Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / chromium_org / v8 / 57ff881caeb2e15b46ac9e4dfc00e378f7c5f929 / . / src / ia32 / stub-cache-ia32.cc
blob: 9623b9a5203c5ccf44b4f27b23f81d917a22039a [file] [log] [blame]
erik.corry@gmail.comf2038fb2012-01-16 11:42:08 +0000[diff] [blame]1// Copyright 2012 the V8 project authors. All rights reserved.
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2// Redistribution and use in source and binary forms, with or without
3// modification, are permitted provided that the following conditions are
4// met:
5//
6// * Redistributions of source code must retain the above copyright
7// notice, this list of conditions and the following disclaimer.
8// * Redistributions in binary form must reproduce the above
9// copyright notice, this list of conditions and the following
10// disclaimer in the documentation and/or other materials provided
11// with the distribution.
12// * Neither the name of Google Inc. nor the names of its
13// contributors may be used to endorse or promote products derived
14// from this software without specific prior written permission.
15//
16// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
18// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
19// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
20// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
26// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27
28#include "v8.h"
29
erik.corry@gmail.com9dfbea42010-05-21 12:58:28 +0000[diff] [blame]30#if defined(V8_TARGET_ARCH_IA32)
31
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]32#include "ic-inl.h"
karlklose@chromium.org44bc7082011-04-11 12:33:05 +0000[diff] [blame]33#include "codegen.h"
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]34#include "stub-cache.h"
35
kasperl@chromium.org71affb52009-05-26 05:44:31 +0000[diff] [blame]36namespace v8 {
37namespace internal {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]38
ager@chromium.org65dad4b2009-04-23 08:48:43 +0000[diff] [blame]39#define __ ACCESS_MASM(masm)
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]40
41
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]42static void ProbeTable(Isolate* isolate,
43 MacroAssembler* masm,
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]44 Code::Flags flags,
45 StubCache::Table table,
46 Register name,
ulan@chromium.org812308e2012-02-29 15:58:45 +0000[diff] [blame]47 Register receiver,
48 // Number of the cache entry pointer-size scaled.
kasperl@chromium.org86f77b72009-07-06 08:21:57 +0000[diff] [blame]49 Register offset,
50 Register extra) {
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]51 ExternalReference key_offset(isolate->stub_cache()->key_reference(table));
52 ExternalReference value_offset(isolate->stub_cache()->value_reference(table));
ulan@chromium.org812308e2012-02-29 15:58:45 +0000[diff] [blame]53 ExternalReference map_offset(isolate->stub_cache()->map_reference(table));
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]54
55 Label miss;
56
ulan@chromium.org812308e2012-02-29 15:58:45 +0000[diff] [blame]57 // Multiply by 3 because there are 3 fields per entry (name, code, map).
58 __ lea(offset, Operand(offset, offset, times_2, 0));
59
kasperl@chromium.org86f77b72009-07-06 08:21:57 +0000[diff] [blame]60 if (extra.is_valid()) {
61 // Get the code entry from the cache.
ulan@chromium.org812308e2012-02-29 15:58:45 +0000[diff] [blame]62 __ mov(extra, Operand::StaticArray(offset, times_1, value_offset));
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]63
kasperl@chromium.org86f77b72009-07-06 08:21:57 +0000[diff] [blame]64 // Check that the key in the entry matches the name.
ulan@chromium.org812308e2012-02-29 15:58:45 +0000[diff] [blame]65 __ cmp(name, Operand::StaticArray(offset, times_1, key_offset));
66 __ j(not_equal, &miss);
67
68 // Check the map matches.
69 __ mov(offset, Operand::StaticArray(offset, times_1, map_offset));
70 __ cmp(offset, FieldOperand(receiver, HeapObject::kMapOffset));
vegorov@chromium.org7304bca2011-05-16 12:14:13 +0000[diff] [blame]71 __ j(not_equal, &miss);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]72
kasperl@chromium.org86f77b72009-07-06 08:21:57 +0000[diff] [blame]73 // Check that the flags match what we're looking for.
74 __ mov(offset, FieldOperand(extra, Code::kFlagsOffset));
75 __ and_(offset, ~Code::kFlagsNotUsedInLookup);
76 __ cmp(offset, flags);
77 __ j(not_equal, &miss);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]78
ulan@chromium.org812308e2012-02-29 15:58:45 +0000[diff] [blame]79#ifdef DEBUG
80 if (FLAG_test_secondary_stub_cache && table == StubCache::kPrimary) {
81 __ jmp(&miss);
82 } else if (FLAG_test_primary_stub_cache && table == StubCache::kSecondary) {
83 __ jmp(&miss);
84 }
85#endif
86
kasperl@chromium.org86f77b72009-07-06 08:21:57 +0000[diff] [blame]87 // Jump to the first instruction in the code stub.
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]88 __ add(extra, Immediate(Code::kHeaderSize - kHeapObjectTag));
89 __ jmp(extra);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]90
kasperl@chromium.org86f77b72009-07-06 08:21:57 +0000[diff] [blame]91 __ bind(&miss);
92 } else {
93 // Save the offset on the stack.
94 __ push(offset);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]95
kasperl@chromium.org86f77b72009-07-06 08:21:57 +0000[diff] [blame]96 // Check that the key in the entry matches the name.
ulan@chromium.org812308e2012-02-29 15:58:45 +0000[diff] [blame]97 __ cmp(name, Operand::StaticArray(offset, times_1, key_offset));
vegorov@chromium.org7304bca2011-05-16 12:14:13 +0000[diff] [blame]98 __ j(not_equal, &miss);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]99
ulan@chromium.org812308e2012-02-29 15:58:45 +0000[diff] [blame]100 // Check the map matches.
101 __ mov(offset, Operand::StaticArray(offset, times_1, map_offset));
102 __ cmp(offset, FieldOperand(receiver, HeapObject::kMapOffset));
103 __ j(not_equal, &miss);
104
105 // Restore offset register.
106 __ mov(offset, Operand(esp, 0));
107
kasperl@chromium.org86f77b72009-07-06 08:21:57 +0000[diff] [blame]108 // Get the code entry from the cache.
ulan@chromium.org812308e2012-02-29 15:58:45 +0000[diff] [blame]109 __ mov(offset, Operand::StaticArray(offset, times_1, value_offset));
kasperl@chromium.org86f77b72009-07-06 08:21:57 +0000[diff] [blame]110
111 // Check that the flags match what we're looking for.
112 __ mov(offset, FieldOperand(offset, Code::kFlagsOffset));
113 __ and_(offset, ~Code::kFlagsNotUsedInLookup);
114 __ cmp(offset, flags);
115 __ j(not_equal, &miss);
116
ulan@chromium.org812308e2012-02-29 15:58:45 +0000[diff] [blame]117#ifdef DEBUG
118 if (FLAG_test_secondary_stub_cache && table == StubCache::kPrimary) {
119 __ jmp(&miss);
120 } else if (FLAG_test_primary_stub_cache && table == StubCache::kSecondary) {
121 __ jmp(&miss);
122 }
123#endif
124
kasperl@chromium.org86f77b72009-07-06 08:21:57 +0000[diff] [blame]125 // Restore offset and re-load code entry from cache.
126 __ pop(offset);
ulan@chromium.org812308e2012-02-29 15:58:45 +0000[diff] [blame]127 __ mov(offset, Operand::StaticArray(offset, times_1, value_offset));
kasperl@chromium.org86f77b72009-07-06 08:21:57 +0000[diff] [blame]128
129 // Jump to the first instruction in the code stub.
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]130 __ add(offset, Immediate(Code::kHeaderSize - kHeapObjectTag));
131 __ jmp(offset);
kasperl@chromium.org86f77b72009-07-06 08:21:57 +0000[diff] [blame]132
133 // Pop at miss.
134 __ bind(&miss);
135 __ pop(offset);
136 }
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]137}
138
139
kmillikin@chromium.org69ea3962010-07-05 11:01:40 +0000[diff] [blame]140// Helper function used to check that the dictionary doesn't contain
141// the property. This function may return false negatives, so miss_label
142// must always call a backup property check that is complete.
143// This function is safe to call if the receiver has fast properties.
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]144// Name must be unique and receiver must be a heap object.
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]145static void GenerateDictionaryNegativeLookup(MacroAssembler* masm,
146 Label* miss_label,
147 Register receiver,
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]148 Handle<Name> name,
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]149 Register r0,
150 Register r1) {
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]151 ASSERT(name->IsUniqueName());
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]152 Counters* counters = masm->isolate()->counters();
153 __ IncrementCounter(counters->negative_lookups(), 1);
154 __ IncrementCounter(counters->negative_lookups_miss(), 1);
155
156 __ mov(r0, FieldOperand(receiver, HeapObject::kMapOffset));
157
158 const int kInterceptorOrAccessCheckNeededMask =
159 (1 << Map::kHasNamedInterceptor) | (1 << Map::kIsAccessCheckNeeded);
160
161 // Bail out if the receiver has a named interceptor or requires access checks.
162 __ test_b(FieldOperand(r0, Map::kBitFieldOffset),
163 kInterceptorOrAccessCheckNeededMask);
164 __ j(not_zero, miss_label);
165
166 // Check that receiver is a JSObject.
167 __ CmpInstanceType(r0, FIRST_SPEC_OBJECT_TYPE);
168 __ j(below, miss_label);
169
170 // Load properties array.
171 Register properties = r0;
172 __ mov(properties, FieldOperand(receiver, JSObject::kPropertiesOffset));
173
174 // Check that the properties array is a dictionary.
175 __ cmp(FieldOperand(properties, HeapObject::kMapOffset),
176 Immediate(masm->isolate()->factory()->hash_table_map()));
177 __ j(not_equal, miss_label);
178
179 Label done;
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]180 NameDictionaryLookupStub::GenerateNegativeLookup(masm,
181 miss_label,
182 &done,
183 properties,
184 name,
185 r1);
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]186 __ bind(&done);
187 __ DecrementCounter(counters->negative_lookups_miss(), 1);
188}
189
190
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]191void StubCache::GenerateProbe(MacroAssembler* masm,
192 Code::Flags flags,
193 Register receiver,
194 Register name,
kasperl@chromium.org86f77b72009-07-06 08:21:57 +0000[diff] [blame]195 Register scratch,
fschneider@chromium.orge03fb642010-11-01 12:34:09 +0000[diff] [blame]196 Register extra,
ulan@chromium.org812308e2012-02-29 15:58:45 +0000[diff] [blame]197 Register extra2,
198 Register extra3) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]199 Label miss;
200
ulan@chromium.org812308e2012-02-29 15:58:45 +0000[diff] [blame]201 // Assert that code is valid. The multiplying code relies on the entry size
202 // being 12.
203 ASSERT(sizeof(Entry) == 12);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]204
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]205 // Assert the flags do not name a specific type.
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]206 ASSERT(Code::ExtractTypeFromFlags(flags) == 0);
207
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]208 // Assert that there are no register conflicts.
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]209 ASSERT(!scratch.is(receiver));
210 ASSERT(!scratch.is(name));
kasperl@chromium.org86f77b72009-07-06 08:21:57 +0000[diff] [blame]211 ASSERT(!extra.is(receiver));
212 ASSERT(!extra.is(name));
213 ASSERT(!extra.is(scratch));
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]214
ulan@chromium.org812308e2012-02-29 15:58:45 +0000[diff] [blame]215 // Assert scratch and extra registers are valid, and extra2/3 are unused.
fschneider@chromium.orge03fb642010-11-01 12:34:09 +0000[diff] [blame]216 ASSERT(!scratch.is(no_reg));
217 ASSERT(extra2.is(no_reg));
ulan@chromium.org812308e2012-02-29 15:58:45 +0000[diff] [blame]218 ASSERT(extra3.is(no_reg));
219
220 Register offset = scratch;
221 scratch = no_reg;
222
223 Counters* counters = masm->isolate()->counters();
224 __ IncrementCounter(counters->megamorphic_stub_cache_probes(), 1);
fschneider@chromium.orge03fb642010-11-01 12:34:09 +0000[diff] [blame]225
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]226 // Check that the receiver isn't a smi.
whesse@chromium.org7b260152011-06-20 15:33:18 +0000[diff] [blame]227 __ JumpIfSmi(receiver, &miss);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]228
229 // Get the map of the receiver and compute the hash.
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]230 __ mov(offset, FieldOperand(name, Name::kHashFieldOffset));
ulan@chromium.org812308e2012-02-29 15:58:45 +0000[diff] [blame]231 __ add(offset, FieldOperand(receiver, HeapObject::kMapOffset));
232 __ xor_(offset, flags);
233 // We mask out the last two bits because they are not part of the hash and
234 // they are always 01 for maps. Also in the two 'and' instructions below.
235 __ and_(offset, (kPrimaryTableSize - 1) << kHeapObjectTagSize);
236 // ProbeTable expects the offset to be pointer scaled, which it is, because
237 // the heap object tag size is 2 and the pointer size log 2 is also 2.
238 ASSERT(kHeapObjectTagSize == kPointerSizeLog2);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]239
240 // Probe the primary table.
ulan@chromium.org812308e2012-02-29 15:58:45 +0000[diff] [blame]241 ProbeTable(isolate(), masm, flags, kPrimary, name, receiver, offset, extra);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]242
243 // Primary miss: Compute hash for secondary probe.
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]244 __ mov(offset, FieldOperand(name, Name::kHashFieldOffset));
ulan@chromium.org812308e2012-02-29 15:58:45 +0000[diff] [blame]245 __ add(offset, FieldOperand(receiver, HeapObject::kMapOffset));
246 __ xor_(offset, flags);
247 __ and_(offset, (kPrimaryTableSize - 1) << kHeapObjectTagSize);
248 __ sub(offset, name);
249 __ add(offset, Immediate(flags));
250 __ and_(offset, (kSecondaryTableSize - 1) << kHeapObjectTagSize);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]251
252 // Probe the secondary table.
ulan@chromium.org812308e2012-02-29 15:58:45 +0000[diff] [blame]253 ProbeTable(
254 isolate(), masm, flags, kSecondary, name, receiver, offset, extra);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]255
256 // Cache miss: Fall-through and let caller handle the miss by
257 // entering the runtime system.
258 __ bind(&miss);
ulan@chromium.org812308e2012-02-29 15:58:45 +0000[diff] [blame]259 __ IncrementCounter(counters->megamorphic_stub_cache_misses(), 1);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]260}
261
262
263void StubCompiler::GenerateLoadGlobalFunctionPrototype(MacroAssembler* masm,
264 int index,
265 Register prototype) {
ricow@chromium.orgd236f4d2010-09-01 06:52:08 +0000[diff] [blame]266 __ LoadGlobalFunction(index, prototype);
267 __ LoadGlobalFunctionInitialMap(prototype, prototype);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]268 // Load the prototype from the initial map.
269 __ mov(prototype, FieldOperand(prototype, Map::kPrototypeOffset));
270}
271
272
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]273void StubCompiler::GenerateDirectLoadGlobalFunctionPrototype(
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]274 MacroAssembler* masm,
275 int index,
276 Register prototype,
277 Label* miss) {
fschneider@chromium.orgc20610a2010-09-22 09:44:58 +0000[diff] [blame]278 // Check we're still in the same context.
yangguo@chromium.org46839fb2012-08-28 09:06:19 +0000[diff] [blame]279 __ cmp(Operand(esi, Context::SlotOffset(Context::GLOBAL_OBJECT_INDEX)),
280 masm->isolate()->global_object());
fschneider@chromium.orgc20610a2010-09-22 09:44:58 +0000[diff] [blame]281 __ j(not_equal, miss);
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]282 // Get the global function with the given index.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]283 Handle<JSFunction> function(
yangguo@chromium.org46839fb2012-08-28 09:06:19 +0000[diff] [blame]284 JSFunction::cast(masm->isolate()->native_context()->get(index)));
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]285 // Load its initial map. The global functions all have initial maps.
286 __ Set(prototype, Immediate(Handle<Map>(function->initial_map())));
287 // Load the prototype from the initial map.
288 __ mov(prototype, FieldOperand(prototype, Map::kPrototypeOffset));
289}
290
291
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]292void StubCompiler::GenerateLoadArrayLength(MacroAssembler* masm,
293 Register receiver,
294 Register scratch,
295 Label* miss_label) {
296 // Check that the receiver isn't a smi.
whesse@chromium.org7b260152011-06-20 15:33:18 +0000[diff] [blame]297 __ JumpIfSmi(receiver, miss_label);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]298
299 // Check that the object is a JS array.
kasperl@chromium.org7be3c992009-03-12 07:19:55 +0000[diff] [blame]300 __ CmpObjectType(receiver, JS_ARRAY_TYPE, scratch);
vegorov@chromium.org7304bca2011-05-16 12:14:13 +0000[diff] [blame]301 __ j(not_equal, miss_label);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]302
303 // Load length directly from the JS array.
304 __ mov(eax, FieldOperand(receiver, JSArray::kLengthOffset));
305 __ ret(0);
306}
307
308
kasperl@chromium.org9fe21c62008-10-28 08:53:51 +0000[diff] [blame]309// Generate code to check if an object is a string. If the object is
310// a string, the map's instance type is left in the scratch register.
311static void GenerateStringCheck(MacroAssembler* masm,
312 Register receiver,
313 Register scratch,
314 Label* smi,
315 Label* non_string_object) {
316 // Check that the object isn't a smi.
whesse@chromium.org7b260152011-06-20 15:33:18 +0000[diff] [blame]317 __ JumpIfSmi(receiver, smi);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]318
kasperl@chromium.org9fe21c62008-10-28 08:53:51 +0000[diff] [blame]319 // Check that the object is a string.
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]320 __ mov(scratch, FieldOperand(receiver, HeapObject::kMapOffset));
321 __ movzx_b(scratch, FieldOperand(scratch, Map::kInstanceTypeOffset));
yangguo@chromium.org80c42ed2011-08-31 09:03:56 +0000[diff] [blame]322 STATIC_ASSERT(kNotStringTag != 0);
kasperl@chromium.org9fe21c62008-10-28 08:53:51 +0000[diff] [blame]323 __ test(scratch, Immediate(kNotStringTag));
vegorov@chromium.org7304bca2011-05-16 12:14:13 +0000[diff] [blame]324 __ j(not_zero, non_string_object);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]325}
326
327
kasperl@chromium.org9fe21c62008-10-28 08:53:51 +0000[diff] [blame]328void StubCompiler::GenerateLoadStringLength(MacroAssembler* masm,
329 Register receiver,
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]330 Register scratch1,
331 Register scratch2,
ager@chromium.org378b34e2011-01-28 08:04:38 +0000[diff] [blame]332 Label* miss,
333 bool support_wrappers) {
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]334 Label check_wrapper;
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]335
kasperl@chromium.org9bbf9682008-10-30 11:53:07 +0000[diff] [blame]336 // Check if the object is a string leaving the instance type in the
337 // scratch register.
ager@chromium.org378b34e2011-01-28 08:04:38 +0000[diff] [blame]338 GenerateStringCheck(masm, receiver, scratch1, miss,
339 support_wrappers ? &check_wrapper : miss);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]340
sgjesse@chromium.orgac6aa172009-12-04 12:29:05 +0000[diff] [blame]341 // Load length from the string and convert to a smi.
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]342 __ mov(eax, FieldOperand(receiver, String::kLengthOffset));
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]343 __ ret(0);
kasperl@chromium.org9fe21c62008-10-28 08:53:51 +0000[diff] [blame]344
ager@chromium.org378b34e2011-01-28 08:04:38 +0000[diff] [blame]345 if (support_wrappers) {
346 // Check if the object is a JSValue wrapper.
347 __ bind(&check_wrapper);
348 __ cmp(scratch1, JS_VALUE_TYPE);
vegorov@chromium.org7304bca2011-05-16 12:14:13 +0000[diff] [blame]349 __ j(not_equal, miss);
kasperl@chromium.org9fe21c62008-10-28 08:53:51 +0000[diff] [blame]350
ager@chromium.org378b34e2011-01-28 08:04:38 +0000[diff] [blame]351 // Check if the wrapped value is a string and load the length
352 // directly if it is.
353 __ mov(scratch2, FieldOperand(receiver, JSValue::kValueOffset));
354 GenerateStringCheck(masm, scratch2, scratch1, miss, miss);
355 __ mov(eax, FieldOperand(scratch2, String::kLengthOffset));
356 __ ret(0);
357 }
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]358}
359
360
361void StubCompiler::GenerateLoadFunctionPrototype(MacroAssembler* masm,
362 Register receiver,
363 Register scratch1,
364 Register scratch2,
365 Label* miss_label) {
ager@chromium.org7c537e22008-10-16 08:43:32 +0000[diff] [blame]366 __ TryGetFunctionPrototype(receiver, scratch1, scratch2, miss_label);
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]367 __ mov(eax, scratch1);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]368 __ ret(0);
ager@chromium.org7c537e22008-10-16 08:43:32 +0000[diff] [blame]369}
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]370
ager@chromium.org7c537e22008-10-16 08:43:32 +0000[diff] [blame]371
ulan@chromium.org57ff8812013-05-10 08:16:55 +0000[diff] [blame^]372void StubCompiler::GenerateFastPropertyLoad(MacroAssembler* masm,
373 Register dst,
374 Register src,
375 bool inobject,
376 int index,
377 Representation representation) {
378 ASSERT(!FLAG_track_double_fields || !representation.IsDouble());
yangguo@chromium.org4a9f6552013-03-04 14:46:33 +0000[diff] [blame]379 int offset = index * kPointerSize;
380 if (!inobject) {
381 // Calculate the offset into the properties array.
382 offset = offset + FixedArray::kHeaderSize;
383 __ mov(dst, FieldOperand(src, JSObject::kPropertiesOffset));
384 src = dst;
ager@chromium.org7c537e22008-10-16 08:43:32 +0000[diff] [blame]385 }
yangguo@chromium.org4a9f6552013-03-04 14:46:33 +0000[diff] [blame]386 __ mov(dst, FieldOperand(src, offset));
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]387}
388
389
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]390static void PushInterceptorArguments(MacroAssembler* masm,
391 Register receiver,
392 Register holder,
393 Register name,
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]394 Handle<JSObject> holder_obj) {
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]395 __ push(name);
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]396 Handle<InterceptorInfo> interceptor(holder_obj->GetNamedInterceptor());
397 ASSERT(!masm->isolate()->heap()->InNewSpace(*interceptor));
ager@chromium.orgb26c50a2010-03-26 09:27:16 +0000[diff] [blame]398 Register scratch = name;
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]399 __ mov(scratch, Immediate(interceptor));
ager@chromium.orgb26c50a2010-03-26 09:27:16 +0000[diff] [blame]400 __ push(scratch);
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]401 __ push(receiver);
ager@chromium.orgb26c50a2010-03-26 09:27:16 +0000[diff] [blame]402 __ push(holder);
403 __ push(FieldOperand(scratch, InterceptorInfo::kDataOffset));
jkummerow@chromium.org28faa982012-04-13 09:58:30 +0000[diff] [blame]404 __ push(Immediate(reinterpret_cast<int>(masm->isolate())));
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]405}
406
407
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]408static void CompileCallLoadPropertyWithInterceptor(
409 MacroAssembler* masm,
410 Register receiver,
411 Register holder,
412 Register name,
413 Handle<JSObject> holder_obj) {
sgjesse@chromium.org0b6db592009-07-30 14:48:31 +0000[diff] [blame]414 PushInterceptorArguments(masm, receiver, holder, name, holder_obj);
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]415 __ CallExternalReference(
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]416 ExternalReference(IC_Utility(IC::kLoadPropertyWithInterceptorOnly),
417 masm->isolate()),
jkummerow@chromium.org28faa982012-04-13 09:58:30 +0000[diff] [blame]418 6);
sgjesse@chromium.org0b6db592009-07-30 14:48:31 +0000[diff] [blame]419}
420
421
ager@chromium.org01fe7df2010-11-10 11:59:11 +0000[diff] [blame]422// Number of pointers to be reserved on stack for fast API call.
jkummerow@chromium.org28faa982012-04-13 09:58:30 +0000[diff] [blame]423static const int kFastApiCallArguments = 4;
ager@chromium.org01fe7df2010-11-10 11:59:11 +0000[diff] [blame]424
425
vegorov@chromium.org21b5e952010-11-23 10:24:40 +0000[diff] [blame]426// Reserves space for the extra arguments to API function in the
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]427// caller's frame.
428//
429// These arguments are set by CheckPrototypes and GenerateFastApiCall.
430static void ReserveSpaceForFastApiCall(MacroAssembler* masm, Register scratch) {
431 // ----------- S t a t e -------------
432 // -- esp[0] : return address
433 // -- esp[4] : last argument in the internal frame of the caller
434 // -----------------------------------
435 __ pop(scratch);
ager@chromium.org01fe7df2010-11-10 11:59:11 +0000[diff] [blame]436 for (int i = 0; i < kFastApiCallArguments; i++) {
437 __ push(Immediate(Smi::FromInt(0)));
438 }
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]439 __ push(scratch);
440}
441
442
443// Undoes the effects of ReserveSpaceForFastApiCall.
444static void FreeSpaceForFastApiCall(MacroAssembler* masm, Register scratch) {
445 // ----------- S t a t e -------------
ager@chromium.org01fe7df2010-11-10 11:59:11 +0000[diff] [blame]446 // -- esp[0] : return address.
447 // -- esp[4] : last fast api call extra argument.
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]448 // -- ...
ager@chromium.org01fe7df2010-11-10 11:59:11 +0000[diff] [blame]449 // -- esp[kFastApiCallArguments * 4] : first fast api call extra argument.
450 // -- esp[kFastApiCallArguments * 4 + 4] : last argument in the internal
451 // frame.
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]452 // -----------------------------------
453 __ pop(scratch);
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]454 __ add(esp, Immediate(kPointerSize * kFastApiCallArguments));
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]455 __ push(scratch);
456}
457
458
vegorov@chromium.org21b5e952010-11-23 10:24:40 +0000[diff] [blame]459// Generates call to API function.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]460static void GenerateFastApiCall(MacroAssembler* masm,
461 const CallOptimization& optimization,
462 int argc) {
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]463 // ----------- S t a t e -------------
464 // -- esp[0] : return address
465 // -- esp[4] : object passing the type check
466 // (last fast api call extra argument,
467 // set by CheckPrototypes)
ager@chromium.org01fe7df2010-11-10 11:59:11 +0000[diff] [blame]468 // -- esp[8] : api function
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]469 // (first fast api call extra argument)
ager@chromium.org01fe7df2010-11-10 11:59:11 +0000[diff] [blame]470 // -- esp[12] : api call data
jkummerow@chromium.org28faa982012-04-13 09:58:30 +0000[diff] [blame]471 // -- esp[16] : isolate
472 // -- esp[20] : last argument
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]473 // -- ...
jkummerow@chromium.org28faa982012-04-13 09:58:30 +0000[diff] [blame]474 // -- esp[(argc + 4) * 4] : first argument
475 // -- esp[(argc + 5) * 4] : receiver
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]476 // -----------------------------------
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]477 // Get the function and setup the context.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]478 Handle<JSFunction> function = optimization.constant_function();
ricow@chromium.org64e3a4b2011-12-13 08:07:27 +0000[diff] [blame]479 __ LoadHeapObject(edi, function);
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]480 __ mov(esi, FieldOperand(edi, JSFunction::kContextOffset));
481
vegorov@chromium.org21b5e952010-11-23 10:24:40 +0000[diff] [blame]482 // Pass the additional arguments.
ager@chromium.org01fe7df2010-11-10 11:59:11 +0000[diff] [blame]483 __ mov(Operand(esp, 2 * kPointerSize), edi);
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]484 Handle<CallHandlerInfo> api_call_info = optimization.api_call_info();
ulan@chromium.org09d7ab52013-02-25 15:50:35 +0000[diff] [blame]485 Handle<Object> call_data(api_call_info->data(), masm->isolate());
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]486 if (masm->isolate()->heap()->InNewSpace(*call_data)) {
487 __ mov(ecx, api_call_info);
ager@chromium.org01fe7df2010-11-10 11:59:11 +0000[diff] [blame]488 __ mov(ebx, FieldOperand(ecx, CallHandlerInfo::kDataOffset));
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]489 __ mov(Operand(esp, 3 * kPointerSize), ebx);
490 } else {
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]491 __ mov(Operand(esp, 3 * kPointerSize), Immediate(call_data));
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]492 }
jkummerow@chromium.org28faa982012-04-13 09:58:30 +0000[diff] [blame]493 __ mov(Operand(esp, 4 * kPointerSize),
494 Immediate(reinterpret_cast<int>(masm->isolate())));
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]495
erik.corry@gmail.com4a6c3272010-11-18 12:04:40 +0000[diff] [blame]496 // Prepare arguments.
jkummerow@chromium.org28faa982012-04-13 09:58:30 +0000[diff] [blame]497 __ lea(eax, Operand(esp, 4 * kPointerSize));
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]498
erik.corry@gmail.com4a6c3272010-11-18 12:04:40 +0000[diff] [blame]499 const int kApiArgc = 1; // API function gets reference to the v8::Arguments.
ager@chromium.org01fe7df2010-11-10 11:59:11 +0000[diff] [blame]500
erik.corry@gmail.com4a6c3272010-11-18 12:04:40 +0000[diff] [blame]501 // Allocate the v8::Arguments structure in the arguments' space since
502 // it's not controlled by GC.
503 const int kApiStackSpace = 4;
504
jkummerow@chromium.orgddda9e82011-07-06 11:27:02 +0000[diff] [blame]505 __ PrepareCallApiFunction(kApiArgc + kApiStackSpace);
erik.corry@gmail.com4a6c3272010-11-18 12:04:40 +0000[diff] [blame]506
507 __ mov(ApiParameterOperand(1), eax); // v8::Arguments::implicit_args_.
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]508 __ add(eax, Immediate(argc * kPointerSize));
erik.corry@gmail.com4a6c3272010-11-18 12:04:40 +0000[diff] [blame]509 __ mov(ApiParameterOperand(2), eax); // v8::Arguments::values_.
510 __ Set(ApiParameterOperand(3), Immediate(argc)); // v8::Arguments::length_.
511 // v8::Arguments::is_construct_call_.
512 __ Set(ApiParameterOperand(4), Immediate(0));
513
514 // v8::InvocationCallback's argument.
515 __ lea(eax, ApiParameterOperand(1));
516 __ mov(ApiParameterOperand(0), eax);
ager@chromium.org01fe7df2010-11-10 11:59:11 +0000[diff] [blame]517
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]518 // Function address is a foreign pointer outside V8's heap.
519 Address function_address = v8::ToCData<Address>(api_call_info->callback());
520 __ CallApiFunctionAndReturn(function_address,
521 argc + kFastApiCallArguments + 1);
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]522}
523
524
sgjesse@chromium.org0b6db592009-07-30 14:48:31 +0000[diff] [blame]525class CallInterceptorCompiler BASE_EMBEDDED {
526 public:
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]527 CallInterceptorCompiler(StubCompiler* stub_compiler,
528 const ParameterCount& arguments,
ricow@chromium.orgd2be9012011-06-01 06:00:58 +0000[diff] [blame]529 Register name,
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]530 Code::ExtraICState extra_state)
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]531 : stub_compiler_(stub_compiler),
532 arguments_(arguments),
ricow@chromium.orgd2be9012011-06-01 06:00:58 +0000[diff] [blame]533 name_(name),
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]534 extra_state_(extra_state) {}
sgjesse@chromium.org0b6db592009-07-30 14:48:31 +0000[diff] [blame]535
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]536 void Compile(MacroAssembler* masm,
537 Handle<JSObject> object,
538 Handle<JSObject> holder,
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]539 Handle<Name> name,
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]540 LookupResult* lookup,
541 Register receiver,
542 Register scratch1,
543 Register scratch2,
544 Register scratch3,
545 Label* miss) {
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]546 ASSERT(holder->HasNamedInterceptor());
547 ASSERT(!holder->GetNamedInterceptor()->getter()->IsUndefined());
548
549 // Check that the receiver isn't a smi.
whesse@chromium.org7b260152011-06-20 15:33:18 +0000[diff] [blame]550 __ JumpIfSmi(receiver, miss);
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]551
552 CallOptimization optimization(lookup);
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]553 if (optimization.is_constant_call()) {
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]554 CompileCacheable(masm, object, receiver, scratch1, scratch2, scratch3,
555 holder, lookup, name, optimization, miss);
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]556 } else {
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]557 CompileRegular(masm, object, receiver, scratch1, scratch2, scratch3,
558 name, holder, miss);
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]559 }
560 }
561
562 private:
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]563 void CompileCacheable(MacroAssembler* masm,
564 Handle<JSObject> object,
565 Register receiver,
566 Register scratch1,
567 Register scratch2,
568 Register scratch3,
569 Handle<JSObject> interceptor_holder,
570 LookupResult* lookup,
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]571 Handle<Name> name,
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]572 const CallOptimization& optimization,
573 Label* miss_label) {
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]574 ASSERT(optimization.is_constant_call());
575 ASSERT(!lookup->holder()->IsGlobalObject());
576
577 int depth1 = kInvalidProtoDepth;
578 int depth2 = kInvalidProtoDepth;
579 bool can_do_fast_api_call = false;
580 if (optimization.is_simple_api_call() &&
581 !lookup->holder()->IsGlobalObject()) {
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]582 depth1 = optimization.GetPrototypeDepthOfExpectedType(
583 object, interceptor_holder);
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]584 if (depth1 == kInvalidProtoDepth) {
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]585 depth2 = optimization.GetPrototypeDepthOfExpectedType(
586 interceptor_holder, Handle<JSObject>(lookup->holder()));
sgjesse@chromium.org0b6db592009-07-30 14:48:31 +0000[diff] [blame]587 }
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]588 can_do_fast_api_call =
589 depth1 != kInvalidProtoDepth || depth2 != kInvalidProtoDepth;
sgjesse@chromium.org0b6db592009-07-30 14:48:31 +0000[diff] [blame]590 }
591
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]592 Counters* counters = masm->isolate()->counters();
593 __ IncrementCounter(counters->call_const_interceptor(), 1);
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]594
595 if (can_do_fast_api_call) {
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]596 __ IncrementCounter(counters->call_const_interceptor_fast_api(), 1);
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]597 ReserveSpaceForFastApiCall(masm, scratch1);
sgjesse@chromium.org0b6db592009-07-30 14:48:31 +0000[diff] [blame]598 }
599
kmillikin@chromium.org9155e252010-05-26 13:27:57 +0000[diff] [blame]600 // Check that the maps from receiver to interceptor's holder
601 // haven't changed and thus we can invoke interceptor.
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]602 Label miss_cleanup;
603 Label* miss = can_do_fast_api_call ? &miss_cleanup : miss_label;
604 Register holder =
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]605 stub_compiler_->CheckPrototypes(object, receiver, interceptor_holder,
606 scratch1, scratch2, scratch3,
607 name, depth1, miss);
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]608
kmillikin@chromium.org9155e252010-05-26 13:27:57 +0000[diff] [blame]609 // Invoke an interceptor and if it provides a value,
610 // branch to |regular_invoke|.
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]611 Label regular_invoke;
kmillikin@chromium.org9155e252010-05-26 13:27:57 +0000[diff] [blame]612 LoadWithInterceptor(masm, receiver, holder, interceptor_holder,
613 &regular_invoke);
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]614
kmillikin@chromium.org9155e252010-05-26 13:27:57 +0000[diff] [blame]615 // Interceptor returned nothing for this property. Try to use cached
616 // constant function.
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]617
kmillikin@chromium.org9155e252010-05-26 13:27:57 +0000[diff] [blame]618 // Check that the maps from interceptor's holder to constant function's
619 // holder haven't changed and thus we can use cached constant function.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]620 if (*interceptor_holder != lookup->holder()) {
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]621 stub_compiler_->CheckPrototypes(interceptor_holder, receiver,
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]622 Handle<JSObject>(lookup->holder()),
623 scratch1, scratch2, scratch3,
624 name, depth2, miss);
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]625 } else {
626 // CheckPrototypes has a side effect of fetching a 'holder'
627 // for API (object which is instanceof for the signature). It's
628 // safe to omit it here, as if present, it should be fetched
629 // by the previous CheckPrototypes.
630 ASSERT(depth2 == kInvalidProtoDepth);
631 }
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]632
kmillikin@chromium.org9155e252010-05-26 13:27:57 +0000[diff] [blame]633 // Invoke function.
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]634 if (can_do_fast_api_call) {
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]635 GenerateFastApiCall(masm, optimization, arguments_.immediate());
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]636 } else {
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]637 CallKind call_kind = CallICBase::Contextual::decode(extra_state_)
ricow@chromium.orgd2be9012011-06-01 06:00:58 +0000[diff] [blame]638 ? CALL_AS_FUNCTION
639 : CALL_AS_METHOD;
ulan@chromium.org32d7dba2013-04-24 10:59:06 +0000[diff] [blame]640 Handle<JSFunction> function = optimization.constant_function();
641 ParameterCount expected(function);
642 __ InvokeFunction(function, expected, arguments_,
ricow@chromium.orgd2be9012011-06-01 06:00:58 +0000[diff] [blame]643 JUMP_FUNCTION, NullCallWrapper(), call_kind);
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]644 }
645
kmillikin@chromium.org9155e252010-05-26 13:27:57 +0000[diff] [blame]646 // Deferred code for fast API call case---clean preallocated space.
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]647 if (can_do_fast_api_call) {
648 __ bind(&miss_cleanup);
649 FreeSpaceForFastApiCall(masm, scratch1);
650 __ jmp(miss_label);
651 }
652
kmillikin@chromium.org9155e252010-05-26 13:27:57 +0000[diff] [blame]653 // Invoke a regular function.
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]654 __ bind(&regular_invoke);
655 if (can_do_fast_api_call) {
656 FreeSpaceForFastApiCall(masm, scratch1);
657 }
658 }
659
660 void CompileRegular(MacroAssembler* masm,
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]661 Handle<JSObject> object,
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]662 Register receiver,
663 Register scratch1,
664 Register scratch2,
ager@chromium.org6a2b0aa2010-07-13 20:58:03 +0000[diff] [blame]665 Register scratch3,
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]666 Handle<Name> name,
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]667 Handle<JSObject> interceptor_holder,
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]668 Label* miss_label) {
669 Register holder =
kmillikin@chromium.org9155e252010-05-26 13:27:57 +0000[diff] [blame]670 stub_compiler_->CheckPrototypes(object, receiver, interceptor_holder,
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]671 scratch1, scratch2, scratch3,
672 name, miss_label);
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]673
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]674 FrameScope scope(masm, StackFrame::INTERNAL);
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]675 // Save the name_ register across the call.
676 __ push(name_);
677
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]678 PushInterceptorArguments(masm, receiver, holder, name_, interceptor_holder);
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]679
680 __ CallExternalReference(
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]681 ExternalReference(IC_Utility(IC::kLoadPropertyWithInterceptorForCall),
682 masm->isolate()),
jkummerow@chromium.org28faa982012-04-13 09:58:30 +0000[diff] [blame]683 6);
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]684
685 // Restore the name_ register.
686 __ pop(name_);
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]687
688 // Leave the internal frame.
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]689 }
690
691 void LoadWithInterceptor(MacroAssembler* masm,
692 Register receiver,
693 Register holder,
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]694 Handle<JSObject> holder_obj,
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]695 Label* interceptor_succeeded) {
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]696 {
697 FrameScope scope(masm, StackFrame::INTERNAL);
698 __ push(holder); // Save the holder.
699 __ push(name_); // Save the name.
sgjesse@chromium.org0b6db592009-07-30 14:48:31 +0000[diff] [blame]700
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]701 CompileCallLoadPropertyWithInterceptor(masm,
702 receiver,
703 holder,
704 name_,
705 holder_obj);
sgjesse@chromium.org0b6db592009-07-30 14:48:31 +0000[diff] [blame]706
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]707 __ pop(name_); // Restore the name.
708 __ pop(receiver); // Restore the holder.
709 // Leave the internal frame.
710 }
sgjesse@chromium.org0b6db592009-07-30 14:48:31 +0000[diff] [blame]711
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]712 __ cmp(eax, masm->isolate()->factory()->no_interceptor_result_sentinel());
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]713 __ j(not_equal, interceptor_succeeded);
sgjesse@chromium.org0b6db592009-07-30 14:48:31 +0000[diff] [blame]714 }
715
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]716 StubCompiler* stub_compiler_;
sgjesse@chromium.org0b6db592009-07-30 14:48:31 +0000[diff] [blame]717 const ParameterCount& arguments_;
sgjesse@chromium.org846fb742009-12-18 08:56:33 +0000[diff] [blame]718 Register name_;
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]719 Code::ExtraICState extra_state_;
sgjesse@chromium.org0b6db592009-07-30 14:48:31 +0000[diff] [blame]720};
721
722
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]723void BaseStoreStubCompiler::GenerateRestoreName(MacroAssembler* masm,
724 Label* label,
725 Handle<Name> name) {
726 if (!label->is_unused()) {
727 __ bind(label);
728 __ mov(this->name(), Immediate(name));
729 }
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]730}
731
732
mstarzinger@chromium.orge27d6172013-04-17 11:51:44 +0000[diff] [blame]733// Generate code to check that a global property cell is empty. Create
734// the property cell at compilation time if no cell exists for the
735// property.
736static void GenerateCheckPropertyCell(MacroAssembler* masm,
737 Handle<GlobalObject> global,
738 Handle<Name> name,
739 Register scratch,
740 Label* miss) {
741 Handle<JSGlobalPropertyCell> cell =
742 GlobalObject::EnsurePropertyCell(global, name);
743 ASSERT(cell->value()->IsTheHole());
744 Handle<Oddball> the_hole = masm->isolate()->factory()->the_hole_value();
745 if (Serializer::enabled()) {
746 __ mov(scratch, Immediate(cell));
747 __ cmp(FieldOperand(scratch, JSGlobalPropertyCell::kValueOffset),
748 Immediate(the_hole));
749 } else {
750 __ cmp(Operand::Cell(cell), Immediate(the_hole));
751 }
752 __ j(not_equal, miss);
753}
754
755
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]756// Both name_reg and receiver_reg are preserved on jumps to miss_label,
757// but may be destroyed if store is successful.
mstarzinger@chromium.orge27d6172013-04-17 11:51:44 +0000[diff] [blame]758void StubCompiler::GenerateStoreTransition(MacroAssembler* masm,
759 Handle<JSObject> object,
760 LookupResult* lookup,
761 Handle<Map> transition,
762 Handle<Name> name,
763 Register receiver_reg,
764 Register name_reg,
765 Register value_reg,
766 Register scratch1,
767 Register scratch2,
ulan@chromium.org57ff8812013-05-10 08:16:55 +0000[diff] [blame^]768 Register unused,
mstarzinger@chromium.orge27d6172013-04-17 11:51:44 +0000[diff] [blame]769 Label* miss_label,
ulan@chromium.org57ff8812013-05-10 08:16:55 +0000[diff] [blame^]770 Label* miss_restore_name,
771 Label* slow) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]772 // Check that the map of the object hasn't changed.
erik.corry@gmail.comf2038fb2012-01-16 11:42:08 +0000[diff] [blame]773 __ CheckMap(receiver_reg, Handle<Map>(object->map()),
mstarzinger@chromium.orge27d6172013-04-17 11:51:44 +0000[diff] [blame]774 miss_label, DO_SMI_CHECK, REQUIRE_EXACT_MAP);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]775
776 // Perform global security token check if needed.
kasperl@chromium.org5a8ca6c2008-10-23 13:57:19 +0000[diff] [blame]777 if (object->IsJSGlobalProxy()) {
mstarzinger@chromium.orge27d6172013-04-17 11:51:44 +0000[diff] [blame]778 __ CheckAccessGlobalProxy(receiver_reg, scratch1, scratch2, miss_label);
mmassi@chromium.org7028c052012-06-13 11:51:58 +0000[diff] [blame]779 }
780
danno@chromium.orgf005df62013-04-30 16:36:45 +0000[diff] [blame]781 int descriptor = transition->LastAdded();
782 DescriptorArray* descriptors = transition->instance_descriptors();
783 PropertyDetails details = descriptors->GetDetails(descriptor);
784 Representation representation = details.representation();
785 ASSERT(!representation.IsNone());
786
787 // Ensure no transitions to deprecated maps are followed.
788 __ CheckMapDeprecated(transition, scratch1, miss_label);
789
mmassi@chromium.org7028c052012-06-13 11:51:58 +0000[diff] [blame]790 // Check that we are allowed to write this.
mstarzinger@chromium.orge27d6172013-04-17 11:51:44 +0000[diff] [blame]791 if (object->GetPrototype()->IsJSObject()) {
mmassi@chromium.org7028c052012-06-13 11:51:58 +0000[diff] [blame]792 JSObject* holder;
mstarzinger@chromium.orgf705b502013-04-04 11:38:09 +0000[diff] [blame]793 // holder == object indicates that no property was found.
794 if (lookup->holder() != *object) {
795 holder = lookup->holder();
mmassi@chromium.org7028c052012-06-13 11:51:58 +0000[diff] [blame]796 } else {
797 // Find the top object.
798 holder = *object;
799 do {
800 holder = JSObject::cast(holder->GetPrototype());
801 } while (holder->GetPrototype()->IsJSObject());
802 }
803 // We need an extra register, push
mstarzinger@chromium.orgf705b502013-04-04 11:38:09 +0000[diff] [blame]804 Register holder_reg = CheckPrototypes(
805 object, receiver_reg, Handle<JSObject>(holder), name_reg,
ulan@chromium.org57ff8812013-05-10 08:16:55 +0000[diff] [blame^]806 scratch1, scratch2, name, miss_restore_name, SKIP_RECEIVER);
mstarzinger@chromium.orgf705b502013-04-04 11:38:09 +0000[diff] [blame]807 // If no property was found, and the holder (the last object in the
808 // prototype chain) is in slow mode, we need to do a negative lookup on the
809 // holder.
mstarzinger@chromium.orge27d6172013-04-17 11:51:44 +0000[diff] [blame]810 if (lookup->holder() == *object) {
811 if (holder->IsJSGlobalObject()) {
812 GenerateCheckPropertyCell(
813 masm,
814 Handle<GlobalObject>(GlobalObject::cast(holder)),
815 name,
816 scratch1,
817 miss_restore_name);
818 } else if (!holder->HasFastProperties() && !holder->IsJSGlobalProxy()) {
819 GenerateDictionaryNegativeLookup(
820 masm, miss_restore_name, holder_reg, name, scratch1, scratch2);
821 }
mstarzinger@chromium.orgf705b502013-04-04 11:38:09 +0000[diff] [blame]822 }
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]823 }
824
ulan@chromium.org57ff8812013-05-10 08:16:55 +0000[diff] [blame^]825 Register storage_reg = name_reg;
826
827 if (FLAG_track_fields && representation.IsSmi()) {
828 __ JumpIfNotSmi(value_reg, miss_restore_name);
829 } else if (FLAG_track_double_fields && representation.IsDouble()) {
830 Label do_store, heap_number;
831 __ AllocateHeapNumber(storage_reg, scratch1, scratch2, slow);
832
833 __ JumpIfNotSmi(value_reg, &heap_number);
834 __ SmiUntag(value_reg);
835 if (CpuFeatures::IsSupported(SSE2)) {
836 CpuFeatureScope use_sse2(masm, SSE2);
837 __ cvtsi2sd(xmm0, value_reg);
838 } else {
839 __ push(value_reg);
840 __ fild_s(Operand(esp, 0));
841 __ pop(value_reg);
842 }
843 __ SmiTag(value_reg);
844 __ jmp(&do_store);
845
846 __ bind(&heap_number);
847 __ CheckMap(value_reg, masm->isolate()->factory()->heap_number_map(),
848 miss_restore_name, DONT_DO_SMI_CHECK, REQUIRE_EXACT_MAP);
849 if (CpuFeatures::IsSupported(SSE2)) {
850 CpuFeatureScope use_sse2(masm, SSE2);
851 __ movdbl(xmm0, FieldOperand(value_reg, HeapNumber::kValueOffset));
852 } else {
853 __ fld_d(FieldOperand(value_reg, HeapNumber::kValueOffset));
854 }
855
856 __ bind(&do_store);
857 if (CpuFeatures::IsSupported(SSE2)) {
858 CpuFeatureScope use_sse2(masm, SSE2);
859 __ movdbl(FieldOperand(storage_reg, HeapNumber::kValueOffset), xmm0);
860 } else {
861 __ fstp_d(FieldOperand(storage_reg, HeapNumber::kValueOffset));
862 }
863 }
864
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]865 // Stub never generated for non-global objects that require access
866 // checks.
kasperl@chromium.org5a8ca6c2008-10-23 13:57:19 +0000[diff] [blame]867 ASSERT(object->IsJSGlobalProxy() || !object->IsAccessCheckNeeded());
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]868
kasperl@chromium.org1accd572008-10-07 10:57:21 +0000[diff] [blame]869 // Perform map transition for the receiver if necessary.
mstarzinger@chromium.orge27d6172013-04-17 11:51:44 +0000[diff] [blame]870 if (object->map()->unused_property_fields() == 0) {
kasperl@chromium.org1accd572008-10-07 10:57:21 +0000[diff] [blame]871 // The properties must be extended before we can store the value.
ager@chromium.org32912102009-01-16 10:38:43 +0000[diff] [blame]872 // We jump to a runtime call that extends the properties array.
mmassi@chromium.org7028c052012-06-13 11:51:58 +0000[diff] [blame]873 __ pop(scratch1); // Return address.
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]874 __ push(receiver_reg);
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]875 __ push(Immediate(transition));
ulan@chromium.org57ff8812013-05-10 08:16:55 +0000[diff] [blame^]876 __ push(value_reg);
mmassi@chromium.org7028c052012-06-13 11:51:58 +0000[diff] [blame]877 __ push(scratch1);
ager@chromium.orgce5e87b2010-03-10 10:24:18 +0000[diff] [blame]878 __ TailCallExternalReference(
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]879 ExternalReference(IC_Utility(IC::kSharedStoreIC_ExtendStorage),
880 masm->isolate()),
881 3,
882 1);
kasperl@chromium.org1accd572008-10-07 10:57:21 +0000[diff] [blame]883 return;
884 }
885
mstarzinger@chromium.orge27d6172013-04-17 11:51:44 +0000[diff] [blame]886 // Update the map of the object.
887 __ mov(scratch1, Immediate(transition));
888 __ mov(FieldOperand(receiver_reg, HeapObject::kMapOffset), scratch1);
verwaest@chromium.org37141392012-05-31 13:27:02 +0000[diff] [blame]889
ulan@chromium.org57ff8812013-05-10 08:16:55 +0000[diff] [blame^]890 // Update the write barrier for the map field.
mstarzinger@chromium.orge27d6172013-04-17 11:51:44 +0000[diff] [blame]891 __ RecordWriteField(receiver_reg,
892 HeapObject::kMapOffset,
893 scratch1,
ulan@chromium.org57ff8812013-05-10 08:16:55 +0000[diff] [blame^]894 scratch2,
mstarzinger@chromium.orge27d6172013-04-17 11:51:44 +0000[diff] [blame]895 kDontSaveFPRegs,
896 OMIT_REMEMBERED_SET,
897 OMIT_SMI_CHECK);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]898
mstarzinger@chromium.orge27d6172013-04-17 11:51:44 +0000[diff] [blame]899 int index = transition->instance_descriptors()->GetFieldIndex(
900 transition->LastAdded());
mstarzinger@chromium.orgf705b502013-04-04 11:38:09 +0000[diff] [blame]901
ager@chromium.orga74f0da2008-12-03 16:05:52 +0000[diff] [blame]902 // Adjust for the number of properties stored in the object. Even in the
903 // face of a transition we can use the old map here because the size of the
904 // object and the number of in-object properties is not going to change.
905 index -= object->map()->inobject_properties();
906
mstarzinger@chromium.orge27d6172013-04-17 11:51:44 +0000[diff] [blame]907 // TODO(verwaest): Share this code as a code stub.
ager@chromium.org7c537e22008-10-16 08:43:32 +0000[diff] [blame]908 if (index < 0) {
909 // Set the property straight into the object.
910 int offset = object->map()->instance_size() + (index * kPointerSize);
ulan@chromium.org57ff8812013-05-10 08:16:55 +0000[diff] [blame^]911 if (FLAG_track_double_fields && representation.IsDouble()) {
912 __ mov(FieldOperand(receiver_reg, offset), storage_reg);
913 } else {
914 __ mov(FieldOperand(receiver_reg, offset), value_reg);
915 }
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]916
danno@chromium.orgf005df62013-04-30 16:36:45 +0000[diff] [blame]917 if (!FLAG_track_fields || !representation.IsSmi()) {
918 // Update the write barrier for the array address.
919 // Pass the value being stored in the now unused name_reg.
ulan@chromium.org57ff8812013-05-10 08:16:55 +0000[diff] [blame^]920 if (!FLAG_track_double_fields || !representation.IsDouble()) {
921 __ mov(name_reg, value_reg);
922 } else {
923 ASSERT(storage_reg.is(name_reg));
924 }
danno@chromium.orgf005df62013-04-30 16:36:45 +0000[diff] [blame]925 __ RecordWriteField(receiver_reg,
926 offset,
927 name_reg,
928 scratch1,
929 kDontSaveFPRegs);
930 }
ager@chromium.org7c537e22008-10-16 08:43:32 +0000[diff] [blame]931 } else {
932 // Write to the properties array.
kasperl@chromium.orge959c182009-07-27 08:59:04 +0000[diff] [blame]933 int offset = index * kPointerSize + FixedArray::kHeaderSize;
ager@chromium.orga74f0da2008-12-03 16:05:52 +0000[diff] [blame]934 // Get the properties array (optimistically).
mmassi@chromium.org7028c052012-06-13 11:51:58 +0000[diff] [blame]935 __ mov(scratch1, FieldOperand(receiver_reg, JSObject::kPropertiesOffset));
ulan@chromium.org57ff8812013-05-10 08:16:55 +0000[diff] [blame^]936 if (FLAG_track_double_fields && representation.IsDouble()) {
937 __ mov(FieldOperand(scratch1, offset), storage_reg);
938 } else {
939 __ mov(FieldOperand(scratch1, offset), value_reg);
940 }
ager@chromium.org7c537e22008-10-16 08:43:32 +0000[diff] [blame]941
danno@chromium.orgf005df62013-04-30 16:36:45 +0000[diff] [blame]942 if (!FLAG_track_fields || !representation.IsSmi()) {
943 // Update the write barrier for the array address.
944 // Pass the value being stored in the now unused name_reg.
ulan@chromium.org57ff8812013-05-10 08:16:55 +0000[diff] [blame^]945 if (!FLAG_track_double_fields || !representation.IsDouble()) {
946 __ mov(name_reg, value_reg);
947 } else {
948 ASSERT(storage_reg.is(name_reg));
949 }
danno@chromium.orgf005df62013-04-30 16:36:45 +0000[diff] [blame]950 __ RecordWriteField(scratch1,
951 offset,
952 name_reg,
953 receiver_reg,
954 kDontSaveFPRegs);
955 }
ager@chromium.org7c537e22008-10-16 08:43:32 +0000[diff] [blame]956 }
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]957
958 // Return the value (register eax).
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]959 ASSERT(value_reg.is(eax));
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]960 __ ret(0);
961}
962
963
mstarzinger@chromium.orge27d6172013-04-17 11:51:44 +0000[diff] [blame]964// Both name_reg and receiver_reg are preserved on jumps to miss_label,
965// but may be destroyed if store is successful.
966void StubCompiler::GenerateStoreField(MacroAssembler* masm,
967 Handle<JSObject> object,
968 LookupResult* lookup,
969 Register receiver_reg,
970 Register name_reg,
971 Register value_reg,
972 Register scratch1,
973 Register scratch2,
974 Label* miss_label) {
975 // Check that the map of the object hasn't changed.
976 __ CheckMap(receiver_reg, Handle<Map>(object->map()),
977 miss_label, DO_SMI_CHECK, ALLOW_ELEMENT_TRANSITION_MAPS);
978
979 // Perform global security token check if needed.
980 if (object->IsJSGlobalProxy()) {
981 __ CheckAccessGlobalProxy(receiver_reg, scratch1, scratch2, miss_label);
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]982 }
mstarzinger@chromium.orge27d6172013-04-17 11:51:44 +0000[diff] [blame]983
984 // Stub never generated for non-global objects that require access
985 // checks.
986 ASSERT(object->IsJSGlobalProxy() || !object->IsAccessCheckNeeded());
987
988 int index = lookup->GetFieldIndex().field_index();
989
990 // Adjust for the number of properties stored in the object. Even in the
991 // face of a transition we can use the old map here because the size of the
992 // object and the number of in-object properties is not going to change.
993 index -= object->map()->inobject_properties();
994
danno@chromium.orgf005df62013-04-30 16:36:45 +0000[diff] [blame]995 Representation representation = lookup->representation();
996 ASSERT(!representation.IsNone());
997 if (FLAG_track_fields && representation.IsSmi()) {
998 __ JumpIfNotSmi(value_reg, miss_label);
999 } else if (FLAG_track_double_fields && representation.IsDouble()) {
ulan@chromium.org57ff8812013-05-10 08:16:55 +0000[diff] [blame^]1000 // Load the double storage.
1001 if (index < 0) {
1002 int offset = object->map()->instance_size() + (index * kPointerSize);
1003 __ mov(scratch1, FieldOperand(receiver_reg, offset));
1004 } else {
1005 __ mov(scratch1, FieldOperand(receiver_reg, JSObject::kPropertiesOffset));
1006 int offset = index * kPointerSize + FixedArray::kHeaderSize;
1007 __ mov(scratch1, FieldOperand(scratch1, offset));
1008 }
1009
1010 // Store the value into the storage.
1011 Label do_store, heap_number;
1012 __ JumpIfNotSmi(value_reg, &heap_number);
1013 __ SmiUntag(value_reg);
1014 if (CpuFeatures::IsSupported(SSE2)) {
1015 CpuFeatureScope use_sse2(masm, SSE2);
1016 __ cvtsi2sd(xmm0, value_reg);
1017 } else {
1018 __ push(value_reg);
1019 __ fild_s(Operand(esp, 0));
1020 __ pop(value_reg);
1021 }
1022 __ SmiTag(value_reg);
1023 __ jmp(&do_store);
1024 __ bind(&heap_number);
danno@chromium.orgf005df62013-04-30 16:36:45 +0000[diff] [blame]1025 __ CheckMap(value_reg, masm->isolate()->factory()->heap_number_map(),
1026 miss_label, DONT_DO_SMI_CHECK, REQUIRE_EXACT_MAP);
ulan@chromium.org57ff8812013-05-10 08:16:55 +0000[diff] [blame^]1027 if (CpuFeatures::IsSupported(SSE2)) {
1028 CpuFeatureScope use_sse2(masm, SSE2);
1029 __ movdbl(xmm0, FieldOperand(value_reg, HeapNumber::kValueOffset));
1030 } else {
1031 __ fld_d(FieldOperand(value_reg, HeapNumber::kValueOffset));
1032 }
danno@chromium.orgf005df62013-04-30 16:36:45 +0000[diff] [blame]1033 __ bind(&do_store);
ulan@chromium.org57ff8812013-05-10 08:16:55 +0000[diff] [blame^]1034 if (CpuFeatures::IsSupported(SSE2)) {
1035 CpuFeatureScope use_sse2(masm, SSE2);
1036 __ movdbl(FieldOperand(scratch1, HeapNumber::kValueOffset), xmm0);
1037 } else {
1038 __ fstp_d(FieldOperand(scratch1, HeapNumber::kValueOffset));
1039 }
1040 // Return the value (register eax).
1041 ASSERT(value_reg.is(eax));
1042 __ ret(0);
1043 return;
danno@chromium.orgf005df62013-04-30 16:36:45 +0000[diff] [blame]1044 }
1045
ulan@chromium.org57ff8812013-05-10 08:16:55 +0000[diff] [blame^]1046 ASSERT(!FLAG_track_double_fields || !representation.IsDouble());
mstarzinger@chromium.orge27d6172013-04-17 11:51:44 +0000[diff] [blame]1047 // TODO(verwaest): Share this code as a code stub.
1048 if (index < 0) {
1049 // Set the property straight into the object.
1050 int offset = object->map()->instance_size() + (index * kPointerSize);
1051 __ mov(FieldOperand(receiver_reg, offset), value_reg);
1052
danno@chromium.orgf005df62013-04-30 16:36:45 +0000[diff] [blame]1053 if (!FLAG_track_fields || !representation.IsSmi()) {
1054 // Update the write barrier for the array address.
1055 // Pass the value being stored in the now unused name_reg.
1056 __ mov(name_reg, value_reg);
1057 __ RecordWriteField(receiver_reg,
1058 offset,
1059 name_reg,
1060 scratch1,
1061 kDontSaveFPRegs);
1062 }
mstarzinger@chromium.orge27d6172013-04-17 11:51:44 +0000[diff] [blame]1063 } else {
1064 // Write to the properties array.
1065 int offset = index * kPointerSize + FixedArray::kHeaderSize;
1066 // Get the properties array (optimistically).
1067 __ mov(scratch1, FieldOperand(receiver_reg, JSObject::kPropertiesOffset));
ulan@chromium.org57ff8812013-05-10 08:16:55 +0000[diff] [blame^]1068 __ mov(FieldOperand(scratch1, offset), value_reg);
mstarzinger@chromium.orge27d6172013-04-17 11:51:44 +0000[diff] [blame]1069
danno@chromium.orgf005df62013-04-30 16:36:45 +0000[diff] [blame]1070 if (!FLAG_track_fields || !representation.IsSmi()) {
1071 // Update the write barrier for the array address.
1072 // Pass the value being stored in the now unused name_reg.
1073 __ mov(name_reg, value_reg);
1074 __ RecordWriteField(scratch1,
1075 offset,
1076 name_reg,
1077 receiver_reg,
1078 kDontSaveFPRegs);
1079 }
mstarzinger@chromium.orge27d6172013-04-17 11:51:44 +0000[diff] [blame]1080 }
1081
1082 // Return the value (register eax).
1083 ASSERT(value_reg.is(eax));
1084 __ ret(0);
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]1085}
1086
1087
kmillikin@chromium.org69ea3962010-07-05 11:01:40 +0000[diff] [blame]1088// Calls GenerateCheckPropertyCell for each global object in the prototype chain
1089// from object to (but not including) holder.
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]1090static void GenerateCheckPropertyCells(MacroAssembler* masm,
1091 Handle<JSObject> object,
1092 Handle<JSObject> holder,
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]1093 Handle<Name> name,
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]1094 Register scratch,
1095 Label* miss) {
1096 Handle<JSObject> current = object;
1097 while (!current.is_identical_to(holder)) {
1098 if (current->IsGlobalObject()) {
1099 GenerateCheckPropertyCell(masm,
1100 Handle<GlobalObject>::cast(current),
1101 name,
1102 scratch,
1103 miss);
1104 }
1105 current = Handle<JSObject>(JSObject::cast(current->GetPrototype()));
1106 }
1107}
1108
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1109
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]1110void StubCompiler::GenerateTailCall(MacroAssembler* masm, Handle<Code> code) {
yangguo@chromium.org4a9f6552013-03-04 14:46:33 +0000[diff] [blame]1111 __ jmp(code, RelocInfo::CODE_TARGET);
1112}
1113
1114
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]1115#undef __
1116#define __ ACCESS_MASM(masm())
1117
1118
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]1119Register StubCompiler::CheckPrototypes(Handle<JSObject> object,
1120 Register object_reg,
1121 Handle<JSObject> holder,
1122 Register holder_reg,
1123 Register scratch1,
1124 Register scratch2,
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]1125 Handle<Name> name,
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]1126 int save_at_depth,
yangguo@chromium.org4a9f6552013-03-04 14:46:33 +0000[diff] [blame]1127 Label* miss,
1128 PrototypeCheckType check) {
1129 Handle<JSObject> first = object;
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]1130 // Make sure there's no overlap between holder and object registers.
1131 ASSERT(!scratch1.is(object_reg) && !scratch1.is(holder_reg));
1132 ASSERT(!scratch2.is(object_reg) && !scratch2.is(holder_reg)
1133 && !scratch2.is(scratch1));
1134
1135 // Keep track of the current object in register reg.
1136 Register reg = object_reg;
1137 Handle<JSObject> current = object;
1138 int depth = 0;
1139
1140 if (save_at_depth == depth) {
1141 __ mov(Operand(esp, kPointerSize), reg);
1142 }
1143
1144 // Traverse the prototype chain and check the maps in the prototype chain for
1145 // fast and global objects or do negative lookup for normal objects.
1146 while (!current.is_identical_to(holder)) {
1147 ++depth;
1148
1149 // Only global objects and objects that do not require access
1150 // checks are allowed in stubs.
1151 ASSERT(current->IsJSGlobalProxy() || !current->IsAccessCheckNeeded());
1152
1153 Handle<JSObject> prototype(JSObject::cast(current->GetPrototype()));
1154 if (!current->HasFastProperties() &&
1155 !current->IsJSGlobalObject() &&
1156 !current->IsJSGlobalProxy()) {
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]1157 if (!name->IsUniqueName()) {
1158 ASSERT(name->IsString());
1159 name = factory()->InternalizeString(Handle<String>::cast(name));
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]1160 }
1161 ASSERT(current->property_dictionary()->FindEntry(*name) ==
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]1162 NameDictionary::kNotFound);
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]1163
1164 GenerateDictionaryNegativeLookup(masm(), miss, reg, name,
1165 scratch1, scratch2);
1166
1167 __ mov(scratch1, FieldOperand(reg, HeapObject::kMapOffset));
1168 reg = holder_reg; // From now on the object will be in holder_reg.
1169 __ mov(reg, FieldOperand(scratch1, Map::kPrototypeOffset));
1170 } else {
1171 bool in_new_space = heap()->InNewSpace(*prototype);
1172 Handle<Map> current_map(current->map());
yangguo@chromium.org4a9f6552013-03-04 14:46:33 +0000[diff] [blame]1173 if (!current.is_identical_to(first) || check == CHECK_ALL_MAPS) {
1174 __ CheckMap(reg, current_map, miss, DONT_DO_SMI_CHECK,
1175 ALLOW_ELEMENT_TRANSITION_MAPS);
1176 }
erik.corry@gmail.comf2038fb2012-01-16 11:42:08 +0000[diff] [blame]1177
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]1178 // Check access rights to the global object. This has to happen after
1179 // the map check so that we know that the object is actually a global
1180 // object.
1181 if (current->IsJSGlobalProxy()) {
mstarzinger@chromium.orge27d6172013-04-17 11:51:44 +0000[diff] [blame]1182 __ CheckAccessGlobalProxy(reg, scratch1, scratch2, miss);
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]1183 }
mstarzinger@chromium.orge27d6172013-04-17 11:51:44 +0000[diff] [blame]1184
1185 if (in_new_space) {
1186 // Save the map in scratch1 for later.
1187 __ mov(scratch1, FieldOperand(reg, HeapObject::kMapOffset));
1188 }
1189
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]1190 reg = holder_reg; // From now on the object will be in holder_reg.
1191
1192 if (in_new_space) {
1193 // The prototype is in new space; we cannot store a reference to it
1194 // in the code. Load it from the map.
1195 __ mov(reg, FieldOperand(scratch1, Map::kPrototypeOffset));
1196 } else {
1197 // The prototype is in old space; load it directly.
1198 __ mov(reg, prototype);
1199 }
1200 }
1201
1202 if (save_at_depth == depth) {
1203 __ mov(Operand(esp, kPointerSize), reg);
1204 }
1205
1206 // Go to the next object in the prototype chain.
1207 current = prototype;
1208 }
1209 ASSERT(current.is_identical_to(holder));
1210
1211 // Log the check depth.
1212 LOG(isolate(), IntEvent("check-maps-depth", depth + 1));
1213
yangguo@chromium.org4a9f6552013-03-04 14:46:33 +0000[diff] [blame]1214 if (!holder.is_identical_to(first) || check == CHECK_ALL_MAPS) {
1215 // Check the holder map.
1216 __ CheckMap(reg, Handle<Map>(holder->map()),
1217 miss, DONT_DO_SMI_CHECK, ALLOW_ELEMENT_TRANSITION_MAPS);
1218 }
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]1219
1220 // Perform security check for access to the global object.
1221 ASSERT(holder->IsJSGlobalProxy() || !holder->IsAccessCheckNeeded());
1222 if (holder->IsJSGlobalProxy()) {
mstarzinger@chromium.orge27d6172013-04-17 11:51:44 +0000[diff] [blame]1223 __ CheckAccessGlobalProxy(reg, scratch1, scratch2, miss);
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]1224 }
1225
1226 // If we've skipped any global objects, it's not enough to verify that
1227 // their maps haven't changed. We also need to check that the property
1228 // cell for the property is still empty.
1229 GenerateCheckPropertyCells(masm(), object, holder, name, scratch1, miss);
1230
1231 // Return the register containing the holder.
1232 return reg;
1233}
1234
1235
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1236void BaseLoadStubCompiler::HandlerFrontendFooter(Label* success,
1237 Label* miss) {
yangguo@chromium.org4a9f6552013-03-04 14:46:33 +0000[diff] [blame]1238 if (!miss->is_unused()) {
1239 __ jmp(success);
1240 __ bind(miss);
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]1241 TailCallBuiltin(masm(), MissBuiltin(kind()));
yangguo@chromium.org4a9f6552013-03-04 14:46:33 +0000[diff] [blame]1242 }
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1243}
kasperl@chromium.orgdefbd102009-07-13 14:04:26 +0000[diff] [blame]1244
kasperl@chromium.orgdefbd102009-07-13 14:04:26 +0000[diff] [blame]1245
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1246Register BaseLoadStubCompiler::CallbackHandlerFrontend(
1247 Handle<JSObject> object,
1248 Register object_reg,
1249 Handle<JSObject> holder,
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]1250 Handle<Name> name,
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1251 Label* success,
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1252 Handle<ExecutableAccessorInfo> callback) {
1253 Label miss;
1254
yangguo@chromium.org4a9f6552013-03-04 14:46:33 +0000[diff] [blame]1255 Register reg = HandlerFrontendHeader(object, object_reg, holder, name, &miss);
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1256
1257 if (!holder->HasFastProperties() && !holder->IsJSGlobalObject()) {
1258 ASSERT(!reg.is(scratch2()));
1259 ASSERT(!reg.is(scratch3()));
1260 Register dictionary = scratch1();
1261 bool must_preserve_dictionary_reg = reg.is(dictionary);
1262
1263 // Load the properties dictionary.
1264 if (must_preserve_dictionary_reg) {
1265 __ push(dictionary);
1266 }
1267 __ mov(dictionary, FieldOperand(reg, JSObject::kPropertiesOffset));
1268
1269 // Probe the dictionary.
1270 Label probe_done, pop_and_miss;
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]1271 NameDictionaryLookupStub::GeneratePositiveLookup(masm(),
1272 &pop_and_miss,
1273 &probe_done,
1274 dictionary,
1275 this->name(),
1276 scratch2(),
1277 scratch3());
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1278 __ bind(&pop_and_miss);
1279 if (must_preserve_dictionary_reg) {
1280 __ pop(dictionary);
1281 }
1282 __ jmp(&miss);
1283 __ bind(&probe_done);
1284
1285 // If probing finds an entry in the dictionary, scratch2 contains the
1286 // index into the dictionary. Check that the value is the callback.
1287 Register index = scratch2();
1288 const int kElementsStartOffset =
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]1289 NameDictionary::kHeaderSize +
1290 NameDictionary::kElementsStartIndex * kPointerSize;
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1291 const int kValueOffset = kElementsStartOffset + kPointerSize;
1292 __ mov(scratch3(),
1293 Operand(dictionary, index, times_4, kValueOffset - kHeapObjectTag));
1294 if (must_preserve_dictionary_reg) {
1295 __ pop(dictionary);
1296 }
1297 __ cmp(scratch3(), callback);
1298 __ j(not_equal, &miss);
1299 }
1300
1301 HandlerFrontendFooter(success, &miss);
1302 return reg;
1303}
1304
1305
1306void BaseLoadStubCompiler::NonexistentHandlerFrontend(
1307 Handle<JSObject> object,
1308 Handle<JSObject> last,
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]1309 Handle<Name> name,
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1310 Label* success,
1311 Handle<GlobalObject> global) {
1312 Label miss;
1313
mstarzinger@chromium.orge27d6172013-04-17 11:51:44 +0000[diff] [blame]1314 HandlerFrontendHeader(object, receiver(), last, name, &miss);
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1315
1316 // If the last object in the prototype chain is a global object,
1317 // check that the global property cell is empty.
1318 if (!global.is_null()) {
1319 GenerateCheckPropertyCell(masm(), global, name, scratch2(), &miss);
1320 }
1321
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1322 HandlerFrontendFooter(success, &miss);
1323}
1324
1325
1326void BaseLoadStubCompiler::GenerateLoadField(Register reg,
1327 Handle<JSObject> holder,
ulan@chromium.org57ff8812013-05-10 08:16:55 +0000[diff] [blame^]1328 PropertyIndex field,
1329 Representation representation) {
1330 if (!reg.is(receiver())) __ mov(receiver(), reg);
1331 if (kind() == Code::LOAD_IC) {
1332 LoadFieldStub stub(field.is_inobject(holder),
1333 field.translate(holder),
1334 representation);
1335 GenerateTailCall(masm(), stub.GetCode(isolate()));
1336 } else {
1337 KeyedLoadFieldStub stub(field.is_inobject(holder),
1338 field.translate(holder),
1339 representation);
1340 GenerateTailCall(masm(), stub.GetCode(isolate()));
1341 }
kasperl@chromium.orgdefbd102009-07-13 14:04:26 +0000[diff] [blame]1342}
1343
1344
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1345void BaseLoadStubCompiler::GenerateLoadCallback(
1346 Register reg,
1347 Handle<ExecutableAccessorInfo> callback) {
erik.corry@gmail.com4a6c3272010-11-18 12:04:40 +0000[diff] [blame]1348 // Insert additional parameters into the stack frame above return address.
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1349 ASSERT(!scratch3().is(reg));
1350 __ pop(scratch3()); // Get return address to place it below.
erik.corry@gmail.com4a6c3272010-11-18 12:04:40 +0000[diff] [blame]1351
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1352 __ push(receiver()); // receiver
1353 __ mov(scratch2(), esp);
1354 ASSERT(!scratch2().is(reg));
kasperl@chromium.orgdefbd102009-07-13 14:04:26 +0000[diff] [blame]1355 __ push(reg); // holder
yangguo@chromium.org4a9f6552013-03-04 14:46:33 +0000[diff] [blame]1356 // Push data from ExecutableAccessorInfo.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]1357 if (isolate()->heap()->InNewSpace(callback->data())) {
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1358 __ mov(scratch1(), Immediate(callback));
1359 __ push(FieldOperand(scratch1(), ExecutableAccessorInfo::kDataOffset));
ricow@chromium.org5ad5ace2010-06-23 09:06:43 +0000[diff] [blame]1360 } else {
ulan@chromium.org09d7ab52013-02-25 15:50:35 +0000[diff] [blame]1361 __ push(Immediate(Handle<Object>(callback->data(), isolate())));
ricow@chromium.org5ad5ace2010-06-23 09:06:43 +0000[diff] [blame]1362 }
jkummerow@chromium.org28faa982012-04-13 09:58:30 +0000[diff] [blame]1363 __ push(Immediate(reinterpret_cast<int>(isolate())));
erik.corry@gmail.com4a6c3272010-11-18 12:04:40 +0000[diff] [blame]1364
yangguo@chromium.org4a9f6552013-03-04 14:46:33 +0000[diff] [blame]1365 // Save a pointer to where we pushed the arguments pointer. This will be
1366 // passed as the const ExecutableAccessorInfo& to the C++ callback.
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1367 __ push(scratch2());
erik.corry@gmail.com4a6c3272010-11-18 12:04:40 +0000[diff] [blame]1368
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1369 __ push(name()); // name
erik.corry@gmail.com4a6c3272010-11-18 12:04:40 +0000[diff] [blame]1370 __ mov(ebx, esp); // esp points to reference to name (handler).
1371
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1372 __ push(scratch3()); // Restore return address.
kasperl@chromium.orgdefbd102009-07-13 14:04:26 +0000[diff] [blame]1373
jkummerow@chromium.org28faa982012-04-13 09:58:30 +0000[diff] [blame]1374 // 4 elements array for v8::Arguments::values_, handler for name and pointer
erik.corry@gmail.com4a6c3272010-11-18 12:04:40 +0000[diff] [blame]1375 // to the values (it considered as smi in GC).
jkummerow@chromium.org28faa982012-04-13 09:58:30 +0000[diff] [blame]1376 const int kStackSpace = 6;
erik.corry@gmail.com4a6c3272010-11-18 12:04:40 +0000[diff] [blame]1377 const int kApiArgc = 2;
1378
jkummerow@chromium.orgddda9e82011-07-06 11:27:02 +0000[diff] [blame]1379 __ PrepareCallApiFunction(kApiArgc);
erik.corry@gmail.com4a6c3272010-11-18 12:04:40 +0000[diff] [blame]1380 __ mov(ApiParameterOperand(0), ebx); // name.
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]1381 __ add(ebx, Immediate(kPointerSize));
erik.corry@gmail.com4a6c3272010-11-18 12:04:40 +0000[diff] [blame]1382 __ mov(ApiParameterOperand(1), ebx); // arguments pointer.
1383
kmillikin@chromium.org2d5475f2009-12-20 18:15:52 +0000[diff] [blame]1384 // Emitting a stub call may try to allocate (if the code is not
1385 // already generated). Do not allow the assembler to perform a
1386 // garbage collection but instead return the allocation failure
1387 // object.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]1388 Address getter_address = v8::ToCData<Address>(callback->getter());
1389 __ CallApiFunctionAndReturn(getter_address, kStackSpace);
kasperl@chromium.orgdefbd102009-07-13 14:04:26 +0000[diff] [blame]1390}
1391
1392
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1393void BaseLoadStubCompiler::GenerateLoadConstant(Handle<JSFunction> value) {
kasperl@chromium.orgdefbd102009-07-13 14:04:26 +0000[diff] [blame]1394 // Return the constant value.
ricow@chromium.org64e3a4b2011-12-13 08:07:27 +0000[diff] [blame]1395 __ LoadHeapObject(eax, value);
kasperl@chromium.orgdefbd102009-07-13 14:04:26 +0000[diff] [blame]1396 __ ret(0);
1397}
1398
1399
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1400void BaseLoadStubCompiler::GenerateLoadInterceptor(
1401 Register holder_reg,
1402 Handle<JSObject> object,
1403 Handle<JSObject> interceptor_holder,
1404 LookupResult* lookup,
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]1405 Handle<Name> name) {
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]1406 ASSERT(interceptor_holder->HasNamedInterceptor());
1407 ASSERT(!interceptor_holder->GetNamedInterceptor()->getter()->IsUndefined());
1408
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]1409 // So far the most popular follow ups for interceptor loads are FIELD
1410 // and CALLBACKS, so inline only them, other cases may be added
1411 // later.
1412 bool compile_followup_inline = false;
jkummerow@chromium.org05ed9dd2012-01-23 14:42:48 +0000[diff] [blame]1413 if (lookup->IsFound() && lookup->IsCacheable()) {
yangguo@chromium.orgde0db002012-06-22 13:44:28 +0000[diff] [blame]1414 if (lookup->IsField()) {
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]1415 compile_followup_inline = true;
1416 } else if (lookup->type() == CALLBACKS &&
hpayer@chromium.org7c3372b2013-02-13 17:26:04 +0000[diff] [blame]1417 lookup->GetCallbackObject()->IsExecutableAccessorInfo()) {
1418 ExecutableAccessorInfo* callback =
1419 ExecutableAccessorInfo::cast(lookup->GetCallbackObject());
mmassi@chromium.org7028c052012-06-13 11:51:58 +0000[diff] [blame]1420 compile_followup_inline = callback->getter() != NULL &&
1421 callback->IsCompatibleReceiver(*object);
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]1422 }
1423 }
1424
1425 if (compile_followup_inline) {
1426 // Compile the interceptor call, followed by inline code to load the
1427 // property from further up the prototype chain if the call fails.
1428 // Check that the maps haven't changed.
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1429 ASSERT(holder_reg.is(receiver()) || holder_reg.is(scratch1()));
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]1430
jkummerow@chromium.org212d9642012-05-11 15:02:09 +0000[diff] [blame]1431 // Preserve the receiver register explicitly whenever it is different from
1432 // the holder and it is needed should the interceptor return without any
1433 // result. The CALLBACKS case needs the receiver to be passed into C++ code,
1434 // the FIELD case might cause a miss during the prototype check.
1435 bool must_perfrom_prototype_check = *interceptor_holder != lookup->holder();
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1436 bool must_preserve_receiver_reg = !receiver().is(holder_reg) &&
jkummerow@chromium.org212d9642012-05-11 15:02:09 +0000[diff] [blame]1437 (lookup->type() == CALLBACKS || must_perfrom_prototype_check);
1438
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]1439 // Save necessary data before invoking an interceptor.
1440 // Requires a frame to make GC aware of pushed pointers.
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]1441 {
1442 FrameScope frame_scope(masm(), StackFrame::INTERNAL);
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]1443
jkummerow@chromium.org212d9642012-05-11 15:02:09 +0000[diff] [blame]1444 if (must_preserve_receiver_reg) {
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1445 __ push(receiver());
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]1446 }
1447 __ push(holder_reg);
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1448 __ push(this->name());
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]1449
1450 // Invoke an interceptor. Note: map checks from receiver to
1451 // interceptor's holder has been compiled before (see a caller
1452 // of this method.)
1453 CompileCallLoadPropertyWithInterceptor(masm(),
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1454 receiver(),
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]1455 holder_reg,
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1456 this->name(),
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]1457 interceptor_holder);
1458
1459 // Check if interceptor provided a value for property. If it's
1460 // the case, return immediately.
1461 Label interceptor_failed;
1462 __ cmp(eax, factory()->no_interceptor_result_sentinel());
1463 __ j(equal, &interceptor_failed);
1464 frame_scope.GenerateLeaveFrame();
1465 __ ret(0);
1466
jkummerow@chromium.org212d9642012-05-11 15:02:09 +0000[diff] [blame]1467 // Clobber registers when generating debug-code to provoke errors.
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]1468 __ bind(&interceptor_failed);
jkummerow@chromium.org212d9642012-05-11 15:02:09 +0000[diff] [blame]1469 if (FLAG_debug_code) {
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1470 __ mov(receiver(), Immediate(BitCast<int32_t>(kZapValue)));
jkummerow@chromium.org212d9642012-05-11 15:02:09 +0000[diff] [blame]1471 __ mov(holder_reg, Immediate(BitCast<int32_t>(kZapValue)));
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1472 __ mov(this->name(), Immediate(BitCast<int32_t>(kZapValue)));
jkummerow@chromium.org212d9642012-05-11 15:02:09 +0000[diff] [blame]1473 }
1474
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1475 __ pop(this->name());
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]1476 __ pop(holder_reg);
jkummerow@chromium.org212d9642012-05-11 15:02:09 +0000[diff] [blame]1477 if (must_preserve_receiver_reg) {
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1478 __ pop(receiver());
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]1479 }
1480
1481 // Leave the internal frame.
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]1482 }
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]1483
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1484 GenerateLoadPostInterceptor(holder_reg, interceptor_holder, name, lookup);
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]1485 } else { // !compile_followup_inline
1486 // Call the runtime system to load the interceptor.
1487 // Check that the maps haven't changed.
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]1488 __ pop(scratch2()); // save old return address
1489 PushInterceptorArguments(masm(), receiver(), holder_reg,
1490 this->name(), interceptor_holder);
1491 __ push(scratch2()); // restore old return address
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]1492
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1493 ExternalReference ref =
1494 ExternalReference(IC_Utility(IC::kLoadPropertyWithInterceptorForLoad),
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]1495 isolate());
jkummerow@chromium.org28faa982012-04-13 09:58:30 +0000[diff] [blame]1496 __ TailCallExternalReference(ref, 6, 1);
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]1497 }
kasperl@chromium.orgdefbd102009-07-13 14:04:26 +0000[diff] [blame]1498}
1499
1500
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]1501void CallStubCompiler::GenerateNameCheck(Handle<Name> name, Label* miss) {
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]1502 if (kind_ == Code::KEYED_CALL_IC) {
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]1503 __ cmp(ecx, Immediate(name));
vegorov@chromium.org7304bca2011-05-16 12:14:13 +0000[diff] [blame]1504 __ j(not_equal, miss);
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]1505 }
1506}
1507
1508
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]1509void CallStubCompiler::GenerateGlobalReceiverCheck(Handle<JSObject> object,
1510 Handle<JSObject> holder,
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]1511 Handle<Name> name,
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]1512 Label* miss) {
1513 ASSERT(holder->IsGlobalObject());
1514
1515 // Get the number of arguments.
1516 const int argc = arguments().immediate();
1517
1518 // Get the receiver from the stack.
1519 __ mov(edx, Operand(esp, (argc + 1) * kPointerSize));
1520
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]1521
1522 // Check that the maps haven't changed.
mstarzinger@chromium.org3233d2f2012-03-14 11:16:03 +0000[diff] [blame]1523 __ JumpIfSmi(edx, miss);
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]1524 CheckPrototypes(object, edx, holder, ebx, eax, edi, name, miss);
1525}
1526
1527
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]1528void CallStubCompiler::GenerateLoadFunctionFromCell(
1529 Handle<JSGlobalPropertyCell> cell,
1530 Handle<JSFunction> function,
1531 Label* miss) {
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]1532 // Get the value from the cell.
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]1533 if (Serializer::enabled()) {
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]1534 __ mov(edi, Immediate(cell));
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]1535 __ mov(edi, FieldOperand(edi, JSGlobalPropertyCell::kValueOffset));
1536 } else {
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]1537 __ mov(edi, Operand::Cell(cell));
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]1538 }
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]1539
1540 // Check that the cell contains the same function.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]1541 if (isolate()->heap()->InNewSpace(*function)) {
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]1542 // We can't embed a pointer to a function in new space so we have
1543 // to verify that the shared function info is unchanged. This has
1544 // the nice side effect that multiple closures based on the same
1545 // function can all use this call IC. Before we load through the
1546 // function, we have to verify that it still is a function.
whesse@chromium.org7b260152011-06-20 15:33:18 +0000[diff] [blame]1547 __ JumpIfSmi(edi, miss);
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]1548 __ CmpObjectType(edi, JS_FUNCTION_TYPE, ebx);
vegorov@chromium.org7304bca2011-05-16 12:14:13 +0000[diff] [blame]1549 __ j(not_equal, miss);
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]1550
1551 // Check the shared function info. Make sure it hasn't changed.
1552 __ cmp(FieldOperand(edi, JSFunction::kSharedFunctionInfoOffset),
1553 Immediate(Handle<SharedFunctionInfo>(function->shared())));
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]1554 } else {
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]1555 __ cmp(edi, Immediate(function));
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]1556 }
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]1557 __ j(not_equal, miss);
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]1558}
1559
1560
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]1561void CallStubCompiler::GenerateMissBranch() {
1562 Handle<Code> code =
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]1563 isolate()->stub_cache()->ComputeCallMiss(arguments().immediate(),
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]1564 kind_,
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]1565 extra_state_);
1566 __ jmp(code, RelocInfo::CODE_TARGET);
1567}
1568
1569
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]1570Handle<Code> CallStubCompiler::CompileCallField(Handle<JSObject> object,
1571 Handle<JSObject> holder,
yangguo@chromium.orgeeb44b62012-11-13 13:56:09 +0000[diff] [blame]1572 PropertyIndex index,
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]1573 Handle<Name> name) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1574 // ----------- S t a t e -------------
sgjesse@chromium.org846fb742009-12-18 08:56:33 +0000[diff] [blame]1575 // -- ecx : name
1576 // -- esp[0] : return address
1577 // -- esp[(argc - n) * 4] : arg[n] (zero-based)
1578 // -- ...
1579 // -- esp[(argc + 1) * 4] : receiver
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1580 // -----------------------------------
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1581 Label miss;
1582
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]1583 GenerateNameCheck(name, &miss);
1584
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1585 // Get the receiver from the stack.
1586 const int argc = arguments().immediate();
1587 __ mov(edx, Operand(esp, (argc + 1) * kPointerSize));
1588
1589 // Check that the receiver isn't a smi.
whesse@chromium.org7b260152011-06-20 15:33:18 +0000[diff] [blame]1590 __ JumpIfSmi(edx, &miss);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1591
1592 // Do the right check and compute the holder register.
ager@chromium.org6a2b0aa2010-07-13 20:58:03 +0000[diff] [blame]1593 Register reg = CheckPrototypes(object, edx, holder, ebx, eax, edi,
1594 name, &miss);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1595
ulan@chromium.org57ff8812013-05-10 08:16:55 +0000[diff] [blame^]1596 GenerateFastPropertyLoad(
1597 masm(), edi, reg, index.is_inobject(holder),
1598 index.translate(holder), Representation::Tagged());
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1599
1600 // Check that the function really is a function.
whesse@chromium.org7b260152011-06-20 15:33:18 +0000[diff] [blame]1601 __ JumpIfSmi(edi, &miss);
kasperl@chromium.org7be3c992009-03-12 07:19:55 +0000[diff] [blame]1602 __ CmpObjectType(edi, JS_FUNCTION_TYPE, ebx);
vegorov@chromium.org7304bca2011-05-16 12:14:13 +0000[diff] [blame]1603 __ j(not_equal, &miss);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1604
kasperl@chromium.org9fe21c62008-10-28 08:53:51 +0000[diff] [blame]1605 // Patch the receiver on the stack with the global proxy if
1606 // necessary.
1607 if (object->IsGlobalObject()) {
1608 __ mov(edx, FieldOperand(edx, GlobalObject::kGlobalReceiverOffset));
1609 __ mov(Operand(esp, (argc + 1) * kPointerSize), edx);
1610 }
1611
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1612 // Invoke the function.
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]1613 CallKind call_kind = CallICBase::Contextual::decode(extra_state_)
ricow@chromium.orgd2be9012011-06-01 06:00:58 +0000[diff] [blame]1614 ? CALL_AS_FUNCTION
1615 : CALL_AS_METHOD;
1616 __ InvokeFunction(edi, arguments(), JUMP_FUNCTION,
1617 NullCallWrapper(), call_kind);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1618
1619 // Handle call cache miss.
1620 __ bind(&miss);
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]1621 GenerateMissBranch();
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1622
1623 // Return the generated code.
jkummerow@chromium.org7a6fc812012-06-27 11:12:38 +0000[diff] [blame]1624 return GetCode(Code::FIELD, name);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1625}
1626
1627
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]1628Handle<Code> CallStubCompiler::CompileArrayPushCall(
1629 Handle<Object> object,
1630 Handle<JSObject> holder,
1631 Handle<JSGlobalPropertyCell> cell,
1632 Handle<JSFunction> function,
1633 Handle<String> name) {
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1634 // ----------- S t a t e -------------
1635 // -- ecx : name
1636 // -- esp[0] : return address
1637 // -- esp[(argc - n) * 4] : arg[n] (zero-based)
1638 // -- ...
1639 // -- esp[(argc + 1) * 4] : receiver
1640 // -----------------------------------
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1641
lrn@chromium.orgc34f5802010-04-28 12:53:43 +0000[diff] [blame]1642 // If object is not an array, bail out to regular call.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]1643 if (!object->IsJSArray() || !cell.is_null()) {
1644 return Handle<Code>::null();
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]1645 }
lrn@chromium.orgc34f5802010-04-28 12:53:43 +0000[diff] [blame]1646
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1647 Label miss;
1648
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]1649 GenerateNameCheck(name, &miss);
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]1650
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1651 // Get the receiver from the stack.
1652 const int argc = arguments().immediate();
1653 __ mov(edx, Operand(esp, (argc + 1) * kPointerSize));
1654
1655 // Check that the receiver isn't a smi.
whesse@chromium.org7b260152011-06-20 15:33:18 +0000[diff] [blame]1656 __ JumpIfSmi(edx, &miss);
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1657
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]1658 CheckPrototypes(Handle<JSObject>::cast(object), edx, holder, ebx, eax, edi,
1659 name, &miss);
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1660
1661 if (argc == 0) {
1662 // Noop, return the length.
1663 __ mov(eax, FieldOperand(edx, JSArray::kLengthOffset));
1664 __ ret((argc + 1) * kPointerSize);
1665 } else {
ricow@chromium.org0b9f8502010-08-18 07:45:01 +0000[diff] [blame]1666 Label call_builtin;
1667
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1668 if (argc == 1) { // Otherwise fall through to call builtin.
yangguo@chromium.orgfb377212012-11-16 14:43:43 +0000[diff] [blame]1669 Label attempt_to_grow_elements, with_write_barrier, check_double;
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1670
yangguo@chromium.org78d1ad42012-02-09 13:53:47 +0000[diff] [blame]1671 // Get the elements array of the object.
1672 __ mov(edi, FieldOperand(edx, JSArray::kElementsOffset));
1673
1674 // Check that the elements are in fast mode and writable.
1675 __ cmp(FieldOperand(edi, HeapObject::kMapOffset),
1676 Immediate(factory()->fixed_array_map()));
yangguo@chromium.orgfb377212012-11-16 14:43:43 +0000[diff] [blame]1677 __ j(not_equal, &check_double);
yangguo@chromium.org78d1ad42012-02-09 13:53:47 +0000[diff] [blame]1678
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1679 // Get the array's length into eax and calculate new length.
1680 __ mov(eax, FieldOperand(edx, JSArray::kLengthOffset));
1681 STATIC_ASSERT(kSmiTagSize == 1);
1682 STATIC_ASSERT(kSmiTag == 0);
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]1683 __ add(eax, Immediate(Smi::FromInt(argc)));
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1684
yangguo@chromium.org78d1ad42012-02-09 13:53:47 +0000[diff] [blame]1685 // Get the elements' length into ecx.
1686 __ mov(ecx, FieldOperand(edi, FixedArray::kLengthOffset));
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1687
fschneider@chromium.org086aac62010-03-17 13:18:24 +0000[diff] [blame]1688 // Check if we could survive without allocation.
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]1689 __ cmp(eax, ecx);
fschneider@chromium.org086aac62010-03-17 13:18:24 +0000[diff] [blame]1690 __ j(greater, &attempt_to_grow_elements);
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1691
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]1692 // Check if value is a smi.
1693 __ mov(ecx, Operand(esp, argc * kPointerSize));
1694 __ JumpIfNotSmi(ecx, &with_write_barrier);
1695
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1696 // Save new length.
1697 __ mov(FieldOperand(edx, JSArray::kLengthOffset), eax);
1698
yangguo@chromium.org78d1ad42012-02-09 13:53:47 +0000[diff] [blame]1699 // Store the value.
1700 __ mov(FieldOperand(edi,
1701 eax,
1702 times_half_pointer_size,
1703 FixedArray::kHeaderSize - argc * kPointerSize),
1704 ecx);
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1705
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1706 __ ret((argc + 1) * kPointerSize);
1707
yangguo@chromium.orgfb377212012-11-16 14:43:43 +0000[diff] [blame]1708 __ bind(&check_double);
1709
1710
1711 // Check that the elements are in double mode.
1712 __ cmp(FieldOperand(edi, HeapObject::kMapOffset),
1713 Immediate(factory()->fixed_double_array_map()));
1714 __ j(not_equal, &call_builtin);
1715
1716 // Get the array's length into eax and calculate new length.
1717 __ mov(eax, FieldOperand(edx, JSArray::kLengthOffset));
1718 STATIC_ASSERT(kSmiTagSize == 1);
1719 STATIC_ASSERT(kSmiTag == 0);
1720 __ add(eax, Immediate(Smi::FromInt(argc)));
1721
1722 // Get the elements' length into ecx.
1723 __ mov(ecx, FieldOperand(edi, FixedArray::kLengthOffset));
1724
1725 // Check if we could survive without allocation.
1726 __ cmp(eax, ecx);
1727 __ j(greater, &call_builtin);
1728
1729 __ mov(ecx, Operand(esp, argc * kPointerSize));
1730 __ StoreNumberToDoubleElements(
1731 ecx, edi, eax, ecx, xmm0, &call_builtin, true, argc * kDoubleSize);
1732
1733 // Save new length.
1734 __ mov(FieldOperand(edx, JSArray::kLengthOffset), eax);
1735 __ ret((argc + 1) * kPointerSize);
1736
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]1737 __ bind(&with_write_barrier);
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1738
yangguo@chromium.org78d1ad42012-02-09 13:53:47 +0000[diff] [blame]1739 __ mov(ebx, FieldOperand(edx, HeapObject::kMapOffset));
1740
yangguo@chromium.orgfb377212012-11-16 14:43:43 +0000[diff] [blame]1741 if (FLAG_smi_only_arrays && !FLAG_trace_elements_transitions) {
yangguo@chromium.org78d1ad42012-02-09 13:53:47 +0000[diff] [blame]1742 Label fast_object, not_fast_object;
1743 __ CheckFastObjectElements(ebx, &not_fast_object, Label::kNear);
1744 __ jmp(&fast_object);
1745 // In case of fast smi-only, convert to fast object, otherwise bail out.
1746 __ bind(&not_fast_object);
svenpanne@chromium.org830d30c2012-05-29 13:20:14 +0000[diff] [blame]1747 __ CheckFastSmiElements(ebx, &call_builtin);
yangguo@chromium.orgfb377212012-11-16 14:43:43 +0000[diff] [blame]1748 __ cmp(FieldOperand(ecx, HeapObject::kMapOffset),
1749 Immediate(factory()->heap_number_map()));
1750 __ j(equal, &call_builtin);
yangguo@chromium.org78d1ad42012-02-09 13:53:47 +0000[diff] [blame]1751 // edi: elements array
1752 // edx: receiver
1753 // ebx: map
svenpanne@chromium.org830d30c2012-05-29 13:20:14 +0000[diff] [blame]1754 Label try_holey_map;
1755 __ LoadTransitionedArrayMapConditional(FAST_SMI_ELEMENTS,
yangguo@chromium.org78d1ad42012-02-09 13:53:47 +0000[diff] [blame]1756 FAST_ELEMENTS,
1757 ebx,
1758 edi,
svenpanne@chromium.org830d30c2012-05-29 13:20:14 +0000[diff] [blame]1759 &try_holey_map);
1760
1761 ElementsTransitionGenerator::
yangguo@chromium.org46a2a512013-01-18 16:29:40 +0000[diff] [blame]1762 GenerateMapChangeElementsTransition(masm(),
1763 DONT_TRACK_ALLOCATION_SITE,
1764 NULL);
svenpanne@chromium.org830d30c2012-05-29 13:20:14 +0000[diff] [blame]1765 // Restore edi.
1766 __ mov(edi, FieldOperand(edx, JSArray::kElementsOffset));
1767 __ jmp(&fast_object);
1768
1769 __ bind(&try_holey_map);
1770 __ LoadTransitionedArrayMapConditional(FAST_HOLEY_SMI_ELEMENTS,
1771 FAST_HOLEY_ELEMENTS,
1772 ebx,
1773 edi,
yangguo@chromium.org78d1ad42012-02-09 13:53:47 +0000[diff] [blame]1774 &call_builtin);
svenpanne@chromium.org830d30c2012-05-29 13:20:14 +0000[diff] [blame]1775 ElementsTransitionGenerator::
yangguo@chromium.org46a2a512013-01-18 16:29:40 +0000[diff] [blame]1776 GenerateMapChangeElementsTransition(masm(),
1777 DONT_TRACK_ALLOCATION_SITE,
1778 NULL);
yangguo@chromium.org78d1ad42012-02-09 13:53:47 +0000[diff] [blame]1779 // Restore edi.
1780 __ mov(edi, FieldOperand(edx, JSArray::kElementsOffset));
1781 __ bind(&fast_object);
1782 } else {
1783 __ CheckFastObjectElements(ebx, &call_builtin);
1784 }
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1785
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]1786 // Save new length.
1787 __ mov(FieldOperand(edx, JSArray::kLengthOffset), eax);
1788
yangguo@chromium.org78d1ad42012-02-09 13:53:47 +0000[diff] [blame]1789 // Store the value.
1790 __ lea(edx, FieldOperand(edi,
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]1791 eax, times_half_pointer_size,
1792 FixedArray::kHeaderSize - argc * kPointerSize));
1793 __ mov(Operand(edx, 0), ecx);
1794
yangguo@chromium.org78d1ad42012-02-09 13:53:47 +0000[diff] [blame]1795 __ RecordWrite(edi, edx, ecx, kDontSaveFPRegs, EMIT_REMEMBERED_SET,
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]1796 OMIT_SMI_CHECK);
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]1797
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1798 __ ret((argc + 1) * kPointerSize);
1799
fschneider@chromium.org086aac62010-03-17 13:18:24 +0000[diff] [blame]1800 __ bind(&attempt_to_grow_elements);
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]1801 if (!FLAG_inline_new) {
1802 __ jmp(&call_builtin);
1803 }
1804
yangguo@chromium.org78d1ad42012-02-09 13:53:47 +0000[diff] [blame]1805 __ mov(ebx, Operand(esp, argc * kPointerSize));
svenpanne@chromium.orga8bb4d92011-10-10 13:20:40 +0000[diff] [blame]1806 // Growing elements that are SMI-only requires special handling in case
1807 // the new element is non-Smi. For now, delegate to the builtin.
1808 Label no_fast_elements_check;
yangguo@chromium.org78d1ad42012-02-09 13:53:47 +0000[diff] [blame]1809 __ JumpIfSmi(ebx, &no_fast_elements_check);
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]1810 __ mov(ecx, FieldOperand(edx, HeapObject::kMapOffset));
1811 __ CheckFastObjectElements(ecx, &call_builtin, Label::kFar);
svenpanne@chromium.orga8bb4d92011-10-10 13:20:40 +0000[diff] [blame]1812 __ bind(&no_fast_elements_check);
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]1813
1814 // We could be lucky and the elements array could be at the top of
1815 // new-space. In this case we can just grow it in place by moving the
1816 // allocation pointer up.
1817
fschneider@chromium.org086aac62010-03-17 13:18:24 +0000[diff] [blame]1818 ExternalReference new_space_allocation_top =
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]1819 ExternalReference::new_space_allocation_top_address(isolate());
fschneider@chromium.org086aac62010-03-17 13:18:24 +0000[diff] [blame]1820 ExternalReference new_space_allocation_limit =
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]1821 ExternalReference::new_space_allocation_limit_address(isolate());
fschneider@chromium.org086aac62010-03-17 13:18:24 +0000[diff] [blame]1822
1823 const int kAllocationDelta = 4;
1824 // Load top.
1825 __ mov(ecx, Operand::StaticVariable(new_space_allocation_top));
1826
1827 // Check if it's the end of elements.
yangguo@chromium.org78d1ad42012-02-09 13:53:47 +0000[diff] [blame]1828 __ lea(edx, FieldOperand(edi,
fschneider@chromium.org086aac62010-03-17 13:18:24 +0000[diff] [blame]1829 eax, times_half_pointer_size,
1830 FixedArray::kHeaderSize - argc * kPointerSize));
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]1831 __ cmp(edx, ecx);
fschneider@chromium.org086aac62010-03-17 13:18:24 +0000[diff] [blame]1832 __ j(not_equal, &call_builtin);
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]1833 __ add(ecx, Immediate(kAllocationDelta * kPointerSize));
fschneider@chromium.org086aac62010-03-17 13:18:24 +0000[diff] [blame]1834 __ cmp(ecx, Operand::StaticVariable(new_space_allocation_limit));
ager@chromium.orgac091b72010-05-05 07:34:42 +0000[diff] [blame]1835 __ j(above, &call_builtin);
fschneider@chromium.org086aac62010-03-17 13:18:24 +0000[diff] [blame]1836
1837 // We fit and could grow elements.
1838 __ mov(Operand::StaticVariable(new_space_allocation_top), ecx);
ager@chromium.orgb26c50a2010-03-26 09:27:16 +0000[diff] [blame]1839
1840 // Push the argument...
yangguo@chromium.org78d1ad42012-02-09 13:53:47 +0000[diff] [blame]1841 __ mov(Operand(edx, 0), ebx);
ager@chromium.orgb26c50a2010-03-26 09:27:16 +0000[diff] [blame]1842 // ... and fill the rest with holes.
fschneider@chromium.org086aac62010-03-17 13:18:24 +0000[diff] [blame]1843 for (int i = 1; i < kAllocationDelta; i++) {
1844 __ mov(Operand(edx, i * kPointerSize),
lrn@chromium.org7516f052011-03-30 08:52:27 +0000[diff] [blame]1845 Immediate(factory()->the_hole_value()));
fschneider@chromium.org086aac62010-03-17 13:18:24 +0000[diff] [blame]1846 }
1847
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]1848 // We know the elements array is in new space so we don't need the
1849 // remembered set, but we just pushed a value onto it so we may have to
1850 // tell the incremental marker to rescan the object that we just grew. We
1851 // don't need to worry about the holes because they are in old space and
1852 // already marked black.
yangguo@chromium.org78d1ad42012-02-09 13:53:47 +0000[diff] [blame]1853 __ RecordWrite(edi, edx, ebx, kDontSaveFPRegs, OMIT_REMEMBERED_SET);
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]1854
fschneider@chromium.org086aac62010-03-17 13:18:24 +0000[diff] [blame]1855 // Restore receiver to edx as finish sequence assumes it's here.
1856 __ mov(edx, Operand(esp, (argc + 1) * kPointerSize));
1857
1858 // Increment element's and array's sizes.
yangguo@chromium.org78d1ad42012-02-09 13:53:47 +0000[diff] [blame]1859 __ add(FieldOperand(edi, FixedArray::kLengthOffset),
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]1860 Immediate(Smi::FromInt(kAllocationDelta)));
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]1861
1862 // NOTE: This only happen in new-space, where we don't
1863 // care about the black-byte-count on pages. Otherwise we should
1864 // update that too if the object is black.
1865
fschneider@chromium.org086aac62010-03-17 13:18:24 +0000[diff] [blame]1866 __ mov(FieldOperand(edx, JSArray::kLengthOffset), eax);
1867
ager@chromium.orgb26c50a2010-03-26 09:27:16 +0000[diff] [blame]1868 __ ret((argc + 1) * kPointerSize);
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1869 }
1870
ricow@chromium.org0b9f8502010-08-18 07:45:01 +0000[diff] [blame]1871 __ bind(&call_builtin);
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1872 __ TailCallExternalReference(
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]1873 ExternalReference(Builtins::c_ArrayPush, isolate()),
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1874 argc + 1,
1875 1);
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1876 }
1877
1878 __ bind(&miss);
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]1879 GenerateMissBranch();
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1880
1881 // Return the generated code.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]1882 return GetCode(function);
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1883}
1884
1885
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]1886Handle<Code> CallStubCompiler::CompileArrayPopCall(
1887 Handle<Object> object,
1888 Handle<JSObject> holder,
1889 Handle<JSGlobalPropertyCell> cell,
1890 Handle<JSFunction> function,
1891 Handle<String> name) {
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1892 // ----------- S t a t e -------------
1893 // -- ecx : name
1894 // -- esp[0] : return address
1895 // -- esp[(argc - n) * 4] : arg[n] (zero-based)
1896 // -- ...
1897 // -- esp[(argc + 1) * 4] : receiver
1898 // -----------------------------------
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1899
lrn@chromium.orgc34f5802010-04-28 12:53:43 +0000[diff] [blame]1900 // If object is not an array, bail out to regular call.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]1901 if (!object->IsJSArray() || !cell.is_null()) {
1902 return Handle<Code>::null();
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]1903 }
lrn@chromium.orgc34f5802010-04-28 12:53:43 +0000[diff] [blame]1904
ager@chromium.orgac091b72010-05-05 07:34:42 +0000[diff] [blame]1905 Label miss, return_undefined, call_builtin;
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1906
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]1907 GenerateNameCheck(name, &miss);
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]1908
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1909 // Get the receiver from the stack.
1910 const int argc = arguments().immediate();
1911 __ mov(edx, Operand(esp, (argc + 1) * kPointerSize));
1912
1913 // Check that the receiver isn't a smi.
whesse@chromium.org7b260152011-06-20 15:33:18 +0000[diff] [blame]1914 __ JumpIfSmi(edx, &miss);
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]1915 CheckPrototypes(Handle<JSObject>::cast(object), edx, holder, ebx, eax, edi,
1916 name, &miss);
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1917
1918 // Get the elements array of the object.
1919 __ mov(ebx, FieldOperand(edx, JSArray::kElementsOffset));
1920
ricow@chromium.org0b9f8502010-08-18 07:45:01 +0000[diff] [blame]1921 // Check that the elements are in fast mode and writable.
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1922 __ cmp(FieldOperand(ebx, HeapObject::kMapOffset),
lrn@chromium.org7516f052011-03-30 08:52:27 +0000[diff] [blame]1923 Immediate(factory()->fixed_array_map()));
ricow@chromium.org0b9f8502010-08-18 07:45:01 +0000[diff] [blame]1924 __ j(not_equal, &call_builtin);
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1925
1926 // Get the array's length into ecx and calculate new length.
1927 __ mov(ecx, FieldOperand(edx, JSArray::kLengthOffset));
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]1928 __ sub(ecx, Immediate(Smi::FromInt(1)));
ager@chromium.orgac091b72010-05-05 07:34:42 +0000[diff] [blame]1929 __ j(negative, &return_undefined);
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1930
1931 // Get the last element.
1932 STATIC_ASSERT(kSmiTagSize == 1);
1933 STATIC_ASSERT(kSmiTag == 0);
1934 __ mov(eax, FieldOperand(ebx,
1935 ecx, times_half_pointer_size,
1936 FixedArray::kHeaderSize));
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]1937 __ cmp(eax, Immediate(factory()->the_hole_value()));
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1938 __ j(equal, &call_builtin);
1939
1940 // Set the array's length.
1941 __ mov(FieldOperand(edx, JSArray::kLengthOffset), ecx);
1942
1943 // Fill with the hole.
1944 __ mov(FieldOperand(ebx,
1945 ecx, times_half_pointer_size,
1946 FixedArray::kHeaderSize),
lrn@chromium.org7516f052011-03-30 08:52:27 +0000[diff] [blame]1947 Immediate(factory()->the_hole_value()));
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1948 __ ret((argc + 1) * kPointerSize);
1949
ager@chromium.orgac091b72010-05-05 07:34:42 +0000[diff] [blame]1950 __ bind(&return_undefined);
lrn@chromium.org7516f052011-03-30 08:52:27 +0000[diff] [blame]1951 __ mov(eax, Immediate(factory()->undefined_value()));
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1952 __ ret((argc + 1) * kPointerSize);
1953
1954 __ bind(&call_builtin);
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1955 __ TailCallExternalReference(
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]1956 ExternalReference(Builtins::c_ArrayPop, isolate()),
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1957 argc + 1,
1958 1);
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1959
1960 __ bind(&miss);
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]1961 GenerateMissBranch();
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1962
1963 // Return the generated code.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]1964 return GetCode(function);
vegorov@chromium.orgf8372902010-03-15 10:26:20 +0000[diff] [blame]1965}
1966
1967
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]1968Handle<Code> CallStubCompiler::CompileStringCharCodeAtCall(
1969 Handle<Object> object,
1970 Handle<JSObject> holder,
1971 Handle<JSGlobalPropertyCell> cell,
1972 Handle<JSFunction> function,
1973 Handle<String> name) {
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]1974 // ----------- S t a t e -------------
1975 // -- ecx : function name
1976 // -- esp[0] : return address
1977 // -- esp[(argc - n) * 4] : arg[n] (zero-based)
1978 // -- ...
1979 // -- esp[(argc + 1) * 4] : receiver
1980 // -----------------------------------
1981
ager@chromium.orgea4f62e2010-08-16 16:28:43 +0000[diff] [blame]1982 // If object is not a string, bail out to regular call.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]1983 if (!object->IsString() || !cell.is_null()) {
1984 return Handle<Code>::null();
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1985 }
ager@chromium.orgea4f62e2010-08-16 16:28:43 +0000[diff] [blame]1986
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]1987 const int argc = arguments().immediate();
1988
1989 Label miss;
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]1990 Label name_miss;
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]1991 Label index_out_of_range;
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]1992 Label* index_out_of_range_label = &index_out_of_range;
lrn@chromium.org5d00b602011-01-05 09:51:43 +0000[diff] [blame]1993
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]1994 if (kind_ == Code::CALL_IC &&
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]1995 (CallICBase::StringStubState::decode(extra_state_) ==
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]1996 DEFAULT_STRING_STUB)) {
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]1997 index_out_of_range_label = &miss;
1998 }
1999
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2000 GenerateNameCheck(name, &name_miss);
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]2001
2002 // Check that the maps starting from the prototype haven't changed.
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]2003 GenerateDirectLoadGlobalFunctionPrototype(masm(),
2004 Context::STRING_FUNCTION_INDEX,
fschneider@chromium.orgc20610a2010-09-22 09:44:58 +0000[diff] [blame]2005 eax,
2006 &miss);
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2007 ASSERT(!object.is_identical_to(holder));
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]2008 CheckPrototypes(
2009 Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
2010 eax, holder, ebx, edx, edi, name, &miss);
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]2011
2012 Register receiver = ebx;
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]2013 Register index = edi;
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]2014 Register result = eax;
2015 __ mov(receiver, Operand(esp, (argc + 1) * kPointerSize));
2016 if (argc > 0) {
2017 __ mov(index, Operand(esp, (argc - 0) * kPointerSize));
2018 } else {
lrn@chromium.org7516f052011-03-30 08:52:27 +0000[diff] [blame]2019 __ Set(index, Immediate(factory()->undefined_value()));
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]2020 }
2021
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2022 StringCharCodeAtGenerator generator(receiver,
2023 index,
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2024 result,
2025 &miss, // When not a string.
2026 &miss, // When not a number.
2027 index_out_of_range_label,
2028 STRING_INDEX_IS_NUMBER);
2029 generator.GenerateFast(masm());
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]2030 __ ret((argc + 1) * kPointerSize);
2031
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2032 StubRuntimeCallHelper call_helper;
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2033 generator.GenerateSlow(masm(), call_helper);
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]2034
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]2035 if (index_out_of_range.is_linked()) {
2036 __ bind(&index_out_of_range);
lrn@chromium.org7516f052011-03-30 08:52:27 +0000[diff] [blame]2037 __ Set(eax, Immediate(factory()->nan_value()));
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]2038 __ ret((argc + 1) * kPointerSize);
2039 }
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]2040
2041 __ bind(&miss);
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]2042 // Restore function name in ecx.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2043 __ Set(ecx, Immediate(name));
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]2044 __ bind(&name_miss);
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2045 GenerateMissBranch();
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]2046
2047 // Return the generated code.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2048 return GetCode(function);
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]2049}
2050
2051
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2052Handle<Code> CallStubCompiler::CompileStringCharAtCall(
2053 Handle<Object> object,
2054 Handle<JSObject> holder,
2055 Handle<JSGlobalPropertyCell> cell,
2056 Handle<JSFunction> function,
2057 Handle<String> name) {
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]2058 // ----------- S t a t e -------------
2059 // -- ecx : function name
2060 // -- esp[0] : return address
2061 // -- esp[(argc - n) * 4] : arg[n] (zero-based)
2062 // -- ...
2063 // -- esp[(argc + 1) * 4] : receiver
2064 // -----------------------------------
2065
ager@chromium.orgea4f62e2010-08-16 16:28:43 +0000[diff] [blame]2066 // If object is not a string, bail out to regular call.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2067 if (!object->IsString() || !cell.is_null()) {
2068 return Handle<Code>::null();
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]2069 }
ager@chromium.orgea4f62e2010-08-16 16:28:43 +0000[diff] [blame]2070
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]2071 const int argc = arguments().immediate();
2072
2073 Label miss;
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]2074 Label name_miss;
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]2075 Label index_out_of_range;
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]2076 Label* index_out_of_range_label = &index_out_of_range;
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]2077
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2078 if (kind_ == Code::CALL_IC &&
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]2079 (CallICBase::StringStubState::decode(extra_state_) ==
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2080 DEFAULT_STRING_STUB)) {
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]2081 index_out_of_range_label = &miss;
2082 }
2083
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2084 GenerateNameCheck(name, &name_miss);
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]2085
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]2086 // Check that the maps starting from the prototype haven't changed.
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]2087 GenerateDirectLoadGlobalFunctionPrototype(masm(),
2088 Context::STRING_FUNCTION_INDEX,
fschneider@chromium.orgc20610a2010-09-22 09:44:58 +0000[diff] [blame]2089 eax,
2090 &miss);
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2091 ASSERT(!object.is_identical_to(holder));
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]2092 CheckPrototypes(
2093 Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
2094 eax, holder, ebx, edx, edi, name, &miss);
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]2095
2096 Register receiver = eax;
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]2097 Register index = edi;
danno@chromium.orgc612e022011-11-10 11:38:15 +0000[diff] [blame]2098 Register scratch = edx;
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]2099 Register result = eax;
2100 __ mov(receiver, Operand(esp, (argc + 1) * kPointerSize));
2101 if (argc > 0) {
2102 __ mov(index, Operand(esp, (argc - 0) * kPointerSize));
2103 } else {
lrn@chromium.org7516f052011-03-30 08:52:27 +0000[diff] [blame]2104 __ Set(index, Immediate(factory()->undefined_value()));
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]2105 }
2106
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2107 StringCharAtGenerator generator(receiver,
2108 index,
danno@chromium.orgc612e022011-11-10 11:38:15 +0000[diff] [blame]2109 scratch,
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2110 result,
2111 &miss, // When not a string.
2112 &miss, // When not a number.
2113 index_out_of_range_label,
2114 STRING_INDEX_IS_NUMBER);
2115 generator.GenerateFast(masm());
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]2116 __ ret((argc + 1) * kPointerSize);
2117
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2118 StubRuntimeCallHelper call_helper;
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2119 generator.GenerateSlow(masm(), call_helper);
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]2120
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]2121 if (index_out_of_range.is_linked()) {
2122 __ bind(&index_out_of_range);
lrn@chromium.org7516f052011-03-30 08:52:27 +0000[diff] [blame]2123 __ Set(eax, Immediate(factory()->empty_string()));
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]2124 __ ret((argc + 1) * kPointerSize);
2125 }
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]2126
2127 __ bind(&miss);
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]2128 // Restore function name in ecx.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2129 __ Set(ecx, Immediate(name));
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]2130 __ bind(&name_miss);
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2131 GenerateMissBranch();
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]2132
2133 // Return the generated code.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2134 return GetCode(function);
ricow@chromium.org30ce4112010-05-31 10:38:25 +0000[diff] [blame]2135}
2136
2137
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2138Handle<Code> CallStubCompiler::CompileStringFromCharCodeCall(
2139 Handle<Object> object,
2140 Handle<JSObject> holder,
2141 Handle<JSGlobalPropertyCell> cell,
2142 Handle<JSFunction> function,
2143 Handle<String> name) {
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]2144 // ----------- S t a t e -------------
2145 // -- ecx : function name
2146 // -- esp[0] : return address
2147 // -- esp[(argc - n) * 4] : arg[n] (zero-based)
2148 // -- ...
2149 // -- esp[(argc + 1) * 4] : receiver
2150 // -----------------------------------
2151
2152 const int argc = arguments().immediate();
2153
2154 // If the object is not a JSObject or we got an unexpected number of
2155 // arguments, bail out to the regular call.
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]2156 if (!object->IsJSObject() || argc != 1) {
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2157 return Handle<Code>::null();
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]2158 }
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]2159
2160 Label miss;
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2161 GenerateNameCheck(name, &miss);
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]2162
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2163 if (cell.is_null()) {
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]2164 __ mov(edx, Operand(esp, 2 * kPointerSize));
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]2165 STATIC_ASSERT(kSmiTag == 0);
whesse@chromium.org7b260152011-06-20 15:33:18 +0000[diff] [blame]2166 __ JumpIfSmi(edx, &miss);
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2167 CheckPrototypes(Handle<JSObject>::cast(object), edx, holder, ebx, eax, edi,
2168 name, &miss);
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]2169 } else {
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2170 ASSERT(cell->value() == *function);
2171 GenerateGlobalReceiverCheck(Handle<JSObject>::cast(object), holder, name,
2172 &miss);
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]2173 GenerateLoadFunctionFromCell(cell, function, &miss);
2174 }
2175
2176 // Load the char code argument.
2177 Register code = ebx;
2178 __ mov(code, Operand(esp, 1 * kPointerSize));
2179
2180 // Check the code is a smi.
2181 Label slow;
2182 STATIC_ASSERT(kSmiTag == 0);
whesse@chromium.org7b260152011-06-20 15:33:18 +0000[diff] [blame]2183 __ JumpIfNotSmi(code, &slow);
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]2184
2185 // Convert the smi code to uint16.
2186 __ and_(code, Immediate(Smi::FromInt(0xffff)));
2187
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2188 StringCharFromCodeGenerator generator(code, eax);
2189 generator.GenerateFast(masm());
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]2190 __ ret(2 * kPointerSize);
2191
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2192 StubRuntimeCallHelper call_helper;
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2193 generator.GenerateSlow(masm(), call_helper);
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]2194
2195 // Tail call the full function. We do not have to patch the receiver
2196 // because the function makes no use of it.
2197 __ bind(&slow);
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]2198 CallKind call_kind = CallICBase::Contextual::decode(extra_state_)
ricow@chromium.orgd2be9012011-06-01 06:00:58 +0000[diff] [blame]2199 ? CALL_AS_FUNCTION
2200 : CALL_AS_METHOD;
ulan@chromium.org32d7dba2013-04-24 10:59:06 +0000[diff] [blame]2201 ParameterCount expected(function);
2202 __ InvokeFunction(function, expected, arguments(),
2203 JUMP_FUNCTION, NullCallWrapper(), call_kind);
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]2204
2205 __ bind(&miss);
2206 // ecx: function name.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2207 GenerateMissBranch();
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]2208
2209 // Return the generated code.
jkummerow@chromium.org7a6fc812012-06-27 11:12:38 +0000[diff] [blame]2210 return cell.is_null() ? GetCode(function) : GetCode(Code::NORMAL, name);
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]2211}
2212
2213
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2214Handle<Code> CallStubCompiler::CompileMathFloorCall(
2215 Handle<Object> object,
2216 Handle<JSObject> holder,
2217 Handle<JSGlobalPropertyCell> cell,
2218 Handle<JSFunction> function,
2219 Handle<String> name) {
fschneider@chromium.orgc20610a2010-09-22 09:44:58 +0000[diff] [blame]2220 // ----------- S t a t e -------------
2221 // -- ecx : name
2222 // -- esp[0] : return address
2223 // -- esp[(argc - n) * 4] : arg[n] (zero-based)
2224 // -- ...
2225 // -- esp[(argc + 1) * 4] : receiver
2226 // -----------------------------------
2227
kmillikin@chromium.orgc36ce6e2011-04-04 08:25:31 +0000[diff] [blame]2228 if (!CpuFeatures::IsSupported(SSE2)) {
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2229 return Handle<Code>::null();
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]2230 }
2231
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]2232 CpuFeatureScope use_sse2(masm(), SSE2);
fschneider@chromium.orgc20610a2010-09-22 09:44:58 +0000[diff] [blame]2233
2234 const int argc = arguments().immediate();
2235
2236 // If the object is not a JSObject or we got an unexpected number of
2237 // arguments, bail out to the regular call.
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]2238 if (!object->IsJSObject() || argc != 1) {
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2239 return Handle<Code>::null();
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]2240 }
fschneider@chromium.orgc20610a2010-09-22 09:44:58 +0000[diff] [blame]2241
2242 Label miss;
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2243 GenerateNameCheck(name, &miss);
fschneider@chromium.orgc20610a2010-09-22 09:44:58 +0000[diff] [blame]2244
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2245 if (cell.is_null()) {
fschneider@chromium.orgc20610a2010-09-22 09:44:58 +0000[diff] [blame]2246 __ mov(edx, Operand(esp, 2 * kPointerSize));
2247
2248 STATIC_ASSERT(kSmiTag == 0);
whesse@chromium.org7b260152011-06-20 15:33:18 +0000[diff] [blame]2249 __ JumpIfSmi(edx, &miss);
fschneider@chromium.orgc20610a2010-09-22 09:44:58 +0000[diff] [blame]2250
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2251 CheckPrototypes(Handle<JSObject>::cast(object), edx, holder, ebx, eax, edi,
2252 name, &miss);
fschneider@chromium.orgc20610a2010-09-22 09:44:58 +0000[diff] [blame]2253 } else {
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2254 ASSERT(cell->value() == *function);
2255 GenerateGlobalReceiverCheck(Handle<JSObject>::cast(object), holder, name,
2256 &miss);
fschneider@chromium.orgc20610a2010-09-22 09:44:58 +0000[diff] [blame]2257 GenerateLoadFunctionFromCell(cell, function, &miss);
2258 }
2259
2260 // Load the (only) argument into eax.
2261 __ mov(eax, Operand(esp, 1 * kPointerSize));
2262
2263 // Check if the argument is a smi.
2264 Label smi;
2265 STATIC_ASSERT(kSmiTag == 0);
whesse@chromium.org7b260152011-06-20 15:33:18 +0000[diff] [blame]2266 __ JumpIfSmi(eax, &smi);
fschneider@chromium.orgc20610a2010-09-22 09:44:58 +0000[diff] [blame]2267
2268 // Check if the argument is a heap number and load its value into xmm0.
2269 Label slow;
kmillikin@chromium.orgc53e10d2011-05-18 09:12:58 +0000[diff] [blame]2270 __ CheckMap(eax, factory()->heap_number_map(), &slow, DONT_DO_SMI_CHECK);
fschneider@chromium.orgc20610a2010-09-22 09:44:58 +0000[diff] [blame]2271 __ movdbl(xmm0, FieldOperand(eax, HeapNumber::kValueOffset));
2272
2273 // Check if the argument is strictly positive. Note this also
2274 // discards NaN.
2275 __ xorpd(xmm1, xmm1);
2276 __ ucomisd(xmm0, xmm1);
2277 __ j(below_equal, &slow);
2278
2279 // Do a truncating conversion.
2280 __ cvttsd2si(eax, Operand(xmm0));
2281
2282 // Check if the result fits into a smi. Note this also checks for
2283 // 0x80000000 which signals a failed conversion.
2284 Label wont_fit_into_smi;
2285 __ test(eax, Immediate(0xc0000000));
2286 __ j(not_zero, &wont_fit_into_smi);
2287
2288 // Smi tag and return.
2289 __ SmiTag(eax);
2290 __ bind(&smi);
2291 __ ret(2 * kPointerSize);
2292
2293 // Check if the argument is < 2^kMantissaBits.
2294 Label already_round;
2295 __ bind(&wont_fit_into_smi);
2296 __ LoadPowerOf2(xmm1, ebx, HeapNumber::kMantissaBits);
2297 __ ucomisd(xmm0, xmm1);
2298 __ j(above_equal, &already_round);
2299
2300 // Save a copy of the argument.
2301 __ movaps(xmm2, xmm0);
2302
2303 // Compute (argument + 2^kMantissaBits) - 2^kMantissaBits.
2304 __ addsd(xmm0, xmm1);
2305 __ subsd(xmm0, xmm1);
2306
2307 // Compare the argument and the tentative result to get the right mask:
2308 // if xmm2 < xmm0:
2309 // xmm2 = 1...1
2310 // else:
2311 // xmm2 = 0...0
2312 __ cmpltsd(xmm2, xmm0);
2313
2314 // Subtract 1 if the argument was less than the tentative result.
2315 __ LoadPowerOf2(xmm1, ebx, 0);
2316 __ andpd(xmm1, xmm2);
2317 __ subsd(xmm0, xmm1);
2318
2319 // Return a new heap number.
2320 __ AllocateHeapNumber(eax, ebx, edx, &slow);
2321 __ movdbl(FieldOperand(eax, HeapNumber::kValueOffset), xmm0);
2322 __ ret(2 * kPointerSize);
2323
2324 // Return the argument (when it's an already round heap number).
2325 __ bind(&already_round);
2326 __ mov(eax, Operand(esp, 1 * kPointerSize));
2327 __ ret(2 * kPointerSize);
2328
2329 // Tail call the full function. We do not have to patch the receiver
2330 // because the function makes no use of it.
2331 __ bind(&slow);
ulan@chromium.org32d7dba2013-04-24 10:59:06 +0000[diff] [blame]2332 ParameterCount expected(function);
2333 __ InvokeFunction(function, expected, arguments(),
2334 JUMP_FUNCTION, NullCallWrapper(), CALL_AS_METHOD);
fschneider@chromium.orgc20610a2010-09-22 09:44:58 +0000[diff] [blame]2335
2336 __ bind(&miss);
2337 // ecx: function name.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2338 GenerateMissBranch();
fschneider@chromium.orgc20610a2010-09-22 09:44:58 +0000[diff] [blame]2339
2340 // Return the generated code.
jkummerow@chromium.org7a6fc812012-06-27 11:12:38 +0000[diff] [blame]2341 return cell.is_null() ? GetCode(function) : GetCode(Code::NORMAL, name);
fschneider@chromium.orgc20610a2010-09-22 09:44:58 +0000[diff] [blame]2342}
2343
2344
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2345Handle<Code> CallStubCompiler::CompileMathAbsCall(
2346 Handle<Object> object,
2347 Handle<JSObject> holder,
2348 Handle<JSGlobalPropertyCell> cell,
2349 Handle<JSFunction> function,
2350 Handle<String> name) {
kmillikin@chromium.orgf05f2912010-09-30 10:07:24 +0000[diff] [blame]2351 // ----------- S t a t e -------------
2352 // -- ecx : name
2353 // -- esp[0] : return address
2354 // -- esp[(argc - n) * 4] : arg[n] (zero-based)
2355 // -- ...
2356 // -- esp[(argc + 1) * 4] : receiver
2357 // -----------------------------------
2358
2359 const int argc = arguments().immediate();
2360
2361 // If the object is not a JSObject or we got an unexpected number of
2362 // arguments, bail out to the regular call.
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]2363 if (!object->IsJSObject() || argc != 1) {
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2364 return Handle<Code>::null();
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]2365 }
kmillikin@chromium.orgf05f2912010-09-30 10:07:24 +0000[diff] [blame]2366
2367 Label miss;
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2368 GenerateNameCheck(name, &miss);
kmillikin@chromium.orgf05f2912010-09-30 10:07:24 +0000[diff] [blame]2369
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2370 if (cell.is_null()) {
kmillikin@chromium.orgf05f2912010-09-30 10:07:24 +0000[diff] [blame]2371 __ mov(edx, Operand(esp, 2 * kPointerSize));
2372
2373 STATIC_ASSERT(kSmiTag == 0);
whesse@chromium.org7b260152011-06-20 15:33:18 +0000[diff] [blame]2374 __ JumpIfSmi(edx, &miss);
kmillikin@chromium.orgf05f2912010-09-30 10:07:24 +0000[diff] [blame]2375
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2376 CheckPrototypes(Handle<JSObject>::cast(object), edx, holder, ebx, eax, edi,
2377 name, &miss);
kmillikin@chromium.orgf05f2912010-09-30 10:07:24 +0000[diff] [blame]2378 } else {
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2379 ASSERT(cell->value() == *function);
2380 GenerateGlobalReceiverCheck(Handle<JSObject>::cast(object), holder, name,
2381 &miss);
kmillikin@chromium.orgf05f2912010-09-30 10:07:24 +0000[diff] [blame]2382 GenerateLoadFunctionFromCell(cell, function, &miss);
2383 }
2384
2385 // Load the (only) argument into eax.
2386 __ mov(eax, Operand(esp, 1 * kPointerSize));
2387
2388 // Check if the argument is a smi.
2389 Label not_smi;
2390 STATIC_ASSERT(kSmiTag == 0);
whesse@chromium.org7b260152011-06-20 15:33:18 +0000[diff] [blame]2391 __ JumpIfNotSmi(eax, &not_smi);
kmillikin@chromium.orgf05f2912010-09-30 10:07:24 +0000[diff] [blame]2392
2393 // Set ebx to 1...1 (== -1) if the argument is negative, or to 0...0
2394 // otherwise.
2395 __ mov(ebx, eax);
2396 __ sar(ebx, kBitsPerInt - 1);
2397
2398 // Do bitwise not or do nothing depending on ebx.
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]2399 __ xor_(eax, ebx);
kmillikin@chromium.orgf05f2912010-09-30 10:07:24 +0000[diff] [blame]2400
2401 // Add 1 or do nothing depending on ebx.
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]2402 __ sub(eax, ebx);
kmillikin@chromium.orgf05f2912010-09-30 10:07:24 +0000[diff] [blame]2403
2404 // If the result is still negative, go to the slow case.
2405 // This only happens for the most negative smi.
2406 Label slow;
2407 __ j(negative, &slow);
2408
2409 // Smi case done.
2410 __ ret(2 * kPointerSize);
2411
2412 // Check if the argument is a heap number and load its exponent and
2413 // sign into ebx.
2414 __ bind(&not_smi);
kmillikin@chromium.orgc53e10d2011-05-18 09:12:58 +0000[diff] [blame]2415 __ CheckMap(eax, factory()->heap_number_map(), &slow, DONT_DO_SMI_CHECK);
kmillikin@chromium.orgf05f2912010-09-30 10:07:24 +0000[diff] [blame]2416 __ mov(ebx, FieldOperand(eax, HeapNumber::kExponentOffset));
2417
2418 // Check the sign of the argument. If the argument is positive,
2419 // just return it.
2420 Label negative_sign;
2421 __ test(ebx, Immediate(HeapNumber::kSignMask));
2422 __ j(not_zero, &negative_sign);
2423 __ ret(2 * kPointerSize);
2424
2425 // If the argument is negative, clear the sign, and return a new
2426 // number.
2427 __ bind(&negative_sign);
2428 __ and_(ebx, ~HeapNumber::kSignMask);
2429 __ mov(ecx, FieldOperand(eax, HeapNumber::kMantissaOffset));
2430 __ AllocateHeapNumber(eax, edi, edx, &slow);
2431 __ mov(FieldOperand(eax, HeapNumber::kExponentOffset), ebx);
2432 __ mov(FieldOperand(eax, HeapNumber::kMantissaOffset), ecx);
2433 __ ret(2 * kPointerSize);
2434
2435 // Tail call the full function. We do not have to patch the receiver
2436 // because the function makes no use of it.
2437 __ bind(&slow);
ulan@chromium.org32d7dba2013-04-24 10:59:06 +0000[diff] [blame]2438 ParameterCount expected(function);
2439 __ InvokeFunction(function, expected, arguments(),
2440 JUMP_FUNCTION, NullCallWrapper(), CALL_AS_METHOD);
kmillikin@chromium.orgf05f2912010-09-30 10:07:24 +0000[diff] [blame]2441
2442 __ bind(&miss);
2443 // ecx: function name.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2444 GenerateMissBranch();
kmillikin@chromium.orgf05f2912010-09-30 10:07:24 +0000[diff] [blame]2445
2446 // Return the generated code.
jkummerow@chromium.org7a6fc812012-06-27 11:12:38 +0000[diff] [blame]2447 return cell.is_null() ? GetCode(function) : GetCode(Code::NORMAL, name);
kmillikin@chromium.orgf05f2912010-09-30 10:07:24 +0000[diff] [blame]2448}
2449
2450
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2451Handle<Code> CallStubCompiler::CompileFastApiCall(
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]2452 const CallOptimization& optimization,
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2453 Handle<Object> object,
2454 Handle<JSObject> holder,
2455 Handle<JSGlobalPropertyCell> cell,
2456 Handle<JSFunction> function,
2457 Handle<String> name) {
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]2458 ASSERT(optimization.is_simple_api_call());
2459 // Bail out if object is a global object as we don't want to
2460 // repatch it to global receiver.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2461 if (object->IsGlobalObject()) return Handle<Code>::null();
2462 if (!cell.is_null()) return Handle<Code>::null();
2463 if (!object->IsJSObject()) return Handle<Code>::null();
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]2464 int depth = optimization.GetPrototypeDepthOfExpectedType(
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2465 Handle<JSObject>::cast(object), holder);
2466 if (depth == kInvalidProtoDepth) return Handle<Code>::null();
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]2467
2468 Label miss, miss_before_stack_reserved;
2469
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2470 GenerateNameCheck(name, &miss_before_stack_reserved);
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]2471
2472 // Get the receiver from the stack.
2473 const int argc = arguments().immediate();
2474 __ mov(edx, Operand(esp, (argc + 1) * kPointerSize));
2475
2476 // Check that the receiver isn't a smi.
whesse@chromium.org7b260152011-06-20 15:33:18 +0000[diff] [blame]2477 __ JumpIfSmi(edx, &miss_before_stack_reserved);
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]2478
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]2479 Counters* counters = isolate()->counters();
2480 __ IncrementCounter(counters->call_const(), 1);
2481 __ IncrementCounter(counters->call_const_fast_api(), 1);
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]2482
2483 // Allocate space for v8::Arguments implicit values. Must be initialized
2484 // before calling any runtime function.
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]2485 __ sub(esp, Immediate(kFastApiCallArguments * kPointerSize));
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]2486
2487 // Check that the maps haven't changed and find a Holder as a side effect.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2488 CheckPrototypes(Handle<JSObject>::cast(object), edx, holder, ebx, eax, edi,
2489 name, depth, &miss);
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]2490
2491 // Move the return address on top of the stack.
jkummerow@chromium.org28faa982012-04-13 09:58:30 +0000[diff] [blame]2492 __ mov(eax, Operand(esp, 4 * kPointerSize));
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]2493 __ mov(Operand(esp, 0 * kPointerSize), eax);
2494
2495 // esp[2 * kPointerSize] is uninitialized, esp[3 * kPointerSize] contains
2496 // duplicate of return address and will be overwritten.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2497 GenerateFastApiCall(masm(), optimization, argc);
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]2498
2499 __ bind(&miss);
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]2500 __ add(esp, Immediate(kFastApiCallArguments * kPointerSize));
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]2501
2502 __ bind(&miss_before_stack_reserved);
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2503 GenerateMissBranch();
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]2504
2505 // Return the generated code.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2506 return GetCode(function);
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]2507}
2508
2509
mmassi@chromium.org2f0efde2013-02-06 14:12:58 +0000[diff] [blame]2510void CallStubCompiler::CompileHandlerFrontend(Handle<Object> object,
2511 Handle<JSObject> holder,
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]2512 Handle<Name> name,
mmassi@chromium.org2f0efde2013-02-06 14:12:58 +0000[diff] [blame]2513 CheckType check,
2514 Label* success) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2515 // ----------- S t a t e -------------
sgjesse@chromium.org846fb742009-12-18 08:56:33 +0000[diff] [blame]2516 // -- ecx : name
2517 // -- esp[0] : return address
2518 // -- esp[(argc - n) * 4] : arg[n] (zero-based)
2519 // -- ...
2520 // -- esp[(argc + 1) * 4] : receiver
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2521 // -----------------------------------
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]2522 Label miss;
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2523 GenerateNameCheck(name, &miss);
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]2524
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2525 // Get the receiver from the stack.
2526 const int argc = arguments().immediate();
2527 __ mov(edx, Operand(esp, (argc + 1) * kPointerSize));
2528
2529 // Check that the receiver isn't a smi.
2530 if (check != NUMBER_CHECK) {
whesse@chromium.org7b260152011-06-20 15:33:18 +0000[diff] [blame]2531 __ JumpIfSmi(edx, &miss);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2532 }
2533
kasperl@chromium.org9fe21c62008-10-28 08:53:51 +0000[diff] [blame]2534 // Make sure that it's okay not to patch the on stack receiver
2535 // unless we're doing a receiver map check.
2536 ASSERT(!object->IsGlobalObject() || check == RECEIVER_MAP_CHECK);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2537 switch (check) {
2538 case RECEIVER_MAP_CHECK:
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]2539 __ IncrementCounter(isolate()->counters()->call_const(), 1);
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]2540
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2541 // Check that the maps haven't changed.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2542 CheckPrototypes(Handle<JSObject>::cast(object), edx, holder, ebx, eax,
2543 edi, name, &miss);
kasperl@chromium.org9fe21c62008-10-28 08:53:51 +0000[diff] [blame]2544
2545 // Patch the receiver on the stack with the global proxy if
2546 // necessary.
2547 if (object->IsGlobalObject()) {
2548 __ mov(edx, FieldOperand(edx, GlobalObject::kGlobalReceiverOffset));
2549 __ mov(Operand(esp, (argc + 1) * kPointerSize), edx);
2550 }
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2551 break;
2552
2553 case STRING_CHECK:
yangguo@chromium.org4a9f6552013-03-04 14:46:33 +0000[diff] [blame]2554 // Check that the object is a string.
mmassi@chromium.org2f0efde2013-02-06 14:12:58 +0000[diff] [blame]2555 __ CmpObjectType(edx, FIRST_NONSTRING_TYPE, eax);
2556 __ j(above_equal, &miss);
2557 // Check that the maps starting from the prototype haven't changed.
2558 GenerateDirectLoadGlobalFunctionPrototype(
2559 masm(), Context::STRING_FUNCTION_INDEX, eax, &miss);
2560 CheckPrototypes(
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]2561 Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
mmassi@chromium.org2f0efde2013-02-06 14:12:58 +0000[diff] [blame]2562 eax, holder, ebx, edx, edi, name, &miss);
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2563 break;
2564
yangguo@chromium.org4a9f6552013-03-04 14:46:33 +0000[diff] [blame]2565 case SYMBOL_CHECK:
2566 // Check that the object is a symbol.
2567 __ CmpObjectType(edx, SYMBOL_TYPE, eax);
2568 __ j(not_equal, &miss);
mstarzinger@chromium.orgf705b502013-04-04 11:38:09 +0000[diff] [blame]2569 // Check that the maps starting from the prototype haven't changed.
2570 GenerateDirectLoadGlobalFunctionPrototype(
2571 masm(), Context::SYMBOL_FUNCTION_INDEX, eax, &miss);
2572 CheckPrototypes(
2573 Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
2574 eax, holder, ebx, edx, edi, name, &miss);
yangguo@chromium.org4a9f6552013-03-04 14:46:33 +0000[diff] [blame]2575 break;
2576
mmassi@chromium.org2f0efde2013-02-06 14:12:58 +0000[diff] [blame]2577 case NUMBER_CHECK: {
2578 Label fast;
2579 // Check that the object is a smi or a heap number.
2580 __ JumpIfSmi(edx, &fast);
2581 __ CmpObjectType(edx, HEAP_NUMBER_TYPE, eax);
2582 __ j(not_equal, &miss);
2583 __ bind(&fast);
2584 // Check that the maps starting from the prototype haven't changed.
2585 GenerateDirectLoadGlobalFunctionPrototype(
2586 masm(), Context::NUMBER_FUNCTION_INDEX, eax, &miss);
2587 CheckPrototypes(
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]2588 Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
mmassi@chromium.org2f0efde2013-02-06 14:12:58 +0000[diff] [blame]2589 eax, holder, ebx, edx, edi, name, &miss);
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2590 break;
mmassi@chromium.org2f0efde2013-02-06 14:12:58 +0000[diff] [blame]2591 }
2592 case BOOLEAN_CHECK: {
2593 Label fast;
2594 // Check that the object is a boolean.
2595 __ cmp(edx, factory()->true_value());
2596 __ j(equal, &fast);
2597 __ cmp(edx, factory()->false_value());
2598 __ j(not_equal, &miss);
2599 __ bind(&fast);
2600 // Check that the maps starting from the prototype haven't changed.
2601 GenerateDirectLoadGlobalFunctionPrototype(
2602 masm(), Context::BOOLEAN_FUNCTION_INDEX, eax, &miss);
2603 CheckPrototypes(
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]2604 Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
mmassi@chromium.org2f0efde2013-02-06 14:12:58 +0000[diff] [blame]2605 eax, holder, ebx, edx, edi, name, &miss);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2606 break;
mmassi@chromium.org2f0efde2013-02-06 14:12:58 +0000[diff] [blame]2607 }
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2608 }
2609
mmassi@chromium.org2f0efde2013-02-06 14:12:58 +0000[diff] [blame]2610 __ jmp(success);
2611
2612 // Handle call cache miss.
2613 __ bind(&miss);
2614 GenerateMissBranch();
2615}
2616
2617
2618void CallStubCompiler::CompileHandlerBackend(Handle<JSFunction> function) {
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]2619 CallKind call_kind = CallICBase::Contextual::decode(extra_state_)
ricow@chromium.orgd2be9012011-06-01 06:00:58 +0000[diff] [blame]2620 ? CALL_AS_FUNCTION
2621 : CALL_AS_METHOD;
ulan@chromium.org32d7dba2013-04-24 10:59:06 +0000[diff] [blame]2622 ParameterCount expected(function);
2623 __ InvokeFunction(function, expected, arguments(),
2624 JUMP_FUNCTION, NullCallWrapper(), call_kind);
mmassi@chromium.org2f0efde2013-02-06 14:12:58 +0000[diff] [blame]2625}
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2626
mmassi@chromium.org2f0efde2013-02-06 14:12:58 +0000[diff] [blame]2627
2628Handle<Code> CallStubCompiler::CompileCallConstant(
2629 Handle<Object> object,
2630 Handle<JSObject> holder,
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]2631 Handle<Name> name,
mmassi@chromium.org2f0efde2013-02-06 14:12:58 +0000[diff] [blame]2632 CheckType check,
2633 Handle<JSFunction> function) {
2634
2635 if (HasCustomCallGenerator(function)) {
2636 Handle<Code> code = CompileCustomCall(object, holder,
2637 Handle<JSGlobalPropertyCell>::null(),
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]2638 function, Handle<String>::cast(name));
mmassi@chromium.org2f0efde2013-02-06 14:12:58 +0000[diff] [blame]2639 // A null handle means bail out to the regular compiler code below.
2640 if (!code.is_null()) return code;
2641 }
2642
2643 Label success;
2644
2645 CompileHandlerFrontend(object, holder, name, check, &success);
2646 __ bind(&success);
2647 CompileHandlerBackend(function);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2648
2649 // Return the generated code.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2650 return GetCode(function);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2651}
2652
2653
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2654Handle<Code> CallStubCompiler::CompileCallInterceptor(Handle<JSObject> object,
2655 Handle<JSObject> holder,
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]2656 Handle<Name> name) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2657 // ----------- S t a t e -------------
sgjesse@chromium.org846fb742009-12-18 08:56:33 +0000[diff] [blame]2658 // -- ecx : name
2659 // -- esp[0] : return address
2660 // -- esp[(argc - n) * 4] : arg[n] (zero-based)
2661 // -- ...
2662 // -- esp[(argc + 1) * 4] : receiver
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2663 // -----------------------------------
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2664 Label miss;
2665
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2666 GenerateNameCheck(name, &miss);
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]2667
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2668 // Get the number of arguments.
2669 const int argc = arguments().immediate();
2670
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]2671 LookupResult lookup(isolate());
sgjesse@chromium.org0b6db592009-07-30 14:48:31 +0000[diff] [blame]2672 LookupPostInterceptor(holder, name, &lookup);
2673
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2674 // Get the receiver from the stack.
2675 __ mov(edx, Operand(esp, (argc + 1) * kPointerSize));
kasperl@chromium.org9fe21c62008-10-28 08:53:51 +0000[diff] [blame]2676
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]2677 CallInterceptorCompiler compiler(this, arguments(), ecx, extra_state_);
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2678 compiler.Compile(masm(), object, holder, name, &lookup, edx, ebx, edi, eax,
2679 &miss);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2680
sgjesse@chromium.org0b6db592009-07-30 14:48:31 +0000[diff] [blame]2681 // Restore receiver.
2682 __ mov(edx, Operand(esp, (argc + 1) * kPointerSize));
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2683
2684 // Check that the function really is a function.
whesse@chromium.org7b260152011-06-20 15:33:18 +0000[diff] [blame]2685 __ JumpIfSmi(eax, &miss);
sgjesse@chromium.org0b6db592009-07-30 14:48:31 +0000[diff] [blame]2686 __ CmpObjectType(eax, JS_FUNCTION_TYPE, ebx);
vegorov@chromium.org7304bca2011-05-16 12:14:13 +0000[diff] [blame]2687 __ j(not_equal, &miss);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2688
kasperl@chromium.org9fe21c62008-10-28 08:53:51 +0000[diff] [blame]2689 // Patch the receiver on the stack with the global proxy if
2690 // necessary.
2691 if (object->IsGlobalObject()) {
2692 __ mov(edx, FieldOperand(edx, GlobalObject::kGlobalReceiverOffset));
2693 __ mov(Operand(esp, (argc + 1) * kPointerSize), edx);
2694 }
2695
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2696 // Invoke the function.
sgjesse@chromium.org0b6db592009-07-30 14:48:31 +0000[diff] [blame]2697 __ mov(edi, eax);
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]2698 CallKind call_kind = CallICBase::Contextual::decode(extra_state_)
ricow@chromium.orgd2be9012011-06-01 06:00:58 +0000[diff] [blame]2699 ? CALL_AS_FUNCTION
2700 : CALL_AS_METHOD;
2701 __ InvokeFunction(edi, arguments(), JUMP_FUNCTION,
2702 NullCallWrapper(), call_kind);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2703
2704 // Handle load cache miss.
2705 __ bind(&miss);
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2706 GenerateMissBranch();
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2707
2708 // Return the generated code.
jkummerow@chromium.org7a6fc812012-06-27 11:12:38 +0000[diff] [blame]2709 return GetCode(Code::INTERCEPTOR, name);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2710}
2711
2712
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2713Handle<Code> CallStubCompiler::CompileCallGlobal(
2714 Handle<JSObject> object,
2715 Handle<GlobalObject> holder,
2716 Handle<JSGlobalPropertyCell> cell,
2717 Handle<JSFunction> function,
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]2718 Handle<Name> name) {
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]2719 // ----------- S t a t e -------------
sgjesse@chromium.org846fb742009-12-18 08:56:33 +0000[diff] [blame]2720 // -- ecx : name
2721 // -- esp[0] : return address
2722 // -- esp[(argc - n) * 4] : arg[n] (zero-based)
2723 // -- ...
2724 // -- esp[(argc + 1) * 4] : receiver
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]2725 // -----------------------------------
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]2726
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]2727 if (HasCustomCallGenerator(function)) {
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]2728 Handle<Code> code = CompileCustomCall(
2729 object, holder, cell, function, Handle<String>::cast(name));
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2730 // A null handle means bail out to the regular compiler code below.
2731 if (!code.is_null()) return code;
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]2732 }
2733
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]2734 Label miss;
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2735 GenerateNameCheck(name, &miss);
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]2736
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]2737 // Get the number of arguments.
2738 const int argc = arguments().immediate();
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]2739 GenerateGlobalReceiverCheck(object, holder, name, &miss);
sgjesse@chromium.org2ec107f2010-09-13 09:19:46 +0000[diff] [blame]2740 GenerateLoadFunctionFromCell(cell, function, &miss);
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]2741
2742 // Patch the receiver on the stack with the global proxy.
kasperl@chromium.orgdefbd102009-07-13 14:04:26 +0000[diff] [blame]2743 if (object->IsGlobalObject()) {
2744 __ mov(edx, FieldOperand(edx, GlobalObject::kGlobalReceiverOffset));
2745 __ mov(Operand(esp, (argc + 1) * kPointerSize), edx);
2746 }
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]2747
erik.corry@gmail.comf2038fb2012-01-16 11:42:08 +0000[diff] [blame]2748 // Set up the context (function already in edi).
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]2749 __ mov(esi, FieldOperand(edi, JSFunction::kContextOffset));
2750
2751 // Jump to the cached code (tail call).
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]2752 Counters* counters = isolate()->counters();
2753 __ IncrementCounter(counters->call_global_inline(), 1);
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]2754 ParameterCount expected(function->shared()->formal_parameter_count());
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]2755 CallKind call_kind = CallICBase::Contextual::decode(extra_state_)
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2756 ? CALL_AS_FUNCTION
2757 : CALL_AS_METHOD;
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]2758 // We call indirectly through the code field in the function to
2759 // allow recompilation to take effect without changing any of the
2760 // call sites.
2761 __ InvokeCode(FieldOperand(edi, JSFunction::kCodeEntryOffset),
2762 expected, arguments(), JUMP_FUNCTION,
2763 NullCallWrapper(), call_kind);
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]2764
2765 // Handle call cache miss.
2766 __ bind(&miss);
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]2767 __ IncrementCounter(counters->call_global_inline_miss(), 1);
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]2768 GenerateMissBranch();
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]2769
2770 // Return the generated code.
jkummerow@chromium.org7a6fc812012-06-27 11:12:38 +0000[diff] [blame]2771 return GetCode(Code::NORMAL, name);
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]2772}
2773
2774
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]2775Handle<Code> StoreStubCompiler::CompileStoreCallback(
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]2776 Handle<Name> name,
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]2777 Handle<JSObject> object,
yangguo@chromium.org355cfd12012-08-29 15:32:24 +0000[diff] [blame]2778 Handle<JSObject> holder,
hpayer@chromium.org7c3372b2013-02-13 17:26:04 +0000[diff] [blame]2779 Handle<ExecutableAccessorInfo> callback) {
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]2780 Label miss, miss_restore_name;
yangguo@chromium.org355cfd12012-08-29 15:32:24 +0000[diff] [blame]2781 // Check that the maps haven't changed, preserving the value register.
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]2782 __ JumpIfSmi(receiver(), &miss);
2783 CheckPrototypes(object, receiver(), holder,
2784 scratch1(), this->name(), scratch2(),
2785 name, &miss_restore_name);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2786
yangguo@chromium.org355cfd12012-08-29 15:32:24 +0000[diff] [blame]2787 // Stub never generated for non-global objects that require access checks.
2788 ASSERT(holder->IsJSGlobalProxy() || !holder->IsAccessCheckNeeded());
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2789
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]2790 __ pop(scratch1()); // remove the return address
2791 __ push(receiver());
2792 __ Push(callback);
2793 __ Push(name);
2794 __ push(value());
2795 __ push(scratch1()); // restore return address
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2796
mads.s.ager31e71382008-08-13 09:32:07 +0000[diff] [blame]2797 // Do tail-call to the runtime system.
2798 ExternalReference store_callback_property =
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]2799 ExternalReference(IC_Utility(IC::kStoreCallbackProperty), isolate());
ager@chromium.orgce5e87b2010-03-10 10:24:18 +0000[diff] [blame]2800 __ TailCallExternalReference(store_callback_property, 4, 1);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2801
2802 // Handle store cache miss.
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]2803 GenerateRestoreName(masm(), &miss_restore_name, name);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2804 __ bind(&miss);
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]2805 TailCallBuiltin(masm(), MissBuiltin(kind()));
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2806
2807 // Return the generated code.
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]2808 return GetICCode(kind(), Code::CALLBACKS, name);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2809}
2810
2811
yangguo@chromium.org46839fb2012-08-28 09:06:19 +0000[diff] [blame]2812#undef __
2813#define __ ACCESS_MASM(masm)
2814
2815
2816void StoreStubCompiler::GenerateStoreViaSetter(
2817 MacroAssembler* masm,
2818 Handle<JSFunction> setter) {
2819 // ----------- S t a t e -------------
2820 // -- eax : value
2821 // -- ecx : name
2822 // -- edx : receiver
2823 // -- esp[0] : return address
2824 // -----------------------------------
2825 {
2826 FrameScope scope(masm, StackFrame::INTERNAL);
2827
2828 // Save value register, so we can restore it later.
2829 __ push(eax);
2830
2831 if (!setter.is_null()) {
2832 // Call the JavaScript setter with receiver and value on the stack.
2833 __ push(edx);
2834 __ push(eax);
2835 ParameterCount actual(1);
ulan@chromium.org32d7dba2013-04-24 10:59:06 +0000[diff] [blame]2836 ParameterCount expected(setter);
2837 __ InvokeFunction(setter, expected, actual,
2838 CALL_FUNCTION, NullCallWrapper(), CALL_AS_METHOD);
yangguo@chromium.org46839fb2012-08-28 09:06:19 +0000[diff] [blame]2839 } else {
2840 // If we generate a global code snippet for deoptimization only, remember
2841 // the place to continue after deoptimization.
2842 masm->isolate()->heap()->SetSetterStubDeoptPCOffset(masm->pc_offset());
2843 }
2844
2845 // We have to return the passed value, not the return value of the setter.
2846 __ pop(eax);
2847
2848 // Restore context register.
2849 __ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
2850 }
2851 __ ret(0);
2852}
2853
2854
2855#undef __
2856#define __ ACCESS_MASM(masm())
2857
2858
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]2859Handle<Code> StoreStubCompiler::CompileStoreInterceptor(
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]2860 Handle<JSObject> object,
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]2861 Handle<Name> name) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2862 Label miss;
2863
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2864 // Check that the map of the object hasn't changed.
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]2865 __ CheckMap(receiver(), Handle<Map>(object->map()),
erik.corry@gmail.comf2038fb2012-01-16 11:42:08 +0000[diff] [blame]2866 &miss, DO_SMI_CHECK, ALLOW_ELEMENT_TRANSITION_MAPS);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2867
2868 // Perform global security token check if needed.
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]2869 if (object->IsJSGlobalProxy()) {
mstarzinger@chromium.orge27d6172013-04-17 11:51:44 +0000[diff] [blame]2870 __ CheckAccessGlobalProxy(receiver(), scratch1(), scratch2(), &miss);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2871 }
2872
2873 // Stub never generated for non-global objects that require access
2874 // checks.
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]2875 ASSERT(object->IsJSGlobalProxy() || !object->IsAccessCheckNeeded());
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2876
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]2877 __ pop(scratch1()); // remove the return address
2878 __ push(receiver());
2879 __ push(this->name());
2880 __ push(value());
2881 __ push(Immediate(Smi::FromInt(strict_mode())));
2882 __ push(scratch1()); // restore return address
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2883
mads.s.ager31e71382008-08-13 09:32:07 +0000[diff] [blame]2884 // Do tail-call to the runtime system.
2885 ExternalReference store_ic_property =
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]2886 ExternalReference(IC_Utility(IC::kStoreInterceptorProperty), isolate());
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]2887 __ TailCallExternalReference(store_ic_property, 4, 1);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2888
2889 // Handle store cache miss.
2890 __ bind(&miss);
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]2891 TailCallBuiltin(masm(), MissBuiltin(kind()));
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2892
2893 // Return the generated code.
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]2894 return GetICCode(kind(), Code::INTERCEPTOR, name);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2895}
2896
2897
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]2898Handle<Code> StoreStubCompiler::CompileStoreGlobal(
2899 Handle<GlobalObject> object,
2900 Handle<JSGlobalPropertyCell> cell,
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]2901 Handle<Name> name) {
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]2902 Label miss;
2903
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]2904 // Check that the map of the global has not changed.
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]2905 __ cmp(FieldOperand(receiver(), HeapObject::kMapOffset),
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]2906 Immediate(Handle<Map>(object->map())));
vegorov@chromium.org7304bca2011-05-16 12:14:13 +0000[diff] [blame]2907 __ j(not_equal, &miss);
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]2908
ager@chromium.org378b34e2011-01-28 08:04:38 +0000[diff] [blame]2909 // Compute the cell operand to use.
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]2910 __ mov(scratch1(), Immediate(cell));
2911 Operand cell_operand =
2912 FieldOperand(scratch1(), JSGlobalPropertyCell::kValueOffset);
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]2913
ager@chromium.org378b34e2011-01-28 08:04:38 +0000[diff] [blame]2914 // Check that the value in the cell is not the hole. If it is, this
2915 // cell could have been deleted and reintroducing the global needs
2916 // to update the property details in the property dictionary of the
2917 // global object. We bail out to the runtime system to do that.
lrn@chromium.org7516f052011-03-30 08:52:27 +0000[diff] [blame]2918 __ cmp(cell_operand, factory()->the_hole_value());
ager@chromium.org378b34e2011-01-28 08:04:38 +0000[diff] [blame]2919 __ j(equal, &miss);
2920
2921 // Store the value in the cell.
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]2922 __ mov(cell_operand, value());
ricow@chromium.org64e3a4b2011-12-13 08:07:27 +0000[diff] [blame]2923 // No write barrier here, because cells are always rescanned.
ager@chromium.org378b34e2011-01-28 08:04:38 +0000[diff] [blame]2924
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]2925 // Return the value (register eax).
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]2926 Counters* counters = isolate()->counters();
2927 __ IncrementCounter(counters->named_store_global_inline(), 1);
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]2928 __ ret(0);
2929
2930 // Handle store cache miss.
2931 __ bind(&miss);
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]2932 __ IncrementCounter(counters->named_store_global_inline_miss(), 1);
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]2933 TailCallBuiltin(masm(), MissBuiltin(kind()));
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]2934
2935 // Return the generated code.
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]2936 return GetICCode(kind(), Code::NORMAL, name);
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]2937}
2938
2939
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]2940Handle<Code> KeyedStoreStubCompiler::CompileStorePolymorphic(
2941 MapHandleList* receiver_maps,
2942 CodeHandleList* handler_stubs,
2943 MapHandleList* transitioned_maps) {
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2944 Label miss;
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]2945 __ JumpIfSmi(receiver(), &miss, Label::kNear);
2946 __ mov(scratch1(), FieldOperand(receiver(), HeapObject::kMapOffset));
rossberg@chromium.orgb4b2aa62011-10-13 09:49:59 +0000[diff] [blame]2947 for (int i = 0; i < receiver_maps->length(); ++i) {
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]2948 __ cmp(scratch1(), receiver_maps->at(i));
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]2949 if (transitioned_maps->at(i).is_null()) {
2950 __ j(equal, handler_stubs->at(i));
rossberg@chromium.orgb4b2aa62011-10-13 09:49:59 +0000[diff] [blame]2951 } else {
2952 Label next_map;
2953 __ j(not_equal, &next_map, Label::kNear);
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]2954 __ mov(transition_map(), Immediate(transitioned_maps->at(i)));
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]2955 __ jmp(handler_stubs->at(i), RelocInfo::CODE_TARGET);
rossberg@chromium.orgb4b2aa62011-10-13 09:49:59 +0000[diff] [blame]2956 __ bind(&next_map);
2957 }
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2958 }
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2959 __ bind(&miss);
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]2960 TailCallBuiltin(masm(), MissBuiltin(kind()));
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2961
2962 // Return the generated code.
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]2963 return GetICCode(
2964 kind(), Code::NORMAL, factory()->empty_string(), POLYMORPHIC);
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2965}
2966
2967
mstarzinger@chromium.orge3b8d0f2013-02-01 09:06:41 +0000[diff] [blame]2968Handle<Code> LoadStubCompiler::CompileLoadNonexistent(
mstarzinger@chromium.orge3b8d0f2013-02-01 09:06:41 +0000[diff] [blame]2969 Handle<JSObject> object,
2970 Handle<JSObject> last,
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]2971 Handle<Name> name,
mstarzinger@chromium.orge3b8d0f2013-02-01 09:06:41 +0000[diff] [blame]2972 Handle<GlobalObject> global) {
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]2973 Label success;
ricow@chromium.orgc9c80822010-04-21 08:22:37 +0000[diff] [blame]2974
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]2975 NonexistentHandlerFrontend(object, last, name, &success, global);
ricow@chromium.orgc9c80822010-04-21 08:22:37 +0000[diff] [blame]2976
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]2977 __ bind(&success);
ricow@chromium.orgc9c80822010-04-21 08:22:37 +0000[diff] [blame]2978 // Return undefined if maps of the full prototype chain are still the
2979 // same and no global property with this name contains a value.
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]2980 __ mov(eax, isolate()->factory()->undefined_value());
ricow@chromium.orgc9c80822010-04-21 08:22:37 +0000[diff] [blame]2981 __ ret(0);
2982
ricow@chromium.orgc9c80822010-04-21 08:22:37 +0000[diff] [blame]2983 // Return the generated code.
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]2984 return GetCode(kind(), Code::NONEXISTENT, name);
ricow@chromium.orgc9c80822010-04-21 08:22:37 +0000[diff] [blame]2985}
2986
kasperl@chromium.orgdefbd102009-07-13 14:04:26 +0000[diff] [blame]2987
danno@chromium.org94b0d6f2013-02-04 13:33:20 +0000[diff] [blame]2988Register* LoadStubCompiler::registers() {
2989 // receiver, name, scratch1, scratch2, scratch3, scratch4.
2990 static Register registers[] = { edx, ecx, ebx, eax, edi, no_reg };
2991 return registers;
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2992}
2993
2994
danno@chromium.org94b0d6f2013-02-04 13:33:20 +0000[diff] [blame]2995Register* KeyedLoadStubCompiler::registers() {
2996 // receiver, name, scratch1, scratch2, scratch3, scratch4.
2997 static Register registers[] = { edx, ecx, ebx, eax, edi, no_reg };
2998 return registers;
2999}
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]3000
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]3001
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]3002Register* StoreStubCompiler::registers() {
3003 // receiver, name, value, scratch1, scratch2, scratch3.
3004 static Register registers[] = { edx, ecx, eax, ebx, edi, no_reg };
3005 return registers;
3006}
3007
3008
3009Register* KeyedStoreStubCompiler::registers() {
3010 // receiver, name, value, scratch1, scratch2, scratch3.
3011 static Register registers[] = { edx, ecx, eax, ebx, edi, no_reg };
3012 return registers;
3013}
3014
3015
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]3016void KeyedLoadStubCompiler::GenerateNameCheck(Handle<Name> name,
danno@chromium.org94b0d6f2013-02-04 13:33:20 +0000[diff] [blame]3017 Register name_reg,
3018 Label* miss) {
3019 __ cmp(name_reg, Immediate(name));
3020 __ j(not_equal, miss);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]3021}
3022
3023
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]3024void KeyedStoreStubCompiler::GenerateNameCheck(Handle<Name> name,
3025 Register name_reg,
3026 Label* miss) {
3027 __ cmp(name_reg, Immediate(name));
3028 __ j(not_equal, miss);
3029}
3030
3031
mstarzinger@chromium.orgde886792012-09-11 13:22:37 +0000[diff] [blame]3032#undef __
3033#define __ ACCESS_MASM(masm)
3034
3035
3036void LoadStubCompiler::GenerateLoadViaGetter(MacroAssembler* masm,
3037 Handle<JSFunction> getter) {
3038 // ----------- S t a t e -------------
3039 // -- ecx : name
3040 // -- edx : receiver
3041 // -- esp[0] : return address
3042 // -----------------------------------
3043 {
3044 FrameScope scope(masm, StackFrame::INTERNAL);
3045
3046 if (!getter.is_null()) {
3047 // Call the JavaScript getter with the receiver on the stack.
3048 __ push(edx);
3049 ParameterCount actual(0);
ulan@chromium.org32d7dba2013-04-24 10:59:06 +0000[diff] [blame]3050 ParameterCount expected(getter);
3051 __ InvokeFunction(getter, expected, actual,
3052 CALL_FUNCTION, NullCallWrapper(), CALL_AS_METHOD);
mstarzinger@chromium.orgde886792012-09-11 13:22:37 +0000[diff] [blame]3053 } else {
3054 // If we generate a global code snippet for deoptimization only, remember
3055 // the place to continue after deoptimization.
3056 masm->isolate()->heap()->SetGetterStubDeoptPCOffset(masm->pc_offset());
3057 }
3058
3059 // Restore context register.
3060 __ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
3061 }
3062 __ ret(0);
3063}
3064
3065
3066#undef __
3067#define __ ACCESS_MASM(masm())
3068
3069
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]3070Handle<Code> LoadStubCompiler::CompileLoadGlobal(
3071 Handle<JSObject> object,
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]3072 Handle<GlobalObject> global,
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]3073 Handle<JSGlobalPropertyCell> cell,
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]3074 Handle<Name> name,
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]3075 bool is_dont_delete) {
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]3076 Label success, miss;
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]3077
yangguo@chromium.org4a9f6552013-03-04 14:46:33 +0000[diff] [blame]3078 __ CheckMap(receiver(), Handle<Map>(object->map()), &miss, DO_SMI_CHECK);
3079 HandlerFrontendHeader(
3080 object, receiver(), Handle<JSObject>::cast(global), name, &miss);
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]3081 // Get the value from the cell.
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]3082 if (Serializer::enabled()) {
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]3083 __ mov(eax, Immediate(cell));
3084 __ mov(eax, FieldOperand(eax, JSGlobalPropertyCell::kValueOffset));
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]3085 } else {
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]3086 __ mov(eax, Operand::Cell(cell));
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]3087 }
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]3088
3089 // Check for deleted property if property can actually be deleted.
3090 if (!is_dont_delete) {
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]3091 __ cmp(eax, factory()->the_hole_value());
vegorov@chromium.org7304bca2011-05-16 12:14:13 +0000[diff] [blame]3092 __ j(equal, &miss);
kasperl@chromium.org68ac0092009-07-09 06:00:35 +0000[diff] [blame]3093 } else if (FLAG_debug_code) {
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]3094 __ cmp(eax, factory()->the_hole_value());
kasperl@chromium.org68ac0092009-07-09 06:00:35 +0000[diff] [blame]3095 __ Check(not_equal, "DontDelete cells can't contain the hole");
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]3096 }
3097
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]3098 HandlerFrontendFooter(&success, &miss);
3099 __ bind(&success);
3100
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]3101 Counters* counters = isolate()->counters();
3102 __ IncrementCounter(counters->named_load_global_stub(), 1);
hpayer@chromium.org8432c912013-02-28 15:55:26 +0000[diff] [blame]3103 // The code above already loads the result into the return register.
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]3104 __ ret(0);
3105
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]3106 // Return the generated code.
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]3107 return GetICCode(kind(), Code::NORMAL, name);
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]3108}
3109
3110
yangguo@chromium.org4a9f6552013-03-04 14:46:33 +0000[diff] [blame]3111Handle<Code> BaseLoadStubCompiler::CompilePolymorphicIC(
erik.corry@gmail.com394dbcf2011-10-27 07:38:48 +0000[diff] [blame]3112 MapHandleList* receiver_maps,
yangguo@chromium.org4a9f6552013-03-04 14:46:33 +0000[diff] [blame]3113 CodeHandleList* handlers,
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]3114 Handle<Name> name,
yangguo@chromium.org4a9f6552013-03-04 14:46:33 +0000[diff] [blame]3115 Code::StubType type,
3116 IcCheckType check) {
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]3117 Label miss;
3118
yangguo@chromium.org4a9f6552013-03-04 14:46:33 +0000[diff] [blame]3119 if (check == PROPERTY) {
3120 GenerateNameCheck(name, this->name(), &miss);
3121 }
3122
3123 __ JumpIfSmi(receiver(), &miss);
3124 Register map_reg = scratch1();
3125 __ mov(map_reg, FieldOperand(receiver(), HeapObject::kMapOffset));
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]3126 int receiver_count = receiver_maps->length();
danno@chromium.orgf005df62013-04-30 16:36:45 +0000[diff] [blame]3127 int number_of_handled_maps = 0;
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]3128 for (int current = 0; current < receiver_count; ++current) {
danno@chromium.orgf005df62013-04-30 16:36:45 +0000[diff] [blame]3129 Handle<Map> map = receiver_maps->at(current);
3130 if (!map->is_deprecated()) {
3131 number_of_handled_maps++;
3132 __ cmp(map_reg, map);
3133 __ j(equal, handlers->at(current));
3134 }
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]3135 }
danno@chromium.orgf005df62013-04-30 16:36:45 +0000[diff] [blame]3136 ASSERT(number_of_handled_maps != 0);
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]3137
3138 __ bind(&miss);
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]3139 TailCallBuiltin(masm(), MissBuiltin(kind()));
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]3140
3141 // Return the generated code.
yangguo@chromium.org4a9f6552013-03-04 14:46:33 +0000[diff] [blame]3142 InlineCacheState state =
danno@chromium.orgf005df62013-04-30 16:36:45 +0000[diff] [blame]3143 number_of_handled_maps > 1 ? POLYMORPHIC : MONOMORPHIC;
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]3144 return GetICCode(kind(), type, name, state);
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]3145}
3146
3147
ager@chromium.org18ad94b2009-09-02 08:22:29 +0000[diff] [blame]3148// Specialized stub for constructing objects from functions which only have only
3149// simple assignments of the form this.x = ...; in their body.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]3150Handle<Code> ConstructStubCompiler::CompileConstructStub(
3151 Handle<JSFunction> function) {
ager@chromium.org18ad94b2009-09-02 08:22:29 +0000[diff] [blame]3152 // ----------- S t a t e -------------
3153 // -- eax : argc
3154 // -- edi : constructor
3155 // -- esp[0] : return address
3156 // -- esp[4] : last argument
3157 // -----------------------------------
3158 Label generic_stub_call;
3159#ifdef ENABLE_DEBUGGER_SUPPORT
3160 // Check to see whether there are any break points in the function code. If
3161 // there are jump to the generic constructor stub which calls the actual
3162 // code for the function thereby hitting the break points.
3163 __ mov(ebx, FieldOperand(edi, JSFunction::kSharedFunctionInfoOffset));
3164 __ mov(ebx, FieldOperand(ebx, SharedFunctionInfo::kDebugInfoOffset));
lrn@chromium.org7516f052011-03-30 08:52:27 +0000[diff] [blame]3165 __ cmp(ebx, factory()->undefined_value());
vegorov@chromium.org7304bca2011-05-16 12:14:13 +0000[diff] [blame]3166 __ j(not_equal, &generic_stub_call);
ager@chromium.org18ad94b2009-09-02 08:22:29 +0000[diff] [blame]3167#endif
3168
3169 // Load the initial map and verify that it is in fact a map.
mvstanton@chromium.orge4ac3ef2012-11-12 14:53:34 +0000[diff] [blame]3170 // edi: constructor
ager@chromium.org18ad94b2009-09-02 08:22:29 +0000[diff] [blame]3171 __ mov(ebx, FieldOperand(edi, JSFunction::kPrototypeOrInitialMapOffset));
3172 // Will both indicate a NULL and a Smi.
whesse@chromium.org7b260152011-06-20 15:33:18 +0000[diff] [blame]3173 __ JumpIfSmi(ebx, &generic_stub_call);
ager@chromium.org18ad94b2009-09-02 08:22:29 +0000[diff] [blame]3174 __ CmpObjectType(ebx, MAP_TYPE, ecx);
3175 __ j(not_equal, &generic_stub_call);
3176
3177#ifdef DEBUG
3178 // Cannot construct functions this way.
ager@chromium.org18ad94b2009-09-02 08:22:29 +0000[diff] [blame]3179 // ebx: initial map
3180 __ CmpInstanceType(ebx, JS_FUNCTION_TYPE);
mvstanton@chromium.orge4ac3ef2012-11-12 14:53:34 +0000[diff] [blame]3181 __ Check(not_equal, "Function constructed by construct stub.");
ager@chromium.org18ad94b2009-09-02 08:22:29 +0000[diff] [blame]3182#endif
3183
3184 // Now allocate the JSObject on the heap by moving the new space allocation
3185 // top forward.
ager@chromium.org18ad94b2009-09-02 08:22:29 +0000[diff] [blame]3186 // ebx: initial map
mvstanton@chromium.orge4ac3ef2012-11-12 14:53:34 +0000[diff] [blame]3187 ASSERT(function->has_initial_map());
3188 int instance_size = function->initial_map()->instance_size();
3189#ifdef DEBUG
ager@chromium.org18ad94b2009-09-02 08:22:29 +0000[diff] [blame]3190 __ movzx_b(ecx, FieldOperand(ebx, Map::kInstanceSizeOffset));
3191 __ shl(ecx, kPointerSizeLog2);
mvstanton@chromium.orge4ac3ef2012-11-12 14:53:34 +0000[diff] [blame]3192 __ cmp(ecx, Immediate(instance_size));
3193 __ Check(equal, "Instance size of initial map changed.");
3194#endif
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]3195 __ Allocate(instance_size, edx, ecx, no_reg, &generic_stub_call,
3196 NO_ALLOCATION_FLAGS);
ager@chromium.org18ad94b2009-09-02 08:22:29 +0000[diff] [blame]3197
3198 // Allocated the JSObject, now initialize the fields and add the heap tag.
3199 // ebx: initial map
3200 // edx: JSObject (untagged)
3201 __ mov(Operand(edx, JSObject::kMapOffset), ebx);
lrn@chromium.org7516f052011-03-30 08:52:27 +0000[diff] [blame]3202 __ mov(ebx, factory()->empty_fixed_array());
ager@chromium.org18ad94b2009-09-02 08:22:29 +0000[diff] [blame]3203 __ mov(Operand(edx, JSObject::kPropertiesOffset), ebx);
3204 __ mov(Operand(edx, JSObject::kElementsOffset), ebx);
3205
3206 // Push the allocated object to the stack. This is the object that will be
3207 // returned (after it is tagged).
3208 __ push(edx);
3209
3210 // eax: argc
3211 // edx: JSObject (untagged)
3212 // Load the address of the first in-object property into edx.
3213 __ lea(edx, Operand(edx, JSObject::kHeaderSize));
3214 // Calculate the location of the first argument. The stack contains the
3215 // allocated object and the return address on top of the argc arguments.
3216 __ lea(ecx, Operand(esp, eax, times_4, 1 * kPointerSize));
3217
3218 // Use edi for holding undefined which is used in several places below.
lrn@chromium.org7516f052011-03-30 08:52:27 +0000[diff] [blame]3219 __ mov(edi, factory()->undefined_value());
ager@chromium.org18ad94b2009-09-02 08:22:29 +0000[diff] [blame]3220
3221 // eax: argc
3222 // ecx: first argument
3223 // edx: first in-object property of the JSObject
3224 // edi: undefined
3225 // Fill the initialized properties with a constant value or a passed argument
3226 // depending on the this.x = ...; assignment in the function.
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]3227 Handle<SharedFunctionInfo> shared(function->shared());
ager@chromium.org18ad94b2009-09-02 08:22:29 +0000[diff] [blame]3228 for (int i = 0; i < shared->this_property_assignments_count(); i++) {
3229 if (shared->IsThisPropertyAssignmentArgument(i)) {
ager@chromium.org18ad94b2009-09-02 08:22:29 +0000[diff] [blame]3230 // Check if the argument assigned to the property is actually passed.
fschneider@chromium.org0c20e672010-01-14 15:28:53 +0000[diff] [blame]3231 // If argument is not passed the property is set to undefined,
3232 // otherwise find it on the stack.
ager@chromium.org18ad94b2009-09-02 08:22:29 +0000[diff] [blame]3233 int arg_number = shared->GetThisPropertyAssignmentArgument(i);
fschneider@chromium.org0c20e672010-01-14 15:28:53 +0000[diff] [blame]3234 __ mov(ebx, edi);
ager@chromium.org18ad94b2009-09-02 08:22:29 +0000[diff] [blame]3235 __ cmp(eax, arg_number);
kmillikin@chromium.orgc36ce6e2011-04-04 08:25:31 +0000[diff] [blame]3236 if (CpuFeatures::IsSupported(CMOV)) {
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]3237 CpuFeatureScope use_cmov(masm(), CMOV);
fschneider@chromium.org0c20e672010-01-14 15:28:53 +0000[diff] [blame]3238 __ cmov(above, ebx, Operand(ecx, arg_number * -kPointerSize));
3239 } else {
3240 Label not_passed;
3241 __ j(below_equal, &not_passed);
3242 __ mov(ebx, Operand(ecx, arg_number * -kPointerSize));
3243 __ bind(&not_passed);
3244 }
3245 // Store value in the property.
ager@chromium.org18ad94b2009-09-02 08:22:29 +0000[diff] [blame]3246 __ mov(Operand(edx, i * kPointerSize), ebx);
ager@chromium.org18ad94b2009-09-02 08:22:29 +0000[diff] [blame]3247 } else {
3248 // Set the property to the constant value.
ulan@chromium.org09d7ab52013-02-25 15:50:35 +0000[diff] [blame]3249 Handle<Object> constant(shared->GetThisPropertyAssignmentConstant(i),
3250 isolate());
ager@chromium.org18ad94b2009-09-02 08:22:29 +0000[diff] [blame]3251 __ mov(Operand(edx, i * kPointerSize), Immediate(constant));
3252 }
3253 }
3254
3255 // Fill the unused in-object property fields with undefined.
3256 for (int i = shared->this_property_assignments_count();
ager@chromium.orgbeb25712010-11-29 08:02:25 +0000[diff] [blame]3257 i < function->initial_map()->inobject_properties();
ager@chromium.org18ad94b2009-09-02 08:22:29 +0000[diff] [blame]3258 i++) {
3259 __ mov(Operand(edx, i * kPointerSize), edi);
3260 }
3261
3262 // Move argc to ebx and retrieve and tag the JSObject to return.
3263 __ mov(ebx, eax);
3264 __ pop(eax);
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]3265 __ or_(eax, Immediate(kHeapObjectTag));
ager@chromium.org18ad94b2009-09-02 08:22:29 +0000[diff] [blame]3266
3267 // Remove caller arguments and receiver from the stack and return.
3268 __ pop(ecx);
3269 __ lea(esp, Operand(esp, ebx, times_pointer_size, 1 * kPointerSize));
3270 __ push(ecx);
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]3271 Counters* counters = isolate()->counters();
3272 __ IncrementCounter(counters->constructed_objects(), 1);
3273 __ IncrementCounter(counters->constructed_objects_stub(), 1);
ager@chromium.org18ad94b2009-09-02 08:22:29 +0000[diff] [blame]3274 __ ret(0);
3275
3276 // Jump to the generic stub in case the specialized code cannot handle the
3277 // construction.
3278 __ bind(&generic_stub_call);
jkummerow@chromium.orgc3b37122011-11-07 10:14:12 +0000[diff] [blame]3279 Handle<Code> code = isolate()->builtins()->JSConstructStubGeneric();
3280 __ jmp(code, RelocInfo::CODE_TARGET);
ager@chromium.org18ad94b2009-09-02 08:22:29 +0000[diff] [blame]3281
3282 // Return the generated code.
3283 return GetCode();
3284}
3285
3286
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]3287#undef __
3288#define __ ACCESS_MASM(masm)
3289
3290
sgjesse@chromium.org6db88712011-07-11 11:41:22 +0000[diff] [blame]3291void KeyedLoadStubCompiler::GenerateLoadDictionaryElement(
3292 MacroAssembler* masm) {
3293 // ----------- S t a t e -------------
danno@chromium.org1044a4d2012-04-30 12:34:39 +0000[diff] [blame]3294 // -- ecx : key
sgjesse@chromium.org6db88712011-07-11 11:41:22 +0000[diff] [blame]3295 // -- edx : receiver
3296 // -- esp[0] : return address
3297 // -----------------------------------
3298 Label slow, miss_force_generic;
3299
3300 // This stub is meant to be tail-jumped to, the receiver must already
3301 // have been verified by the caller to not be a smi.
danno@chromium.org1044a4d2012-04-30 12:34:39 +0000[diff] [blame]3302 __ JumpIfNotSmi(ecx, &miss_force_generic);
3303 __ mov(ebx, ecx);
sgjesse@chromium.org6db88712011-07-11 11:41:22 +0000[diff] [blame]3304 __ SmiUntag(ebx);
danno@chromium.org1044a4d2012-04-30 12:34:39 +0000[diff] [blame]3305 __ mov(eax, FieldOperand(edx, JSObject::kElementsOffset));
sgjesse@chromium.org6db88712011-07-11 11:41:22 +0000[diff] [blame]3306
3307 // Push receiver on the stack to free up a register for the dictionary
3308 // probing.
3309 __ push(edx);
danno@chromium.org1044a4d2012-04-30 12:34:39 +0000[diff] [blame]3310 __ LoadFromNumberDictionary(&slow, eax, ecx, ebx, edx, edi, eax);
sgjesse@chromium.org6db88712011-07-11 11:41:22 +0000[diff] [blame]3311 // Pop receiver before returning.
3312 __ pop(edx);
3313 __ ret(0);
3314
3315 __ bind(&slow);
3316 __ pop(edx);
3317
3318 // ----------- S t a t e -------------
sgjesse@chromium.org6db88712011-07-11 11:41:22 +0000[diff] [blame]3319 // -- ecx : key
3320 // -- edx : receiver
3321 // -- esp[0] : return address
3322 // -----------------------------------
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]3323 TailCallBuiltin(masm, Builtins::kKeyedLoadIC_Slow);
sgjesse@chromium.org6db88712011-07-11 11:41:22 +0000[diff] [blame]3324
3325 __ bind(&miss_force_generic);
3326 // ----------- S t a t e -------------
sgjesse@chromium.org6db88712011-07-11 11:41:22 +0000[diff] [blame]3327 // -- ecx : key
3328 // -- edx : receiver
3329 // -- esp[0] : return address
3330 // -----------------------------------
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]3331 TailCallBuiltin(masm, Builtins::kKeyedLoadIC_MissForceGeneric);
sgjesse@chromium.org6db88712011-07-11 11:41:22 +0000[diff] [blame]3332}
3333
3334
jkummerow@chromium.org28faa982012-04-13 09:58:30 +0000[diff] [blame]3335static void GenerateSmiKeyCheck(MacroAssembler* masm,
3336 Register key,
3337 Register scratch,
3338 XMMRegister xmm_scratch0,
3339 XMMRegister xmm_scratch1,
3340 Label* fail) {
3341 // Check that key is a smi and if SSE2 is available a heap number
3342 // containing a smi and branch if the check fails.
3343 if (CpuFeatures::IsSupported(SSE2)) {
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]3344 CpuFeatureScope use_sse2(masm, SSE2);
jkummerow@chromium.org28faa982012-04-13 09:58:30 +0000[diff] [blame]3345 Label key_ok;
3346 __ JumpIfSmi(key, &key_ok);
3347 __ cmp(FieldOperand(key, HeapObject::kMapOffset),
3348 Immediate(Handle<Map>(masm->isolate()->heap()->heap_number_map())));
3349 __ j(not_equal, fail);
3350 __ movdbl(xmm_scratch0, FieldOperand(key, HeapNumber::kValueOffset));
3351 __ cvttsd2si(scratch, Operand(xmm_scratch0));
3352 __ cvtsi2sd(xmm_scratch1, scratch);
3353 __ ucomisd(xmm_scratch1, xmm_scratch0);
3354 __ j(not_equal, fail);
3355 __ j(parity_even, fail); // NaN.
3356 // Check if the key fits in the smi range.
3357 __ cmp(scratch, 0xc0000000);
3358 __ j(sign, fail);
3359 __ SmiTag(scratch);
3360 __ mov(key, scratch);
3361 __ bind(&key_ok);
3362 } else {
3363 __ JumpIfNotSmi(key, fail);
3364 }
3365}
3366
3367
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]3368void KeyedStoreStubCompiler::GenerateStoreExternalArray(
3369 MacroAssembler* masm,
kmillikin@chromium.org83e16822011-09-13 08:21:47 +0000[diff] [blame]3370 ElementsKind elements_kind) {
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]3371 // ----------- S t a t e -------------
jkummerow@chromium.org28faa982012-04-13 09:58:30 +0000[diff] [blame]3372 // -- eax : value
3373 // -- ecx : key
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]3374 // -- edx : receiver
3375 // -- esp[0] : return address
3376 // -----------------------------------
3377 Label miss_force_generic, slow, check_heap_number;
3378
3379 // This stub is meant to be tail-jumped to, the receiver must already
3380 // have been verified by the caller to not be a smi.
danno@chromium.org4d3fe4e2011-03-10 10:14:28 +0000[diff] [blame]3381
jkummerow@chromium.org28faa982012-04-13 09:58:30 +0000[diff] [blame]3382 // Check that the key is a smi or a heap number convertible to a smi.
3383 GenerateSmiKeyCheck(masm, ecx, ebx, xmm0, xmm1, &miss_force_generic);
vegorov@chromium.org0a4e9012011-01-24 12:33:13 +0000[diff] [blame]3384
3385 // Check that the index is in range.
danno@chromium.org4d3fe4e2011-03-10 10:14:28 +0000[diff] [blame]3386 __ mov(edi, FieldOperand(edx, JSObject::kElementsOffset));
whesse@chromium.org4acdc2c2011-08-15 13:01:23 +0000[diff] [blame]3387 __ cmp(ecx, FieldOperand(edi, ExternalArray::kLengthOffset));
vegorov@chromium.org0a4e9012011-01-24 12:33:13 +0000[diff] [blame]3388 // Unsigned comparison catches both negative and too-large values.
3389 __ j(above_equal, &slow);
3390
3391 // Handle both smis and HeapNumbers in the fast path. Go to the
3392 // runtime for all other kinds of values.
3393 // eax: value
3394 // edx: receiver
3395 // ecx: key
3396 // edi: elements array
kmillikin@chromium.org83e16822011-09-13 08:21:47 +0000[diff] [blame]3397 if (elements_kind == EXTERNAL_PIXEL_ELEMENTS) {
whesse@chromium.org7b260152011-06-20 15:33:18 +0000[diff] [blame]3398 __ JumpIfNotSmi(eax, &slow);
3399 } else {
3400 __ JumpIfNotSmi(eax, &check_heap_number);
3401 }
danno@chromium.org4d3fe4e2011-03-10 10:14:28 +0000[diff] [blame]3402
vegorov@chromium.org0a4e9012011-01-24 12:33:13 +0000[diff] [blame]3403 // smi case
whesse@chromium.org4acdc2c2011-08-15 13:01:23 +0000[diff] [blame]3404 __ mov(ebx, eax); // Preserve the value in eax as the return value.
3405 __ SmiUntag(ebx);
vegorov@chromium.org0a4e9012011-01-24 12:33:13 +0000[diff] [blame]3406 __ mov(edi, FieldOperand(edi, ExternalArray::kExternalPointerOffset));
whesse@chromium.org4acdc2c2011-08-15 13:01:23 +0000[diff] [blame]3407 // edi: base pointer of external storage
svenpanne@chromium.org6d786c92011-06-15 10:58:27 +0000[diff] [blame]3408 switch (elements_kind) {
kmillikin@chromium.org83e16822011-09-13 08:21:47 +0000[diff] [blame]3409 case EXTERNAL_PIXEL_ELEMENTS:
whesse@chromium.org4acdc2c2011-08-15 13:01:23 +0000[diff] [blame]3410 __ ClampUint8(ebx);
3411 __ SmiUntag(ecx);
3412 __ mov_b(Operand(edi, ecx, times_1, 0), ebx);
danno@chromium.org4d3fe4e2011-03-10 10:14:28 +0000[diff] [blame]3413 break;
kmillikin@chromium.org83e16822011-09-13 08:21:47 +0000[diff] [blame]3414 case EXTERNAL_BYTE_ELEMENTS:
3415 case EXTERNAL_UNSIGNED_BYTE_ELEMENTS:
whesse@chromium.org4acdc2c2011-08-15 13:01:23 +0000[diff] [blame]3416 __ SmiUntag(ecx);
3417 __ mov_b(Operand(edi, ecx, times_1, 0), ebx);
vegorov@chromium.org0a4e9012011-01-24 12:33:13 +0000[diff] [blame]3418 break;
kmillikin@chromium.org83e16822011-09-13 08:21:47 +0000[diff] [blame]3419 case EXTERNAL_SHORT_ELEMENTS:
3420 case EXTERNAL_UNSIGNED_SHORT_ELEMENTS:
whesse@chromium.org4acdc2c2011-08-15 13:01:23 +0000[diff] [blame]3421 __ mov_w(Operand(edi, ecx, times_1, 0), ebx);
vegorov@chromium.org0a4e9012011-01-24 12:33:13 +0000[diff] [blame]3422 break;
kmillikin@chromium.org83e16822011-09-13 08:21:47 +0000[diff] [blame]3423 case EXTERNAL_INT_ELEMENTS:
3424 case EXTERNAL_UNSIGNED_INT_ELEMENTS:
whesse@chromium.org4acdc2c2011-08-15 13:01:23 +0000[diff] [blame]3425 __ mov(Operand(edi, ecx, times_2, 0), ebx);
vegorov@chromium.org0a4e9012011-01-24 12:33:13 +0000[diff] [blame]3426 break;
kmillikin@chromium.org83e16822011-09-13 08:21:47 +0000[diff] [blame]3427 case EXTERNAL_FLOAT_ELEMENTS:
3428 case EXTERNAL_DOUBLE_ELEMENTS:
vegorov@chromium.org0a4e9012011-01-24 12:33:13 +0000[diff] [blame]3429 // Need to perform int-to-float conversion.
whesse@chromium.org4acdc2c2011-08-15 13:01:23 +0000[diff] [blame]3430 __ push(ebx);
vegorov@chromium.org0a4e9012011-01-24 12:33:13 +0000[diff] [blame]3431 __ fild_s(Operand(esp, 0));
whesse@chromium.org4acdc2c2011-08-15 13:01:23 +0000[diff] [blame]3432 __ pop(ebx);
kmillikin@chromium.org83e16822011-09-13 08:21:47 +0000[diff] [blame]3433 if (elements_kind == EXTERNAL_FLOAT_ELEMENTS) {
whesse@chromium.org4acdc2c2011-08-15 13:01:23 +0000[diff] [blame]3434 __ fstp_s(Operand(edi, ecx, times_2, 0));
kmillikin@chromium.org83e16822011-09-13 08:21:47 +0000[diff] [blame]3435 } else { // elements_kind == EXTERNAL_DOUBLE_ELEMENTS.
whesse@chromium.org4acdc2c2011-08-15 13:01:23 +0000[diff] [blame]3436 __ fstp_d(Operand(edi, ecx, times_4, 0));
erik.corry@gmail.com3847bd52011-04-27 10:38:56 +0000[diff] [blame]3437 }
vegorov@chromium.org0a4e9012011-01-24 12:33:13 +0000[diff] [blame]3438 break;
3439 default:
3440 UNREACHABLE();
3441 break;
3442 }
3443 __ ret(0); // Return the original value.
3444
danno@chromium.org4d3fe4e2011-03-10 10:14:28 +0000[diff] [blame]3445 // TODO(danno): handle heap number -> pixel array conversion
kmillikin@chromium.org83e16822011-09-13 08:21:47 +0000[diff] [blame]3446 if (elements_kind != EXTERNAL_PIXEL_ELEMENTS) {
danno@chromium.org4d3fe4e2011-03-10 10:14:28 +0000[diff] [blame]3447 __ bind(&check_heap_number);
3448 // eax: value
3449 // edx: receiver
3450 // ecx: key
3451 // edi: elements array
danno@chromium.org4d3fe4e2011-03-10 10:14:28 +0000[diff] [blame]3452 __ cmp(FieldOperand(eax, HeapObject::kMapOffset),
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]3453 Immediate(masm->isolate()->factory()->heap_number_map()));
danno@chromium.org4d3fe4e2011-03-10 10:14:28 +0000[diff] [blame]3454 __ j(not_equal, &slow);
vegorov@chromium.org0a4e9012011-01-24 12:33:13 +0000[diff] [blame]3455
danno@chromium.org4d3fe4e2011-03-10 10:14:28 +0000[diff] [blame]3456 // The WebGL specification leaves the behavior of storing NaN and
3457 // +/-Infinity into integer arrays basically undefined. For more
3458 // reproducible behavior, convert these to zero.
3459 __ mov(edi, FieldOperand(edi, ExternalArray::kExternalPointerOffset));
danno@chromium.org4d3fe4e2011-03-10 10:14:28 +0000[diff] [blame]3460 // edi: base pointer of external storage
kmillikin@chromium.org83e16822011-09-13 08:21:47 +0000[diff] [blame]3461 if (elements_kind == EXTERNAL_FLOAT_ELEMENTS) {
danno@chromium.org4d3fe4e2011-03-10 10:14:28 +0000[diff] [blame]3462 __ fld_d(FieldOperand(eax, HeapNumber::kValueOffset));
whesse@chromium.org4acdc2c2011-08-15 13:01:23 +0000[diff] [blame]3463 __ fstp_s(Operand(edi, ecx, times_2, 0));
danno@chromium.org4d3fe4e2011-03-10 10:14:28 +0000[diff] [blame]3464 __ ret(0);
kmillikin@chromium.org83e16822011-09-13 08:21:47 +0000[diff] [blame]3465 } else if (elements_kind == EXTERNAL_DOUBLE_ELEMENTS) {
erik.corry@gmail.com3847bd52011-04-27 10:38:56 +0000[diff] [blame]3466 __ fld_d(FieldOperand(eax, HeapNumber::kValueOffset));
whesse@chromium.org4acdc2c2011-08-15 13:01:23 +0000[diff] [blame]3467 __ fstp_d(Operand(edi, ecx, times_4, 0));
erik.corry@gmail.com3847bd52011-04-27 10:38:56 +0000[diff] [blame]3468 __ ret(0);
danno@chromium.org4d3fe4e2011-03-10 10:14:28 +0000[diff] [blame]3469 } else {
3470 // Perform float-to-int conversion with truncation (round-to-zero)
3471 // behavior.
vegorov@chromium.org0a4e9012011-01-24 12:33:13 +0000[diff] [blame]3472
danno@chromium.org4d3fe4e2011-03-10 10:14:28 +0000[diff] [blame]3473 // For the moment we make the slow call to the runtime on
3474 // processors that don't support SSE2. The code in IntegerConvert
3475 // (code-stubs-ia32.cc) is roughly what is needed here though the
3476 // conversion failure case does not need to be handled.
kmillikin@chromium.orgc36ce6e2011-04-04 08:25:31 +0000[diff] [blame]3477 if (CpuFeatures::IsSupported(SSE2)) {
danno@chromium.org2c26cb12012-05-03 09:06:43 +0000[diff] [blame]3478 if ((elements_kind == EXTERNAL_INT_ELEMENTS ||
3479 elements_kind == EXTERNAL_UNSIGNED_INT_ELEMENTS) &&
3480 CpuFeatures::IsSupported(SSE3)) {
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]3481 CpuFeatureScope scope(masm, SSE3);
danno@chromium.org2c26cb12012-05-03 09:06:43 +0000[diff] [blame]3482 // fisttp stores values as signed integers. To represent the
3483 // entire range of int and unsigned int arrays, store as a
3484 // 64-bit int and discard the high 32 bits.
3485 __ fld_d(FieldOperand(eax, HeapNumber::kValueOffset));
3486 __ sub(esp, Immediate(2 * kPointerSize));
3487 __ fisttp_d(Operand(esp, 0));
3488
3489 // If conversion failed (NaN, infinity, or a number outside
3490 // signed int64 range), the result is 0x8000000000000000, and
3491 // we must handle this case in the runtime.
3492 Label ok;
3493 __ cmp(Operand(esp, kPointerSize), Immediate(0x80000000u));
3494 __ j(not_equal, &ok);
3495 __ cmp(Operand(esp, 0), Immediate(0));
3496 __ j(not_equal, &ok);
3497 __ add(esp, Immediate(2 * kPointerSize)); // Restore the stack.
3498 __ jmp(&slow);
3499
3500 __ bind(&ok);
3501 __ pop(ebx);
3502 __ add(esp, Immediate(kPointerSize));
3503 __ mov(Operand(edi, ecx, times_2, 0), ebx);
3504 } else {
kmillikin@chromium.orgc36ce6e2011-04-04 08:25:31 +0000[diff] [blame]3505 ASSERT(CpuFeatures::IsSupported(SSE2));
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]3506 CpuFeatureScope scope(masm, SSE2);
whesse@chromium.org4acdc2c2011-08-15 13:01:23 +0000[diff] [blame]3507 __ cvttsd2si(ebx, FieldOperand(eax, HeapNumber::kValueOffset));
danno@chromium.org2c26cb12012-05-03 09:06:43 +0000[diff] [blame]3508 __ cmp(ebx, 0x80000000u);
3509 __ j(equal, &slow);
3510 // ebx: untagged integer value
svenpanne@chromium.org6d786c92011-06-15 10:58:27 +0000[diff] [blame]3511 switch (elements_kind) {
kmillikin@chromium.org83e16822011-09-13 08:21:47 +0000[diff] [blame]3512 case EXTERNAL_PIXEL_ELEMENTS:
whesse@chromium.org4acdc2c2011-08-15 13:01:23 +0000[diff] [blame]3513 __ ClampUint8(ebx);
3514 // Fall through.
kmillikin@chromium.org83e16822011-09-13 08:21:47 +0000[diff] [blame]3515 case EXTERNAL_BYTE_ELEMENTS:
3516 case EXTERNAL_UNSIGNED_BYTE_ELEMENTS:
whesse@chromium.org4acdc2c2011-08-15 13:01:23 +0000[diff] [blame]3517 __ SmiUntag(ecx);
3518 __ mov_b(Operand(edi, ecx, times_1, 0), ebx);
danno@chromium.org4d3fe4e2011-03-10 10:14:28 +0000[diff] [blame]3519 break;
kmillikin@chromium.org83e16822011-09-13 08:21:47 +0000[diff] [blame]3520 case EXTERNAL_SHORT_ELEMENTS:
3521 case EXTERNAL_UNSIGNED_SHORT_ELEMENTS:
whesse@chromium.org4acdc2c2011-08-15 13:01:23 +0000[diff] [blame]3522 __ mov_w(Operand(edi, ecx, times_1, 0), ebx);
danno@chromium.org4d3fe4e2011-03-10 10:14:28 +0000[diff] [blame]3523 break;
danno@chromium.org2c26cb12012-05-03 09:06:43 +0000[diff] [blame]3524 case EXTERNAL_INT_ELEMENTS:
3525 case EXTERNAL_UNSIGNED_INT_ELEMENTS:
3526 __ mov(Operand(edi, ecx, times_2, 0), ebx);
3527 break;
danno@chromium.org4d3fe4e2011-03-10 10:14:28 +0000[diff] [blame]3528 default:
3529 UNREACHABLE();
3530 break;
3531 }
vegorov@chromium.org0a4e9012011-01-24 12:33:13 +0000[diff] [blame]3532 }
danno@chromium.org4d3fe4e2011-03-10 10:14:28 +0000[diff] [blame]3533 __ ret(0); // Return original value.
vegorov@chromium.org0a4e9012011-01-24 12:33:13 +0000[diff] [blame]3534 }
vegorov@chromium.org0a4e9012011-01-24 12:33:13 +0000[diff] [blame]3535 }
3536 }
3537
3538 // Slow case: call runtime.
3539 __ bind(&slow);
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]3540 Counters* counters = masm->isolate()->counters();
3541 __ IncrementCounter(counters->keyed_store_external_array_slow(), 1);
3542
vegorov@chromium.org0a4e9012011-01-24 12:33:13 +0000[diff] [blame]3543 // ----------- S t a t e -------------
3544 // -- eax : value
3545 // -- ecx : key
3546 // -- edx : receiver
3547 // -- esp[0] : return address
3548 // -----------------------------------
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]3549 TailCallBuiltin(masm, Builtins::kKeyedStoreIC_Slow);
vegorov@chromium.org0a4e9012011-01-24 12:33:13 +0000[diff] [blame]3550
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]3551 // ----------- S t a t e -------------
3552 // -- eax : value
3553 // -- ecx : key
3554 // -- edx : receiver
3555 // -- esp[0] : return address
3556 // -----------------------------------
vegorov@chromium.org0a4e9012011-01-24 12:33:13 +0000[diff] [blame]3557
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]3558 __ bind(&miss_force_generic);
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]3559 TailCallBuiltin(masm, Builtins::kKeyedStoreIC_MissForceGeneric);
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]3560}
3561
3562
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]3563void KeyedStoreStubCompiler::GenerateStoreFastElement(
3564 MacroAssembler* masm,
3565 bool is_js_array,
ulan@chromium.org65a89c22012-02-14 11:46:07 +0000[diff] [blame]3566 ElementsKind elements_kind,
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]3567 KeyedAccessStoreMode store_mode) {
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]3568 // ----------- S t a t e -------------
sgjesse@chromium.org6db88712011-07-11 11:41:22 +0000[diff] [blame]3569 // -- eax : value
3570 // -- ecx : key
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]3571 // -- edx : receiver
3572 // -- esp[0] : return address
3573 // -----------------------------------
ulan@chromium.org65a89c22012-02-14 11:46:07 +0000[diff] [blame]3574 Label miss_force_generic, grow, slow, transition_elements_kind;
3575 Label check_capacity, prepare_slow, finish_store, commit_backing_store;
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]3576
3577 // This stub is meant to be tail-jumped to, the receiver must already
3578 // have been verified by the caller to not be a smi.
3579
jkummerow@chromium.org28faa982012-04-13 09:58:30 +0000[diff] [blame]3580 // Check that the key is a smi or a heap number convertible to a smi.
3581 GenerateSmiKeyCheck(masm, ecx, ebx, xmm0, xmm1, &miss_force_generic);
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]3582
svenpanne@chromium.org830d30c2012-05-29 13:20:14 +0000[diff] [blame]3583 if (IsFastSmiElementsKind(elements_kind)) {
ulan@chromium.org65a89c22012-02-14 11:46:07 +0000[diff] [blame]3584 __ JumpIfNotSmi(eax, &transition_elements_kind);
3585 }
3586
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]3587 // Get the elements array and make sure it is a fast element array, not 'cow'.
3588 __ mov(edi, FieldOperand(edx, JSObject::kElementsOffset));
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]3589 if (is_js_array) {
3590 // Check that the key is within bounds.
3591 __ cmp(ecx, FieldOperand(edx, JSArray::kLengthOffset)); // smis.
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]3592 if (IsGrowStoreMode(store_mode)) {
ulan@chromium.org65a89c22012-02-14 11:46:07 +0000[diff] [blame]3593 __ j(above_equal, &grow);
3594 } else {
3595 __ j(above_equal, &miss_force_generic);
3596 }
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]3597 } else {
3598 // Check that the key is within bounds.
3599 __ cmp(ecx, FieldOperand(edi, FixedArray::kLengthOffset)); // smis.
3600 __ j(above_equal, &miss_force_generic);
3601 }
3602
ulan@chromium.org65a89c22012-02-14 11:46:07 +0000[diff] [blame]3603 __ cmp(FieldOperand(edi, HeapObject::kMapOffset),
3604 Immediate(masm->isolate()->factory()->fixed_array_map()));
3605 __ j(not_equal, &miss_force_generic);
3606
3607 __ bind(&finish_store);
svenpanne@chromium.org830d30c2012-05-29 13:20:14 +0000[diff] [blame]3608 if (IsFastSmiElementsKind(elements_kind)) {
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]3609 // ecx is a smi, use times_half_pointer_size instead of
3610 // times_pointer_size
3611 __ mov(FieldOperand(edi,
3612 ecx,
3613 times_half_pointer_size,
3614 FixedArray::kHeaderSize), eax);
3615 } else {
svenpanne@chromium.org830d30c2012-05-29 13:20:14 +0000[diff] [blame]3616 ASSERT(IsFastObjectElementsKind(elements_kind));
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]3617 // Do the store and update the write barrier.
3618 // ecx is a smi, use times_half_pointer_size instead of
3619 // times_pointer_size
3620 __ lea(ecx, FieldOperand(edi,
3621 ecx,
3622 times_half_pointer_size,
3623 FixedArray::kHeaderSize));
3624 __ mov(Operand(ecx, 0), eax);
3625 // Make sure to preserve the value in register eax.
ulan@chromium.org65a89c22012-02-14 11:46:07 +0000[diff] [blame]3626 __ mov(ebx, eax);
3627 __ RecordWrite(edi, ecx, ebx, kDontSaveFPRegs);
erik.corry@gmail.comc3b670f2011-10-05 21:44:48 +0000[diff] [blame]3628 }
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]3629
3630 // Done.
3631 __ ret(0);
3632
3633 // Handle store cache miss, replacing the ic with the generic stub.
3634 __ bind(&miss_force_generic);
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]3635 TailCallBuiltin(masm, Builtins::kKeyedStoreIC_MissForceGeneric);
rossberg@chromium.orgb4b2aa62011-10-13 09:49:59 +0000[diff] [blame]3636
3637 // Handle transition to other elements kinds without using the generic stub.
3638 __ bind(&transition_elements_kind);
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]3639 TailCallBuiltin(masm, Builtins::kKeyedStoreIC_Miss);
ulan@chromium.org65a89c22012-02-14 11:46:07 +0000[diff] [blame]3640
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]3641 if (is_js_array && IsGrowStoreMode(store_mode)) {
ulan@chromium.org65a89c22012-02-14 11:46:07 +0000[diff] [blame]3642 // Handle transition requiring the array to grow.
3643 __ bind(&grow);
3644
3645 // Make sure the array is only growing by a single element, anything else
3646 // must be handled by the runtime. Flags are already set by previous
3647 // compare.
3648 __ j(not_equal, &miss_force_generic);
3649
3650 // Check for the empty array, and preallocate a small backing store if
3651 // possible.
3652 __ mov(edi, FieldOperand(edx, JSObject::kElementsOffset));
3653 __ cmp(edi, Immediate(masm->isolate()->factory()->empty_fixed_array()));
3654 __ j(not_equal, &check_capacity);
3655
3656 int size = FixedArray::SizeFor(JSArray::kPreallocatedArrayElements);
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]3657 __ Allocate(size, edi, ebx, ecx, &prepare_slow, TAG_OBJECT);
ulan@chromium.org65a89c22012-02-14 11:46:07 +0000[diff] [blame]3658 // Restore the key, which is known to be the array length.
3659
3660 // eax: value
3661 // ecx: key
3662 // edx: receiver
3663 // edi: elements
3664 // Make sure that the backing store can hold additional elements.
3665 __ mov(FieldOperand(edi, JSObject::kMapOffset),
3666 Immediate(masm->isolate()->factory()->fixed_array_map()));
3667 __ mov(FieldOperand(edi, FixedArray::kLengthOffset),
3668 Immediate(Smi::FromInt(JSArray::kPreallocatedArrayElements)));
3669 __ mov(ebx, Immediate(masm->isolate()->factory()->the_hole_value()));
3670 for (int i = 1; i < JSArray::kPreallocatedArrayElements; ++i) {
3671 __ mov(FieldOperand(edi, FixedArray::SizeFor(i)), ebx);
3672 }
3673
3674 // Store the element at index zero.
3675 __ mov(FieldOperand(edi, FixedArray::SizeFor(0)), eax);
3676
3677 // Install the new backing store in the JSArray.
3678 __ mov(FieldOperand(edx, JSObject::kElementsOffset), edi);
3679 __ RecordWriteField(edx, JSObject::kElementsOffset, edi, ebx,
3680 kDontSaveFPRegs, EMIT_REMEMBERED_SET, OMIT_SMI_CHECK);
3681
3682 // Increment the length of the array.
3683 __ mov(FieldOperand(edx, JSArray::kLengthOffset),
3684 Immediate(Smi::FromInt(1)));
3685 __ ret(0);
3686
3687 __ bind(&check_capacity);
3688 __ cmp(FieldOperand(edi, HeapObject::kMapOffset),
3689 Immediate(masm->isolate()->factory()->fixed_cow_array_map()));
3690 __ j(equal, &miss_force_generic);
3691
3692 // eax: value
3693 // ecx: key
3694 // edx: receiver
3695 // edi: elements
3696 // Make sure that the backing store can hold additional elements.
3697 __ cmp(ecx, FieldOperand(edi, FixedArray::kLengthOffset));
3698 __ j(above_equal, &slow);
3699
3700 // Grow the array and finish the store.
3701 __ add(FieldOperand(edx, JSArray::kLengthOffset),
3702 Immediate(Smi::FromInt(1)));
3703 __ jmp(&finish_store);
3704
3705 __ bind(&prepare_slow);
3706 // Restore the key, which is known to be the array length.
3707 __ mov(ecx, Immediate(0));
3708
3709 __ bind(&slow);
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]3710 TailCallBuiltin(masm, Builtins::kKeyedStoreIC_Slow);
ulan@chromium.org65a89c22012-02-14 11:46:07 +0000[diff] [blame]3711 }
vegorov@chromium.org0a4e9012011-01-24 12:33:13 +0000[diff] [blame]3712}
3713
3714
svenpanne@chromium.org84bcc552011-07-18 09:50:57 +0000[diff] [blame]3715void KeyedStoreStubCompiler::GenerateStoreFastDoubleElement(
3716 MacroAssembler* masm,
ulan@chromium.org65a89c22012-02-14 11:46:07 +0000[diff] [blame]3717 bool is_js_array,
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]3718 KeyedAccessStoreMode store_mode) {
svenpanne@chromium.org84bcc552011-07-18 09:50:57 +0000[diff] [blame]3719 // ----------- S t a t e -------------
3720 // -- eax : value
3721 // -- ecx : key
3722 // -- edx : receiver
3723 // -- esp[0] : return address
3724 // -----------------------------------
ulan@chromium.org65a89c22012-02-14 11:46:07 +0000[diff] [blame]3725 Label miss_force_generic, transition_elements_kind, grow, slow;
3726 Label check_capacity, prepare_slow, finish_store, commit_backing_store;
svenpanne@chromium.org84bcc552011-07-18 09:50:57 +0000[diff] [blame]3727
3728 // This stub is meant to be tail-jumped to, the receiver must already
3729 // have been verified by the caller to not be a smi.
3730
jkummerow@chromium.org28faa982012-04-13 09:58:30 +0000[diff] [blame]3731 // Check that the key is a smi or a heap number convertible to a smi.
3732 GenerateSmiKeyCheck(masm, ecx, ebx, xmm0, xmm1, &miss_force_generic);
svenpanne@chromium.org84bcc552011-07-18 09:50:57 +0000[diff] [blame]3733
3734 // Get the elements array.
3735 __ mov(edi, FieldOperand(edx, JSObject::kElementsOffset));
3736 __ AssertFastElements(edi);
3737
3738 if (is_js_array) {
3739 // Check that the key is within bounds.
3740 __ cmp(ecx, FieldOperand(edx, JSArray::kLengthOffset)); // smis.
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]3741 if (IsGrowStoreMode(store_mode)) {
ulan@chromium.org65a89c22012-02-14 11:46:07 +0000[diff] [blame]3742 __ j(above_equal, &grow);
3743 } else {
3744 __ j(above_equal, &miss_force_generic);
3745 }
svenpanne@chromium.org84bcc552011-07-18 09:50:57 +0000[diff] [blame]3746 } else {
3747 // Check that the key is within bounds.
3748 __ cmp(ecx, FieldOperand(edi, FixedArray::kLengthOffset)); // smis.
yangguo@chromium.org56454712012-02-16 15:33:53 +0000[diff] [blame]3749 __ j(above_equal, &miss_force_generic);
svenpanne@chromium.org84bcc552011-07-18 09:50:57 +0000[diff] [blame]3750 }
svenpanne@chromium.org84bcc552011-07-18 09:50:57 +0000[diff] [blame]3751
ulan@chromium.org65a89c22012-02-14 11:46:07 +0000[diff] [blame]3752 __ bind(&finish_store);
3753 __ StoreNumberToDoubleElements(eax, edi, ecx, edx, xmm0,
3754 &transition_elements_kind, true);
svenpanne@chromium.org84bcc552011-07-18 09:50:57 +0000[diff] [blame]3755 __ ret(0);
3756
3757 // Handle store cache miss, replacing the ic with the generic stub.
3758 __ bind(&miss_force_generic);
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]3759 TailCallBuiltin(masm, Builtins::kKeyedStoreIC_MissForceGeneric);
rossberg@chromium.orgb4b2aa62011-10-13 09:49:59 +0000[diff] [blame]3760
3761 // Handle transition to other elements kinds without using the generic stub.
3762 __ bind(&transition_elements_kind);
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]3763 TailCallBuiltin(masm, Builtins::kKeyedStoreIC_Miss);
ulan@chromium.org65a89c22012-02-14 11:46:07 +0000[diff] [blame]3764
ulan@chromium.org750145a2013-03-07 15:14:13 +0000[diff] [blame]3765 if (is_js_array && IsGrowStoreMode(store_mode)) {
ulan@chromium.org65a89c22012-02-14 11:46:07 +0000[diff] [blame]3766 // Handle transition requiring the array to grow.
3767 __ bind(&grow);
3768
3769 // Make sure the array is only growing by a single element, anything else
3770 // must be handled by the runtime. Flags are already set by previous
3771 // compare.
3772 __ j(not_equal, &miss_force_generic);
3773
3774 // Transition on values that can't be stored in a FixedDoubleArray.
3775 Label value_is_smi;
3776 __ JumpIfSmi(eax, &value_is_smi);
3777 __ cmp(FieldOperand(eax, HeapObject::kMapOffset),
3778 Immediate(Handle<Map>(masm->isolate()->heap()->heap_number_map())));
3779 __ j(not_equal, &transition_elements_kind);
3780 __ bind(&value_is_smi);
3781
3782 // Check for the empty array, and preallocate a small backing store if
3783 // possible.
3784 __ mov(edi, FieldOperand(edx, JSObject::kElementsOffset));
3785 __ cmp(edi, Immediate(masm->isolate()->factory()->empty_fixed_array()));
3786 __ j(not_equal, &check_capacity);
3787
3788 int size = FixedDoubleArray::SizeFor(JSArray::kPreallocatedArrayElements);
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]3789 __ Allocate(size, edi, ebx, ecx, &prepare_slow, TAG_OBJECT);
erik.corry@gmail.comed49e962012-04-17 11:57:53 +0000[diff] [blame]3790
ulan@chromium.org65a89c22012-02-14 11:46:07 +0000[diff] [blame]3791 // Restore the key, which is known to be the array length.
3792 __ mov(ecx, Immediate(0));
3793
3794 // eax: value
3795 // ecx: key
3796 // edx: receiver
3797 // edi: elements
danno@chromium.org1f34ad32012-11-26 14:53:56 +0000[diff] [blame]3798 // Initialize the new FixedDoubleArray.
ulan@chromium.org65a89c22012-02-14 11:46:07 +0000[diff] [blame]3799 __ mov(FieldOperand(edi, JSObject::kMapOffset),
3800 Immediate(masm->isolate()->factory()->fixed_double_array_map()));
3801 __ mov(FieldOperand(edi, FixedDoubleArray::kLengthOffset),
3802 Immediate(Smi::FromInt(JSArray::kPreallocatedArrayElements)));
3803
svenpanne@chromium.org83130cf2012-11-30 10:13:25 +0000[diff] [blame]3804 __ StoreNumberToDoubleElements(eax, edi, ecx, ebx, xmm0,
3805 &transition_elements_kind, true);
3806
danno@chromium.org1f34ad32012-11-26 14:53:56 +0000[diff] [blame]3807 for (int i = 1; i < JSArray::kPreallocatedArrayElements; i++) {
3808 int offset = FixedDoubleArray::OffsetOfElementAt(i);
3809 __ mov(FieldOperand(edi, offset), Immediate(kHoleNanLower32));
3810 __ mov(FieldOperand(edi, offset + kPointerSize),
3811 Immediate(kHoleNanUpper32));
3812 }
3813
ulan@chromium.org65a89c22012-02-14 11:46:07 +0000[diff] [blame]3814 // Install the new backing store in the JSArray.
3815 __ mov(FieldOperand(edx, JSObject::kElementsOffset), edi);
3816 __ RecordWriteField(edx, JSObject::kElementsOffset, edi, ebx,
3817 kDontSaveFPRegs, EMIT_REMEMBERED_SET, OMIT_SMI_CHECK);
3818
3819 // Increment the length of the array.
3820 __ add(FieldOperand(edx, JSArray::kLengthOffset),
3821 Immediate(Smi::FromInt(1)));
yangguo@chromium.org56454712012-02-16 15:33:53 +0000[diff] [blame]3822 __ mov(edi, FieldOperand(edx, JSObject::kElementsOffset));
danno@chromium.org1f34ad32012-11-26 14:53:56 +0000[diff] [blame]3823 __ ret(0);
ulan@chromium.org65a89c22012-02-14 11:46:07 +0000[diff] [blame]3824
3825 __ bind(&check_capacity);
3826 // eax: value
3827 // ecx: key
3828 // edx: receiver
3829 // edi: elements
3830 // Make sure that the backing store can hold additional elements.
3831 __ cmp(ecx, FieldOperand(edi, FixedDoubleArray::kLengthOffset));
3832 __ j(above_equal, &slow);
3833
3834 // Grow the array and finish the store.
3835 __ add(FieldOperand(edx, JSArray::kLengthOffset),
3836 Immediate(Smi::FromInt(1)));
3837 __ jmp(&finish_store);
3838
3839 __ bind(&prepare_slow);
3840 // Restore the key, which is known to be the array length.
3841 __ mov(ecx, Immediate(0));
3842
3843 __ bind(&slow);
svenpanne@chromium.org2bda5432013-03-15 12:39:50 +0000[diff] [blame]3844 TailCallBuiltin(masm, Builtins::kKeyedStoreIC_Slow);
ulan@chromium.org65a89c22012-02-14 11:46:07 +0000[diff] [blame]3845 }
svenpanne@chromium.org84bcc552011-07-18 09:50:57 +0000[diff] [blame]3846}
3847
3848
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]3849#undef __
3850
3851} } // namespace v8::internal
erik.corry@gmail.com9dfbea42010-05-21 12:58:28 +0000[diff] [blame]3852
3853#endif // V8_TARGET_ARCH_IA32