + // result - holds the result on exit if the load succeeded. + // Allowed to be the same as 'key' or 'result'. + // Unchanged on bailout so 'key' or 'result' can be used + // in further computation. // // Scratch registers: // @@ -248,7 +254,7 @@ static void GenerateNumberDictionaryLoad(MacroAssembler* masm, // Get the value at the masked, scaled index and return. const int kValueOffset = NumberDictionary::kElementsStartOffset + kPointerSize; - __ ldr(key, FieldMemOperand(t2, kValueOffset)); + __ ldr(result, FieldMemOperand(t2, kValueOffset)); } @@ -298,22 +304,159 @@ void LoadIC::GenerateFunctionPrototype(MacroAssembler* masm) { } +// Checks the receiver for special cases (value type, slow case bits). +// Falls through for regular JS object. +static void GenerateKeyedLoadReceiverCheck(MacroAssembler* masm, + Register receiver, + Register scratch1, + Register scratch2, + Label* slow) { + // Check that the object isn't a smi. + __ BranchOnSmi(receiver, slow); + // Get the map of the receiver. + __ ldr(scratch1, FieldMemOperand(receiver, HeapObject::kMapOffset)); + // Check bit field. + __ ldrb(scratch2, FieldMemOperand(scratch1, Map::kBitFieldOffset)); + __ tst(scratch2, Operand(KeyedLoadIC::kSlowCaseBitFieldMask)); + __ b(ne, slow); + // Check that the object is some kind of JS object EXCEPT JS Value type. + // In the case that the object is a value-wrapper object, + // we enter the runtime system to make sure that indexing into string + // objects work as intended. + ASSERT(JS_OBJECT_TYPE > JS_VALUE_TYPE); + __ ldrb(scratch1, FieldMemOperand(scratch1, Map::kInstanceTypeOffset)); + __ cmp(scratch1, Operand(JS_OBJECT_TYPE)); + __ b(lt, slow); +} + + +// Loads an indexed element from a fast case array. +static void GenerateFastArrayLoad(MacroAssembler* masm, + Register receiver, + Register key, + Register elements, + Register scratch1, + Register scratch2, + Register result, + Label* not_fast_array, + Label* out_of_range) { + // Register use: + // + // receiver - holds the receiver on entry. + // Unchanged unless 'result' is the same register. + // + // key - holds the smi key on entry. + // Unchanged unless 'result' is the same register. + // + // elements - holds the elements of the receiver on exit. + // + // result - holds the result on exit if the load succeeded. + // Allowed to be the the same as 'receiver' or 'key'. + // Unchanged on bailout so 'receiver' and 'key' can be safely + // used by further computation. + // + // Scratch registers: + // + // scratch1 - used to hold elements map and elements length. + // Holds the elements map if not_fast_array branch is taken. + // + // scratch2 - used to hold the loaded value. + + __ ldr(elements, FieldMemOperand(receiver, JSObject::kElementsOffset)); + // Check that the object is in fast mode (not dictionary). + __ ldr(scratch1, FieldMemOperand(elements, HeapObject::kMapOffset)); + __ LoadRoot(ip, Heap::kFixedArrayMapRootIndex); + __ cmp(scratch1, ip); + __ b(ne, not_fast_array); + // Check that the key (index) is within bounds. + __ ldr(scratch1, FieldMemOperand(elements, FixedArray::kLengthOffset)); + __ cmp(key, Operand(scratch1)); + __ b(hs, out_of_range); + // Fast case: Do the load. + __ add(scratch1, elements, Operand(FixedArray::kHeaderSize - kHeapObjectTag)); + // The key is a smi. + ASSERT(kSmiTag == 0 && kSmiTagSize < kPointerSizeLog2); + __ ldr(scratch2, + MemOperand(scratch1, key, LSL, kPointerSizeLog2 - kSmiTagSize)); + __ LoadRoot(ip, Heap::kTheHoleValueRootIndex); + __ cmp(scratch2, ip); + // In case the loaded value is the_hole we have to consult GetProperty + // to ensure the prototype chain is searched. + __ b(eq, out_of_range); + __ mov(result, scratch2); +} + + +// Checks whether a key is an array index string or a symbol string. +// Falls through if a key is a symbol. +static void GenerateKeyStringCheck(MacroAssembler* masm, + Register key, + Register map, + Register hash, + Label* index_string, + Label* not_symbol) { + // The key is not a smi. + // Is it a string? + __ CompareObjectType(key, map, hash, FIRST_NONSTRING_TYPE); + __ b(ge, not_symbol); + + // Is the string an array index, with cached numeric value? + __ ldr(hash, FieldMemOperand(key, String::kHashFieldOffset)); + __ tst(hash, Operand(String::kContainsCachedArrayIndexMask)); + __ b(eq, index_string); + + // Is the string a symbol? + // map: key map + __ ldrb(hash, FieldMemOperand(map, Map::kInstanceTypeOffset)); + ASSERT(kSymbolTag != 0); + __ tst(hash, Operand(kIsSymbolMask)); + __ b(eq, not_symbol); +} + + +// Picks out an array index from the hash field. +static void GenerateIndexFromHash(MacroAssembler* masm, + Register key, + Register hash) { + // Register use: + // key - holds the overwritten key on exit. + // hash - holds the key's hash. Clobbered. + + // If the hash field contains an array index pick it out. The assert checks + // that the constants for the maximum number of digits for an array index + // cached in the hash field and the number of bits reserved for it does not + // conflict. + ASSERT(TenToThe(String::kMaxCachedArrayIndexLength) < + (1 << String::kArrayIndexValueBits)); + // We want the smi-tagged index in key. kArrayIndexValueMask has zeros in + // the low kHashShift bits. + ASSERT(String::kHashShift >= kSmiTagSize); + // Here we actually clobber the key which will be used if calling into + // runtime later. However as the new key is the numeric value of a string key + // there is no difference in using either key. + ASSERT(String::kHashShift >= kSmiTagSize); + __ Ubfx(hash, hash, String::kHashShift, String::kArrayIndexValueBits); + __ mov(key, Operand(hash, LSL, kSmiTagSize)); +} + + // Defined in ic.cc. Object* CallIC_Miss(Arguments args); -void CallIC::GenerateMegamorphic(MacroAssembler* masm, int argc) { +// The generated code does not accept smi keys. +// The generated code falls through if both probes miss. +static void GenerateMonomorphicCacheProbe(MacroAssembler* masm, + int argc, + Code::Kind kind) { // ----------- S t a t e ------------- + // -- r1 : receiver // -- r2 : name - // -- lr : return address // ----------------------------------- Label number, non_number, non_string, boolean, probe, miss; - // Get the receiver of the function from the stack into r1. - __ ldr(r1, MemOperand(sp, argc * kPointerSize)); - // Probe the stub cache. Code::Flags flags = - Code::ComputeFlags(Code::CALL_IC, NOT_IN_LOOP, MONOMORPHIC, NORMAL, argc); + Code::ComputeFlags(kind, NOT_IN_LOOP, MONOMORPHIC, NORMAL, argc); StubCache::GenerateProbe(masm, flags, r1, r2, r3, no_reg); // If the stub cache probing failed, the receiver might be a value. @@ -355,9 +498,7 @@ void CallIC::GenerateMegamorphic(MacroAssembler* masm, int argc) { __ bind(&probe); StubCache::GenerateProbe(masm, flags, r1, r2, r3, no_reg); - // Cache miss: Jump to runtime. __ bind(&miss); - GenerateMiss(masm, argc); } @@ -390,7 +531,7 @@ static void GenerateNormalHelper(MacroAssembler* masm, } -void CallIC::GenerateNormal(MacroAssembler* masm, int argc) { +static void GenerateCallNormal(MacroAssembler* masm, int argc) { // ----------- S t a t e ------------- // -- r2 : name // -- lr : return address @@ -443,13 +584,11 @@ void CallIC::GenerateNormal(MacroAssembler* masm, int argc) { __ CheckAccessGlobalProxy(r1, r0, &miss); __ b(&invoke); - // Cache miss: Jump to runtime. __ bind(&miss); - GenerateMiss(masm, argc); } -void CallIC::GenerateMiss(MacroAssembler* masm, int argc) { +static void GenerateCallMiss(MacroAssembler* masm, int argc, IC::UtilityId id) { // ----------- S t a t e ------------- // -- r2 : name // -- lr : return address @@ -465,7 +604,7 @@ void CallIC::GenerateMiss(MacroAssembler* masm, int argc) { // Call the entry. __ mov(r0, Operand(2)); - __ mov(r1, Operand(ExternalReference(IC_Utility(kCallIC_Miss)))); + __ mov(r1, Operand(ExternalReference(IC_Utility(id)))); CEntryStub stub(1); __ CallStub(&stub); @@ -496,18 +635,165 @@ void CallIC::GenerateMiss(MacroAssembler* masm, int argc) { } +void CallIC::GenerateMiss(MacroAssembler* masm, int argc) { + // ----------- S t a t e ------------- + // -- r2 : name + // -- lr : return address + // ----------------------------------- + + GenerateCallMiss(masm, argc, IC::kCallIC_Miss); +} + + +void CallIC::GenerateMegamorphic(MacroAssembler* masm, int argc) { + // ----------- S t a t e ------------- + // -- r2 : name + // -- lr : return address + // ----------------------------------- + + // Get the receiver of the function from the stack into r1. + __ ldr(r1, MemOperand(sp, argc * kPointerSize)); + GenerateMonomorphicCacheProbe(masm, argc, Code::CALL_IC); + GenerateMiss(masm, argc); +} + + +void CallIC::GenerateNormal(MacroAssembler* masm, int argc) { + // ----------- S t a t e ------------- + // -- r2 : name + // -- lr : return address + // ----------------------------------- + + GenerateCallNormal(masm, argc); + GenerateMiss(masm, argc); +} + + void KeyedCallIC::GenerateMiss(MacroAssembler* masm, int argc) { - UNREACHABLE(); + // ----------- S t a t e ------------- + // -- r2 : name + // -- lr : return address + // ----------------------------------- + + GenerateCallMiss(masm, argc, IC::kKeyedCallIC_Miss); } void KeyedCallIC::GenerateMegamorphic(MacroAssembler* masm, int argc) { - UNREACHABLE(); + // ----------- S t a t e ------------- + // -- r2 : name + // -- lr : return address + // ----------------------------------- + + // Get the receiver of the function from the stack into r1. + __ ldr(r1, MemOperand(sp, argc * kPointerSize)); + + Label do_call, slow_call, slow_load, slow_reload_receiver; + Label check_number_dictionary, check_string, lookup_monomorphic_cache; + Label index_smi, index_string; + + // Check that the key is a smi. + __ BranchOnNotSmi(r2, &check_string); + __ bind(&index_smi); + // Now the key is known to be a smi. This place is also jumped to from below + // where a numeric string is converted to a smi. + + GenerateKeyedLoadReceiverCheck(masm, r1, r0, r3, &slow_call); + + GenerateFastArrayLoad( + masm, r1, r2, r4, r3, r0, r1, &check_number_dictionary, &slow_load); + __ IncrementCounter(&Counters::keyed_call_generic_smi_fast, 1, r0, r3); + + __ bind(&do_call); + // receiver in r1 is not used after this point. + // r2: key + // r1: function + + // Check that the value in r1 is a JSFunction. + __ BranchOnSmi(r1, &slow_call); + __ CompareObjectType(r1, r0, r0, JS_FUNCTION_TYPE); + __ b(ne, &slow_call); + // Invoke the function. + ParameterCount actual(argc); + __ InvokeFunction(r1, actual, JUMP_FUNCTION); + + __ bind(&check_number_dictionary); + // r2: key + // r3: elements map + // r4: elements + // Check whether the elements is a number dictionary. + __ LoadRoot(ip, Heap::kHashTableMapRootIndex); + __ cmp(r3, ip); + __ b(ne, &slow_load); + __ mov(r0, Operand(r2, ASR, kSmiTagSize)); + // r0: untagged index + GenerateNumberDictionaryLoad(masm, &slow_load, r4, r2, r1, r0, r3, r5); + __ IncrementCounter(&Counters::keyed_call_generic_smi_dict, 1, r0, r3); + __ jmp(&do_call); + + __ bind(&slow_load); + // This branch is taken when calling KeyedCallIC_Miss is neither required + // nor beneficial. + __ IncrementCounter(&Counters::keyed_call_generic_slow_load, 1, r0, r3); + __ EnterInternalFrame(); + __ push(r2); // save the key + __ Push(r1, r2); // pass the receiver and the key + __ CallRuntime(Runtime::kKeyedGetProperty, 2); + __ pop(r2); // restore the key + __ LeaveInternalFrame(); + __ mov(r1, r0); + __ jmp(&do_call); + + __ bind(&check_string); + GenerateKeyStringCheck(masm, r2, r0, r3, &index_string, &slow_call); + + // The key is known to be a symbol. + // If the receiver is a regular JS object with slow properties then do + // a quick inline probe of the receiver's dictionary. + // Otherwise do the monomorphic cache probe. + GenerateKeyedLoadReceiverCheck(masm, r1, r0, r3, &lookup_monomorphic_cache); + + __ ldr(r3, FieldMemOperand(r1, JSObject::kPropertiesOffset)); + __ ldr(r3, FieldMemOperand(r3, HeapObject::kMapOffset)); + __ LoadRoot(ip, Heap::kHashTableMapRootIndex); + __ cmp(r3, ip); + __ b(ne, &lookup_monomorphic_cache); + + GenerateDictionaryLoad( + masm, &slow_load, r1, r2, r1, r0, r3, r4, DICTIONARY_CHECK_DONE); + __ IncrementCounter(&Counters::keyed_call_generic_lookup_dict, 1, r0, r3); + __ jmp(&do_call); + + __ bind(&lookup_monomorphic_cache); + __ IncrementCounter(&Counters::keyed_call_generic_lookup_cache, 1, r0, r3); + GenerateMonomorphicCacheProbe(masm, argc, Code::KEYED_CALL_IC); + // Fall through on miss. + + __ bind(&slow_call); + // This branch is taken if: + // - the receiver requires boxing or access check, + // - the key is neither smi nor symbol, + // - the value loaded is not a function, + // - there is hope that the runtime will create a monomorphic call stub + // that will get fetched next time. + __ IncrementCounter(&Counters::keyed_call_generic_slow, 1, r0, r3); + GenerateMiss(masm, argc); + + __ bind(&index_string); + GenerateIndexFromHash(masm, r2, r3); + // Now jump to the place where smi keys are handled. + __ jmp(&index_smi); } void KeyedCallIC::GenerateNormal(MacroAssembler* masm, int argc) { - UNREACHABLE(); + // ----------- S t a t e ------------- + // -- r2 : name + // -- lr : return address + // ----------------------------------- + + GenerateCallNormal(masm, argc); + GenerateMiss(masm, argc); } @@ -759,49 +1045,16 @@ void KeyedLoadIC::GenerateGeneric(MacroAssembler* masm) { Register key = r0; Register receiver = r1; - // Check that the object isn't a smi. - __ BranchOnSmi(receiver, &slow); - // Get the map of the receiver. - __ ldr(r2, FieldMemOperand(receiver, HeapObject::kMapOffset)); - // Check bit field. - __ ldrb(r3, FieldMemOperand(r2, Map::kBitFieldOffset)); - __ tst(r3, Operand(kSlowCaseBitFieldMask)); - __ b(ne, &slow); - // Check that the object is some kind of JS object EXCEPT JS Value type. - // In the case that the object is a value-wrapper object, - // we enter the runtime system to make sure that indexing into string - // objects work as intended. - ASSERT(JS_OBJECT_TYPE > JS_VALUE_TYPE); - __ ldrb(r2, FieldMemOperand(r2, Map::kInstanceTypeOffset)); - __ cmp(r2, Operand(JS_OBJECT_TYPE)); - __ b(lt, &slow); + GenerateKeyedLoadReceiverCheck(masm, receiver, r2, r3, &slow); // Check that the key is a smi. __ BranchOnNotSmi(key, &check_string); __ bind(&index_smi); // Now the key is known to be a smi. This place is also jumped to from below // where a numeric string is converted to a smi. - __ ldr(r4, FieldMemOperand(receiver, JSObject::kElementsOffset)); - // Check that the object is in fast mode (not dictionary). - __ ldr(r3, FieldMemOperand(r4, HeapObject::kMapOffset)); - __ LoadRoot(ip, Heap::kFixedArrayMapRootIndex); - __ cmp(r3, ip); - __ b(ne, &check_pixel_array); - // Check that the key (index) is within bounds. - __ ldr(r3, FieldMemOperand(r4, FixedArray::kLengthOffset)); - __ cmp(key, Operand(r3)); - __ b(hs, &slow); - // Fast case: Do the load. - __ add(r3, r4, Operand(FixedArray::kHeaderSize - kHeapObjectTag)); - // The key is a smi. - ASSERT(kSmiTag == 0 && kSmiTagSize < kPointerSizeLog2); - __ ldr(r2, MemOperand(r3, key, LSL, kPointerSizeLog2 - kSmiTagSize)); - __ LoadRoot(ip, Heap::kTheHoleValueRootIndex); - __ cmp(r2, ip); - // In case the loaded value is the_hole we have to consult GetProperty - // to ensure the prototype chain is searched. - __ b(eq, &slow); - __ mov(r0, r2); + + GenerateFastArrayLoad( + masm, receiver, key, r4, r3, r2, r0, &check_pixel_array, &slow); __ IncrementCounter(&Counters::keyed_load_generic_smi, 1, r2, r3); __ Ret(); @@ -831,7 +1084,7 @@ void KeyedLoadIC::GenerateGeneric(MacroAssembler* masm) { __ cmp(r3, ip); __ b(ne, &slow); __ mov(r2, Operand(r0, ASR, kSmiTagSize)); - GenerateNumberDictionaryLoad(masm, &slow, r4, r0, r2, r3, r5); + GenerateNumberDictionaryLoad(masm, &slow, r4, r0, r0, r2, r3, r5); __ Ret(); // Slow case, key and receiver still in r0 and r1. @@ -840,24 +1093,7 @@ void KeyedLoadIC::GenerateGeneric(MacroAssembler* masm) { GenerateRuntimeGetProperty(masm); __ bind(&check_string); - // The key is not a smi. - // Is it a string? - // r0: key - // r1: receiver - __ CompareObjectType(r0, r2, r3, FIRST_NONSTRING_TYPE); - __ b(ge, &slow); - - // Is the string an array index, with cached numeric value? - __ ldr(r3, FieldMemOperand(r0, String::kHashFieldOffset)); - __ tst(r3, Operand(String::kContainsCachedArrayIndexMask)); - __ b(eq, &index_string); - - // Is the string a symbol? - // r2: key map - __ ldrb(r3, FieldMemOperand(r2, Map::kInstanceTypeOffset)); - ASSERT(kSymbolTag != 0); - __ tst(r3, Operand(kIsSymbolMask)); - __ b(eq, &slow); + GenerateKeyStringCheck(masm, key, r2, r3, &index_string, &slow); // If the receiver is a fast-case object, check the keyed lookup // cache. Otherwise probe the dictionary. @@ -918,25 +1154,8 @@ void KeyedLoadIC::GenerateGeneric(MacroAssembler* masm) { __ IncrementCounter(&Counters::keyed_load_generic_symbol, 1, r2, r3); __ Ret(); - __ b(&slow); - // If the hash field contains an array index pick it out. The assert checks - // that the constants for the maximum number of digits for an array index - // cached in the hash field and the number of bits reserved for it does not - // conflict. - ASSERT(TenToThe(String::kMaxCachedArrayIndexLength) < - (1 << String::kArrayIndexValueBits)); __ bind(&index_string); - // r0: key (string) - // r1: receiver - // r3: hash field - // We want the smi-tagged index in r0. kArrayIndexValueMask has zeros in - // the low kHashShift bits. - ASSERT(String::kHashShift >= kSmiTagSize); - __ Ubfx(r3, r3, String::kHashShift, String::kArrayIndexValueBits); - // Here we actually clobber the key (r0) which will be used if calling into - // runtime later. However as the new key is the numeric value of a string key - // there is no difference in using either key. - __ mov(r0, Operand(r3, LSL, kSmiTagSize)); + GenerateIndexFromHash(masm, key, r3); // Now jump to the place where smi keys are handled. __ jmp(&index_smi); } diff --git a/src/arm/stub-cache-arm.cc b/src/arm/stub-cache-arm.cc index 3992d6c5d0..dc0f4a7c4c 100644 --- a/src/arm/stub-cache-arm.cc +++ b/src/arm/stub-cache-arm.cc @@ -1019,6 +1019,14 @@ Object* StubCompiler::CompileLazyCompile(Code::Flags flags) { } +void CallStubCompiler::GenerateNameCheck(String* name, Label* miss) { + if (kind_ == Code::KEYED_CALL_IC) { + __ cmp(r2, Operand(Handle(name))); + __ b(ne, miss); + } +} + + void CallStubCompiler::GenerateMissBranch() { Handle ic = ComputeCallMiss(arguments().immediate(), kind_); __ Jump(ic, RelocInfo::CODE_TARGET); @@ -1035,6 +1043,8 @@ Object* CallStubCompiler::CompileCallField(JSObject* object, // ----------------------------------- Label miss; + GenerateNameCheck(name, &miss); + const int argc = arguments().immediate(); // Get the receiver of the function from the stack into r0. @@ -1078,6 +1088,8 @@ Object* CallStubCompiler::CompileArrayPushCall(Object* object, Label miss; + GenerateNameCheck(name, &miss); + // Get the receiver from the stack const int argc = arguments().immediate(); __ ldr(r1, MemOperand(sp, argc * kPointerSize)); @@ -1127,6 +1139,8 @@ Object* CallStubCompiler::CompileArrayPopCall(Object* object, Label miss; + GenerateNameCheck(name, &miss); + // Get the receiver from the stack const int argc = arguments().immediate(); __ ldr(r1, MemOperand(sp, argc * kPointerSize)); @@ -1198,6 +1212,8 @@ Object* CallStubCompiler::CompileCallConstant(Object* object, Label miss_in_smi_check; + GenerateNameCheck(name, &miss_in_smi_check); + // Get the receiver from the stack const int argc = arguments().immediate(); __ ldr(r1, MemOperand(sp, argc * kPointerSize)); @@ -1337,6 +1353,8 @@ Object* CallStubCompiler::CompileCallInterceptor(JSObject* object, Label miss; + GenerateNameCheck(name, &miss); + // Get the number of arguments. const int argc = arguments().immediate(); @@ -1384,6 +1402,8 @@ Object* CallStubCompiler::CompileCallGlobal(JSObject* object, // ----------------------------------- Label miss; + GenerateNameCheck(name, &miss); + // Get the number of arguments. const int argc = arguments().immediate(); diff --git a/src/arm/virtual-frame-arm.cc b/src/arm/virtual-frame-arm.cc index 334ca35d8d..8b90f4244a 100644 --- a/src/arm/virtual-frame-arm.cc +++ b/src/arm/virtual-frame-arm.cc @@ -367,6 +367,7 @@ void VirtualFrame::CallCodeObject(Handle code, int dropped_args) { switch (code->kind()) { case Code::CALL_IC: + case Code::KEYED_CALL_IC: case Code::FUNCTION: break; case Code::KEYED_LOAD_IC: diff --git a/src/ia32/ic-ia32.cc b/src/ia32/ic-ia32.cc index f339d2e197..b0c07b7b51 100644 --- a/src/ia32/ic-ia32.cc +++ b/src/ia32/ic-ia32.cc @@ -306,22 +306,22 @@ void LoadIC::GenerateFunctionPrototype(MacroAssembler* masm) { // Falls through for regular JS object. static void GenerateKeyedLoadReceiverCheck(MacroAssembler* masm, Register receiver, - Register r0, + Register map, Label* slow) { // Register use: // receiver - holds the receiver and is unchanged. // Scratch registers: - // r0 - used to hold the map of the receiver. + // map - used to hold the map of the receiver. // Check that the object isn't a smi. __ test(receiver, Immediate(kSmiTagMask)); __ j(zero, slow, not_taken); // Get the map of the receiver. - __ mov(r0, FieldOperand(receiver, HeapObject::kMapOffset)); + __ mov(map, FieldOperand(receiver, HeapObject::kMapOffset)); // Check bit field. - __ test_b(FieldOperand(r0, Map::kBitFieldOffset), + __ test_b(FieldOperand(map, Map::kBitFieldOffset), KeyedLoadIC::kSlowCaseBitFieldMask); __ j(not_zero, slow, not_taken); // Check that the object is some kind of JS object EXCEPT JS Value type. @@ -330,7 +330,7 @@ static void GenerateKeyedLoadReceiverCheck(MacroAssembler* masm, // into string objects works as intended. ASSERT(JS_OBJECT_TYPE > JS_VALUE_TYPE); - __ CmpInstanceType(r0, JS_OBJECT_TYPE); + __ CmpInstanceType(map, JS_OBJECT_TYPE); __ j(below, slow, not_taken); } @@ -371,7 +371,7 @@ static void GenerateFastArrayLoad(MacroAssembler* masm, // Checks whether a key is an array index string or a symbol string. -// Falls through if a key is a symbol. +// Falls through if the key is a symbol. static void GenerateKeyStringCheck(MacroAssembler* masm, Register key, Register map, @@ -399,11 +399,9 @@ static void GenerateKeyStringCheck(MacroAssembler* masm, // Picks out an array index from the hash field. -// The generated code never falls through. static void GenerateIndexFromHash(MacroAssembler* masm, Register key, - Register hash, - Label* index_smi) { + Register hash) { // Register use: // key - holds the overwritten key on exit. // hash - holds the key's hash. Clobbered. @@ -415,8 +413,6 @@ static void GenerateIndexFromHash(MacroAssembler* masm, (1 << String::kArrayIndexValueBits)); // We want the smi-tagged index in key. kArrayIndexValueMask has zeros in // the low kHashShift bits. - // key: string key - // ebx: hash field. ASSERT(String::kHashShift >= kSmiTagSize); __ and_(hash, String::kArrayIndexValueMask); __ shr(hash, String::kHashShift - kSmiTagSize); @@ -424,8 +420,6 @@ static void GenerateIndexFromHash(MacroAssembler* masm, // runtime later. However as the new key is the numeric value of a string key // there is no difference in using either key. __ mov(key, hash); - // Now jump to the place where smi keys are handled. - __ jmp(index_smi); } @@ -574,7 +568,9 @@ void KeyedLoadIC::GenerateGeneric(MacroAssembler* masm) { __ ret(0); __ bind(&index_string); - GenerateIndexFromHash(masm, eax, ebx, &index_smi); + GenerateIndexFromHash(masm, eax, ebx); + // Now jump to the place where smi keys are handled. + __ jmp(&index_smi); } @@ -1125,13 +1121,12 @@ Object* CallIC_Miss(Arguments args); // The generated code falls through if both probes miss. static void GenerateMonomorphicCacheProbe(MacroAssembler* masm, int argc, - Code::Kind kind, - Label* miss) { + Code::Kind kind) { // ----------- S t a t e ------------- // -- ecx : name // -- edx : receiver // ----------------------------------- - Label number, non_number, non_string, boolean, probe; + Label number, non_number, non_string, boolean, probe, miss; // Probe the stub cache. Code::Flags flags = @@ -1166,7 +1161,7 @@ static void GenerateMonomorphicCacheProbe(MacroAssembler* masm, __ cmp(edx, Factory::true_value()); __ j(equal, &boolean, not_taken); __ cmp(edx, Factory::false_value()); - __ j(not_equal, miss, taken); + __ j(not_equal, &miss, taken); __ bind(&boolean); StubCompiler::GenerateLoadGlobalFunctionPrototype( masm, Context::BOOLEAN_FUNCTION_INDEX, edx); @@ -1174,6 +1169,7 @@ static void GenerateMonomorphicCacheProbe(MacroAssembler* masm, // Probe the stub cache for the value object. __ bind(&probe); StubCache::GenerateProbe(masm, flags, edx, ecx, ebx, no_reg); + __ bind(&miss); } @@ -1214,8 +1210,8 @@ static void GenerateNormalHelper(MacroAssembler* masm, __ InvokeFunction(edi, actual, JUMP_FUNCTION); } -// The generated code never falls through. -static void GenerateCallNormal(MacroAssembler* masm, int argc, Label* miss) { +// The generated code falls through if the call should be handled by runtime. +static void GenerateCallNormal(MacroAssembler* masm, int argc) { // ----------- S t a t e ------------- // -- ecx : name // -- esp[0] : return address @@ -1223,20 +1219,20 @@ static void GenerateCallNormal(MacroAssembler* masm, int argc, Label* miss) { // -- ... // -- esp[(argc + 1) * 4] : receiver // ----------------------------------- - Label global_object, non_global_object; + Label miss, global_object, non_global_object; // Get the receiver of the function from the stack; 1 ~ return address. __ mov(edx, Operand(esp, (argc + 1) * kPointerSize)); // Check that the receiver isn't a smi. __ test(edx, Immediate(kSmiTagMask)); - __ j(zero, miss, not_taken); + __ j(zero, &miss, not_taken); // Check that the receiver is a valid JS object. __ mov(ebx, FieldOperand(edx, HeapObject::kMapOffset)); __ movzx_b(eax, FieldOperand(ebx, Map::kInstanceTypeOffset)); __ cmp(eax, FIRST_JS_OBJECT_TYPE); - __ j(below, miss, not_taken); + __ j(below, &miss, not_taken); // If this assert fails, we have to check upper bound too. ASSERT(LAST_TYPE == JS_FUNCTION_TYPE); @@ -1252,8 +1248,8 @@ static void GenerateCallNormal(MacroAssembler* masm, int argc, Label* miss) { // Check that the global object does not require access checks. __ test_b(FieldOperand(ebx, Map::kBitFieldOffset), 1 << Map::kIsAccessCheckNeeded); - __ j(not_equal, miss, not_taken); - GenerateNormalHelper(masm, argc, true, miss); + __ j(not_equal, &miss, not_taken); + GenerateNormalHelper(masm, argc, true, &miss); // Accessing non-global object: Check for access to global proxy. Label global_proxy, invoke; @@ -1264,14 +1260,16 @@ static void GenerateCallNormal(MacroAssembler* masm, int argc, Label* miss) { // require access checks. __ test_b(FieldOperand(ebx, Map::kBitFieldOffset), 1 << Map::kIsAccessCheckNeeded); - __ j(not_equal, miss, not_taken); + __ j(not_equal, &miss, not_taken); __ bind(&invoke); - GenerateNormalHelper(masm, argc, false, miss); + GenerateNormalHelper(masm, argc, false, &miss); // Global object proxy access: Check access rights. __ bind(&global_proxy); - __ CheckAccessGlobalProxy(edx, eax, miss); + __ CheckAccessGlobalProxy(edx, eax, &miss); __ jmp(&invoke); + + __ bind(&miss); } @@ -1337,24 +1335,36 @@ void CallIC::GenerateMegamorphic(MacroAssembler* masm, int argc) { // -- esp[(argc + 1) * 4] : receiver // ----------------------------------- - Label miss; // Get the receiver of the function from the stack; 1 ~ return address. __ mov(edx, Operand(esp, (argc + 1) * kPointerSize)); - GenerateMonomorphicCacheProbe(masm, argc, Code::CALL_IC, &miss); - __ bind(&miss); + GenerateMonomorphicCacheProbe(masm, argc, Code::CALL_IC); GenerateMiss(masm, argc); } void CallIC::GenerateNormal(MacroAssembler* masm, int argc) { - Label miss; - GenerateCallNormal(masm, argc, &miss); - __ bind(&miss); + // ----------- S t a t e ------------- + // -- ecx : name + // -- esp[0] : return address + // -- esp[(argc - n) * 4] : arg[n] (zero-based) + // -- ... + // -- esp[(argc + 1) * 4] : receiver + // ----------------------------------- + + GenerateCallNormal(masm, argc); GenerateMiss(masm, argc); } void CallIC::GenerateMiss(MacroAssembler* masm, int argc) { + // ----------- S t a t e ------------- + // -- ecx : name + // -- esp[0] : return address + // -- esp[(argc - n) * 4] : arg[n] (zero-based) + // -- ... + // -- esp[(argc + 1) * 4] : receiver + // ----------------------------------- + GenerateCallMiss(masm, argc, IC::kCallIC_Miss); } @@ -1385,13 +1395,8 @@ void KeyedCallIC::GenerateMegamorphic(MacroAssembler* masm, int argc) { GenerateKeyedLoadReceiverCheck(masm, edx, eax, &slow_call); - GenerateFastArrayLoad(masm, - edx, - ecx, - eax, - edi, - &check_number_dictionary, - &slow_load); + GenerateFastArrayLoad( + masm, edx, ecx, eax, edi, &check_number_dictionary, &slow_load); __ IncrementCounter(&Counters::keyed_call_generic_smi_fast, 1); __ bind(&do_call); @@ -1417,14 +1422,8 @@ void KeyedCallIC::GenerateMegamorphic(MacroAssembler* masm, int argc) { __ SmiUntag(ebx); // ebx: untagged index // Receiver in edx will be clobbered, need to reload it on miss. - GenerateNumberDictionaryLoad(masm, - &slow_reload_receiver, - eax, - ecx, - ebx, - edx, - edi, - edi); + GenerateNumberDictionaryLoad( + masm, &slow_reload_receiver, eax, ecx, ebx, edx, edi, edi); __ IncrementCounter(&Counters::keyed_call_generic_smi_dict, 1); __ jmp(&do_call); @@ -1459,21 +1458,14 @@ void KeyedCallIC::GenerateMegamorphic(MacroAssembler* masm, int argc) { Immediate(Factory::hash_table_map())); __ j(not_equal, &lookup_monomorphic_cache, not_taken); - GenerateDictionaryLoad(masm, - &slow_load, - edx, - ecx, - ebx, - eax, - edi, - edi, - DICTIONARY_CHECK_DONE); + GenerateDictionaryLoad( + masm, &slow_load, edx, ecx, ebx, eax, edi, edi, DICTIONARY_CHECK_DONE); __ IncrementCounter(&Counters::keyed_call_generic_lookup_dict, 1); __ jmp(&do_call); __ bind(&lookup_monomorphic_cache); __ IncrementCounter(&Counters::keyed_call_generic_lookup_cache, 1); - GenerateMonomorphicCacheProbe(masm, argc, Code::KEYED_CALL_IC, &slow_call); + GenerateMonomorphicCacheProbe(masm, argc, Code::KEYED_CALL_IC); // Fall through on miss. __ bind(&slow_call); @@ -1487,19 +1479,35 @@ void KeyedCallIC::GenerateMegamorphic(MacroAssembler* masm, int argc) { GenerateMiss(masm, argc); __ bind(&index_string); - GenerateIndexFromHash(masm, ecx, ebx, &index_smi); + GenerateIndexFromHash(masm, ecx, ebx); + // Now jump to the place where smi keys are handled. + __ jmp(&index_smi); } void KeyedCallIC::GenerateNormal(MacroAssembler* masm, int argc) { - Label miss; - GenerateCallNormal(masm, argc, &miss); - __ bind(&miss); + // ----------- S t a t e ------------- + // -- ecx : name + // -- esp[0] : return address + // -- esp[(argc - n) * 4] : arg[n] (zero-based) + // -- ... + // -- esp[(argc + 1) * 4] : receiver + // ----------------------------------- + + GenerateCallNormal(masm, argc); GenerateMiss(masm, argc); } void KeyedCallIC::GenerateMiss(MacroAssembler* masm, int argc) { + // ----------- S t a t e ------------- + // -- ecx : name + // -- esp[0] : return address + // -- esp[(argc - n) * 4] : arg[n] (zero-based) + // -- ... + // -- esp[(argc + 1) * 4] : receiver + // ----------------------------------- + GenerateCallMiss(masm, argc, IC::kKeyedCallIC_Miss); } diff --git a/src/x64/codegen-x64.cc b/src/x64/codegen-x64.cc index d5be787556..bbd7973b4f 100644 --- a/src/x64/codegen-x64.cc +++ b/src/x64/codegen-x64.cc @@ -3108,25 +3108,31 @@ void CodeGenerator::VisitCall(Call* node) { ref.GetValue(); // Use global object as receiver. LoadGlobalReceiver(); + // Call the function. + CallWithArguments(args, RECEIVER_MIGHT_BE_VALUE, node->position()); } else { - Reference ref(this, property, false); - ASSERT(ref.size() == 2); - Result key = frame_->Pop(); - frame_->Dup(); // Duplicate the receiver. - frame_->Push(&key); - ref.GetValue(); - // Top of frame contains function to call, with duplicate copy of - // receiver below it. Swap them. - Result function = frame_->Pop(); - Result receiver = frame_->Pop(); - frame_->Push(&function); - frame_->Push(&receiver); + // Push the receiver onto the frame. + Load(property->obj()); + + // Load the arguments. + int arg_count = args->length(); + for (int i = 0; i < arg_count; i++) { + Load(args->at(i)); + frame_->SpillTop(); + } + + // Load the name of the function. + Load(property->key()); + + // Call the IC initialization code. + CodeForSourcePosition(node->position()); + Result result = frame_->CallKeyedCallIC(RelocInfo::CODE_TARGET, + arg_count, + loop_nesting()); + frame_->RestoreContextRegister(); + frame_->Push(&result); } - - // Call the function. - CallWithArguments(args, RECEIVER_MIGHT_BE_VALUE, node->position()); } - } else { // ---------------------------------- // JavaScript example: 'foo(1, 2, 3)' // foo is not global diff --git a/src/x64/full-codegen-x64.cc b/src/x64/full-codegen-x64.cc index d99ea84a6e..1df1de3477 100644 --- a/src/x64/full-codegen-x64.cc +++ b/src/x64/full-codegen-x64.cc @@ -1729,6 +1729,30 @@ void FullCodeGenerator::EmitCallWithIC(Call* expr, } +void FullCodeGenerator::EmitKeyedCallWithIC(Call* expr, + Expression* key, + RelocInfo::Mode mode) { + // Code common for calls using the IC. + ZoneList* args = expr->arguments(); + int arg_count = args->length(); + for (int i = 0; i < arg_count; i++) { + VisitForValue(args->at(i), kStack); + } + VisitForValue(key, kAccumulator); + __ movq(rcx, rax); + // Record source position for debugger. + SetSourcePosition(expr->position()); + // Call the IC initialization code. + InLoopFlag in_loop = (loop_depth() > 0) ? IN_LOOP : NOT_IN_LOOP; + Handle ic = CodeGenerator::ComputeKeyedCallInitialize(arg_count, + in_loop); + __ Call(ic, mode); + // Restore context register. + __ movq(rsi, Operand(rbp, StandardFrameConstants::kContextOffset)); + Apply(context_, rax); +} + + void FullCodeGenerator::EmitCallWithStub(Call* expr) { // Code common for calls using the call stub. ZoneList* args = expr->arguments(); @@ -1820,30 +1844,32 @@ void FullCodeGenerator::VisitCall(Call* expr) { VisitForValue(prop->obj(), kStack); EmitCallWithIC(expr, key->handle(), RelocInfo::CODE_TARGET); } else { - // Call to a keyed property, use keyed load IC followed by function - // call. + // Call to a keyed property. + // For a synthetic property use keyed load IC followed by function call, + // for a regular property use KeyedCallIC. VisitForValue(prop->obj(), kStack); - VisitForValue(prop->key(), kAccumulator); - __ movq(rdx, Operand(rsp, 0)); - // Record source code position for IC call. - SetSourcePosition(prop->position()); - Handle ic(Builtins::builtin(Builtins::KeyedLoadIC_Initialize)); - __ call(ic, RelocInfo::CODE_TARGET); - // By emitting a nop we make sure that we do not have a "test rax,..." - // instruction after the call it is treated specially by the LoadIC code. - __ nop(); - // Pop receiver. - __ pop(rbx); - // Push result (function). - __ push(rax); - // Push receiver object on stack. if (prop->is_synthetic()) { + VisitForValue(prop->key(), kAccumulator); + __ movq(rdx, Operand(rsp, 0)); + // Record source code position for IC call. + SetSourcePosition(prop->position()); + Handle ic(Builtins::builtin(Builtins::KeyedLoadIC_Initialize)); + __ call(ic, RelocInfo::CODE_TARGET); + // By emitting a nop we make sure that we do not have a "test rax,..." + // instruction after the call as it is treated specially + // by the LoadIC code. + __ nop(); + // Pop receiver. + __ pop(rbx); + // Push result (function). + __ push(rax); + // Push receiver object on stack. __ movq(rcx, CodeGenerator::GlobalObject()); __ push(FieldOperand(rcx, GlobalObject::kGlobalReceiverOffset)); + EmitCallWithStub(expr); } else { - __ push(rbx); + EmitKeyedCallWithIC(expr, prop->key(), RelocInfo::CODE_TARGET); } - EmitCallWithStub(expr); } } else { // Call to some other expression. If the expression is an anonymous diff --git a/src/x64/ic-x64.cc b/src/x64/ic-x64.cc index 89c21cba2c..f668f0c8f3 100644 --- a/src/x64/ic-x64.cc +++ b/src/x64/ic-x64.cc @@ -57,19 +57,21 @@ static void GenerateDictionaryLoad(MacroAssembler* masm, Register r2, Register name, Register r4, + Register result, DictionaryCheck check_dictionary) { // Register use: // - // r0 - used to hold the property dictionary. + // r0 - used to hold the property dictionary and is unchanged. // - // r1 - initially the receiver. - // - unchanged on any jump to miss_label. - // - holds the result on exit. + // r1 - used to hold the receiver and is unchanged. // // r2 - used to hold the capacity of the property dictionary. // // name - holds the name of the property and is unchanged. + // // r4 - used to hold the index into the property dictionary. + // + // result - holds the result on exit if the load succeeded. Label done; @@ -148,7 +150,7 @@ static void GenerateDictionaryLoad(MacroAssembler* masm, // Get the value at the masked, scaled index. const int kValueOffset = kElementsStartOffset + kPointerSize; - __ movq(r1, + __ movq(result, Operand(r0, r4, times_pointer_size, kValueOffset - kHeapObjectTag)); } @@ -159,14 +161,15 @@ static void GenerateNumberDictionaryLoad(MacroAssembler* masm, Register key, Register r0, Register r1, - Register r2) { + Register r2, + Register result) { // Register use: // - // elements - holds the slow-case elements of the receiver and is unchanged. + // elements - holds the slow-case elements of the receiver on entry. + // Unchanged unless 'result' is the same register. // - // key - holds the smi key on entry and is unchanged if a branch is - // performed to the miss label. - // Holds the result on exit if the load succeeded. + // key - holds the smi key on entry. + // Unchanged unless 'result' is the same register. // // Scratch registers: // @@ -175,6 +178,12 @@ static void GenerateNumberDictionaryLoad(MacroAssembler* masm, // r1 - used to hold the capacity mask of the dictionary // // r2 - used for the index into the dictionary. + // + // result - holds the result on exit if the load succeeded. + // Allowed to be the same as 'key' or 'result'. + // Unchanged on bailout so 'key' or 'result' can be used + // in further computation. + Label done; // Compute the hash code from the untagged key. This must be kept in sync @@ -246,7 +255,7 @@ static void GenerateNumberDictionaryLoad(MacroAssembler* masm, // Get the value at the masked, scaled index. const int kValueOffset = NumberDictionary::kElementsStartOffset + kPointerSize; - __ movq(key, FieldOperand(elements, r2, times_pointer_size, kValueOffset)); + __ movq(result, FieldOperand(elements, r2, times_pointer_size, kValueOffset)); } @@ -346,6 +355,142 @@ void KeyedLoadIC::GenerateRuntimeGetProperty(MacroAssembler* masm) { } +// Checks the receiver for special cases (value type, slow case bits). +// Falls through for regular JS object. +static void GenerateKeyedLoadReceiverCheck(MacroAssembler* masm, + Register receiver, + Register map, + Label* slow) { + // Register use: + // receiver - holds the receiver and is unchanged. + // Scratch registers: + // map - used to hold the map of the receiver. + + // Check that the object isn't a smi. + __ JumpIfSmi(receiver, slow); + + // Check that the object is some kind of JS object EXCEPT JS Value type. + // In the case that the object is a value-wrapper object, + // we enter the runtime system to make sure that indexing + // into string objects work as intended. + ASSERT(JS_OBJECT_TYPE > JS_VALUE_TYPE); + __ CmpObjectType(receiver, JS_OBJECT_TYPE, map); + __ j(below, slow); + + // Check bit field. + __ testb(FieldOperand(map, Map::kBitFieldOffset), + Immediate(KeyedLoadIC::kSlowCaseBitFieldMask)); + __ j(not_zero, slow); +} + + +// Loads an indexed element from a fast case array. +static void GenerateFastArrayLoad(MacroAssembler* masm, + Register receiver, + Register key, + Register elements, + Register scratch, + Register result, + Label* not_fast_array, + Label* out_of_range) { + // Register use: + // + // receiver - holds the receiver on entry. + // Unchanged unless 'result' is the same register. + // + // key - holds the smi key on entry. + // Unchanged unless 'result' is the same register. + // + // elements - holds the elements of the receiver on exit. + // + // result - holds the result on exit if the load succeeded. + // Allowed to be the the same as 'receiver' or 'key'. + // Unchanged on bailout so 'receiver' and 'key' can be safely + // used by further computation. + // + // Scratch registers: + // + // scratch - used to hold elements of the receiver and the loaded value. + + __ movq(elements, FieldOperand(receiver, JSObject::kElementsOffset)); + // Check that the object is in fast mode (not dictionary). + __ CompareRoot(FieldOperand(elements, HeapObject::kMapOffset), + Heap::kFixedArrayMapRootIndex); + __ j(not_equal, not_fast_array); + // Check that the key (index) is within bounds. + __ SmiCompare(key, FieldOperand(elements, FixedArray::kLengthOffset)); + // Unsigned comparison rejects negative indices. + __ j(above_equal, out_of_range); + // Fast case: Do the load. + SmiIndex index = masm->SmiToIndex(scratch, key, kPointerSizeLog2); + __ movq(scratch, FieldOperand(elements, + index.reg, + index.scale, + FixedArray::kHeaderSize)); + __ CompareRoot(scratch, Heap::kTheHoleValueRootIndex); + // In case the loaded value is the_hole we have to consult GetProperty + // to ensure the prototype chain is searched. + __ j(equal, out_of_range); + if (!result.is(scratch)) { + __ movq(result, scratch); + } +} + + +// Checks whether a key is an array index string or a symbol string. +// Falls through if the key is a symbol. +static void GenerateKeyStringCheck(MacroAssembler* masm, + Register key, + Register map, + Register hash, + Label* index_string, + Label* not_symbol) { + // Register use: + // key - holds the key and is unchanged. Assumed to be non-smi. + // Scratch registers: + // map - used to hold the map of the key. + // hash - used to hold the hash of the key. + __ CmpObjectType(key, FIRST_NONSTRING_TYPE, map); + __ j(above_equal, not_symbol); + // Is the string an array index, with cached numeric value? + __ movl(hash, FieldOperand(key, String::kHashFieldOffset)); + __ testl(hash, Immediate(String::kContainsCachedArrayIndexMask)); + __ j(zero, index_string); // The value in hash is used at jump target. + + // Is the string a symbol? + ASSERT(kSymbolTag != 0); + __ testb(FieldOperand(map, Map::kInstanceTypeOffset), + Immediate(kIsSymbolMask)); + __ j(zero, not_symbol); +} + + +// Picks out an array index from the hash field. +static void GenerateIndexFromHash(MacroAssembler* masm, + Register key, + Register hash) { + // Register use: + // key - holds the overwritten key on exit. + // hash - holds the key's hash. Clobbered. + + // The assert checks that the constants for the maximum number of digits + // for an array index cached in the hash field and the number of bits + // reserved for it does not conflict. + ASSERT(TenToThe(String::kMaxCachedArrayIndexLength) < + (1 << String::kArrayIndexValueBits)); + // We want the smi-tagged index in key. Even if we subsequently go to + // the slow case, converting the key to a smi is always valid. + // key: string key + // hash: key's hash field, including its array index value. + __ and_(hash, Immediate(String::kArrayIndexValueMask)); + __ shr(hash, Immediate(String::kHashShift)); + // Here we actually clobber the key which will be used if calling into + // runtime later. However as the new key is the numeric value of a string key + // there is no difference in using either key. + __ Integer32ToSmi(key, hash); +} + + void KeyedLoadIC::GenerateGeneric(MacroAssembler* masm) { // ----------- S t a t e ------------- // -- rax : key @@ -355,46 +500,22 @@ void KeyedLoadIC::GenerateGeneric(MacroAssembler* masm) { Label slow, check_string, index_smi, index_string; Label check_pixel_array, probe_dictionary, check_number_dictionary; - // Check that the object isn't a smi. - __ JumpIfSmi(rdx, &slow); - - // Check that the object is some kind of JS object EXCEPT JS Value type. - // In the case that the object is a value-wrapper object, - // we enter the runtime system to make sure that indexing - // into string objects work as intended. - ASSERT(JS_OBJECT_TYPE > JS_VALUE_TYPE); - __ CmpObjectType(rdx, JS_OBJECT_TYPE, rcx); - __ j(below, &slow); - - // Check bit field. - __ testb(FieldOperand(rcx, Map::kBitFieldOffset), - Immediate(kSlowCaseBitFieldMask)); - __ j(not_zero, &slow); + GenerateKeyedLoadReceiverCheck(masm, rdx, rcx, &slow); // Check that the key is a smi. __ JumpIfNotSmi(rax, &check_string); __ bind(&index_smi); // Now the key is known to be a smi. This place is also jumped to from below // where a numeric string is converted to a smi. - __ movq(rcx, FieldOperand(rdx, JSObject::kElementsOffset)); - // Check that the object is in fast mode (not dictionary). - __ CompareRoot(FieldOperand(rcx, HeapObject::kMapOffset), - Heap::kFixedArrayMapRootIndex); - __ j(not_equal, &check_pixel_array); - // Check that the key (index) is within bounds. - __ SmiCompare(rax, FieldOperand(rcx, FixedArray::kLengthOffset)); - __ j(above_equal, &slow); // Unsigned comparison rejects negative indices. - // Fast case: Do the load. - SmiIndex index = masm->SmiToIndex(rbx, rax, kPointerSizeLog2); - __ movq(rbx, FieldOperand(rcx, - index.reg, - index.scale, - FixedArray::kHeaderSize)); - __ CompareRoot(rbx, Heap::kTheHoleValueRootIndex); - // In case the loaded value is the_hole we have to consult GetProperty - // to ensure the prototype chain is searched. - __ j(equal, &slow); - __ movq(rax, rbx); + + GenerateFastArrayLoad(masm, + rdx, + rax, + rcx, + rbx, + rax, + &check_pixel_array, + &slow); __ IncrementCounter(&Counters::keyed_load_generic_smi, 1); __ ret(0); @@ -423,7 +544,7 @@ void KeyedLoadIC::GenerateGeneric(MacroAssembler* masm) { __ CompareRoot(FieldOperand(rcx, HeapObject::kMapOffset), Heap::kHashTableMapRootIndex); __ j(not_equal, &slow); - GenerateNumberDictionaryLoad(masm, &slow, rcx, rax, rbx, r9, rdi); + GenerateNumberDictionaryLoad(masm, &slow, rcx, rax, rbx, r9, rdi, rax); __ ret(0); __ bind(&slow); @@ -434,22 +555,7 @@ void KeyedLoadIC::GenerateGeneric(MacroAssembler* masm) { GenerateRuntimeGetProperty(masm); __ bind(&check_string); - // The key is not a smi. - // Is it a string? - // rdx: receiver - // rax: key - __ CmpObjectType(rax, FIRST_NONSTRING_TYPE, rcx); - __ j(above_equal, &slow); - // Is the string an array index, with cached numeric value? - __ movl(rbx, FieldOperand(rax, String::kHashFieldOffset)); - __ testl(rbx, Immediate(String::kContainsCachedArrayIndexMask)); - __ j(zero, &index_string); // The value in rbx is used at jump target. - - // Is the string a symbol? - ASSERT(kSymbolTag != 0); - __ testb(FieldOperand(rcx, Map::kInstanceTypeOffset), - Immediate(kIsSymbolMask)); - __ j(zero, &slow); + GenerateKeyStringCheck(masm, rax, rcx, rbx, &index_string, &slow); // If the receiver is a fast-case object, check the keyed lookup // cache. Otherwise probe the dictionary leaving result in rcx. @@ -509,29 +615,13 @@ void KeyedLoadIC::GenerateGeneric(MacroAssembler* masm) { rcx, rax, rdi, + rax, DICTIONARY_CHECK_DONE); - __ movq(rax, rdx); __ IncrementCounter(&Counters::keyed_load_generic_symbol, 1); __ ret(0); - // If the hash field contains an array index pick it out. The assert checks - // that the constants for the maximum number of digits for an array index - // cached in the hash field and the number of bits reserved for it does not - // conflict. - ASSERT(TenToThe(String::kMaxCachedArrayIndexLength) < - (1 << String::kArrayIndexValueBits)); + __ bind(&index_string); - // We want the smi-tagged index in rax. Even if we subsequently go to - // the slow case, converting the key to a smi is always valid. - // rdx: receiver - // rax: key (a string) - // rbx: key's hash field, including its array index value. - __ and_(rbx, Immediate(String::kArrayIndexValueMask)); - __ shr(rbx, Immediate(String::kHashShift)); - // Here we actually clobber the key (rax) which will be used if calling into - // runtime later. However as the new key is the numeric value of a string key - // there is no difference in using either key. - __ Integer32ToSmi(rax, rbx); - // Now jump to the place where smi keys are handled. + GenerateIndexFromHash(masm, rax, rbx); __ jmp(&index_smi); } @@ -1109,7 +1199,11 @@ void KeyedStoreIC::GenerateExternalArray(MacroAssembler* masm, } -void CallIC::GenerateMiss(MacroAssembler* masm, int argc) { +// Defined in ic.cc. +Object* CallIC_Miss(Arguments args); + + +static void GenerateCallMiss(MacroAssembler* masm, int argc, IC::UtilityId id) { // ----------- S t a t e ------------- // rcx : function name // rsp[0] : return address @@ -1132,7 +1226,7 @@ void CallIC::GenerateMiss(MacroAssembler* masm, int argc) { // Call the entry. CEntryStub stub(1); __ movq(rax, Immediate(2)); - __ movq(rbx, ExternalReference(IC_Utility(kCallIC_Miss))); + __ movq(rbx, ExternalReference(IC_Utility(id))); __ CallStub(&stub); // Move result to rdi and exit the internal frame. @@ -1160,27 +1254,20 @@ void CallIC::GenerateMiss(MacroAssembler* masm, int argc) { } -// Defined in ic.cc. -Object* CallIC_Miss(Arguments args); - -void CallIC::GenerateMegamorphic(MacroAssembler* masm, int argc) { +// The generated code does not accept smi keys. +// The generated code falls through if both probes miss. +static void GenerateMonomorphicCacheProbe(MacroAssembler* masm, + int argc, + Code::Kind kind) { // ----------- S t a t e ------------- // rcx : function name - // rsp[0] : return address - // rsp[8] : argument argc - // rsp[16] : argument argc - 1 - // ... - // rsp[argc * 8] : argument 1 - // rsp[(argc + 1) * 8] : argument 0 = receiver + // rdx : receiver // ----------------------------------- Label number, non_number, non_string, boolean, probe, miss; - // Get the receiver of the function from the stack; 1 ~ return address. - __ movq(rdx, Operand(rsp, (argc + 1) * kPointerSize)); - // Probe the stub cache. Code::Flags flags = - Code::ComputeFlags(Code::CALL_IC, NOT_IN_LOOP, MONOMORPHIC, NORMAL, argc); + Code::ComputeFlags(kind, NOT_IN_LOOP, MONOMORPHIC, NORMAL, argc); StubCache::GenerateProbe(masm, flags, rdx, rcx, rbx, rax); // If the stub cache probing failed, the receiver might be a value. @@ -1219,9 +1306,7 @@ void CallIC::GenerateMegamorphic(MacroAssembler* masm, int argc) { __ bind(&probe); StubCache::GenerateProbe(masm, flags, rdx, rcx, rbx, no_reg); - // Cache miss: Jump to runtime. __ bind(&miss); - GenerateMiss(masm, argc); } @@ -1240,19 +1325,16 @@ static void GenerateNormalHelper(MacroAssembler* masm, // rsp[(argc + 1) * 8] : argument 0 = receiver // ----------------------------------- // Search dictionary - put result in register rdx. - GenerateDictionaryLoad(masm, miss, rax, rdx, rbx, rcx, rdi, CHECK_DICTIONARY); - - // Move the result to register rdi and check that it isn't a smi. - __ movq(rdi, rdx); - __ JumpIfSmi(rdx, miss); + GenerateDictionaryLoad( + masm, miss, rax, rdx, rbx, rcx, rdi, rdi, CHECK_DICTIONARY); + __ JumpIfSmi(rdi, miss); // Check that the value is a JavaScript function. - __ CmpObjectType(rdx, JS_FUNCTION_TYPE, rdx); + __ CmpObjectType(rdi, JS_FUNCTION_TYPE, rdx); __ j(not_equal, miss); // Patch the receiver with the global proxy if necessary. if (is_global_object) { - __ movq(rdx, Operand(rsp, (argc + 1) * kPointerSize)); __ movq(rdx, FieldOperand(rdx, GlobalObject::kGlobalReceiverOffset)); __ movq(Operand(rsp, (argc + 1) * kPointerSize), rdx); } @@ -1263,7 +1345,8 @@ static void GenerateNormalHelper(MacroAssembler* masm, } -void CallIC::GenerateNormal(MacroAssembler* masm, int argc) { +// The generated code falls through if the call should be handled by runtime. +static void GenerateCallNormal(MacroAssembler* masm, int argc) { // ----------- S t a t e ------------- // rcx : function name // rsp[0] : return address @@ -1324,24 +1407,197 @@ void CallIC::GenerateNormal(MacroAssembler* masm, int argc) { __ CheckAccessGlobalProxy(rdx, rax, &miss); __ jmp(&invoke); - // Cache miss: Jump to runtime. __ bind(&miss); +} + + +void CallIC::GenerateMiss(MacroAssembler* masm, int argc) { + // ----------- S t a t e ------------- + // rcx : function name + // rsp[0] : return address + // rsp[8] : argument argc + // rsp[16] : argument argc - 1 + // ... + // rsp[argc * 8] : argument 1 + // rsp[(argc + 1) * 8] : argument 0 = receiver + // ----------------------------------- + GenerateCallMiss(masm, argc, IC::kCallIC_Miss); +} + + +void CallIC::GenerateMegamorphic(MacroAssembler* masm, int argc) { + // ----------- S t a t e ------------- + // rcx : function name + // rsp[0] : return address + // rsp[8] : argument argc + // rsp[16] : argument argc - 1 + // ... + // rsp[argc * 8] : argument 1 + // rsp[(argc + 1) * 8] : argument 0 = receiver + // ----------------------------------- + + // Get the receiver of the function from the stack; 1 ~ return address. + __ movq(rdx, Operand(rsp, (argc + 1) * kPointerSize)); + GenerateMonomorphicCacheProbe(masm, argc, Code::CALL_IC); + GenerateMiss(masm, argc); +} + + +void CallIC::GenerateNormal(MacroAssembler* masm, int argc) { + // ----------- S t a t e ------------- + // rcx : function name + // rsp[0] : return address + // rsp[8] : argument argc + // rsp[16] : argument argc - 1 + // ... + // rsp[argc * 8] : argument 1 + // rsp[(argc + 1) * 8] : argument 0 = receiver + // ----------------------------------- + + GenerateCallNormal(masm, argc); GenerateMiss(masm, argc); } void KeyedCallIC::GenerateMiss(MacroAssembler* masm, int argc) { - UNREACHABLE(); + // ----------- S t a t e ------------- + // rcx : function name + // rsp[0] : return address + // rsp[8] : argument argc + // rsp[16] : argument argc - 1 + // ... + // rsp[argc * 8] : argument 1 + // rsp[(argc + 1) * 8] : argument 0 = receiver + // ----------------------------------- + + GenerateCallMiss(masm, argc, IC::kKeyedCallIC_Miss); } void KeyedCallIC::GenerateMegamorphic(MacroAssembler* masm, int argc) { - UNREACHABLE(); + // ----------- S t a t e ------------- + // rcx : function name + // rsp[0] : return address + // rsp[8] : argument argc + // rsp[16] : argument argc - 1 + // ... + // rsp[argc * 8] : argument 1 + // rsp[(argc + 1) * 8] : argument 0 = receiver + // ----------------------------------- + + // Get the receiver of the function from the stack; 1 ~ return address. + __ movq(rdx, Operand(rsp, (argc + 1) * kPointerSize)); + + Label do_call, slow_call, slow_load, slow_reload_receiver; + Label check_number_dictionary, check_string, lookup_monomorphic_cache; + Label index_smi, index_string; + + // Check that the key is a smi. + __ JumpIfNotSmi(rcx, &check_string); + + __ bind(&index_smi); + // Now the key is known to be a smi. This place is also jumped to from below + // where a numeric string is converted to a smi. + + GenerateKeyedLoadReceiverCheck(masm, rdx, rax, &slow_call); + + GenerateFastArrayLoad( + masm, rdx, rcx, rax, rbx, rdi, &check_number_dictionary, &slow_load); + __ IncrementCounter(&Counters::keyed_call_generic_smi_fast, 1); + + __ bind(&do_call); + // receiver in rdx is not used after this point. + // rcx: key + // rdi: function + + // Check that the value in edi is a JavaScript function. + __ JumpIfSmi(rdi, &slow_call); + __ CmpObjectType(rdi, JS_FUNCTION_TYPE, rax); + __ j(not_equal, &slow_call); + // Invoke the function. + ParameterCount actual(argc); + __ InvokeFunction(rdi, actual, JUMP_FUNCTION); + + __ bind(&check_number_dictionary); + // eax: elements + // ecx: smi key + // Check whether the elements is a number dictionary. + __ CompareRoot(FieldOperand(rax, HeapObject::kMapOffset), + Heap::kHashTableMapRootIndex); + __ SmiToInteger32(rbx, rcx); + // ebx: untagged index + GenerateNumberDictionaryLoad(masm, &slow_load, rax, rcx, rbx, r9, rdi, rdi); + __ IncrementCounter(&Counters::keyed_call_generic_smi_dict, 1); + __ jmp(&do_call); + + __ bind(&slow_load); + // This branch is taken when calling KeyedCallIC_Miss is neither required + // nor beneficial. + __ IncrementCounter(&Counters::keyed_call_generic_slow_load, 1); + __ EnterInternalFrame(); + __ push(rcx); // save the key + __ push(rdx); // pass the receiver + __ push(rcx); // pass the key + __ CallRuntime(Runtime::kKeyedGetProperty, 2); + __ pop(rcx); // restore the key + __ LeaveInternalFrame(); + __ movq(rdi, rax); + __ jmp(&do_call); + + __ bind(&check_string); + GenerateKeyStringCheck(masm, rcx, rax, rbx, &index_string, &slow_call); + + // The key is known to be a symbol. + // If the receiver is a regular JS object with slow properties then do + // a quick inline probe of the receiver's dictionary. + // Otherwise do the monomorphic cache probe. + GenerateKeyedLoadReceiverCheck(masm, rdx, rax, &lookup_monomorphic_cache); + + __ movq(rbx, FieldOperand(rdx, JSObject::kPropertiesOffset)); + __ CompareRoot(FieldOperand(rbx, HeapObject::kMapOffset), + Heap::kHashTableMapRootIndex); + __ j(not_equal, &lookup_monomorphic_cache); + + GenerateDictionaryLoad( + masm, &slow_load, rbx, rdx, rax, rcx, rdi, rdi, DICTIONARY_CHECK_DONE); + __ IncrementCounter(&Counters::keyed_call_generic_lookup_dict, 1); + __ jmp(&do_call); + + __ bind(&lookup_monomorphic_cache); + __ IncrementCounter(&Counters::keyed_call_generic_lookup_cache, 1); + GenerateMonomorphicCacheProbe(masm, argc, Code::KEYED_CALL_IC); + // Fall through on miss. + + __ bind(&slow_call); + // This branch is taken if: + // - the receiver requires boxing or access check, + // - the key is neither smi nor symbol, + // - the value loaded is not a function, + // - there is hope that the runtime will create a monomorphic call stub + // that will get fetched next time. + __ IncrementCounter(&Counters::keyed_call_generic_slow, 1); + GenerateMiss(masm, argc); + + __ bind(&index_string); + GenerateIndexFromHash(masm, rcx, rbx); + // Now jump to the place where smi keys are handled. + __ jmp(&index_smi); } void KeyedCallIC::GenerateNormal(MacroAssembler* masm, int argc) { - UNREACHABLE(); + // ----------- S t a t e ------------- + // rcx : function name + // rsp[0] : return address + // rsp[8] : argument argc + // rsp[16] : argument argc - 1 + // ... + // rsp[argc * 8] : argument 1 + // rsp[(argc + 1) * 8] : argument 0 = receiver + // ----------------------------------- + + GenerateCallNormal(masm, argc); + GenerateMiss(masm, argc); } @@ -1452,7 +1708,7 @@ void LoadIC::GenerateNormal(MacroAssembler* masm) { // Search the dictionary placing the result in rax. __ bind(&probe); GenerateDictionaryLoad(masm, &miss, rdx, rax, rbx, - rcx, rdi, CHECK_DICTIONARY); + rcx, rdi, rax, CHECK_DICTIONARY); __ ret(0); // Global object access: Check access rights. diff --git a/src/x64/stub-cache-x64.cc b/src/x64/stub-cache-x64.cc index cc54470529..fed783f1e5 100644 --- a/src/x64/stub-cache-x64.cc +++ b/src/x64/stub-cache-x64.cc @@ -706,6 +706,15 @@ static Object* GenerateCheckPropertyCell(MacroAssembler* masm, #define __ ACCESS_MASM((masm())) + +void CallStubCompiler::GenerateNameCheck(String* name, Label* miss) { + if (kind_ == Code::KEYED_CALL_IC) { + __ Cmp(rcx, Handle(name)); + __ j(not_equal, miss); + } +} + + void CallStubCompiler::GenerateMissBranch() { Handle ic = ComputeCallMiss(arguments().immediate(), kind_); __ Jump(ic, RelocInfo::CODE_TARGET); @@ -740,6 +749,8 @@ Object* CallStubCompiler::CompileCallConstant(Object* object, Label miss_in_smi_check; + GenerateNameCheck(name, &miss_in_smi_check); + // Get the receiver from the stack. const int argc = arguments().immediate(); __ movq(rdx, Operand(rsp, (argc + 1) * kPointerSize)); @@ -881,6 +892,8 @@ Object* CallStubCompiler::CompileCallField(JSObject* object, // ----------------------------------- Label miss; + GenerateNameCheck(name, &miss); + // Get the receiver from the stack. const int argc = arguments().immediate(); __ movq(rdx, Operand(rsp, (argc + 1) * kPointerSize)); @@ -938,6 +951,8 @@ Object* CallStubCompiler::CompileArrayPushCall(Object* object, Label miss; + GenerateNameCheck(name, &miss); + // Get the receiver from the stack. const int argc = arguments().immediate(); __ movq(rdx, Operand(rsp, (argc + 1) * kPointerSize)); @@ -1092,6 +1107,8 @@ Object* CallStubCompiler::CompileArrayPopCall(Object* object, Label miss, return_undefined, call_builtin; + GenerateNameCheck(name, &miss); + // Get the receiver from the stack. const int argc = arguments().immediate(); __ movq(rdx, Operand(rsp, (argc + 1) * kPointerSize)); @@ -1190,6 +1207,8 @@ Object* CallStubCompiler::CompileCallInterceptor(JSObject* object, // ----------------------------------- Label miss; + GenerateNameCheck(name, &miss); + // Get the number of arguments. const int argc = arguments().immediate(); @@ -1254,6 +1273,8 @@ Object* CallStubCompiler::CompileCallGlobal(JSObject* object, // rsp[(argc + 1) * 8] : argument 0 = receiver Label miss; + GenerateNameCheck(name, &miss); + // Get the number of arguments. const int argc = arguments().immediate(); diff --git a/src/x64/virtual-frame-x64.cc b/src/x64/virtual-frame-x64.cc index a0acd6a2b7..ed7107517d 100644 --- a/src/x64/virtual-frame-x64.cc +++ b/src/x64/virtual-frame-x64.cc @@ -1164,6 +1164,25 @@ Result VirtualFrame::CallCallIC(RelocInfo::Mode mode, } +Result VirtualFrame::CallKeyedCallIC(RelocInfo::Mode mode, + int arg_count, + int loop_nesting) { + // Function name, arguments, and receiver are found on top of the frame + // and dropped by the call. The IC expects the name in rcx and the rest + // on the stack, and drops them all. + InLoopFlag in_loop = loop_nesting > 0 ? IN_LOOP : NOT_IN_LOOP; + Handle ic = + cgen()->ComputeKeyedCallInitialize(arg_count, in_loop); + Result name = Pop(); + // Spill args, receiver, and function. The call will drop args and + // receiver. + PrepareForCall(arg_count + 1, arg_count + 1); + name.ToRegister(rcx); + name.Unuse(); + return RawCallCodeObject(ic, mode); +} + + Result VirtualFrame::CallConstructor(int arg_count) { // Arguments, receiver, and function are on top of the frame. The // IC expects arg count in rax, function in rdi, and the arguments diff --git a/src/x64/virtual-frame-x64.h b/src/x64/virtual-frame-x64.h index affe18ffa3..dc270fea0a 100644 --- a/src/x64/virtual-frame-x64.h +++ b/src/x64/virtual-frame-x64.h @@ -369,6 +369,8 @@ class VirtualFrame : public ZoneObject { // The argument count does not include the receiver. Result CallCallIC(RelocInfo::Mode mode, int arg_count, int loop_nesting); + Result CallKeyedCallIC(RelocInfo::Mode mode, int arg_count, int loop_nesting); + // Allocate and call JS function as constructor. Arguments, // receiver (global object), and function are found on top of the // frame. Function is not dropped. The argument count does not diff --git a/test/mjsunit/keyed-call-generic.js b/test/mjsunit/keyed-call-generic.js index 0b49b3e8b3..0314698487 100644 --- a/test/mjsunit/keyed-call-generic.js +++ b/test/mjsunit/keyed-call-generic.js @@ -94,3 +94,20 @@ testMany(fixed_array, first3num, first3num); testMany(dict_array, first3num, first3num); testMany(fast_prop, first3str, first3num); testMany(normal_prop, first3str, first3num); + + +function testException(receiver, keys, exceptions) { + for (var i = 0; i != 10; i++) { + for (var k = 0; k != keys.length; k++) { + var thrown = false; + try { + var result = receiver[keys[k]](); + } catch (e) { + thrown = true; + } + assertEquals(exceptions[k], thrown); + } + } +} + +testException([zero, one, /* hole */ ], [0, 1, 2], [false, false, true]);