Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / chromium_org / v8 / 6d786c9805481bd13ecb29c3155540f2f32950e1 / . / src / ic.cc
blob: 83d1c04f5b33303077808121dfe02afa100a55f5 [file] [log] [blame]
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1// Copyright 2011 the V8 project authors. All rights reserved.
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2// Redistribution and use in source and binary forms, with or without
3// modification, are permitted provided that the following conditions are
4// met:
5//
6// * Redistributions of source code must retain the above copyright
7// notice, this list of conditions and the following disclaimer.
8// * Redistributions in binary form must reproduce the above
9// copyright notice, this list of conditions and the following
10// disclaimer in the documentation and/or other materials provided
11// with the distribution.
12// * Neither the name of Google Inc. nor the names of its
13// contributors may be used to endorse or promote products derived
14// from this software without specific prior written permission.
15//
16// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
18// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
19// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
20// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
26// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27
28#include "v8.h"
29
30#include "accessors.h"
31#include "api.h"
32#include "arguments.h"
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]33#include "codegen.h"
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]34#include "execution.h"
35#include "ic-inl.h"
36#include "runtime.h"
37#include "stub-cache.h"
38
kasperl@chromium.org71affb52009-05-26 05:44:31 +0000[diff] [blame]39namespace v8 {
40namespace internal {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]41
42#ifdef DEBUG
kasperl@chromium.orgba86cd62009-05-27 08:46:40 +0000[diff] [blame]43static char TransitionMarkFromState(IC::State state) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]44 switch (state) {
45 case UNINITIALIZED: return '0';
ager@chromium.org5ec48922009-05-05 07:25:34 +0000[diff] [blame]46 case PREMONOMORPHIC: return 'P';
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]47 case MONOMORPHIC: return '1';
48 case MONOMORPHIC_PROTOTYPE_FAILURE: return '^';
49 case MEGAMORPHIC: return 'N';
50
51 // We never see the debugger states here, because the state is
52 // computed from the original code - not the patched code. Let
53 // these cases fall through to the unreachable code below.
54 case DEBUG_BREAK: break;
55 case DEBUG_PREPARE_STEP_IN: break;
56 }
57 UNREACHABLE();
58 return 0;
59}
60
61void IC::TraceIC(const char* type,
ager@chromium.org2cc82ae2010-06-14 07:35:38 +0000[diff] [blame]62 Handle<Object> name,
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]63 State old_state,
kasperl@chromium.org71affb52009-05-26 05:44:31 +0000[diff] [blame]64 Code* new_target,
65 const char* extra_info) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]66 if (FLAG_trace_ic) {
ager@chromium.orgce5e87b2010-03-10 10:24:18 +0000[diff] [blame]67 State new_state = StateFrom(new_target,
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]68 HEAP->undefined_value(),
69 HEAP->undefined_value());
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]70 PrintF("[%s in ", type);
71 StackFrameIterator it;
72 while (it.frame()->fp() != this->fp()) it.Advance();
73 StackFrame* raw_frame = it.frame();
74 if (raw_frame->is_internal()) {
75 Isolate* isolate = new_target->GetIsolate();
76 Code* apply_builtin = isolate->builtins()->builtin(
77 Builtins::kFunctionApply);
78 if (raw_frame->unchecked_code() == apply_builtin) {
79 PrintF("apply from ");
80 it.Advance();
81 raw_frame = it.frame();
82 }
83 }
84 if (raw_frame->is_java_script()) {
85 JavaScriptFrame* frame = JavaScriptFrame::cast(raw_frame);
86 Code* js_code = frame->unchecked_code();
87 // Find the function on the stack and both the active code for the
88 // function and the original code.
89 JSFunction* function = JSFunction::cast(frame->function());
90 function->PrintName();
91 int code_offset = address() - js_code->instruction_start();
92 PrintF("+%d", code_offset);
93 } else {
94 PrintF("<unknown>");
95 }
96 PrintF(" (%c->%c)%s",
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]97 TransitionMarkFromState(old_state),
kasperl@chromium.org71affb52009-05-26 05:44:31 +0000[diff] [blame]98 TransitionMarkFromState(new_state),
99 extra_info);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]100 name->Print();
101 PrintF("]\n");
102 }
103}
104#endif
105
106
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]107IC::IC(FrameDepth depth, Isolate* isolate) : isolate_(isolate) {
108 ASSERT(isolate == Isolate::Current());
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]109 // To improve the performance of the (much used) IC code, we unfold
110 // a few levels of the stack frame iteration code. This yields a
111 // ~35% speedup when running DeltaBlue with the '--nouse-ic' flag.
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]112 const Address entry =
113 Isolate::c_entry_fp(isolate->thread_local_top());
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]114 Address* pc_address =
115 reinterpret_cast<Address*>(entry + ExitFrameConstants::kCallerPCOffset);
116 Address fp = Memory::Address_at(entry + ExitFrameConstants::kCallerFPOffset);
117 // If there's another JavaScript frame on the stack, we need to look
118 // one frame further down the stack to find the frame pointer and
119 // the return address stack slot.
120 if (depth == EXTRA_CALL_FRAME) {
121 const int kCallerPCOffset = StandardFrameConstants::kCallerPCOffset;
122 pc_address = reinterpret_cast<Address*>(fp + kCallerPCOffset);
123 fp = Memory::Address_at(fp + StandardFrameConstants::kCallerFPOffset);
124 }
125#ifdef DEBUG
126 StackFrameIterator it;
127 for (int i = 0; i < depth + 1; i++) it.Advance();
128 StackFrame* frame = it.frame();
129 ASSERT(fp == frame->fp() && pc_address == frame->pc_address());
130#endif
131 fp_ = fp;
132 pc_address_ = pc_address;
133}
134
135
ager@chromium.org65dad4b2009-04-23 08:48:43 +0000[diff] [blame]136#ifdef ENABLE_DEBUGGER_SUPPORT
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]137Address IC::OriginalCodeAddress() {
138 HandleScope scope;
139 // Compute the JavaScript frame for the frame pointer of this IC
140 // structure. We need this to be able to find the function
141 // corresponding to the frame.
142 StackFrameIterator it;
143 while (it.frame()->fp() != this->fp()) it.Advance();
144 JavaScriptFrame* frame = JavaScriptFrame::cast(it.frame());
145 // Find the function on the stack and both the active code for the
146 // function and the original code.
147 JSFunction* function = JSFunction::cast(frame->function());
148 Handle<SharedFunctionInfo> shared(function->shared());
149 Code* code = shared->code();
150 ASSERT(Debug::HasDebugInfo(shared));
151 Code* original_code = Debug::GetDebugInfo(shared)->original_code();
152 ASSERT(original_code->IsCode());
153 // Get the address of the call site in the active code. This is the
154 // place where the call to DebugBreakXXX is and where the IC
155 // normally would be.
ager@chromium.org4af710e2009-09-15 12:20:11 +0000[diff] [blame]156 Address addr = pc() - Assembler::kCallTargetAddressOffset;
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]157 // Return the address in the original code. This is the place where
ager@chromium.org32912102009-01-16 10:38:43 +0000[diff] [blame]158 // the call which has been overwritten by the DebugBreakXXX resides
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]159 // and the place where the inline cache system should look.
ager@chromium.orgc4c92722009-11-18 14:12:51 +0000[diff] [blame]160 intptr_t delta =
161 original_code->instruction_start() - code->instruction_start();
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]162 return addr + delta;
163}
ager@chromium.org65dad4b2009-04-23 08:48:43 +0000[diff] [blame]164#endif
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]165
kmillikin@chromium.org69ea3962010-07-05 11:01:40 +0000[diff] [blame]166
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]167static bool HasNormalObjectsInPrototypeChain(Isolate* isolate,
168 LookupResult* lookup,
kmillikin@chromium.org69ea3962010-07-05 11:01:40 +0000[diff] [blame]169 Object* receiver) {
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]170 Object* end = lookup->IsProperty()
171 ? lookup->holder() : isolate->heap()->null_value();
kmillikin@chromium.org69ea3962010-07-05 11:01:40 +0000[diff] [blame]172 for (Object* current = receiver;
173 current != end;
174 current = current->GetPrototype()) {
175 if (current->IsJSObject() &&
176 !JSObject::cast(current)->HasFastProperties() &&
177 !current->IsJSGlobalProxy() &&
178 !current->IsJSGlobalObject()) {
179 return true;
180 }
181 }
182
183 return false;
184}
185
186
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]187static bool TryRemoveInvalidPrototypeDependentStub(Code* target,
188 Object* receiver,
189 Object* name) {
kmillikin@chromium.org69ea3962010-07-05 11:01:40 +0000[diff] [blame]190 InlineCacheHolderFlag cache_holder =
191 Code::ExtractCacheHolderFromFlags(target->flags());
192
kmillikin@chromium.org69ea3962010-07-05 11:01:40 +0000[diff] [blame]193 if (cache_holder == OWN_MAP && !receiver->IsJSObject()) {
194 // The stub was generated for JSObject but called for non-JSObject.
ricow@chromium.org65fae842010-08-25 15:26:24 +0000[diff] [blame]195 // IC::GetCodeCacheHolder is not applicable.
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]196 return false;
kmillikin@chromium.org69ea3962010-07-05 11:01:40 +0000[diff] [blame]197 } else if (cache_holder == PROTOTYPE_MAP &&
198 receiver->GetPrototype()->IsNull()) {
ricow@chromium.org65fae842010-08-25 15:26:24 +0000[diff] [blame]199 // IC::GetCodeCacheHolder is not applicable.
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]200 return false;
kmillikin@chromium.org69ea3962010-07-05 11:01:40 +0000[diff] [blame]201 }
ricow@chromium.org65fae842010-08-25 15:26:24 +0000[diff] [blame]202 Map* map = IC::GetCodeCacheHolder(receiver, cache_holder)->map();
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]203
204 // Decide whether the inline cache failed because of changes to the
205 // receiver itself or changes to one of its prototypes.
206 //
207 // If there are changes to the receiver itself, the map of the
208 // receiver will have changed and the current target will not be in
209 // the receiver map's code cache. Therefore, if the current target
210 // is in the receiver map's code cache, the inline cache failed due
211 // to prototype check failure.
sgjesse@chromium.org99a37fa2010-03-11 09:23:46 +0000[diff] [blame]212 int index = map->IndexInCodeCache(name, target);
kasperl@chromium.orgb9123622008-09-17 14:05:56 +0000[diff] [blame]213 if (index >= 0) {
ager@chromium.orgce5e87b2010-03-10 10:24:18 +0000[diff] [blame]214 map->RemoveFromCodeCache(String::cast(name), target, index);
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]215 return true;
216 }
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]217
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]218 return false;
219}
220
221
222IC::State IC::StateFrom(Code* target, Object* receiver, Object* name) {
223 IC::State state = target->ic_state();
224
225 if (state != MONOMORPHIC || !name->IsString()) return state;
226 if (receiver->IsUndefined() || receiver->IsNull()) return state;
227
228 // For keyed load/store/call, the most likely cause of cache failure is
229 // that the key has changed. We do not distinguish between
230 // prototype and non-prototype failures for keyed access.
231 Code::Kind kind = target->kind();
232 if (kind == Code::KEYED_LOAD_IC ||
233 kind == Code::KEYED_STORE_IC ||
234 kind == Code::KEYED_CALL_IC) {
235 return MONOMORPHIC;
236 }
237
238 // Remove the target from the code cache if it became invalid
239 // because of changes in the prototype chain to avoid hitting it
240 // again.
241 // Call stubs handle this later to allow extra IC state
242 // transitions.
243 if (kind != Code::CALL_IC &&
244 TryRemoveInvalidPrototypeDependentStub(target, receiver, name)) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]245 return MONOMORPHIC_PROTOTYPE_FAILURE;
246 }
kasperl@chromium.orgb9123622008-09-17 14:05:56 +0000[diff] [blame]247
248 // The builtins object is special. It only changes when JavaScript
249 // builtins are loaded lazily. It is important to keep inline
250 // caches for the builtins object monomorphic. Therefore, if we get
251 // an inline cache miss for the builtins object after lazily loading
ager@chromium.org236ad962008-09-25 09:45:57 +0000[diff] [blame]252 // JavaScript builtins, we return uninitialized as the state to
253 // force the inline cache back to monomorphic state.
kasperl@chromium.orgb9123622008-09-17 14:05:56 +0000[diff] [blame]254 if (receiver->IsJSBuiltinsObject()) {
kasperl@chromium.orgb9123622008-09-17 14:05:56 +0000[diff] [blame]255 return UNINITIALIZED;
256 }
257
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]258 return MONOMORPHIC;
259}
260
261
ager@chromium.org236ad962008-09-25 09:45:57 +0000[diff] [blame]262RelocInfo::Mode IC::ComputeMode() {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]263 Address addr = address();
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]264 Code* code = Code::cast(isolate()->heap()->FindCodeObject(addr));
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]265 for (RelocIterator it(code, RelocInfo::kCodeTargetMask);
266 !it.done(); it.next()) {
267 RelocInfo* info = it.rinfo();
268 if (info->pc() == addr) return info->rmode();
269 }
270 UNREACHABLE();
ager@chromium.org236ad962008-09-25 09:45:57 +0000[diff] [blame]271 return RelocInfo::NONE;
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]272}
273
274
275Failure* IC::TypeError(const char* type,
276 Handle<Object> object,
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]277 Handle<Object> key) {
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]278 HandleScope scope(isolate());
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]279 Handle<Object> args[2] = { key, object };
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]280 Handle<Object> error = isolate()->factory()->NewTypeError(
281 type, HandleVector(args, 2));
282 return isolate()->Throw(*error);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]283}
284
285
286Failure* IC::ReferenceError(const char* type, Handle<String> name) {
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]287 HandleScope scope(isolate());
288 Handle<Object> error = isolate()->factory()->NewReferenceError(
289 type, HandleVector(&name, 1));
290 return isolate()->Throw(*error);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]291}
292
293
294void IC::Clear(Address address) {
295 Code* target = GetTargetAtAddress(address);
296
297 // Don't clear debug break inline cache as it will remove the break point.
kasper.lund7276f142008-07-30 08:49:36 +0000[diff] [blame]298 if (target->ic_state() == DEBUG_BREAK) return;
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]299
300 switch (target->kind()) {
301 case Code::LOAD_IC: return LoadIC::Clear(address, target);
danno@chromium.org4d3fe4e2011-03-10 10:14:28 +0000[diff] [blame]302 case Code::KEYED_LOAD_IC:
danno@chromium.org4d3fe4e2011-03-10 10:14:28 +0000[diff] [blame]303 return KeyedLoadIC::Clear(address, target);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]304 case Code::STORE_IC: return StoreIC::Clear(address, target);
danno@chromium.org4d3fe4e2011-03-10 10:14:28 +0000[diff] [blame]305 case Code::KEYED_STORE_IC:
danno@chromium.org4d3fe4e2011-03-10 10:14:28 +0000[diff] [blame]306 return KeyedStoreIC::Clear(address, target);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]307 case Code::CALL_IC: return CallIC::Clear(address, target);
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]308 case Code::KEYED_CALL_IC: return KeyedCallIC::Clear(address, target);
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]309 case Code::UNARY_OP_IC:
310 case Code::BINARY_OP_IC:
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]311 case Code::COMPARE_IC:
312 // Clearing these is tricky and does not
313 // make any performance difference.
314 return;
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]315 default: UNREACHABLE();
316 }
317}
318
319
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]320void CallICBase::Clear(Address address, Code* target) {
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]321 bool contextual = CallICBase::Contextual::decode(target->extra_ic_state());
ager@chromium.org3bf7b912008-11-17 09:09:45 +0000[diff] [blame]322 State state = target->ic_state();
kasperl@chromium.org71affb52009-05-26 05:44:31 +0000[diff] [blame]323 if (state == UNINITIALIZED) return;
324 Code* code =
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]325 Isolate::Current()->stub_cache()->FindCallInitialize(
326 target->arguments_count(),
327 target->ic_in_loop(),
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]328 contextual ? RelocInfo::CODE_TARGET_CONTEXT : RelocInfo::CODE_TARGET,
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]329 target->kind());
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]330 SetTargetAtAddress(address, code);
331}
332
333
334void KeyedLoadIC::Clear(Address address, Code* target) {
kasper.lund7276f142008-07-30 08:49:36 +0000[diff] [blame]335 if (target->ic_state() == UNINITIALIZED) return;
christian.plesner.hansen@gmail.com37abdec2009-01-06 14:43:28 +0000[diff] [blame]336 // Make sure to also clear the map used in inline fast cases. If we
337 // do not clear these maps, cached code can keep objects alive
338 // through the embedded maps.
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]339 SetTargetAtAddress(address, initialize_stub());
340}
341
342
343void LoadIC::Clear(Address address, Code* target) {
kasper.lund7276f142008-07-30 08:49:36 +0000[diff] [blame]344 if (target->ic_state() == UNINITIALIZED) return;
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]345 SetTargetAtAddress(address, initialize_stub());
346}
347
348
349void StoreIC::Clear(Address address, Code* target) {
kasper.lund7276f142008-07-30 08:49:36 +0000[diff] [blame]350 if (target->ic_state() == UNINITIALIZED) return;
sgjesse@chromium.org496c03a2011-02-14 12:05:43 +0000[diff] [blame]351 SetTargetAtAddress(address,
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]352 (target->extra_ic_state() == kStrictMode)
sgjesse@chromium.org496c03a2011-02-14 12:05:43 +0000[diff] [blame]353 ? initialize_stub_strict()
354 : initialize_stub());
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]355}
356
357
358void KeyedStoreIC::Clear(Address address, Code* target) {
kasper.lund7276f142008-07-30 08:49:36 +0000[diff] [blame]359 if (target->ic_state() == UNINITIALIZED) return;
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]360 SetTargetAtAddress(address,
361 (target->extra_ic_state() == kStrictMode)
362 ? initialize_stub_strict()
363 : initialize_stub());
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]364}
365
366
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]367static bool HasInterceptorGetter(JSObject* object) {
368 return !object->GetNamedInterceptor()->getter()->IsUndefined();
369}
370
371
372static void LookupForRead(Object* object,
373 String* name,
374 LookupResult* lookup) {
kasperl@chromium.orge959c182009-07-27 08:59:04 +0000[diff] [blame]375 AssertNoAllocation no_gc; // pointers must stay valid
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]376
kasperl@chromium.orge959c182009-07-27 08:59:04 +0000[diff] [blame]377 // Skip all the objects with named interceptors, but
378 // without actual getter.
379 while (true) {
380 object->Lookup(name, lookup);
381 // Besides normal conditions (property not found or it's not
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]382 // an interceptor), bail out if lookup is not cacheable: we won't
kasperl@chromium.orge959c182009-07-27 08:59:04 +0000[diff] [blame]383 // be able to IC it anyway and regular lookup should work fine.
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]384 if (!lookup->IsFound()
385 || (lookup->type() != INTERCEPTOR)
386 || !lookup->IsCacheable()) {
kasperl@chromium.orge959c182009-07-27 08:59:04 +0000[diff] [blame]387 return;
388 }
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]389
kasperl@chromium.orge959c182009-07-27 08:59:04 +0000[diff] [blame]390 JSObject* holder = lookup->holder();
391 if (HasInterceptorGetter(holder)) {
392 return;
393 }
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]394
kasperl@chromium.orge959c182009-07-27 08:59:04 +0000[diff] [blame]395 holder->LocalLookupRealNamedProperty(name, lookup);
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]396 if (lookup->IsProperty()) {
kasperl@chromium.orge959c182009-07-27 08:59:04 +0000[diff] [blame]397 ASSERT(lookup->type() != INTERCEPTOR);
398 return;
399 }
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]400
kasperl@chromium.orge959c182009-07-27 08:59:04 +0000[diff] [blame]401 Object* proto = holder->GetPrototype();
402 if (proto->IsNull()) {
403 lookup->NotFound();
404 return;
405 }
406
407 object = proto;
408 }
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]409}
410
411
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]412Object* CallICBase::TryCallAsFunction(Object* object) {
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]413 HandleScope scope(isolate());
414 Handle<Object> target(object, isolate());
ager@chromium.org9258b6b2008-09-11 09:11:10 +0000[diff] [blame]415 Handle<Object> delegate = Execution::GetFunctionDelegate(target);
416
417 if (delegate->IsJSFunction()) {
418 // Patch the receiver and use the delegate as the function to
419 // invoke. This is used for invoking objects as if they were
420 // functions.
421 const int argc = this->target()->arguments_count();
422 StackFrameLocator locator;
423 JavaScriptFrame* frame = locator.FindJavaScriptFrame(0);
424 int index = frame->ComputeExpressionsCount() - (argc + 1);
425 frame->SetExpression(index, *target);
426 }
427
428 return *delegate;
429}
430
whesse@chromium.org2c186ca2010-06-16 11:32:39 +0000[diff] [blame]431
fschneider@chromium.org3a5fd782011-02-24 10:10:44 +0000[diff] [blame]432void CallICBase::ReceiverToObjectIfRequired(Handle<Object> callee,
433 Handle<Object> object) {
434 if (callee->IsJSFunction()) {
435 Handle<JSFunction> function = Handle<JSFunction>::cast(callee);
436 if (function->shared()->strict_mode() || function->IsBuiltin()) {
437 // Do not wrap receiver for strict mode functions or for builtins.
438 return;
439 }
440 }
sgjesse@chromium.orgb302e562010-02-03 11:26:59 +0000[diff] [blame]441
fschneider@chromium.org3a5fd782011-02-24 10:10:44 +0000[diff] [blame]442 // And only wrap string, number or boolean.
443 if (object->IsString() || object->IsNumber() || object->IsBoolean()) {
444 // Change the receiver to the result of calling ToObject on it.
445 const int argc = this->target()->arguments_count();
446 StackFrameLocator locator;
447 JavaScriptFrame* frame = locator.FindJavaScriptFrame(0);
448 int index = frame->ComputeExpressionsCount() - (argc + 1);
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]449 frame->SetExpression(index, *isolate()->factory()->ToObject(object));
fschneider@chromium.org3a5fd782011-02-24 10:10:44 +0000[diff] [blame]450 }
sgjesse@chromium.orgb302e562010-02-03 11:26:59 +0000[diff] [blame]451}
452
ager@chromium.org9258b6b2008-09-11 09:11:10 +0000[diff] [blame]453
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]454MaybeObject* CallICBase::LoadFunction(State state,
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]455 Code::ExtraICState extra_ic_state,
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]456 Handle<Object> object,
457 Handle<String> name) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]458 // If the object is undefined or null it's illegal to try to get any
459 // of its properties; throw a TypeError in that case.
460 if (object->IsUndefined() || object->IsNull()) {
461 return TypeError("non_object_property_call", object, name);
462 }
463
ager@chromium.org9258b6b2008-09-11 09:11:10 +0000[diff] [blame]464 // Check if the name is trivially convertible to an index and get
465 // the element if so.
466 uint32_t index;
467 if (name->AsArrayIndex(&index)) {
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]468 Object* result;
469 { MaybeObject* maybe_result = object->GetElement(index);
470 if (!maybe_result->ToObject(&result)) return maybe_result;
471 }
472
ager@chromium.org9258b6b2008-09-11 09:11:10 +0000[diff] [blame]473 if (result->IsJSFunction()) return result;
474
475 // Try to find a suitable function delegate for the object at hand.
476 result = TryCallAsFunction(result);
477 if (result->IsJSFunction()) return result;
478
479 // Otherwise, it will fail in the lookup step.
480 }
481
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]482 // Lookup the property in the object.
483 LookupResult lookup;
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]484 LookupForRead(*object, *name, &lookup);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]485
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]486 if (!lookup.IsProperty()) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]487 // If the object does not have the requested property, check which
488 // exception we need to throw.
kmillikin@chromium.org13bd2942009-12-16 15:36:05 +0000[diff] [blame]489 if (IsContextual(object)) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]490 return ReferenceError("not_defined", name);
491 }
492 return TypeError("undefined_method", object, name);
493 }
494
495 // Lookup is valid: Update inline cache and stub cache.
kmillikin@chromium.org5d8f0e62010-03-24 08:21:20 +0000[diff] [blame]496 if (FLAG_use_ic) {
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]497 UpdateCaches(&lookup, state, extra_ic_state, object, name);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]498 }
499
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]500 // Get the property.
501 PropertyAttributes attr;
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]502 Object* result;
503 { MaybeObject* maybe_result =
504 object->GetProperty(*object, &lookup, *name, &attr);
505 if (!maybe_result->ToObject(&result)) return maybe_result;
506 }
fschneider@chromium.org3a5fd782011-02-24 10:10:44 +0000[diff] [blame]507
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]508 if (lookup.type() == INTERCEPTOR) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]509 // If the object does not have the requested property, check which
510 // exception we need to throw.
511 if (attr == ABSENT) {
kmillikin@chromium.org13bd2942009-12-16 15:36:05 +0000[diff] [blame]512 if (IsContextual(object)) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]513 return ReferenceError("not_defined", name);
514 }
515 return TypeError("undefined_method", object, name);
516 }
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]517 }
518
fschneider@chromium.org3a5fd782011-02-24 10:10:44 +0000[diff] [blame]519 ASSERT(!result->IsTheHole());
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]520
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]521 HandleScope scope(isolate());
fschneider@chromium.org3a5fd782011-02-24 10:10:44 +0000[diff] [blame]522 // Wrap result in a handle because ReceiverToObjectIfRequired may allocate
523 // new object and cause GC.
524 Handle<Object> result_handle(result);
525 // Make receiver an object if the callee requires it. Strict mode or builtin
526 // functions do not wrap the receiver, non-strict functions and objects
527 // called as functions do.
528 ReceiverToObjectIfRequired(result_handle, object);
529
530 if (result_handle->IsJSFunction()) {
ager@chromium.org65dad4b2009-04-23 08:48:43 +0000[diff] [blame]531#ifdef ENABLE_DEBUGGER_SUPPORT
christian.plesner.hansen@gmail.com37abdec2009-01-06 14:43:28 +0000[diff] [blame]532 // Handle stepping into a function if step into is active.
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]533 Debug* debug = isolate()->debug();
534 if (debug->StepInActive()) {
christian.plesner.hansen@gmail.com37abdec2009-01-06 14:43:28 +0000[diff] [blame]535 // Protect the result in a handle as the debugger can allocate and might
536 // cause GC.
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]537 Handle<JSFunction> function(JSFunction::cast(*result_handle), isolate());
538 debug->HandleStepIn(function, object, fp(), false);
christian.plesner.hansen@gmail.com37abdec2009-01-06 14:43:28 +0000[diff] [blame]539 return *function;
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]540 }
ager@chromium.org65dad4b2009-04-23 08:48:43 +0000[diff] [blame]541#endif
christian.plesner.hansen@gmail.com37abdec2009-01-06 14:43:28 +0000[diff] [blame]542
fschneider@chromium.org3a5fd782011-02-24 10:10:44 +0000[diff] [blame]543 return *result_handle;
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]544 }
545
546 // Try to find a suitable function delegate for the object at hand.
fschneider@chromium.org3a5fd782011-02-24 10:10:44 +0000[diff] [blame]547 result_handle = Handle<Object>(TryCallAsFunction(*result_handle));
548 if (result_handle->IsJSFunction()) return *result_handle;
549
550 return TypeError("property_not_function", object, name);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]551}
552
553
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]554bool CallICBase::TryUpdateExtraICState(LookupResult* lookup,
555 Handle<Object> object,
556 Code::ExtraICState* extra_ic_state) {
557 ASSERT(kind_ == Code::CALL_IC);
558 if (lookup->type() != CONSTANT_FUNCTION) return false;
559 JSFunction* function = lookup->GetConstantFunction();
560 if (!function->shared()->HasBuiltinFunctionId()) return false;
561
562 // Fetch the arguments passed to the called function.
563 const int argc = target()->arguments_count();
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]564 Address entry = isolate()->c_entry_fp(isolate()->thread_local_top());
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]565 Address fp = Memory::Address_at(entry + ExitFrameConstants::kCallerFPOffset);
566 Arguments args(argc + 1,
567 &Memory::Object_at(fp +
568 StandardFrameConstants::kCallerSPOffset +
569 argc * kPointerSize));
570 switch (function->shared()->builtin_function_id()) {
571 case kStringCharCodeAt:
572 case kStringCharAt:
573 if (object->IsString()) {
574 String* string = String::cast(*object);
fschneider@chromium.org3a5fd782011-02-24 10:10:44 +0000[diff] [blame]575 // Check there's the right string value or wrapper in the receiver slot.
576 ASSERT(string == args[0] || string == JSValue::cast(args[0])->value());
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]577 // If we're in the default (fastest) state and the index is
578 // out of bounds, update the state to record this fact.
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]579 if (StringStubState::decode(*extra_ic_state) == DEFAULT_STRING_STUB &&
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]580 argc >= 1 && args[1]->IsNumber()) {
svenpanne@chromium.org6d786c92011-06-15 10:58:27 +0000[diff] [blame^]581 double index = DoubleToInteger(args.number_at(1));
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]582 if (index < 0 || index >= string->length()) {
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]583 *extra_ic_state =
584 StringStubState::update(*extra_ic_state,
585 STRING_INDEX_OUT_OF_BOUNDS);
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]586 return true;
587 }
588 }
589 }
590 break;
591 default:
592 return false;
593 }
594 return false;
595}
596
597
598MaybeObject* CallICBase::ComputeMonomorphicStub(
599 LookupResult* lookup,
600 State state,
601 Code::ExtraICState extra_ic_state,
602 Handle<Object> object,
603 Handle<String> name) {
604 int argc = target()->arguments_count();
605 InLoopFlag in_loop = target()->ic_in_loop();
606 MaybeObject* maybe_code = NULL;
607 switch (lookup->type()) {
608 case FIELD: {
609 int index = lookup->GetFieldIndex();
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]610 maybe_code = isolate()->stub_cache()->ComputeCallField(argc,
611 in_loop,
612 kind_,
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]613 extra_ic_state,
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]614 *name,
615 *object,
616 lookup->holder(),
617 index);
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]618 break;
619 }
620 case CONSTANT_FUNCTION: {
621 // Get the constant function and compute the code stub for this
622 // call; used for rewriting to monomorphic state and making sure
623 // that the code stub is in the stub cache.
624 JSFunction* function = lookup->GetConstantFunction();
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]625 maybe_code =
626 isolate()->stub_cache()->ComputeCallConstant(argc,
627 in_loop,
628 kind_,
629 extra_ic_state,
630 *name,
631 *object,
632 lookup->holder(),
633 function);
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]634 break;
635 }
636 case NORMAL: {
637 if (!object->IsJSObject()) return NULL;
638 Handle<JSObject> receiver = Handle<JSObject>::cast(object);
639
640 if (lookup->holder()->IsGlobalObject()) {
641 GlobalObject* global = GlobalObject::cast(lookup->holder());
642 JSGlobalPropertyCell* cell =
643 JSGlobalPropertyCell::cast(global->GetPropertyCell(lookup));
644 if (!cell->value()->IsJSFunction()) return NULL;
645 JSFunction* function = JSFunction::cast(cell->value());
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]646 maybe_code = isolate()->stub_cache()->ComputeCallGlobal(argc,
647 in_loop,
648 kind_,
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]649 extra_ic_state,
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]650 *name,
651 *receiver,
652 global,
653 cell,
654 function);
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]655 } else {
656 // There is only one shared stub for calling normalized
657 // properties. It does not traverse the prototype chain, so the
658 // property must be found in the receiver for the stub to be
659 // applicable.
660 if (lookup->holder() != *receiver) return NULL;
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]661 maybe_code = isolate()->stub_cache()->ComputeCallNormal(argc,
662 in_loop,
663 kind_,
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]664 extra_ic_state,
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]665 *name,
666 *receiver);
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]667 }
668 break;
669 }
670 case INTERCEPTOR: {
671 ASSERT(HasInterceptorGetter(lookup->holder()));
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]672 maybe_code = isolate()->stub_cache()->ComputeCallInterceptor(
673 argc,
674 kind_,
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]675 extra_ic_state,
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]676 *name,
677 *object,
678 lookup->holder());
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]679 break;
680 }
681 default:
682 maybe_code = NULL;
683 break;
684 }
685 return maybe_code;
686}
687
688
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]689void CallICBase::UpdateCaches(LookupResult* lookup,
kmillikin@chromium.org69ea3962010-07-05 11:01:40 +0000[diff] [blame]690 State state,
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]691 Code::ExtraICState extra_ic_state,
kmillikin@chromium.org69ea3962010-07-05 11:01:40 +0000[diff] [blame]692 Handle<Object> object,
693 Handle<String> name) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]694 // Bail out if we didn't find a result.
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]695 if (!lookup->IsProperty() || !lookup->IsCacheable()) return;
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]696
kmillikin@chromium.org69ea3962010-07-05 11:01:40 +0000[diff] [blame]697 if (lookup->holder() != *object &&
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]698 HasNormalObjectsInPrototypeChain(
699 isolate(), lookup, object->GetPrototype())) {
kmillikin@chromium.org69ea3962010-07-05 11:01:40 +0000[diff] [blame]700 // Suppress optimization for prototype chains with slow properties objects
701 // in the middle.
702 return;
703 }
kmillikin@chromium.org69ea3962010-07-05 11:01:40 +0000[diff] [blame]704
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]705 // Compute the number of arguments.
706 int argc = target()->arguments_count();
kasperl@chromium.org71affb52009-05-26 05:44:31 +0000[diff] [blame]707 InLoopFlag in_loop = target()->ic_in_loop();
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]708 MaybeObject* maybe_code = NULL;
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]709 bool had_proto_failure = false;
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]710 if (state == UNINITIALIZED) {
711 // This is the first time we execute this inline cache.
712 // Set the target to the pre monomorphic stub to delay
713 // setting the monomorphic state.
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]714 maybe_code =
715 isolate()->stub_cache()->ComputeCallPreMonomorphic(argc,
716 in_loop,
717 kind_,
718 extra_ic_state);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]719 } else if (state == MONOMORPHIC) {
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]720 if (kind_ == Code::CALL_IC &&
721 TryUpdateExtraICState(lookup, object, &extra_ic_state)) {
722 maybe_code = ComputeMonomorphicStub(lookup,
723 state,
724 extra_ic_state,
725 object,
726 name);
727 } else if (kind_ == Code::CALL_IC &&
728 TryRemoveInvalidPrototypeDependentStub(target(),
729 *object,
730 *name)) {
731 had_proto_failure = true;
732 maybe_code = ComputeMonomorphicStub(lookup,
733 state,
734 extra_ic_state,
735 object,
736 name);
737 } else {
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]738 maybe_code =
739 isolate()->stub_cache()->ComputeCallMegamorphic(argc,
740 in_loop,
741 kind_,
742 extra_ic_state);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]743 }
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]744 } else {
745 maybe_code = ComputeMonomorphicStub(lookup,
746 state,
747 extra_ic_state,
748 object,
749 name);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]750 }
751
752 // If we're unable to compute the stub (not enough memory left), we
753 // simply avoid updating the caches.
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]754 Object* code;
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]755 if (maybe_code == NULL || !maybe_code->ToObject(&code)) return;
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]756
757 // Patch the call site depending on the state of the cache.
kasperl@chromium.org71affb52009-05-26 05:44:31 +0000[diff] [blame]758 if (state == UNINITIALIZED ||
759 state == PREMONOMORPHIC ||
760 state == MONOMORPHIC ||
ager@chromium.org3bf7b912008-11-17 09:09:45 +0000[diff] [blame]761 state == MONOMORPHIC_PROTOTYPE_FAILURE) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]762 set_target(Code::cast(code));
whesse@chromium.org2c186ca2010-06-16 11:32:39 +0000[diff] [blame]763 } else if (state == MEGAMORPHIC) {
kmillikin@chromium.org69ea3962010-07-05 11:01:40 +0000[diff] [blame]764 // Cache code holding map should be consistent with
765 // GenerateMonomorphicCacheProbe. It is not the map which holds the stub.
766 Map* map = JSObject::cast(object->IsJSObject() ? *object :
767 object->GetPrototype())->map();
768
whesse@chromium.org2c186ca2010-06-16 11:32:39 +0000[diff] [blame]769 // Update the stub cache.
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]770 isolate()->stub_cache()->Set(*name, map, Code::cast(code));
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]771 }
772
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]773 USE(had_proto_failure);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]774#ifdef DEBUG
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]775 if (had_proto_failure) state = MONOMORPHIC_PROTOTYPE_FAILURE;
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]776 TraceIC(kind_ == Code::CALL_IC ? "CallIC" : "KeyedCallIC",
777 name, state, target(), in_loop ? " (in-loop)" : "");
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]778#endif
779}
780
781
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]782MaybeObject* KeyedCallIC::LoadFunction(State state,
783 Handle<Object> object,
784 Handle<Object> key) {
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]785 if (key->IsSymbol()) {
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]786 return CallICBase::LoadFunction(state,
787 Code::kNoExtraICState,
788 object,
789 Handle<String>::cast(key));
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]790 }
791
792 if (object->IsUndefined() || object->IsNull()) {
793 return TypeError("non_object_property_call", object, key);
794 }
795
ager@chromium.org2cc82ae2010-06-14 07:35:38 +0000[diff] [blame]796 if (FLAG_use_ic && state != MEGAMORPHIC && !object->IsAccessCheckNeeded()) {
797 int argc = target()->arguments_count();
798 InLoopFlag in_loop = target()->ic_in_loop();
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]799 MaybeObject* maybe_code = isolate()->stub_cache()->ComputeCallMegamorphic(
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]800 argc, in_loop, Code::KEYED_CALL_IC, Code::kNoExtraICState);
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]801 Object* code;
802 if (maybe_code->ToObject(&code)) {
ager@chromium.org2cc82ae2010-06-14 07:35:38 +0000[diff] [blame]803 set_target(Code::cast(code));
804#ifdef DEBUG
805 TraceIC(
806 "KeyedCallIC", key, state, target(), in_loop ? " (in-loop)" : "");
807#endif
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]808 }
809 }
fschneider@chromium.org3a5fd782011-02-24 10:10:44 +0000[diff] [blame]810
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]811 HandleScope scope(isolate());
fschneider@chromium.org3a5fd782011-02-24 10:10:44 +0000[diff] [blame]812 Handle<Object> result = GetProperty(object, key);
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]813 RETURN_IF_EMPTY_HANDLE(isolate(), result);
fschneider@chromium.org3a5fd782011-02-24 10:10:44 +0000[diff] [blame]814
815 // Make receiver an object if the callee requires it. Strict mode or builtin
816 // functions do not wrap the receiver, non-strict functions and objects
817 // called as functions do.
818 ReceiverToObjectIfRequired(result, object);
819
820 if (result->IsJSFunction()) return *result;
821 result = Handle<Object>(TryCallAsFunction(*result));
822 if (result->IsJSFunction()) return *result;
823
824 return TypeError("property_not_function", object, key);
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]825}
826
827
fschneider@chromium.orgc20610a2010-09-22 09:44:58 +0000[diff] [blame]828#ifdef DEBUG
829#define TRACE_IC_NAMED(msg, name) \
830 if (FLAG_trace_ic) PrintF(msg, *(name)->ToCString())
831#else
832#define TRACE_IC_NAMED(msg, name)
833#endif
834
835
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]836MaybeObject* LoadIC::Load(State state,
837 Handle<Object> object,
838 Handle<String> name) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]839 // If the object is undefined or null it's illegal to try to get any
840 // of its properties; throw a TypeError in that case.
841 if (object->IsUndefined() || object->IsNull()) {
842 return TypeError("non_object_property_load", object, name);
843 }
844
845 if (FLAG_use_ic) {
ager@chromium.org378b34e2011-01-28 08:04:38 +0000[diff] [blame]846 Code* non_monomorphic_stub =
847 (state == UNINITIALIZED) ? pre_monomorphic_stub() : megamorphic_stub();
848
kasperl@chromium.org9fe21c62008-10-28 08:53:51 +0000[diff] [blame]849 // Use specialized code for getting the length of strings and
850 // string wrapper objects. The length property of string wrapper
851 // objects is read-only and therefore always returns the length of
852 // the underlying string value. See ECMA-262 15.5.5.1.
853 if ((object->IsString() || object->IsStringWrapper()) &&
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]854 name->Equals(isolate()->heap()->length_symbol())) {
855 HandleScope scope(isolate());
ager@chromium.org378b34e2011-01-28 08:04:38 +0000[diff] [blame]856#ifdef DEBUG
857 if (FLAG_trace_ic) PrintF("[LoadIC : +#length /string]\n");
858#endif
859 if (state == PREMONOMORPHIC) {
860 if (object->IsString()) {
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]861 set_target(isolate()->builtins()->builtin(
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]862 Builtins::kLoadIC_StringLength));
ager@chromium.org378b34e2011-01-28 08:04:38 +0000[diff] [blame]863 } else {
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]864 set_target(isolate()->builtins()->builtin(
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]865 Builtins::kLoadIC_StringWrapperLength));
ager@chromium.org378b34e2011-01-28 08:04:38 +0000[diff] [blame]866 }
867 } else if (state == MONOMORPHIC && object->IsStringWrapper()) {
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]868 set_target(isolate()->builtins()->builtin(
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]869 Builtins::kLoadIC_StringWrapperLength));
ager@chromium.org378b34e2011-01-28 08:04:38 +0000[diff] [blame]870 } else {
871 set_target(non_monomorphic_stub);
872 }
kasperl@chromium.org9fe21c62008-10-28 08:53:51 +0000[diff] [blame]873 // Get the string if we have a string wrapper object.
874 if (object->IsJSValue()) {
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]875 object = Handle<Object>(Handle<JSValue>::cast(object)->value(),
876 isolate());
kasperl@chromium.org9fe21c62008-10-28 08:53:51 +0000[diff] [blame]877 }
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]878 return Smi::FromInt(String::cast(*object)->length());
879 }
880
881 // Use specialized code for getting the length of arrays.
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]882 if (object->IsJSArray() &&
883 name->Equals(isolate()->heap()->length_symbol())) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]884#ifdef DEBUG
885 if (FLAG_trace_ic) PrintF("[LoadIC : +#length /array]\n");
886#endif
ager@chromium.org378b34e2011-01-28 08:04:38 +0000[diff] [blame]887 if (state == PREMONOMORPHIC) {
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]888 set_target(isolate()->builtins()->builtin(
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]889 Builtins::kLoadIC_ArrayLength));
ager@chromium.org378b34e2011-01-28 08:04:38 +0000[diff] [blame]890 } else {
891 set_target(non_monomorphic_stub);
892 }
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]893 return JSArray::cast(*object)->length();
894 }
895
896 // Use specialized code for getting prototype of functions.
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]897 if (object->IsJSFunction() &&
898 name->Equals(isolate()->heap()->prototype_symbol()) &&
kmillikin@chromium.org4111b802010-05-03 10:34:42 +0000[diff] [blame]899 JSFunction::cast(*object)->should_have_prototype()) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]900#ifdef DEBUG
901 if (FLAG_trace_ic) PrintF("[LoadIC : +#prototype /function]\n");
902#endif
ager@chromium.org378b34e2011-01-28 08:04:38 +0000[diff] [blame]903 if (state == PREMONOMORPHIC) {
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]904 set_target(isolate()->builtins()->builtin(
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]905 Builtins::kLoadIC_FunctionPrototype));
ager@chromium.org378b34e2011-01-28 08:04:38 +0000[diff] [blame]906 } else {
907 set_target(non_monomorphic_stub);
908 }
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]909 return Accessors::FunctionGetPrototype(*object, 0);
910 }
911 }
912
913 // Check if the name is trivially convertible to an index and get
914 // the element if so.
915 uint32_t index;
916 if (name->AsArrayIndex(&index)) return object->GetElement(index);
917
918 // Named lookup in the object.
919 LookupResult lookup;
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]920 LookupForRead(*object, *name, &lookup);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]921
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]922 // If we did not find a property, check if we need to throw an exception.
923 if (!lookup.IsProperty()) {
kmillikin@chromium.org13bd2942009-12-16 15:36:05 +0000[diff] [blame]924 if (FLAG_strict || IsContextual(object)) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]925 return ReferenceError("not_defined", name);
926 }
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]927 LOG(isolate(), SuspectReadEvent(*name, *object));
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]928 }
929
930 // Update inline cache and stub cache.
kmillikin@chromium.org5d8f0e62010-03-24 08:21:20 +0000[diff] [blame]931 if (FLAG_use_ic) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]932 UpdateCaches(&lookup, state, object, name);
933 }
934
935 PropertyAttributes attr;
kmillikin@chromium.orgc53e10d2011-05-18 09:12:58 +0000[diff] [blame]936 if (lookup.IsProperty() &&
937 (lookup.type() == INTERCEPTOR || lookup.type() == HANDLER)) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]938 // Get the property.
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]939 Object* result;
940 { MaybeObject* maybe_result =
941 object->GetProperty(*object, &lookup, *name, &attr);
942 if (!maybe_result->ToObject(&result)) return maybe_result;
943 }
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]944 // If the property is not present, check if we need to throw an
945 // exception.
kmillikin@chromium.org13bd2942009-12-16 15:36:05 +0000[diff] [blame]946 if (attr == ABSENT && IsContextual(object)) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]947 return ReferenceError("not_defined", name);
948 }
949 return result;
950 }
951
952 // Get the property.
953 return object->GetProperty(*object, &lookup, *name, &attr);
954}
955
956
957void LoadIC::UpdateCaches(LookupResult* lookup,
958 State state,
959 Handle<Object> object,
960 Handle<String> name) {
ricow@chromium.orgc9c80822010-04-21 08:22:37 +0000[diff] [blame]961 // Bail out if the result is not cacheable.
962 if (!lookup->IsCacheable()) return;
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]963
964 // Loading properties from values is not common, so don't try to
965 // deal with non-JS objects here.
966 if (!object->IsJSObject()) return;
967 Handle<JSObject> receiver = Handle<JSObject>::cast(object);
968
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]969 if (HasNormalObjectsInPrototypeChain(isolate(), lookup, *object)) return;
kmillikin@chromium.org69ea3962010-07-05 11:01:40 +0000[diff] [blame]970
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]971 // Compute the code stub for this load.
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]972 MaybeObject* maybe_code = NULL;
973 Object* code;
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]974 if (state == UNINITIALIZED) {
975 // This is the first time we execute this inline cache.
976 // Set the target to the pre monomorphic stub to delay
977 // setting the monomorphic state.
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]978 maybe_code = pre_monomorphic_stub();
ricow@chromium.orgc9c80822010-04-21 08:22:37 +0000[diff] [blame]979 } else if (!lookup->IsProperty()) {
980 // Nonexistent property. The result is undefined.
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]981 maybe_code = isolate()->stub_cache()->ComputeLoadNonexistent(*name,
982 *receiver);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]983 } else {
984 // Compute monomorphic stub.
985 switch (lookup->type()) {
986 case FIELD: {
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]987 maybe_code = isolate()->stub_cache()->ComputeLoadField(
988 *name,
989 *receiver,
990 lookup->holder(),
991 lookup->GetFieldIndex());
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]992 break;
993 }
994 case CONSTANT_FUNCTION: {
995 Object* constant = lookup->GetConstantFunction();
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]996 maybe_code = isolate()->stub_cache()->ComputeLoadConstant(
997 *name, *receiver, lookup->holder(), constant);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]998 break;
999 }
1000 case NORMAL: {
kasperl@chromium.orgdefbd102009-07-13 14:04:26 +0000[diff] [blame]1001 if (lookup->holder()->IsGlobalObject()) {
1002 GlobalObject* global = GlobalObject::cast(lookup->holder());
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]1003 JSGlobalPropertyCell* cell =
1004 JSGlobalPropertyCell::cast(global->GetPropertyCell(lookup));
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1005 maybe_code = isolate()->stub_cache()->ComputeLoadGlobal(*name,
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]1006 *receiver,
1007 global,
1008 cell,
1009 lookup->IsDontDelete());
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]1010 } else {
1011 // There is only one shared stub for loading normalized
1012 // properties. It does not traverse the prototype chain, so the
1013 // property must be found in the receiver for the stub to be
1014 // applicable.
1015 if (lookup->holder() != *receiver) return;
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1016 maybe_code = isolate()->stub_cache()->ComputeLoadNormal();
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]1017 }
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1018 break;
1019 }
1020 case CALLBACKS: {
1021 if (!lookup->GetCallbackObject()->IsAccessorInfo()) return;
1022 AccessorInfo* callback =
1023 AccessorInfo::cast(lookup->GetCallbackObject());
1024 if (v8::ToCData<Address>(callback->getter()) == 0) return;
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1025 maybe_code = isolate()->stub_cache()->ComputeLoadCallback(
1026 *name, *receiver, lookup->holder(), callback);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1027 break;
1028 }
1029 case INTERCEPTOR: {
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]1030 ASSERT(HasInterceptorGetter(lookup->holder()));
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1031 maybe_code = isolate()->stub_cache()->ComputeLoadInterceptor(
1032 *name, *receiver, lookup->holder());
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1033 break;
1034 }
1035 default:
1036 return;
1037 }
1038 }
1039
1040 // If we're unable to compute the stub (not enough memory left), we
1041 // simply avoid updating the caches.
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]1042 if (maybe_code == NULL || !maybe_code->ToObject(&code)) return;
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1043
1044 // Patch the call site depending on the state of the cache.
1045 if (state == UNINITIALIZED || state == PREMONOMORPHIC ||
1046 state == MONOMORPHIC_PROTOTYPE_FAILURE) {
1047 set_target(Code::cast(code));
1048 } else if (state == MONOMORPHIC) {
1049 set_target(megamorphic_stub());
whesse@chromium.org2c186ca2010-06-16 11:32:39 +0000[diff] [blame]1050 } else if (state == MEGAMORPHIC) {
kmillikin@chromium.org69ea3962010-07-05 11:01:40 +0000[diff] [blame]1051 // Cache code holding map should be consistent with
1052 // GenerateMonomorphicCacheProbe.
1053 Map* map = JSObject::cast(object->IsJSObject() ? *object :
1054 object->GetPrototype())->map();
1055
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1056 isolate()->stub_cache()->Set(*name, map, Code::cast(code));
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1057 }
1058
1059#ifdef DEBUG
1060 TraceIC("LoadIC", name, state, target());
1061#endif
1062}
1063
1064
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1065String* KeyedLoadIC::GetStubNameForCache(IC::State ic_state) {
1066 if (ic_state == MONOMORPHIC) {
svenpanne@chromium.org6d786c92011-06-15 10:58:27 +0000[diff] [blame^]1067 return isolate()->heap()->KeyedLoadElementMonomorphic_symbol();
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1068 } else {
1069 ASSERT(ic_state == MEGAMORPHIC);
svenpanne@chromium.org6d786c92011-06-15 10:58:27 +0000[diff] [blame^]1070 return isolate()->heap()->KeyedLoadElementPolymorphic_symbol();
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1071 }
1072}
1073
1074
1075MaybeObject* KeyedLoadIC::GetFastElementStubWithoutMapCheck(
1076 bool is_js_array) {
1077 return KeyedLoadFastElementStub().TryGetCode();
1078}
1079
1080
1081MaybeObject* KeyedLoadIC::GetExternalArrayStubWithoutMapCheck(
svenpanne@chromium.org6d786c92011-06-15 10:58:27 +0000[diff] [blame^]1082 JSObject::ElementsKind elements_kind) {
1083 return KeyedLoadExternalArrayStub(elements_kind).TryGetCode();
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1084}
1085
1086
1087MaybeObject* KeyedLoadIC::ConstructMegamorphicStub(
1088 MapList* receiver_maps,
1089 CodeList* targets,
1090 StrictModeFlag strict_mode) {
1091 Object* object;
1092 KeyedLoadStubCompiler compiler;
1093 MaybeObject* maybe_code = compiler.CompileLoadMegamorphic(receiver_maps,
1094 targets);
1095 if (!maybe_code->ToObject(&object)) return maybe_code;
1096 isolate()->counters()->keyed_load_polymorphic_stubs()->Increment();
1097 PROFILE(isolate(), CodeCreateEvent(
1098 Logger::KEYED_LOAD_MEGAMORPHIC_IC_TAG,
1099 Code::cast(object), 0));
1100 return object;
1101}
1102
1103
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]1104MaybeObject* KeyedLoadIC::Load(State state,
1105 Handle<Object> object,
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1106 Handle<Object> key,
1107 bool force_generic_stub) {
kmillikin@chromium.orgc36ce6e2011-04-04 08:25:31 +0000[diff] [blame]1108 // Check for values that can be converted into a symbol.
1109 // TODO(1295): Remove this code.
1110 HandleScope scope(isolate());
1111 if (key->IsHeapNumber() &&
1112 isnan(HeapNumber::cast(*key)->value())) {
1113 key = isolate()->factory()->nan_symbol();
1114 } else if (key->IsUndefined()) {
1115 key = isolate()->factory()->undefined_symbol();
1116 }
1117
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1118 if (key->IsSymbol()) {
1119 Handle<String> name = Handle<String>::cast(key);
1120
1121 // If the object is undefined or null it's illegal to try to get any
1122 // of its properties; throw a TypeError in that case.
1123 if (object->IsUndefined() || object->IsNull()) {
1124 return TypeError("non_object_property_load", object, name);
1125 }
1126
kasperl@chromium.orgaa95aeb2009-07-28 10:59:50 +0000[diff] [blame]1127 if (FLAG_use_ic) {
ager@chromium.org378b34e2011-01-28 08:04:38 +0000[diff] [blame]1128 // TODO(1073): don't ignore the current stub state.
1129
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1130 // Use specialized code for getting the length of strings.
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1131 if (object->IsString() &&
1132 name->Equals(isolate()->heap()->length_symbol())) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1133 Handle<String> string = Handle<String>::cast(object);
1134 Object* code = NULL;
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]1135 { MaybeObject* maybe_code =
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1136 isolate()->stub_cache()->ComputeKeyedLoadStringLength(*name,
1137 *string);
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]1138 if (!maybe_code->ToObject(&code)) return maybe_code;
1139 }
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1140 set_target(Code::cast(code));
1141#ifdef DEBUG
1142 TraceIC("KeyedLoadIC", name, state, target());
kasperl@chromium.orge959c182009-07-27 08:59:04 +0000[diff] [blame]1143#endif // DEBUG
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1144 return Smi::FromInt(string->length());
1145 }
1146
1147 // Use specialized code for getting the length of arrays.
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1148 if (object->IsJSArray() &&
1149 name->Equals(isolate()->heap()->length_symbol())) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1150 Handle<JSArray> array = Handle<JSArray>::cast(object);
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]1151 Object* code;
1152 { MaybeObject* maybe_code =
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1153 isolate()->stub_cache()->ComputeKeyedLoadArrayLength(*name,
1154 *array);
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]1155 if (!maybe_code->ToObject(&code)) return maybe_code;
1156 }
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1157 set_target(Code::cast(code));
1158#ifdef DEBUG
1159 TraceIC("KeyedLoadIC", name, state, target());
kasperl@chromium.orge959c182009-07-27 08:59:04 +0000[diff] [blame]1160#endif // DEBUG
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1161 return JSArray::cast(*object)->length();
1162 }
1163
1164 // Use specialized code for getting prototype of functions.
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1165 if (object->IsJSFunction() &&
1166 name->Equals(isolate()->heap()->prototype_symbol()) &&
kmillikin@chromium.org4111b802010-05-03 10:34:42 +0000[diff] [blame]1167 JSFunction::cast(*object)->should_have_prototype()) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1168 Handle<JSFunction> function = Handle<JSFunction>::cast(object);
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]1169 Object* code;
1170 { MaybeObject* maybe_code =
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1171 isolate()->stub_cache()->ComputeKeyedLoadFunctionPrototype(
1172 *name, *function);
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]1173 if (!maybe_code->ToObject(&code)) return maybe_code;
1174 }
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1175 set_target(Code::cast(code));
1176#ifdef DEBUG
1177 TraceIC("KeyedLoadIC", name, state, target());
kasperl@chromium.orge959c182009-07-27 08:59:04 +0000[diff] [blame]1178#endif // DEBUG
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1179 return Accessors::FunctionGetPrototype(*object, 0);
1180 }
1181 }
1182
1183 // Check if the name is trivially convertible to an index and get
1184 // the element or char if so.
1185 uint32_t index = 0;
1186 if (name->AsArrayIndex(&index)) {
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1187 HandleScope scope(isolate());
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1188 // Rewrite to the generic keyed load stub.
1189 if (FLAG_use_ic) set_target(generic_stub());
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1190 return Runtime::GetElementOrCharAt(isolate(), object, index);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1191 }
1192
1193 // Named lookup.
1194 LookupResult lookup;
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]1195 LookupForRead(*object, *name, &lookup);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1196
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]1197 // If we did not find a property, check if we need to throw an exception.
1198 if (!lookup.IsProperty()) {
kmillikin@chromium.org13bd2942009-12-16 15:36:05 +0000[diff] [blame]1199 if (FLAG_strict || IsContextual(object)) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1200 return ReferenceError("not_defined", name);
1201 }
1202 }
1203
kmillikin@chromium.org5d8f0e62010-03-24 08:21:20 +0000[diff] [blame]1204 if (FLAG_use_ic) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1205 UpdateCaches(&lookup, state, object, name);
1206 }
1207
1208 PropertyAttributes attr;
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]1209 if (lookup.IsProperty() && lookup.type() == INTERCEPTOR) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1210 // Get the property.
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]1211 Object* result;
1212 { MaybeObject* maybe_result =
1213 object->GetProperty(*object, &lookup, *name, &attr);
1214 if (!maybe_result->ToObject(&result)) return maybe_result;
1215 }
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1216 // If the property is not present, check if we need to throw an
1217 // exception.
kmillikin@chromium.org13bd2942009-12-16 15:36:05 +0000[diff] [blame]1218 if (attr == ABSENT && IsContextual(object)) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1219 return ReferenceError("not_defined", name);
1220 }
1221 return result;
1222 }
1223
1224 return object->GetProperty(*object, &lookup, *name, &attr);
1225 }
1226
1227 // Do not use ICs for objects that require access checks (including
1228 // the global object).
1229 bool use_ic = FLAG_use_ic && !object->IsAccessCheckNeeded();
1230
christian.plesner.hansen@gmail.com37abdec2009-01-06 14:43:28 +0000[diff] [blame]1231 if (use_ic) {
ager@chromium.org3811b432009-10-28 14:53:37 +0000[diff] [blame]1232 Code* stub = generic_stub();
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1233 if (!force_generic_stub) {
ricow@chromium.org83aa5492011-02-07 12:42:56 +0000[diff] [blame]1234 if (object->IsString() && key->IsNumber()) {
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1235 if (state == UNINITIALIZED) {
1236 stub = string_stub();
1237 }
ricow@chromium.org83aa5492011-02-07 12:42:56 +0000[diff] [blame]1238 } else if (object->IsJSObject()) {
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1239 JSObject* receiver = JSObject::cast(*object);
1240 if (receiver->HasIndexedInterceptor()) {
ricow@chromium.org83aa5492011-02-07 12:42:56 +0000[diff] [blame]1241 stub = indexed_interceptor_stub();
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1242 } else if (key->IsSmi()) {
1243 MaybeObject* maybe_stub = ComputeStub(receiver,
1244 false,
1245 kNonStrictMode,
1246 stub);
1247 stub = maybe_stub->IsFailure() ?
1248 NULL : Code::cast(maybe_stub->ToObjectUnchecked());
ricow@chromium.org83aa5492011-02-07 12:42:56 +0000[diff] [blame]1249 }
ager@chromium.org3811b432009-10-28 14:53:37 +0000[diff] [blame]1250 }
1251 }
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]1252 if (stub != NULL) set_target(stub);
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1253 }
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]1254
1255#ifdef DEBUG
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1256 TraceIC("KeyedLoadIC", key, state, target());
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]1257#endif // DEBUG
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1258
1259 // Get the property.
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1260 return Runtime::GetObjectProperty(isolate(), object, key);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1261}
1262
1263
1264void KeyedLoadIC::UpdateCaches(LookupResult* lookup, State state,
1265 Handle<Object> object, Handle<String> name) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1266 // Bail out if we didn't find a result.
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]1267 if (!lookup->IsProperty() || !lookup->IsCacheable()) return;
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1268
1269 if (!object->IsJSObject()) return;
1270 Handle<JSObject> receiver = Handle<JSObject>::cast(object);
1271
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1272 if (HasNormalObjectsInPrototypeChain(isolate(), lookup, *object)) return;
kmillikin@chromium.org69ea3962010-07-05 11:01:40 +0000[diff] [blame]1273
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1274 // Compute the code stub for this load.
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]1275 MaybeObject* maybe_code = NULL;
1276 Object* code;
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1277
1278 if (state == UNINITIALIZED) {
1279 // This is the first time we execute this inline cache.
1280 // Set the target to the pre monomorphic stub to delay
1281 // setting the monomorphic state.
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]1282 maybe_code = pre_monomorphic_stub();
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1283 } else {
1284 // Compute a monomorphic stub.
1285 switch (lookup->type()) {
1286 case FIELD: {
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1287 maybe_code = isolate()->stub_cache()->ComputeKeyedLoadField(
1288 *name, *receiver, lookup->holder(), lookup->GetFieldIndex());
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1289 break;
1290 }
1291 case CONSTANT_FUNCTION: {
1292 Object* constant = lookup->GetConstantFunction();
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1293 maybe_code = isolate()->stub_cache()->ComputeKeyedLoadConstant(
1294 *name, *receiver, lookup->holder(), constant);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1295 break;
1296 }
1297 case CALLBACKS: {
1298 if (!lookup->GetCallbackObject()->IsAccessorInfo()) return;
1299 AccessorInfo* callback =
1300 AccessorInfo::cast(lookup->GetCallbackObject());
1301 if (v8::ToCData<Address>(callback->getter()) == 0) return;
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1302 maybe_code = isolate()->stub_cache()->ComputeKeyedLoadCallback(
1303 *name, *receiver, lookup->holder(), callback);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1304 break;
1305 }
1306 case INTERCEPTOR: {
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]1307 ASSERT(HasInterceptorGetter(lookup->holder()));
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1308 maybe_code = isolate()->stub_cache()->ComputeKeyedLoadInterceptor(
1309 *name, *receiver, lookup->holder());
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1310 break;
1311 }
1312 default: {
1313 // Always rewrite to the generic case so that we do not
1314 // repeatedly try to rewrite.
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]1315 maybe_code = generic_stub();
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1316 break;
1317 }
1318 }
1319 }
1320
1321 // If we're unable to compute the stub (not enough memory left), we
1322 // simply avoid updating the caches.
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]1323 if (maybe_code == NULL || !maybe_code->ToObject(&code)) return;
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1324
1325 // Patch the call site depending on the state of the cache. Make
1326 // sure to always rewrite from monomorphic to megamorphic.
1327 ASSERT(state != MONOMORPHIC_PROTOTYPE_FAILURE);
1328 if (state == UNINITIALIZED || state == PREMONOMORPHIC) {
1329 set_target(Code::cast(code));
1330 } else if (state == MONOMORPHIC) {
1331 set_target(megamorphic_stub());
1332 }
1333
1334#ifdef DEBUG
1335 TraceIC("KeyedLoadIC", name, state, target());
1336#endif
1337}
1338
1339
ager@chromium.orgeadaf222009-06-16 09:43:10 +0000[diff] [blame]1340static bool StoreICableLookup(LookupResult* lookup) {
1341 // Bail out if we didn't find a result.
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]1342 if (!lookup->IsPropertyOrTransition() || !lookup->IsCacheable()) return false;
ager@chromium.orgeadaf222009-06-16 09:43:10 +0000[diff] [blame]1343
1344 // If the property is read-only, we leave the IC in its current
1345 // state.
1346 if (lookup->IsReadOnly()) return false;
1347
ager@chromium.orgeadaf222009-06-16 09:43:10 +0000[diff] [blame]1348 return true;
1349}
1350
1351
ricow@chromium.orgd2be9012011-06-01 06:00:58 +0000[diff] [blame]1352static bool LookupForWrite(JSReceiver* receiver,
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]1353 String* name,
1354 LookupResult* lookup) {
ricow@chromium.orgd2be9012011-06-01 06:00:58 +0000[diff] [blame]1355 receiver->LocalLookup(name, lookup);
ager@chromium.org5aa501c2009-06-23 07:57:28 +0000[diff] [blame]1356 if (!StoreICableLookup(lookup)) {
1357 return false;
1358 }
1359
1360 if (lookup->type() == INTERCEPTOR) {
ricow@chromium.orgd2be9012011-06-01 06:00:58 +0000[diff] [blame]1361 JSObject* object = JSObject::cast(receiver);
ager@chromium.org5aa501c2009-06-23 07:57:28 +0000[diff] [blame]1362 if (object->GetNamedInterceptor()->setter()->IsUndefined()) {
1363 object->LocalLookupRealNamedProperty(name, lookup);
1364 return StoreICableLookup(lookup);
1365 }
1366 }
1367
1368 return true;
1369}
1370
1371
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]1372MaybeObject* StoreIC::Store(State state,
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]1373 StrictModeFlag strict_mode,
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]1374 Handle<Object> object,
1375 Handle<String> name,
1376 Handle<Object> value) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1377 // If the object is undefined or null it's illegal to try to set any
1378 // properties on it; throw a TypeError in that case.
1379 if (object->IsUndefined() || object->IsNull()) {
1380 return TypeError("non_object_property_store", object, name);
1381 }
1382
ricow@chromium.orgd2be9012011-06-01 06:00:58 +0000[diff] [blame]1383 if (!object->IsJSReceiver()) {
karlklose@chromium.org8f806e82011-03-07 14:06:08 +0000[diff] [blame]1384 // The length property of string values is read-only. Throw in strict mode.
1385 if (strict_mode == kStrictMode && object->IsString() &&
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1386 name->Equals(isolate()->heap()->length_symbol())) {
karlklose@chromium.org8f806e82011-03-07 14:06:08 +0000[diff] [blame]1387 return TypeError("strict_read_only_property", object, name);
1388 }
1389 // Ignore stores where the receiver is not a JSObject.
1390 return *value;
1391 }
1392
ricow@chromium.orgd2be9012011-06-01 06:00:58 +0000[diff] [blame]1393 // Handle proxies.
1394 if (object->IsJSProxy()) {
1395 return JSReceiver::cast(*object)->
1396 SetProperty(*name, *value, NONE, strict_mode);
1397 }
1398
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1399 Handle<JSObject> receiver = Handle<JSObject>::cast(object);
1400
1401 // Check if the given name is an array index.
1402 uint32_t index;
1403 if (name->AsArrayIndex(&index)) {
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1404 HandleScope scope(isolate());
karlklose@chromium.org8f806e82011-03-07 14:06:08 +0000[diff] [blame]1405 Handle<Object> result = SetElement(receiver, index, value, strict_mode);
mads.s.ager@gmail.com9a4089a2008-09-01 08:55:01 +0000[diff] [blame]1406 if (result.is_null()) return Failure::Exception();
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1407 return *value;
1408 }
1409
ager@chromium.orgce5e87b2010-03-10 10:24:18 +0000[diff] [blame]1410 // Use specialized code for setting the length of arrays.
1411 if (receiver->IsJSArray()
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1412 && name->Equals(isolate()->heap()->length_symbol())
ricow@chromium.orgd2be9012011-06-01 06:00:58 +0000[diff] [blame]1413 && JSArray::cast(*receiver)->AllowsSetElementsLength()) {
ager@chromium.orgce5e87b2010-03-10 10:24:18 +0000[diff] [blame]1414#ifdef DEBUG
1415 if (FLAG_trace_ic) PrintF("[StoreIC : +#length /array]\n");
1416#endif
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]1417 Builtins::Name target = (strict_mode == kStrictMode)
fschneider@chromium.org7979bbb2011-03-28 10:47:03 +0000[diff] [blame]1418 ? Builtins::kStoreIC_ArrayLength_Strict
1419 : Builtins::kStoreIC_ArrayLength;
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1420 set_target(isolate()->builtins()->builtin(target));
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]1421 return receiver->SetProperty(*name, *value, NONE, strict_mode);
ager@chromium.orgce5e87b2010-03-10 10:24:18 +0000[diff] [blame]1422 }
1423
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1424 // Lookup the property locally in the receiver.
ager@chromium.orgeadaf222009-06-16 09:43:10 +0000[diff] [blame]1425 if (FLAG_use_ic && !receiver->IsJSGlobalProxy()) {
1426 LookupResult lookup;
fschneider@chromium.orged78ffd2010-07-21 11:05:19 +0000[diff] [blame]1427
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]1428 if (LookupForWrite(*receiver, *name, &lookup)) {
danno@chromium.org160a7b02011-04-18 15:51:38 +0000[diff] [blame]1429 // Generate a stub for this store.
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]1430 UpdateCaches(&lookup, state, strict_mode, receiver, name, value);
sgjesse@chromium.org496c03a2011-02-14 12:05:43 +0000[diff] [blame]1431 } else {
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]1432 // Strict mode doesn't allow setting non-existent global property
1433 // or an assignment to a read only property.
1434 if (strict_mode == kStrictMode) {
1435 if (lookup.IsFound() && lookup.IsReadOnly()) {
1436 return TypeError("strict_read_only_property", object, name);
1437 } else if (IsContextual(object)) {
1438 return ReferenceError("not_defined", name);
1439 }
sgjesse@chromium.org496c03a2011-02-14 12:05:43 +0000[diff] [blame]1440 }
ager@chromium.orgeadaf222009-06-16 09:43:10 +0000[diff] [blame]1441 }
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1442 }
1443
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]1444 if (receiver->IsJSGlobalProxy()) {
1445 // Generate a generic stub that goes to the runtime when we see a global
1446 // proxy as receiver.
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]1447 Code* stub = (strict_mode == kStrictMode)
sgjesse@chromium.org496c03a2011-02-14 12:05:43 +0000[diff] [blame]1448 ? global_proxy_stub_strict()
1449 : global_proxy_stub();
1450 if (target() != stub) {
1451 set_target(stub);
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]1452#ifdef DEBUG
1453 TraceIC("StoreIC", name, state, target());
1454#endif
1455 }
1456 }
1457
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1458 // Set the property.
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]1459 return receiver->SetProperty(*name, *value, NONE, strict_mode);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1460}
1461
1462
1463void StoreIC::UpdateCaches(LookupResult* lookup,
1464 State state,
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]1465 StrictModeFlag strict_mode,
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1466 Handle<JSObject> receiver,
1467 Handle<String> name,
1468 Handle<Object> value) {
kasperl@chromium.org5a8ca6c2008-10-23 13:57:19 +0000[diff] [blame]1469 // Skip JSGlobalProxy.
ager@chromium.orgeadaf222009-06-16 09:43:10 +0000[diff] [blame]1470 ASSERT(!receiver->IsJSGlobalProxy());
kasperl@chromium.org5a8ca6c2008-10-23 13:57:19 +0000[diff] [blame]1471
ager@chromium.orgeadaf222009-06-16 09:43:10 +0000[diff] [blame]1472 ASSERT(StoreICableLookup(lookup));
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1473
1474 // If the property has a non-field type allowing map transitions
1475 // where there is extra room in the object, we leave the IC in its
1476 // current state.
1477 PropertyType type = lookup->type();
1478
1479 // Compute the code stub for this store; used for rewriting to
1480 // monomorphic state and making sure that the code stub is in the
1481 // stub cache.
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]1482 MaybeObject* maybe_code = NULL;
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1483 Object* code = NULL;
1484 switch (type) {
1485 case FIELD: {
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1486 maybe_code = isolate()->stub_cache()->ComputeStoreField(
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]1487 *name, *receiver, lookup->GetFieldIndex(), NULL, strict_mode);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1488 break;
1489 }
1490 case MAP_TRANSITION: {
1491 if (lookup->GetAttributes() != NONE) return;
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1492 HandleScope scope(isolate());
kasperl@chromium.org41044eb2008-10-06 08:24:46 +0000[diff] [blame]1493 ASSERT(type == MAP_TRANSITION);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1494 Handle<Map> transition(lookup->GetTransitionMap());
1495 int index = transition->PropertyIndexFor(*name);
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1496 maybe_code = isolate()->stub_cache()->ComputeStoreField(
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]1497 *name, *receiver, index, *transition, strict_mode);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1498 break;
1499 }
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]1500 case NORMAL: {
kmillikin@chromium.org69ea3962010-07-05 11:01:40 +0000[diff] [blame]1501 if (receiver->IsGlobalObject()) {
1502 // The stub generated for the global object picks the value directly
1503 // from the property cell. So the property must be directly on the
1504 // global object.
1505 Handle<GlobalObject> global = Handle<GlobalObject>::cast(receiver);
1506 JSGlobalPropertyCell* cell =
1507 JSGlobalPropertyCell::cast(global->GetPropertyCell(lookup));
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1508 maybe_code = isolate()->stub_cache()->ComputeStoreGlobal(
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]1509 *name, *global, cell, strict_mode);
kmillikin@chromium.org69ea3962010-07-05 11:01:40 +0000[diff] [blame]1510 } else {
1511 if (lookup->holder() != *receiver) return;
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1512 maybe_code = isolate()->stub_cache()->ComputeStoreNormal(strict_mode);
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]1513 }
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]1514 break;
1515 }
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1516 case CALLBACKS: {
1517 if (!lookup->GetCallbackObject()->IsAccessorInfo()) return;
1518 AccessorInfo* callback = AccessorInfo::cast(lookup->GetCallbackObject());
1519 if (v8::ToCData<Address>(callback->setter()) == 0) return;
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1520 maybe_code = isolate()->stub_cache()->ComputeStoreCallback(
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]1521 *name, *receiver, callback, strict_mode);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1522 break;
1523 }
1524 case INTERCEPTOR: {
kasperl@chromium.org2abc4502009-07-02 07:00:29 +0000[diff] [blame]1525 ASSERT(!receiver->GetNamedInterceptor()->setter()->IsUndefined());
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1526 maybe_code = isolate()->stub_cache()->ComputeStoreInterceptor(
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]1527 *name, *receiver, strict_mode);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1528 break;
1529 }
1530 default:
1531 return;
1532 }
1533
1534 // If we're unable to compute the stub (not enough memory left), we
1535 // simply avoid updating the caches.
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]1536 if (maybe_code == NULL || !maybe_code->ToObject(&code)) return;
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1537
1538 // Patch the call site depending on the state of the cache.
1539 if (state == UNINITIALIZED || state == MONOMORPHIC_PROTOTYPE_FAILURE) {
1540 set_target(Code::cast(code));
1541 } else if (state == MONOMORPHIC) {
whesse@chromium.org2c186ca2010-06-16 11:32:39 +0000[diff] [blame]1542 // Only move to megamorphic if the target changes.
sgjesse@chromium.org496c03a2011-02-14 12:05:43 +0000[diff] [blame]1543 if (target() != Code::cast(code)) {
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]1544 set_target((strict_mode == kStrictMode)
sgjesse@chromium.org496c03a2011-02-14 12:05:43 +0000[diff] [blame]1545 ? megamorphic_stub_strict()
1546 : megamorphic_stub());
1547 }
whesse@chromium.org2c186ca2010-06-16 11:32:39 +0000[diff] [blame]1548 } else if (state == MEGAMORPHIC) {
1549 // Update the stub cache.
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1550 isolate()->stub_cache()->Set(*name,
1551 receiver->map(),
1552 Code::cast(code));
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1553 }
1554
1555#ifdef DEBUG
1556 TraceIC("StoreIC", name, state, target());
1557#endif
1558}
1559
1560
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1561static bool AddOneReceiverMapIfMissing(MapList* receiver_maps,
1562 Map* new_receiver_map) {
1563 for (int current = 0; current < receiver_maps->length(); ++current) {
1564 if (receiver_maps->at(current) == new_receiver_map) {
1565 return false;
1566 }
1567 }
1568 receiver_maps->Add(new_receiver_map);
1569 return true;
1570}
1571
1572
1573void KeyedIC::GetReceiverMapsForStub(Code* stub, MapList* result) {
1574 ASSERT(stub->is_inline_cache_stub());
1575 if (stub == string_stub()) {
1576 return result->Add(isolate()->heap()->string_map());
1577 } else if (stub->is_keyed_load_stub() || stub->is_keyed_store_stub()) {
1578 if (stub->ic_state() == MONOMORPHIC) {
1579 result->Add(Map::cast(stub->FindFirstMap()));
1580 } else {
1581 ASSERT(stub->ic_state() == MEGAMORPHIC);
1582 AssertNoAllocation no_allocation;
1583 int mask = RelocInfo::ModeMask(RelocInfo::EMBEDDED_OBJECT);
1584 for (RelocIterator it(stub, mask); !it.done(); it.next()) {
1585 RelocInfo* info = it.rinfo();
1586 Object* object = info->target_object();
1587 ASSERT(object->IsMap());
1588 result->Add(Map::cast(object));
1589 }
1590 }
1591 }
1592}
1593
1594
1595MaybeObject* KeyedIC::ComputeStub(JSObject* receiver,
1596 bool is_store,
1597 StrictModeFlag strict_mode,
1598 Code* generic_stub) {
1599 State ic_state = target()->ic_state();
1600 Code* monomorphic_stub;
1601 // Always compute the MONOMORPHIC stub, even if the MEGAMORPHIC stub ends up
1602 // being used. This is necessary because the megamorphic stub needs to have
1603 // access to more information than what is stored in the receiver map in some
1604 // cases (external arrays need the array type from the MONOMORPHIC stub).
1605 MaybeObject* maybe_stub = ComputeMonomorphicStub(receiver,
1606 is_store,
1607 strict_mode,
1608 generic_stub);
1609 if (!maybe_stub->To(&monomorphic_stub)) return maybe_stub;
1610
1611 if (ic_state == UNINITIALIZED || ic_state == PREMONOMORPHIC) {
1612 return monomorphic_stub;
1613 }
1614 ASSERT(target() != generic_stub);
1615
1616 // Don't handle megamorphic property accesses for INTERCEPTORS or CALLBACKS
1617 // via megamorphic stubs, since they don't have a map in their relocation info
1618 // and so the stubs can't be harvested for the object needed for a map check.
1619 if (target()->type() != NORMAL) {
1620 return generic_stub;
1621 }
1622
1623 // Determine the list of receiver maps that this call site has seen,
1624 // adding the map that was just encountered.
1625 MapList target_receiver_maps;
1626 GetReceiverMapsForStub(target(), &target_receiver_maps);
1627 if (!AddOneReceiverMapIfMissing(&target_receiver_maps, receiver->map())) {
1628 // If the miss wasn't due to an unseen map, a MEGAMORPHIC stub
1629 // won't help, use the generic stub.
1630 return generic_stub;
1631 }
1632
jkummerow@chromium.orge297f592011-06-08 10:05:15 +0000[diff] [blame]1633 // If the maximum number of receiver maps has been exceeded, use the generic
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1634 // version of the IC.
jkummerow@chromium.orge297f592011-06-08 10:05:15 +0000[diff] [blame]1635 if (target_receiver_maps.length() > KeyedIC::kMaxKeyedPolymorphism) {
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1636 return generic_stub;
1637 }
1638
jkummerow@chromium.orge297f592011-06-08 10:05:15 +0000[diff] [blame]1639 PolymorphicCodeCache* cache = isolate()->heap()->polymorphic_code_cache();
1640 Code::Flags flags = Code::ComputeFlags(this->kind(),
1641 NOT_IN_LOOP,
1642 MEGAMORPHIC,
1643 strict_mode);
1644 Object* maybe_cached_stub = cache->Lookup(&target_receiver_maps, flags);
1645 // If there is a cached stub, use it.
1646 if (!maybe_cached_stub->IsUndefined()) {
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1647 ASSERT(maybe_cached_stub->IsCode());
1648 return Code::cast(maybe_cached_stub);
1649 }
jkummerow@chromium.orge297f592011-06-08 10:05:15 +0000[diff] [blame]1650 // Collect MONOMORPHIC stubs for all target_receiver_maps.
1651 CodeList handler_ics(target_receiver_maps.length());
1652 for (int i = 0; i < target_receiver_maps.length(); ++i) {
1653 Map* receiver_map(target_receiver_maps.at(i));
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1654 MaybeObject* maybe_cached_stub = ComputeMonomorphicStubWithoutMapCheck(
jkummerow@chromium.orge297f592011-06-08 10:05:15 +0000[diff] [blame]1655 receiver_map, strict_mode, generic_stub);
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1656 Code* cached_stub;
jkummerow@chromium.orge297f592011-06-08 10:05:15 +0000[diff] [blame]1657 if (!maybe_cached_stub->To(&cached_stub)) return maybe_cached_stub;
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1658 handler_ics.Add(cached_stub);
1659 }
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1660 // Build the MEGAMORPHIC stub.
jkummerow@chromium.orge297f592011-06-08 10:05:15 +0000[diff] [blame]1661 Code* stub;
1662 maybe_stub = ConstructMegamorphicStub(&target_receiver_maps,
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1663 &handler_ics,
1664 strict_mode);
1665 if (!maybe_stub->To(&stub)) return maybe_stub;
jkummerow@chromium.orge297f592011-06-08 10:05:15 +0000[diff] [blame]1666 MaybeObject* maybe_update = cache->Update(&target_receiver_maps, flags, stub);
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1667 if (maybe_update->IsFailure()) return maybe_update;
1668 return stub;
1669}
1670
1671
1672MaybeObject* KeyedIC::ComputeMonomorphicStubWithoutMapCheck(
1673 Map* receiver_map,
1674 StrictModeFlag strict_mode,
1675 Code* generic_stub) {
1676 if ((receiver_map->instance_type() & kNotStringTag) == 0) {
1677 ASSERT(string_stub() != NULL);
1678 return string_stub();
1679 } else if (receiver_map->has_external_array_elements()) {
1680 // Determine the array type from the default MONOMORPHIC already generated
1681 // stub. There is no other way to determine the type of the external array
1682 // directly from the receiver type.
1683 Code::Kind kind = this->kind();
1684 Code::Flags flags = Code::ComputeMonomorphicFlags(kind,
1685 NORMAL,
1686 strict_mode);
1687 String* monomorphic_name = GetStubNameForCache(MONOMORPHIC);
1688 Object* maybe_default_stub = receiver_map->FindInCodeCache(monomorphic_name,
1689 flags);
1690 if (maybe_default_stub->IsUndefined()) {
1691 return generic_stub;
1692 }
1693 Code* default_stub = Code::cast(maybe_default_stub);
svenpanne@chromium.org6d786c92011-06-15 10:58:27 +0000[diff] [blame^]1694 Map* first_map = default_stub->FindFirstMap();
1695 return GetExternalArrayStubWithoutMapCheck(first_map->elements_kind());
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1696 } else if (receiver_map->has_fast_elements()) {
1697 bool is_js_array = receiver_map->instance_type() == JS_ARRAY_TYPE;
1698 return GetFastElementStubWithoutMapCheck(is_js_array);
1699 } else {
1700 return generic_stub;
1701 }
1702}
1703
1704
1705MaybeObject* KeyedIC::ComputeMonomorphicStub(JSObject* receiver,
1706 bool is_store,
1707 StrictModeFlag strict_mode,
1708 Code* generic_stub) {
1709 Code* result = NULL;
svenpanne@chromium.org6d786c92011-06-15 10:58:27 +0000[diff] [blame^]1710 if (receiver->HasFastElements() ||
1711 receiver->HasExternalArrayElements()) {
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1712 MaybeObject* maybe_stub =
svenpanne@chromium.org6d786c92011-06-15 10:58:27 +0000[diff] [blame^]1713 isolate()->stub_cache()->ComputeKeyedLoadOrStoreElement(
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1714 receiver, is_store, strict_mode);
1715 if (!maybe_stub->To(&result)) return maybe_stub;
1716 } else {
1717 result = generic_stub;
1718 }
1719 return result;
1720}
1721
1722
1723String* KeyedStoreIC::GetStubNameForCache(IC::State ic_state) {
1724 if (ic_state == MONOMORPHIC) {
svenpanne@chromium.org6d786c92011-06-15 10:58:27 +0000[diff] [blame^]1725 return isolate()->heap()->KeyedStoreElementMonomorphic_symbol();
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1726 } else {
1727 ASSERT(ic_state == MEGAMORPHIC);
svenpanne@chromium.org6d786c92011-06-15 10:58:27 +0000[diff] [blame^]1728 return isolate()->heap()->KeyedStoreElementPolymorphic_symbol();
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1729 }
1730}
1731
1732
1733MaybeObject* KeyedStoreIC::GetFastElementStubWithoutMapCheck(
1734 bool is_js_array) {
1735 return KeyedStoreFastElementStub(is_js_array).TryGetCode();
1736}
1737
1738
1739MaybeObject* KeyedStoreIC::GetExternalArrayStubWithoutMapCheck(
svenpanne@chromium.org6d786c92011-06-15 10:58:27 +0000[diff] [blame^]1740 JSObject::ElementsKind elements_kind) {
1741 return KeyedStoreExternalArrayStub(elements_kind).TryGetCode();
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1742}
1743
1744
1745MaybeObject* KeyedStoreIC::ConstructMegamorphicStub(
1746 MapList* receiver_maps,
1747 CodeList* targets,
1748 StrictModeFlag strict_mode) {
1749 Object* object;
1750 KeyedStoreStubCompiler compiler(strict_mode);
1751 MaybeObject* maybe_code = compiler.CompileStoreMegamorphic(receiver_maps,
1752 targets);
1753 if (!maybe_code->ToObject(&object)) return maybe_code;
1754 isolate()->counters()->keyed_store_polymorphic_stubs()->Increment();
1755 PROFILE(isolate(), CodeCreateEvent(
1756 Logger::KEYED_STORE_MEGAMORPHIC_IC_TAG,
1757 Code::cast(object), 0));
1758 return object;
1759}
1760
1761
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]1762MaybeObject* KeyedStoreIC::Store(State state,
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]1763 StrictModeFlag strict_mode,
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]1764 Handle<Object> object,
1765 Handle<Object> key,
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1766 Handle<Object> value,
1767 bool force_generic) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1768 if (key->IsSymbol()) {
1769 Handle<String> name = Handle<String>::cast(key);
1770
1771 // If the object is undefined or null it's illegal to try to set any
1772 // properties on it; throw a TypeError in that case.
1773 if (object->IsUndefined() || object->IsNull()) {
1774 return TypeError("non_object_property_store", object, name);
1775 }
1776
1777 // Ignore stores where the receiver is not a JSObject.
1778 if (!object->IsJSObject()) return *value;
1779 Handle<JSObject> receiver = Handle<JSObject>::cast(object);
1780
1781 // Check if the given name is an array index.
1782 uint32_t index;
1783 if (name->AsArrayIndex(&index)) {
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1784 HandleScope scope(isolate());
karlklose@chromium.org8f806e82011-03-07 14:06:08 +0000[diff] [blame]1785 Handle<Object> result = SetElement(receiver, index, value, strict_mode);
mads.s.ager@gmail.com9a4089a2008-09-01 08:55:01 +0000[diff] [blame]1786 if (result.is_null()) return Failure::Exception();
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1787 return *value;
1788 }
1789
1790 // Lookup the property locally in the receiver.
1791 LookupResult lookup;
1792 receiver->LocalLookup(*name, &lookup);
1793
1794 // Update inline cache and stub cache.
kmillikin@chromium.org5d8f0e62010-03-24 08:21:20 +0000[diff] [blame]1795 if (FLAG_use_ic) {
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]1796 UpdateCaches(&lookup, state, strict_mode, receiver, name, value);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1797 }
1798
1799 // Set the property.
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]1800 return receiver->SetProperty(*name, *value, NONE, strict_mode);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1801 }
1802
1803 // Do not use ICs for objects that require access checks (including
1804 // the global object).
1805 bool use_ic = FLAG_use_ic && !object->IsAccessCheckNeeded();
kasperl@chromium.org5a8ca6c2008-10-23 13:57:19 +0000[diff] [blame]1806 ASSERT(!(use_ic && object->IsJSGlobalProxy()));
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1807
ager@chromium.org3811b432009-10-28 14:53:37 +0000[diff] [blame]1808 if (use_ic) {
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1809 Code* stub = (strict_mode == kStrictMode)
1810 ? generic_stub_strict()
1811 : generic_stub();
1812 if (!force_generic) {
1813 if (object->IsJSObject() && key->IsSmi()) {
1814 JSObject* receiver = JSObject::cast(*object);
1815 MaybeObject* maybe_stub = ComputeStub(receiver,
1816 true,
1817 strict_mode,
1818 stub);
1819 stub = maybe_stub->IsFailure() ?
1820 NULL : Code::cast(maybe_stub->ToObjectUnchecked());
ager@chromium.org3811b432009-10-28 14:53:37 +0000[diff] [blame]1821 }
1822 }
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]1823 if (stub != NULL) set_target(stub);
ager@chromium.org3811b432009-10-28 14:53:37 +0000[diff] [blame]1824 }
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1825
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1826#ifdef DEBUG
1827 TraceIC("KeyedStoreIC", key, state, target());
1828#endif
1829
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1830 // Set the property.
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1831 return Runtime::SetObjectProperty(
1832 isolate(), object , key, value, NONE, strict_mode);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1833}
1834
1835
1836void KeyedStoreIC::UpdateCaches(LookupResult* lookup,
1837 State state,
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]1838 StrictModeFlag strict_mode,
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1839 Handle<JSObject> receiver,
1840 Handle<String> name,
1841 Handle<Object> value) {
kasperl@chromium.org5a8ca6c2008-10-23 13:57:19 +0000[diff] [blame]1842 // Skip JSGlobalProxy.
1843 if (receiver->IsJSGlobalProxy()) return;
1844
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1845 // Bail out if we didn't find a result.
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]1846 if (!lookup->IsPropertyOrTransition() || !lookup->IsCacheable()) return;
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1847
1848 // If the property is read-only, we leave the IC in its current
1849 // state.
1850 if (lookup->IsReadOnly()) return;
1851
1852 // If the property has a non-field type allowing map transitions
1853 // where there is extra room in the object, we leave the IC in its
1854 // current state.
1855 PropertyType type = lookup->type();
1856
1857 // Compute the code stub for this store; used for rewriting to
1858 // monomorphic state and making sure that the code stub is in the
1859 // stub cache.
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]1860 MaybeObject* maybe_code = NULL;
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1861 Object* code = NULL;
1862
1863 switch (type) {
1864 case FIELD: {
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1865 maybe_code = isolate()->stub_cache()->ComputeKeyedStoreField(
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]1866 *name, *receiver, lookup->GetFieldIndex(), NULL, strict_mode);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1867 break;
1868 }
1869 case MAP_TRANSITION: {
1870 if (lookup->GetAttributes() == NONE) {
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1871 HandleScope scope(isolate());
kasperl@chromium.org41044eb2008-10-06 08:24:46 +0000[diff] [blame]1872 ASSERT(type == MAP_TRANSITION);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1873 Handle<Map> transition(lookup->GetTransitionMap());
1874 int index = transition->PropertyIndexFor(*name);
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1875 maybe_code = isolate()->stub_cache()->ComputeKeyedStoreField(
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]1876 *name, *receiver, index, *transition, strict_mode);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1877 break;
1878 }
1879 // fall through.
1880 }
1881 default: {
1882 // Always rewrite to the generic case so that we do not
1883 // repeatedly try to rewrite.
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]1884 maybe_code = (strict_mode == kStrictMode)
1885 ? generic_stub_strict()
1886 : generic_stub();
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1887 break;
1888 }
1889 }
1890
1891 // If we're unable to compute the stub (not enough memory left), we
1892 // simply avoid updating the caches.
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]1893 if (maybe_code == NULL || !maybe_code->ToObject(&code)) return;
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1894
1895 // Patch the call site depending on the state of the cache. Make
1896 // sure to always rewrite from monomorphic to megamorphic.
1897 ASSERT(state != MONOMORPHIC_PROTOTYPE_FAILURE);
1898 if (state == UNINITIALIZED || state == PREMONOMORPHIC) {
1899 set_target(Code::cast(code));
1900 } else if (state == MONOMORPHIC) {
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]1901 set_target((strict_mode == kStrictMode)
1902 ? megamorphic_stub_strict()
1903 : megamorphic_stub());
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1904 }
1905
1906#ifdef DEBUG
1907 TraceIC("KeyedStoreIC", name, state, target());
1908#endif
1909}
1910
1911
1912// ----------------------------------------------------------------------------
1913// Static IC stub generators.
1914//
1915
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1916static JSFunction* CompileFunction(Isolate* isolate,
1917 JSFunction* function,
kmillikin@chromium.orgf05f2912010-09-30 10:07:24 +0000[diff] [blame]1918 InLoopFlag in_loop) {
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]1919 // Compile now with optimization.
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1920 HandleScope scope(isolate);
1921 Handle<JSFunction> function_handle(function, isolate);
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]1922 if (in_loop == IN_LOOP) {
kmillikin@chromium.orgf05f2912010-09-30 10:07:24 +0000[diff] [blame]1923 CompileLazyInLoop(function_handle, CLEAR_EXCEPTION);
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]1924 } else {
kmillikin@chromium.orgf05f2912010-09-30 10:07:24 +0000[diff] [blame]1925 CompileLazy(function_handle, CLEAR_EXCEPTION);
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]1926 }
kmillikin@chromium.orgf05f2912010-09-30 10:07:24 +0000[diff] [blame]1927 return *function_handle;
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]1928}
1929
1930
1931// Used from ic-<arch>.cc.
kmillikin@chromium.orgc36ce6e2011-04-04 08:25:31 +0000[diff] [blame]1932RUNTIME_FUNCTION(MaybeObject*, CallIC_Miss) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1933 NoHandleAllocation na;
1934 ASSERT(args.length() == 2);
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1935 CallIC ic(isolate);
ager@chromium.orgce5e87b2010-03-10 10:24:18 +0000[diff] [blame]1936 IC::State state = IC::StateFrom(ic.target(), args[0], args[1]);
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]1937 Code::ExtraICState extra_ic_state = ic.target()->extra_ic_state();
1938 MaybeObject* maybe_result = ic.LoadFunction(state,
1939 extra_ic_state,
1940 args.at<Object>(0),
1941 args.at<String>(1));
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]1942 Object* result;
erik.corry@gmail.com0511e242011-01-19 11:11:08 +0000[diff] [blame]1943 if (!maybe_result->ToObject(&result)) return maybe_result;
ager@chromium.org3bf7b912008-11-17 09:09:45 +0000[diff] [blame]1944
kasperl@chromium.org71affb52009-05-26 05:44:31 +0000[diff] [blame]1945 // The first time the inline cache is updated may be the first time the
1946 // function it references gets called. If the function was lazily compiled
1947 // then the first call will trigger a compilation. We check for this case
1948 // and we do the compilation immediately, instead of waiting for the stub
1949 // currently attached to the JSFunction object to trigger compilation. We
1950 // do this in the case where we know that the inline cache is inside a loop,
1951 // because then we know that we want to optimize the function.
1952 if (!result->IsJSFunction() || JSFunction::cast(result)->is_compiled()) {
1953 return result;
1954 }
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1955 return CompileFunction(isolate,
1956 JSFunction::cast(result),
1957 ic.target()->ic_in_loop());
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1958}
1959
1960
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]1961// Used from ic-<arch>.cc.
kmillikin@chromium.orgc36ce6e2011-04-04 08:25:31 +0000[diff] [blame]1962RUNTIME_FUNCTION(MaybeObject*, KeyedCallIC_Miss) {
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]1963 NoHandleAllocation na;
1964 ASSERT(args.length() == 2);
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1965 KeyedCallIC ic(isolate);
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]1966 IC::State state = IC::StateFrom(ic.target(), args[0], args[1]);
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]1967 Object* result;
1968 { MaybeObject* maybe_result =
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]1969 ic.LoadFunction(state, args.at<Object>(0), args.at<Object>(1));
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]1970 if (!maybe_result->ToObject(&result)) return maybe_result;
1971 }
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]1972
1973 if (!result->IsJSFunction() || JSFunction::cast(result)->is_compiled()) {
1974 return result;
1975 }
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1976 return CompileFunction(isolate,
1977 JSFunction::cast(result),
1978 ic.target()->ic_in_loop());
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]1979}
1980
1981
1982// Used from ic-<arch>.cc.
kmillikin@chromium.orgc36ce6e2011-04-04 08:25:31 +0000[diff] [blame]1983RUNTIME_FUNCTION(MaybeObject*, LoadIC_Miss) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1984 NoHandleAllocation na;
1985 ASSERT(args.length() == 2);
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1986 LoadIC ic(isolate);
ager@chromium.orgce5e87b2010-03-10 10:24:18 +0000[diff] [blame]1987 IC::State state = IC::StateFrom(ic.target(), args[0], args[1]);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1988 return ic.Load(state, args.at<Object>(0), args.at<String>(1));
1989}
1990
1991
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]1992// Used from ic-<arch>.cc
kmillikin@chromium.orgc36ce6e2011-04-04 08:25:31 +0000[diff] [blame]1993RUNTIME_FUNCTION(MaybeObject*, KeyedLoadIC_Miss) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]1994 NoHandleAllocation na;
1995 ASSERT(args.length() == 2);
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]1996 KeyedLoadIC ic(isolate);
ager@chromium.orgce5e87b2010-03-10 10:24:18 +0000[diff] [blame]1997 IC::State state = IC::StateFrom(ic.target(), args[0], args[1]);
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]1998 return ic.Load(state, args.at<Object>(0), args.at<Object>(1), false);
1999}
2000
2001
2002RUNTIME_FUNCTION(MaybeObject*, KeyedLoadIC_MissForceGeneric) {
2003 NoHandleAllocation na;
2004 ASSERT(args.length() == 2);
2005 KeyedLoadIC ic(isolate);
2006 IC::State state = IC::StateFrom(ic.target(), args[0], args[1]);
2007 return ic.Load(state, args.at<Object>(0), args.at<Object>(1), true);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2008}
2009
2010
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]2011// Used from ic-<arch>.cc.
kmillikin@chromium.orgc36ce6e2011-04-04 08:25:31 +0000[diff] [blame]2012RUNTIME_FUNCTION(MaybeObject*, StoreIC_Miss) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2013 NoHandleAllocation na;
2014 ASSERT(args.length() == 3);
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]2015 StoreIC ic(isolate);
ager@chromium.orgce5e87b2010-03-10 10:24:18 +0000[diff] [blame]2016 IC::State state = IC::StateFrom(ic.target(), args[0], args[1]);
sgjesse@chromium.org496c03a2011-02-14 12:05:43 +0000[diff] [blame]2017 Code::ExtraICState extra_ic_state = ic.target()->extra_ic_state();
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]2018 return ic.Store(state,
2019 static_cast<StrictModeFlag>(extra_ic_state & kStrictMode),
2020 args.at<Object>(0),
2021 args.at<String>(1),
2022 args.at<Object>(2));
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2023}
2024
2025
kmillikin@chromium.orgc36ce6e2011-04-04 08:25:31 +0000[diff] [blame]2026RUNTIME_FUNCTION(MaybeObject*, StoreIC_ArrayLength) {
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]2027 NoHandleAllocation nha;
2028
2029 ASSERT(args.length() == 2);
2030 JSObject* receiver = JSObject::cast(args[0]);
2031 Object* len = args[1];
2032
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]2033 // The generated code should filter out non-Smis before we get here.
2034 ASSERT(len->IsSmi());
2035
2036 Object* result;
2037 { MaybeObject* maybe_result = receiver->SetElementsLength(len);
2038 if (!maybe_result->ToObject(&result)) return maybe_result;
2039 }
ager@chromium.orgce5e87b2010-03-10 10:24:18 +0000[diff] [blame]2040 return len;
ager@chromium.org5c838252010-02-19 08:53:10 +0000[diff] [blame]2041}
2042
2043
kasperl@chromium.org41044eb2008-10-06 08:24:46 +0000[diff] [blame]2044// Extend storage is called in a store inline cache when
2045// it is necessary to extend the properties array of a
2046// JSObject.
kmillikin@chromium.orgc36ce6e2011-04-04 08:25:31 +0000[diff] [blame]2047RUNTIME_FUNCTION(MaybeObject*, SharedStoreIC_ExtendStorage) {
kasperl@chromium.org41044eb2008-10-06 08:24:46 +0000[diff] [blame]2048 NoHandleAllocation na;
2049 ASSERT(args.length() == 3);
2050
2051 // Convert the parameters
2052 JSObject* object = JSObject::cast(args[0]);
2053 Map* transition = Map::cast(args[1]);
2054 Object* value = args[2];
2055
2056 // Check the object has run out out property space.
2057 ASSERT(object->HasFastProperties());
2058 ASSERT(object->map()->unused_property_fields() == 0);
2059
2060 // Expand the properties array.
2061 FixedArray* old_storage = object->properties();
2062 int new_unused = transition->unused_property_fields();
2063 int new_size = old_storage->length() + new_unused + 1;
lrn@chromium.org303ada72010-10-27 09:33:13 +0000[diff] [blame]2064 Object* result;
2065 { MaybeObject* maybe_result = old_storage->CopySize(new_size);
2066 if (!maybe_result->ToObject(&result)) return maybe_result;
2067 }
kasperl@chromium.org41044eb2008-10-06 08:24:46 +0000[diff] [blame]2068 FixedArray* new_storage = FixedArray::cast(result);
2069 new_storage->set(old_storage->length(), value);
2070
ager@chromium.org32912102009-01-16 10:38:43 +0000[diff] [blame]2071 // Set the new property value and do the map transition.
kasperl@chromium.org41044eb2008-10-06 08:24:46 +0000[diff] [blame]2072 object->set_properties(new_storage);
2073 object->set_map(transition);
2074
2075 // Return the stored value.
2076 return value;
2077}
2078
2079
lrn@chromium.org1af7e1b2010-06-07 11:12:01 +0000[diff] [blame]2080// Used from ic-<arch>.cc.
kmillikin@chromium.orgc36ce6e2011-04-04 08:25:31 +0000[diff] [blame]2081RUNTIME_FUNCTION(MaybeObject*, KeyedStoreIC_Miss) {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2082 NoHandleAllocation na;
2083 ASSERT(args.length() == 3);
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]2084 KeyedStoreIC ic(isolate);
ager@chromium.orgce5e87b2010-03-10 10:24:18 +0000[diff] [blame]2085 IC::State state = IC::StateFrom(ic.target(), args[0], args[1]);
ager@chromium.org9ee27ae2011-03-02 13:43:26 +0000[diff] [blame]2086 Code::ExtraICState extra_ic_state = ic.target()->extra_ic_state();
2087 return ic.Store(state,
2088 static_cast<StrictModeFlag>(extra_ic_state & kStrictMode),
2089 args.at<Object>(0),
2090 args.at<Object>(1),
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]2091 args.at<Object>(2),
2092 false);
2093}
2094
2095
2096RUNTIME_FUNCTION(MaybeObject*, KeyedStoreIC_Slow) {
2097 NoHandleAllocation na;
2098 ASSERT(args.length() == 3);
2099 KeyedStoreIC ic(isolate);
2100 Code::ExtraICState extra_ic_state = ic.target()->extra_ic_state();
2101 Handle<Object> object = args.at<Object>(0);
2102 Handle<Object> key = args.at<Object>(1);
2103 Handle<Object> value = args.at<Object>(2);
2104 StrictModeFlag strict_mode =
2105 static_cast<StrictModeFlag>(extra_ic_state & kStrictMode);
2106 return Runtime::SetObjectProperty(isolate,
2107 object,
2108 key,
2109 value,
2110 NONE,
2111 strict_mode);
2112}
2113
2114
2115RUNTIME_FUNCTION(MaybeObject*, KeyedStoreIC_MissForceGeneric) {
2116 NoHandleAllocation na;
2117 ASSERT(args.length() == 3);
2118 KeyedStoreIC ic(isolate);
2119 IC::State state = IC::StateFrom(ic.target(), args[0], args[1]);
2120 Code::ExtraICState extra_ic_state = ic.target()->extra_ic_state();
2121 return ic.Store(state,
2122 static_cast<StrictModeFlag>(extra_ic_state & kStrictMode),
2123 args.at<Object>(0),
2124 args.at<Object>(1),
2125 args.at<Object>(2),
2126 true);
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2127}
2128
2129
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2130void UnaryOpIC::patch(Code* code) {
sgjesse@chromium.org8e8294a2011-05-02 14:30:53 +0000[diff] [blame]2131 set_target(code);
2132}
2133
2134
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2135const char* UnaryOpIC::GetName(TypeInfo type_info) {
sgjesse@chromium.org8e8294a2011-05-02 14:30:53 +0000[diff] [blame]2136 switch (type_info) {
2137 case UNINITIALIZED: return "Uninitialized";
2138 case SMI: return "Smi";
2139 case HEAP_NUMBER: return "HeapNumbers";
2140 case GENERIC: return "Generic";
2141 default: return "Invalid";
2142 }
2143}
2144
2145
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2146UnaryOpIC::State UnaryOpIC::ToState(TypeInfo type_info) {
sgjesse@chromium.org8e8294a2011-05-02 14:30:53 +0000[diff] [blame]2147 switch (type_info) {
2148 case UNINITIALIZED:
2149 return ::v8::internal::UNINITIALIZED;
2150 case SMI:
2151 case HEAP_NUMBER:
2152 return MONOMORPHIC;
2153 case GENERIC:
2154 return MEGAMORPHIC;
2155 }
2156 UNREACHABLE();
2157 return ::v8::internal::UNINITIALIZED;
2158}
2159
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2160UnaryOpIC::TypeInfo UnaryOpIC::GetTypeInfo(Handle<Object> operand) {
sgjesse@chromium.org8e8294a2011-05-02 14:30:53 +0000[diff] [blame]2161 ::v8::internal::TypeInfo operand_type =
2162 ::v8::internal::TypeInfo::TypeFromValue(operand);
2163 if (operand_type.IsSmi()) {
2164 return SMI;
2165 } else if (operand_type.IsNumber()) {
2166 return HEAP_NUMBER;
2167 } else {
2168 return GENERIC;
2169 }
2170}
2171
2172
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2173UnaryOpIC::TypeInfo UnaryOpIC::ComputeNewType(
2174 UnaryOpIC::TypeInfo current_type,
2175 UnaryOpIC::TypeInfo previous_type) {
2176 switch (previous_type) {
2177 case UnaryOpIC::UNINITIALIZED:
2178 return current_type;
2179 case UnaryOpIC::SMI:
2180 return (current_type == UnaryOpIC::GENERIC)
2181 ? UnaryOpIC::GENERIC
2182 : UnaryOpIC::HEAP_NUMBER;
2183 case UnaryOpIC::HEAP_NUMBER:
2184 return UnaryOpIC::GENERIC;
2185 case UnaryOpIC::GENERIC:
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]2186 // We should never do patching if we are in GENERIC state.
2187 UNREACHABLE();
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2188 return UnaryOpIC::GENERIC;
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]2189 }
2190 UNREACHABLE();
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2191 return UnaryOpIC::GENERIC;
sgjesse@chromium.org8e8294a2011-05-02 14:30:53 +0000[diff] [blame]2192}
2193
2194
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2195void BinaryOpIC::patch(Code* code) {
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2196 set_target(code);
2197}
2198
2199
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2200const char* BinaryOpIC::GetName(TypeInfo type_info) {
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2201 switch (type_info) {
2202 case UNINITIALIZED: return "Uninitialized";
2203 case SMI: return "SMI";
2204 case INT32: return "Int32s";
2205 case HEAP_NUMBER: return "HeapNumbers";
lrn@chromium.org7516f052011-03-30 08:52:27 +0000[diff] [blame]2206 case ODDBALL: return "Oddball";
danno@chromium.org160a7b02011-04-18 15:51:38 +0000[diff] [blame]2207 case BOTH_STRING: return "BothStrings";
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2208 case STRING: return "Strings";
2209 case GENERIC: return "Generic";
2210 default: return "Invalid";
2211 }
2212}
2213
2214
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2215BinaryOpIC::State BinaryOpIC::ToState(TypeInfo type_info) {
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2216 switch (type_info) {
2217 case UNINITIALIZED:
2218 return ::v8::internal::UNINITIALIZED;
2219 case SMI:
2220 case INT32:
2221 case HEAP_NUMBER:
lrn@chromium.org7516f052011-03-30 08:52:27 +0000[diff] [blame]2222 case ODDBALL:
danno@chromium.org160a7b02011-04-18 15:51:38 +0000[diff] [blame]2223 case BOTH_STRING:
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2224 case STRING:
2225 return MONOMORPHIC;
2226 case GENERIC:
2227 return MEGAMORPHIC;
2228 }
2229 UNREACHABLE();
2230 return ::v8::internal::UNINITIALIZED;
2231}
2232
2233
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2234BinaryOpIC::TypeInfo BinaryOpIC::JoinTypes(BinaryOpIC::TypeInfo x,
2235 BinaryOpIC::TypeInfo y) {
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2236 if (x == UNINITIALIZED) return y;
2237 if (y == UNINITIALIZED) return x;
danno@chromium.org160a7b02011-04-18 15:51:38 +0000[diff] [blame]2238 if (x == y) return x;
2239 if (x == BOTH_STRING && y == STRING) return STRING;
2240 if (x == STRING && y == BOTH_STRING) return STRING;
2241 if (x == STRING || x == BOTH_STRING || y == STRING || y == BOTH_STRING) {
2242 return GENERIC;
2243 }
2244 if (x > y) return x;
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2245 return y;
2246}
2247
danno@chromium.org160a7b02011-04-18 15:51:38 +0000[diff] [blame]2248
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2249BinaryOpIC::TypeInfo BinaryOpIC::GetTypeInfo(Handle<Object> left,
2250 Handle<Object> right) {
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2251 ::v8::internal::TypeInfo left_type =
2252 ::v8::internal::TypeInfo::TypeFromValue(left);
2253 ::v8::internal::TypeInfo right_type =
2254 ::v8::internal::TypeInfo::TypeFromValue(right);
2255
2256 if (left_type.IsSmi() && right_type.IsSmi()) {
2257 return SMI;
2258 }
2259
2260 if (left_type.IsInteger32() && right_type.IsInteger32()) {
ricow@chromium.org83aa5492011-02-07 12:42:56 +0000[diff] [blame]2261 // Platforms with 32-bit Smis have no distinct INT32 type.
2262 if (kSmiValueSize == 32) return SMI;
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2263 return INT32;
2264 }
2265
2266 if (left_type.IsNumber() && right_type.IsNumber()) {
2267 return HEAP_NUMBER;
2268 }
2269
danno@chromium.org160a7b02011-04-18 15:51:38 +0000[diff] [blame]2270 // Patching for fast string ADD makes sense even if only one of the
2271 // arguments is a string.
2272 if (left_type.IsString()) {
2273 return right_type.IsString() ? BOTH_STRING : STRING;
2274 } else if (right_type.IsString()) {
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2275 return STRING;
2276 }
2277
lrn@chromium.org7516f052011-03-30 08:52:27 +0000[diff] [blame]2278 // Check for oddball objects.
2279 if (left->IsUndefined() && right->IsNumber()) return ODDBALL;
2280 if (left->IsNumber() && right->IsUndefined()) return ODDBALL;
2281
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2282 return GENERIC;
2283}
2284
2285
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2286RUNTIME_FUNCTION(MaybeObject*, UnaryOp_Patch) {
sgjesse@chromium.org8e8294a2011-05-02 14:30:53 +0000[diff] [blame]2287 ASSERT(args.length() == 4);
2288
2289 HandleScope scope(isolate);
2290 Handle<Object> operand = args.at<Object>(0);
svenpanne@chromium.org6d786c92011-06-15 10:58:27 +0000[diff] [blame^]2291 int key = args.smi_at(1);
2292 Token::Value op = static_cast<Token::Value>(args.smi_at(2));
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2293 UnaryOpIC::TypeInfo previous_type =
svenpanne@chromium.org6d786c92011-06-15 10:58:27 +0000[diff] [blame^]2294 static_cast<UnaryOpIC::TypeInfo>(args.smi_at(3));
sgjesse@chromium.org8e8294a2011-05-02 14:30:53 +0000[diff] [blame]2295
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2296 UnaryOpIC::TypeInfo type = UnaryOpIC::GetTypeInfo(operand);
2297 type = UnaryOpIC::ComputeNewType(type, previous_type);
sgjesse@chromium.org8e8294a2011-05-02 14:30:53 +0000[diff] [blame]2298
svenpanne@chromium.org6d786c92011-06-15 10:58:27 +0000[diff] [blame^]2299 UnaryOpStub stub(key, type);
2300 Handle<Code> code = stub.GetCode();
sgjesse@chromium.org8e8294a2011-05-02 14:30:53 +0000[diff] [blame]2301 if (!code.is_null()) {
2302 if (FLAG_trace_ic) {
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2303 PrintF("[UnaryOpIC (%s->%s)#%s]\n",
2304 UnaryOpIC::GetName(previous_type),
2305 UnaryOpIC::GetName(type),
sgjesse@chromium.org8e8294a2011-05-02 14:30:53 +0000[diff] [blame]2306 Token::Name(op));
2307 }
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2308 UnaryOpIC ic(isolate);
sgjesse@chromium.org8e8294a2011-05-02 14:30:53 +0000[diff] [blame]2309 ic.patch(*code);
2310 }
2311
2312 Handle<JSBuiltinsObject> builtins = Handle<JSBuiltinsObject>(
2313 isolate->thread_local_top()->context_->builtins(), isolate);
2314 Object* builtin = NULL; // Initialization calms down the compiler.
2315 switch (op) {
2316 case Token::SUB:
2317 builtin = builtins->javascript_builtin(Builtins::UNARY_MINUS);
2318 break;
2319 case Token::BIT_NOT:
2320 builtin = builtins->javascript_builtin(Builtins::BIT_NOT);
2321 break;
2322 default:
2323 UNREACHABLE();
2324 }
2325
2326 Handle<JSFunction> builtin_function(JSFunction::cast(builtin), isolate);
2327
2328 bool caught_exception;
2329 Handle<Object> result = Execution::Call(builtin_function, operand, 0, NULL,
2330 &caught_exception);
2331 if (caught_exception) {
2332 return Failure::Exception();
2333 }
2334 return *result;
2335}
2336
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2337RUNTIME_FUNCTION(MaybeObject*, BinaryOp_Patch) {
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2338 ASSERT(args.length() == 5);
2339
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]2340 HandleScope scope(isolate);
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2341 Handle<Object> left = args.at<Object>(0);
2342 Handle<Object> right = args.at<Object>(1);
svenpanne@chromium.org6d786c92011-06-15 10:58:27 +0000[diff] [blame^]2343 int key = args.smi_at(2);
2344 Token::Value op = static_cast<Token::Value>(args.smi_at(3));
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2345 BinaryOpIC::TypeInfo previous_type =
svenpanne@chromium.org6d786c92011-06-15 10:58:27 +0000[diff] [blame^]2346 static_cast<BinaryOpIC::TypeInfo>(args.smi_at(4));
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2347
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2348 BinaryOpIC::TypeInfo type = BinaryOpIC::GetTypeInfo(left, right);
2349 type = BinaryOpIC::JoinTypes(type, previous_type);
2350 BinaryOpIC::TypeInfo result_type = BinaryOpIC::UNINITIALIZED;
2351 if ((type == BinaryOpIC::STRING || type == BinaryOpIC::BOTH_STRING) &&
danno@chromium.org160a7b02011-04-18 15:51:38 +0000[diff] [blame]2352 op != Token::ADD) {
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2353 type = BinaryOpIC::GENERIC;
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2354 }
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2355 if (type == BinaryOpIC::SMI && previous_type == BinaryOpIC::SMI) {
ager@chromium.orgea91cc52011-05-23 06:06:11 +0000[diff] [blame]2356 if (op == Token::DIV ||
2357 op == Token::MUL ||
2358 op == Token::SHR ||
2359 kSmiValueSize == 32) {
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2360 // Arithmetic on two Smi inputs has yielded a heap number.
2361 // That is the only way to get here from the Smi stub.
ricow@chromium.org83aa5492011-02-07 12:42:56 +0000[diff] [blame]2362 // With 32-bit Smis, all overflows give heap numbers, but with
2363 // 31-bit Smis, most operations overflow to int32 results.
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2364 result_type = BinaryOpIC::HEAP_NUMBER;
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2365 } else {
2366 // Other operations on SMIs that overflow yield int32s.
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2367 result_type = BinaryOpIC::INT32;
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2368 }
2369 }
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2370 if (type == BinaryOpIC::INT32 && previous_type == BinaryOpIC::INT32) {
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2371 // We must be here because an operation on two INT32 types overflowed.
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2372 result_type = BinaryOpIC::HEAP_NUMBER;
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2373 }
2374
svenpanne@chromium.org6d786c92011-06-15 10:58:27 +0000[diff] [blame^]2375 BinaryOpStub stub(key, type, result_type);
2376 Handle<Code> code = stub.GetCode();
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2377 if (!code.is_null()) {
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2378 if (FLAG_trace_ic) {
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2379 PrintF("[BinaryOpIC (%s->(%s->%s))#%s]\n",
2380 BinaryOpIC::GetName(previous_type),
2381 BinaryOpIC::GetName(type),
2382 BinaryOpIC::GetName(result_type),
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2383 Token::Name(op));
2384 }
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2385 BinaryOpIC ic(isolate);
ager@chromium.org378b34e2011-01-28 08:04:38 +0000[diff] [blame]2386 ic.patch(*code);
ager@chromium.org5f0c45f2010-12-17 08:51:21 +0000[diff] [blame]2387
2388 // Activate inlined smi code.
danno@chromium.org40cb8782011-05-25 07:58:50 +0000[diff] [blame]2389 if (previous_type == BinaryOpIC::UNINITIALIZED) {
ager@chromium.org5f0c45f2010-12-17 08:51:21 +0000[diff] [blame]2390 PatchInlinedSmiCode(ic.address());
2391 }
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2392 }
2393
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]2394 Handle<JSBuiltinsObject> builtins = Handle<JSBuiltinsObject>(
2395 isolate->thread_local_top()->context_->builtins(), isolate);
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2396 Object* builtin = NULL; // Initialization calms down the compiler.
2397 switch (op) {
2398 case Token::ADD:
2399 builtin = builtins->javascript_builtin(Builtins::ADD);
2400 break;
2401 case Token::SUB:
2402 builtin = builtins->javascript_builtin(Builtins::SUB);
2403 break;
2404 case Token::MUL:
2405 builtin = builtins->javascript_builtin(Builtins::MUL);
2406 break;
2407 case Token::DIV:
2408 builtin = builtins->javascript_builtin(Builtins::DIV);
2409 break;
2410 case Token::MOD:
2411 builtin = builtins->javascript_builtin(Builtins::MOD);
2412 break;
2413 case Token::BIT_AND:
2414 builtin = builtins->javascript_builtin(Builtins::BIT_AND);
2415 break;
2416 case Token::BIT_OR:
2417 builtin = builtins->javascript_builtin(Builtins::BIT_OR);
2418 break;
2419 case Token::BIT_XOR:
2420 builtin = builtins->javascript_builtin(Builtins::BIT_XOR);
2421 break;
2422 case Token::SHR:
2423 builtin = builtins->javascript_builtin(Builtins::SHR);
2424 break;
2425 case Token::SAR:
2426 builtin = builtins->javascript_builtin(Builtins::SAR);
2427 break;
2428 case Token::SHL:
2429 builtin = builtins->javascript_builtin(Builtins::SHL);
2430 break;
2431 default:
2432 UNREACHABLE();
2433 }
2434
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]2435 Handle<JSFunction> builtin_function(JSFunction::cast(builtin), isolate);
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2436
2437 bool caught_exception;
2438 Object** builtin_args[] = { right.location() };
2439 Handle<Object> result = Execution::Call(builtin_function,
2440 left,
2441 ARRAY_SIZE(builtin_args),
2442 builtin_args,
2443 &caught_exception);
2444 if (caught_exception) {
2445 return Failure::Exception();
2446 }
2447 return *result;
2448}
2449
2450
2451Handle<Code> CompareIC::GetUninitialized(Token::Value op) {
2452 ICCompareStub stub(op, UNINITIALIZED);
2453 return stub.GetCode();
2454}
2455
2456
2457CompareIC::State CompareIC::ComputeState(Code* target) {
2458 int key = target->major_key();
2459 if (key == CodeStub::Compare) return GENERIC;
2460 ASSERT(key == CodeStub::CompareIC);
2461 return static_cast<State>(target->compare_state());
2462}
2463
2464
2465const char* CompareIC::GetStateName(State state) {
2466 switch (state) {
2467 case UNINITIALIZED: return "UNINITIALIZED";
2468 case SMIS: return "SMIS";
2469 case HEAP_NUMBERS: return "HEAP_NUMBERS";
2470 case OBJECTS: return "OBJECTS";
karlklose@chromium.org83a47282011-05-11 11:54:09 +0000[diff] [blame]2471 case SYMBOLS: return "SYMBOLS";
lrn@chromium.org1c092762011-05-09 09:42:16 +0000[diff] [blame]2472 case STRINGS: return "STRINGS";
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2473 case GENERIC: return "GENERIC";
2474 default:
2475 UNREACHABLE();
2476 return NULL;
2477 }
2478}
2479
2480
ager@chromium.org5f0c45f2010-12-17 08:51:21 +0000[diff] [blame]2481CompareIC::State CompareIC::TargetState(State state,
2482 bool has_inlined_smi_code,
2483 Handle<Object> x,
2484 Handle<Object> y) {
karlklose@chromium.org83a47282011-05-11 11:54:09 +0000[diff] [blame]2485 if (!has_inlined_smi_code && state != UNINITIALIZED && state != SYMBOLS) {
2486 return GENERIC;
2487 }
ager@chromium.org5f0c45f2010-12-17 08:51:21 +0000[diff] [blame]2488 if (state == UNINITIALIZED && x->IsSmi() && y->IsSmi()) return SMIS;
2489 if ((state == UNINITIALIZED || (state == SMIS && has_inlined_smi_code)) &&
2490 x->IsNumber() && y->IsNumber()) return HEAP_NUMBERS;
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2491 if (op_ != Token::EQ && op_ != Token::EQ_STRICT) return GENERIC;
ager@chromium.org5f0c45f2010-12-17 08:51:21 +0000[diff] [blame]2492 if (state == UNINITIALIZED &&
karlklose@chromium.org83a47282011-05-11 11:54:09 +0000[diff] [blame]2493 x->IsSymbol() && y->IsSymbol()) return SYMBOLS;
2494 if ((state == UNINITIALIZED || state == SYMBOLS) &&
lrn@chromium.org1c092762011-05-09 09:42:16 +0000[diff] [blame]2495 x->IsString() && y->IsString()) return STRINGS;
2496 if (state == UNINITIALIZED &&
ager@chromium.org5f0c45f2010-12-17 08:51:21 +0000[diff] [blame]2497 x->IsJSObject() && y->IsJSObject()) return OBJECTS;
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2498 return GENERIC;
2499}
2500
2501
2502// Used from ic_<arch>.cc.
kmillikin@chromium.orgc36ce6e2011-04-04 08:25:31 +0000[diff] [blame]2503RUNTIME_FUNCTION(Code*, CompareIC_Miss) {
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2504 NoHandleAllocation na;
2505 ASSERT(args.length() == 3);
svenpanne@chromium.org6d786c92011-06-15 10:58:27 +0000[diff] [blame^]2506 CompareIC ic(isolate, static_cast<Token::Value>(args.smi_at(2)));
kasperl@chromium.orga5551262010-12-07 12:49:48 +0000[diff] [blame]2507 ic.UpdateCaches(args.at<Object>(0), args.at<Object>(1));
2508 return ic.target();
2509}
2510
2511
sgjesse@chromium.orgea88ce92011-03-23 11:19:56 +0000[diff] [blame]2512static const Address IC_utilities[] = {
christian.plesner.hansen43d26ec2008-07-03 15:10:15 +0000[diff] [blame]2513#define ADDR(name) FUNCTION_ADDR(name),
2514 IC_UTIL_LIST(ADDR)
2515 NULL
2516#undef ADDR
2517};
2518
2519
2520Address IC::AddressFromUtilityId(IC::UtilityId id) {
2521 return IC_utilities[id];
2522}
2523
2524
2525} } // namespace v8::internal