Upgrade V8 to version 4.9.385.28
https://chromium.googlesource.com/v8/v8/+/4.9.385.28
FPIIM-449
Change-Id: I4b2e74289d4bf3667f2f3dc8aa2e541f63e26eb4
diff --git a/src/ic/x64/access-compiler-x64.cc b/src/ic/x64/access-compiler-x64.cc
index cd9196f..b8d50b3 100644
--- a/src/ic/x64/access-compiler-x64.cc
+++ b/src/ic/x64/access-compiler-x64.cc
@@ -2,8 +2,6 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "src/v8.h"
-
#if V8_TARGET_ARCH_X64
#include "src/ic/access-compiler.h"
@@ -33,14 +31,13 @@
// receiver, name, scratch1, scratch2, scratch3.
Register receiver = StoreDescriptor::ReceiverRegister();
Register name = StoreDescriptor::NameRegister();
- DCHECK(rbx.is(ElementTransitionAndStoreDescriptor::MapRegister()));
static Register registers[] = {receiver, name, rbx, rdi, r8};
return registers;
}
#undef __
-}
-} // namespace v8::internal
+} // namespace internal
+} // namespace v8
#endif // V8_TARGET_ARCH_X64
diff --git a/src/ic/x64/handler-compiler-x64.cc b/src/ic/x64/handler-compiler-x64.cc
index 46fa8cc..c09eca6 100644
--- a/src/ic/x64/handler-compiler-x64.cc
+++ b/src/ic/x64/handler-compiler-x64.cc
@@ -2,13 +2,12 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "src/v8.h"
-
#if V8_TARGET_ARCH_X64
#include "src/ic/call-optimization.h"
#include "src/ic/handler-compiler.h"
#include "src/ic/ic.h"
+#include "src/isolate-inl.h"
namespace v8 {
namespace internal {
@@ -57,7 +56,7 @@
__ j(not_zero, miss_label);
// Check that receiver is a JSObject.
- __ CmpInstanceType(scratch0, FIRST_SPEC_OBJECT_TYPE);
+ __ CmpInstanceType(scratch0, FIRST_JS_RECEIVER_TYPE);
__ j(below, miss_label);
// Load properties array.
@@ -79,10 +78,7 @@
void NamedLoadHandlerCompiler::GenerateDirectLoadGlobalFunctionPrototype(
MacroAssembler* masm, int index, Register result, Label* miss) {
- const int offset = Context::SlotOffset(Context::GLOBAL_OBJECT_INDEX);
- __ movp(result, Operand(rsi, offset));
- __ movp(result, FieldOperand(result, GlobalObject::kNativeContextOffset));
- __ movp(result, Operand(result, Context::SlotOffset(index)));
+ __ LoadNativeContextSlot(index, result);
// Load its initial map. The global functions all have initial maps.
__ movp(result,
FieldOperand(result, JSFunction::kPrototypeOrInitialMapOffset));
@@ -104,15 +100,10 @@
Register holder, Register name,
Handle<JSObject> holder_obj) {
STATIC_ASSERT(NamedLoadHandlerCompiler::kInterceptorArgsNameIndex == 0);
- STATIC_ASSERT(NamedLoadHandlerCompiler::kInterceptorArgsInfoIndex == 1);
- STATIC_ASSERT(NamedLoadHandlerCompiler::kInterceptorArgsThisIndex == 2);
- STATIC_ASSERT(NamedLoadHandlerCompiler::kInterceptorArgsHolderIndex == 3);
- STATIC_ASSERT(NamedLoadHandlerCompiler::kInterceptorArgsLength == 4);
+ STATIC_ASSERT(NamedLoadHandlerCompiler::kInterceptorArgsThisIndex == 1);
+ STATIC_ASSERT(NamedLoadHandlerCompiler::kInterceptorArgsHolderIndex == 2);
+ STATIC_ASSERT(NamedLoadHandlerCompiler::kInterceptorArgsLength == 3);
__ Push(name);
- Handle<InterceptorInfo> interceptor(holder_obj->GetNamedInterceptor());
- DCHECK(!masm->isolate()->heap()->InNewSpace(*interceptor));
- __ Move(kScratchRegister, interceptor);
- __ Push(kScratchRegister);
__ Push(receiver);
__ Push(holder);
}
@@ -120,50 +111,62 @@
static void CompileCallLoadPropertyWithInterceptor(
MacroAssembler* masm, Register receiver, Register holder, Register name,
- Handle<JSObject> holder_obj, IC::UtilityId id) {
+ Handle<JSObject> holder_obj, Runtime::FunctionId id) {
+ DCHECK(NamedLoadHandlerCompiler::kInterceptorArgsLength ==
+ Runtime::FunctionForId(id)->nargs);
PushInterceptorArguments(masm, receiver, holder, name, holder_obj);
- __ CallExternalReference(ExternalReference(IC_Utility(id), masm->isolate()),
- NamedLoadHandlerCompiler::kInterceptorArgsLength);
+ __ CallRuntime(id);
}
// Generate call to api function.
-void PropertyHandlerCompiler::GenerateFastApiCall(
+void PropertyHandlerCompiler::GenerateApiAccessorCall(
MacroAssembler* masm, const CallOptimization& optimization,
- Handle<Map> receiver_map, Register receiver, Register scratch_in,
- bool is_store, int argc, Register* values) {
+ Handle<Map> receiver_map, Register receiver, Register scratch,
+ bool is_store, Register store_parameter, Register accessor_holder,
+ int accessor_index) {
+ DCHECK(!accessor_holder.is(scratch));
DCHECK(optimization.is_simple_api_call());
- __ PopReturnAddressTo(scratch_in);
+ __ PopReturnAddressTo(scratch);
// receiver
__ Push(receiver);
// Write the arguments to stack frame.
- for (int i = 0; i < argc; i++) {
- Register arg = values[argc - 1 - i];
- DCHECK(!receiver.is(arg));
- DCHECK(!scratch_in.is(arg));
- __ Push(arg);
+ if (is_store) {
+ DCHECK(!receiver.is(store_parameter));
+ DCHECK(!scratch.is(store_parameter));
+ __ Push(store_parameter);
}
- __ PushReturnAddressFrom(scratch_in);
+ __ PushReturnAddressFrom(scratch);
// Stack now matches JSFunction abi.
// Abi for CallApiFunctionStub.
- Register callee = rax;
- Register call_data = rbx;
+ Register callee = rdi;
+ Register data = rbx;
Register holder = rcx;
Register api_function_address = rdx;
- Register scratch = rdi; // scratch_in is no longer valid.
+ scratch = no_reg;
+
+ // Put callee in place.
+ __ LoadAccessor(callee, accessor_holder, accessor_index,
+ is_store ? ACCESSOR_SETTER : ACCESSOR_GETTER);
// Put holder in place.
CallOptimization::HolderLookup holder_lookup;
- Handle<JSObject> api_holder =
- optimization.LookupHolderOfExpectedType(receiver_map, &holder_lookup);
+ int holder_depth = 0;
+ optimization.LookupHolderOfExpectedType(receiver_map, &holder_lookup,
+ &holder_depth);
switch (holder_lookup) {
case CallOptimization::kHolderIsReceiver:
__ Move(holder, receiver);
break;
case CallOptimization::kHolderFound:
- __ Move(holder, api_holder);
+ __ movp(holder, FieldOperand(receiver, HeapObject::kMapOffset));
+ __ movp(holder, FieldOperand(holder, Map::kPrototypeOffset));
+ for (int i = 1; i < holder_depth; i++) {
+ __ movp(holder, FieldOperand(holder, HeapObject::kMapOffset));
+ __ movp(holder, FieldOperand(holder, Map::kPrototypeOffset));
+ }
break;
case CallOptimization::kHolderNotFound:
UNREACHABLE();
@@ -171,23 +174,24 @@
}
Isolate* isolate = masm->isolate();
- Handle<JSFunction> function = optimization.constant_function();
Handle<CallHandlerInfo> api_call_info = optimization.api_call_info();
- Handle<Object> call_data_obj(api_call_info->data(), isolate);
-
- // Put callee in place.
- __ Move(callee, function);
-
bool call_data_undefined = false;
- // Put call_data in place.
- if (isolate->heap()->InNewSpace(*call_data_obj)) {
- __ Move(scratch, api_call_info);
- __ movp(call_data, FieldOperand(scratch, CallHandlerInfo::kDataOffset));
- } else if (call_data_obj->IsUndefined()) {
+ // Put call data in place.
+ if (api_call_info->data()->IsUndefined()) {
call_data_undefined = true;
- __ LoadRoot(call_data, Heap::kUndefinedValueRootIndex);
+ __ LoadRoot(data, Heap::kUndefinedValueRootIndex);
} else {
- __ Move(call_data, call_data_obj);
+ __ movp(data, FieldOperand(callee, JSFunction::kSharedFunctionInfoOffset));
+ __ movp(data, FieldOperand(data, SharedFunctionInfo::kFunctionDataOffset));
+ __ movp(data, FieldOperand(data, FunctionTemplateInfo::kCallCodeOffset));
+ __ movp(data, FieldOperand(data, CallHandlerInfo::kDataOffset));
+ }
+
+ if (api_call_info->fast_handler()->IsCode()) {
+ // Just tail call into the fast handler if present.
+ __ Jump(handle(Code::cast(api_call_info->fast_handler())),
+ RelocInfo::CODE_TARGET);
+ return;
}
// Put api_function_address in place.
@@ -196,7 +200,7 @@
RelocInfo::EXTERNAL_REFERENCE);
// Jump to stub.
- CallApiFunctionStub stub(isolate, is_store, call_data_undefined, argc);
+ CallApiAccessorStub stub(isolate, is_store, call_data_undefined);
__ TailCallStub(&stub);
}
@@ -206,16 +210,18 @@
Register scratch, Label* miss) {
Handle<PropertyCell> cell = JSGlobalObject::EnsurePropertyCell(global, name);
DCHECK(cell->value()->IsTheHole());
- __ Move(scratch, cell);
- __ Cmp(FieldOperand(scratch, Cell::kValueOffset),
- masm->isolate()->factory()->the_hole_value());
+ Factory* factory = masm->isolate()->factory();
+ Handle<WeakCell> weak_cell = factory->NewWeakCell(cell);
+ __ LoadWeakValue(scratch, weak_cell, miss);
+ __ Cmp(FieldOperand(scratch, PropertyCell::kValueOffset),
+ factory->the_hole_value());
__ j(not_equal, miss);
}
void NamedStoreHandlerCompiler::GenerateStoreViaSetter(
- MacroAssembler* masm, Handle<HeapType> type, Register receiver,
- Handle<JSFunction> setter) {
+ MacroAssembler* masm, Handle<Map> map, Register receiver, Register holder,
+ int accessor_index, int expected_arguments, Register scratch) {
// ----------- S t a t e -------------
// -- rsp[0] : return address
// -----------------------------------
@@ -225,19 +231,24 @@
// Save value register, so we can restore it later.
__ Push(value());
- if (!setter.is_null()) {
+ if (accessor_index >= 0) {
+ DCHECK(!holder.is(scratch));
+ DCHECK(!receiver.is(scratch));
+ DCHECK(!value().is(scratch));
// Call the JavaScript setter with receiver and value on the stack.
- if (IC::TypeToMap(*type, masm->isolate())->IsJSGlobalObjectMap()) {
+ if (map->IsJSGlobalObjectMap()) {
// Swap in the global receiver.
- __ movp(receiver,
+ __ movp(scratch,
FieldOperand(receiver, JSGlobalObject::kGlobalProxyOffset));
+ receiver = scratch;
}
__ Push(receiver);
__ Push(value());
ParameterCount actual(1);
- ParameterCount expected(setter);
- __ InvokeFunction(setter, expected, actual, CALL_FUNCTION,
- NullCallWrapper());
+ ParameterCount expected(expected_arguments);
+ __ LoadAccessor(rdi, holder, accessor_index, ACCESSOR_SETTER);
+ __ InvokeFunction(rdi, no_reg, expected, actual, CALL_FUNCTION,
+ CheckDebugStepCallWrapper());
} else {
// If we generate a global code snippet for deoptimization only, remember
// the place to continue after deoptimization.
@@ -255,8 +266,8 @@
void NamedLoadHandlerCompiler::GenerateLoadViaGetter(
- MacroAssembler* masm, Handle<HeapType> type, Register receiver,
- Handle<JSFunction> getter) {
+ MacroAssembler* masm, Handle<Map> map, Register receiver, Register holder,
+ int accessor_index, int expected_arguments, Register scratch) {
// ----------- S t a t e -------------
// -- rax : receiver
// -- rcx : name
@@ -265,18 +276,22 @@
{
FrameScope scope(masm, StackFrame::INTERNAL);
- if (!getter.is_null()) {
+ if (accessor_index >= 0) {
+ DCHECK(!holder.is(scratch));
+ DCHECK(!receiver.is(scratch));
// Call the JavaScript getter with the receiver on the stack.
- if (IC::TypeToMap(*type, masm->isolate())->IsJSGlobalObjectMap()) {
+ if (map->IsJSGlobalObjectMap()) {
// Swap in the global receiver.
- __ movp(receiver,
+ __ movp(scratch,
FieldOperand(receiver, JSGlobalObject::kGlobalProxyOffset));
+ receiver = scratch;
}
__ Push(receiver);
ParameterCount actual(0);
- ParameterCount expected(getter);
- __ InvokeFunction(getter, expected, actual, CALL_FUNCTION,
- NullCallWrapper());
+ ParameterCount expected(expected_arguments);
+ __ LoadAccessor(rdi, holder, accessor_index, ACCESSOR_GETTER);
+ __ InvokeFunction(rdi, no_reg, expected, actual, CALL_FUNCTION,
+ CheckDebugStepCallWrapper());
} else {
// If we generate a global code snippet for deoptimization only, remember
// the place to continue after deoptimization.
@@ -295,13 +310,16 @@
Register name = StoreDescriptor::NameRegister();
Register value = StoreDescriptor::ValueRegister();
- DCHECK(!rbx.is(receiver) && !rbx.is(name) && !rbx.is(value));
+ Register slot = VectorStoreICDescriptor::SlotRegister();
+ Register vector = VectorStoreICDescriptor::VectorRegister();
- __ PopReturnAddressTo(rbx);
+ __ PopReturnAddressTo(r11);
__ Push(receiver);
__ Push(name);
__ Push(value);
- __ PushReturnAddressFrom(rbx);
+ __ Push(slot);
+ __ Push(vector);
+ __ PushReturnAddressFrom(r11);
}
@@ -310,8 +328,7 @@
StoreIC_PushArgs(masm);
// Do tail-call to runtime routine.
- ExternalReference ref(IC_Utility(IC::kStoreIC_Slow), masm->isolate());
- __ TailCallExternalReference(ref, 3, 1);
+ __ TailCallRuntime(Runtime::kStoreIC_Slow);
}
@@ -320,8 +337,7 @@
StoreIC_PushArgs(masm);
// Do tail-call to runtime routine.
- ExternalReference ref(IC_Utility(IC::kKeyedStoreIC_Slow), masm->isolate());
- __ TailCallExternalReference(ref, 3, 1);
+ __ TailCallRuntime(Runtime::kKeyedStoreIC_Slow);
}
@@ -343,11 +359,17 @@
}
+void NamedStoreHandlerCompiler::RearrangeVectorAndSlot(
+ Register current_map, Register destination_map) {
+ DCHECK(false); // Not implemented.
+}
+
+
void NamedStoreHandlerCompiler::GenerateRestoreMap(Handle<Map> transition,
+ Register map_reg,
Register scratch,
Label* miss) {
Handle<WeakCell> cell = Map::WeakCellForMap(transition);
- Register map_reg = StoreTransitionDescriptor::MapRegister();
DCHECK(!map_reg.is(scratch));
__ LoadWeakValue(map_reg, cell, miss);
if (transition->CanBeDeprecated()) {
@@ -377,12 +399,17 @@
void NamedStoreHandlerCompiler::GenerateFieldTypeChecks(HeapType* field_type,
Register value_reg,
Label* miss_label) {
+ Register map_reg = scratch1();
+ Register scratch = scratch2();
+ DCHECK(!value_reg.is(map_reg));
+ DCHECK(!value_reg.is(scratch));
__ JumpIfSmi(value_reg, miss_label);
HeapType::Iterator<Map> it = field_type->Classes();
if (!it.Done()) {
Label do_store;
+ __ movp(map_reg, FieldOperand(value_reg, HeapObject::kMapOffset));
while (true) {
- __ CompareMap(value_reg, it.Current());
+ __ CmpWeakValue(map_reg, Map::WeakCellForMap(it.Current()), scratch);
it.Advance();
if (it.Done()) {
__ j(not_equal, miss_label);
@@ -397,15 +424,40 @@
Register PropertyHandlerCompiler::CheckPrototypes(
Register object_reg, Register holder_reg, Register scratch1,
- Register scratch2, Handle<Name> name, Label* miss,
- PrototypeCheckType check) {
- Handle<Map> receiver_map(IC::TypeToMap(*type(), isolate()));
+ Register scratch2, Handle<Name> name, Label* miss, PrototypeCheckType check,
+ ReturnHolder return_what) {
+ Handle<Map> receiver_map = map();
// Make sure there's no overlap between holder and object registers.
DCHECK(!scratch1.is(object_reg) && !scratch1.is(holder_reg));
DCHECK(!scratch2.is(object_reg) && !scratch2.is(holder_reg) &&
!scratch2.is(scratch1));
+ if (FLAG_eliminate_prototype_chain_checks) {
+ Handle<Cell> validity_cell =
+ Map::GetOrCreatePrototypeChainValidityCell(receiver_map, isolate());
+ if (!validity_cell.is_null()) {
+ DCHECK_EQ(Smi::FromInt(Map::kPrototypeChainValid),
+ validity_cell->value());
+ __ Move(scratch1, validity_cell, RelocInfo::CELL);
+ // Move(..., CELL) loads the payload's address!
+ __ SmiCompare(Operand(scratch1, 0),
+ Smi::FromInt(Map::kPrototypeChainValid));
+ __ j(not_equal, miss);
+ }
+
+ // The prototype chain of primitives (and their JSValue wrappers) depends
+ // on the native context, which can't be guarded by validity cells.
+ // |object_reg| holds the native context specific prototype in this case;
+ // we need to check its map.
+ if (check == CHECK_ALL_MAPS) {
+ __ movp(scratch1, FieldOperand(object_reg, HeapObject::kMapOffset));
+ Handle<WeakCell> cell = Map::WeakCellForMap(receiver_map);
+ __ CmpWeakValue(scratch1, cell, scratch2);
+ __ j(not_equal, miss);
+ }
+ }
+
// Keep track of the current object in register reg. On the first
// iteration, reg is an alias for object_reg, on later iterations,
// it is an alias for holder_reg.
@@ -413,9 +465,20 @@
int depth = 0;
Handle<JSObject> current = Handle<JSObject>::null();
- if (type()->IsConstant()) {
- current = Handle<JSObject>::cast(type()->AsConstant()->Value());
+ if (receiver_map->IsJSGlobalObjectMap()) {
+ current = isolate()->global_object();
}
+
+ // Check access rights to the global object. This has to happen after
+ // the map check so that we know that the object is actually a global
+ // object.
+ // This allows us to install generated handlers for accesses to the
+ // global proxy (as opposed to using slow ICs). See corresponding code
+ // in LookupForRead().
+ if (receiver_map->IsJSGlobalProxyMap()) {
+ __ CheckAccessGlobalProxy(reg, scratch2, miss);
+ }
+
Handle<JSObject> prototype = Handle<JSObject>::null();
Handle<Map> current_map = receiver_map;
Handle<Map> holder_map(holder()->map());
@@ -441,63 +504,63 @@
current->property_dictionary()->FindEntry(name) ==
NameDictionary::kNotFound);
+ if (FLAG_eliminate_prototype_chain_checks && depth > 1) {
+ // TODO(jkummerow): Cache and re-use weak cell.
+ __ LoadWeakValue(reg, isolate()->factory()->NewWeakCell(current), miss);
+ }
GenerateDictionaryNegativeLookup(masm(), miss, reg, name, scratch1,
scratch2);
- __ movp(scratch1, FieldOperand(reg, HeapObject::kMapOffset));
- reg = holder_reg; // From now on the object will be in holder_reg.
- __ movp(reg, FieldOperand(scratch1, Map::kPrototypeOffset));
+ if (!FLAG_eliminate_prototype_chain_checks) {
+ __ movp(scratch1, FieldOperand(reg, HeapObject::kMapOffset));
+ __ movp(holder_reg, FieldOperand(scratch1, Map::kPrototypeOffset));
+ }
} else {
Register map_reg = scratch1;
- __ movp(map_reg, FieldOperand(reg, HeapObject::kMapOffset));
-
- if (depth != 1 || check == CHECK_ALL_MAPS) {
+ if (!FLAG_eliminate_prototype_chain_checks) {
+ __ movp(map_reg, FieldOperand(reg, HeapObject::kMapOffset));
+ }
+ if (current_map->IsJSGlobalObjectMap()) {
+ GenerateCheckPropertyCell(masm(), Handle<JSGlobalObject>::cast(current),
+ name, scratch2, miss);
+ } else if (!FLAG_eliminate_prototype_chain_checks &&
+ (depth != 1 || check == CHECK_ALL_MAPS)) {
Handle<WeakCell> cell = Map::WeakCellForMap(current_map);
__ CmpWeakValue(map_reg, cell, scratch2);
__ j(not_equal, miss);
}
-
- // Check access rights to the global object. This has to happen after
- // the map check so that we know that the object is actually a global
- // object.
- // This allows us to install generated handlers for accesses to the
- // global proxy (as opposed to using slow ICs). See corresponding code
- // in LookupForRead().
- if (current_map->IsJSGlobalProxyMap()) {
- __ CheckAccessGlobalProxy(reg, scratch2, miss);
- } else if (current_map->IsJSGlobalObjectMap()) {
- GenerateCheckPropertyCell(masm(), Handle<JSGlobalObject>::cast(current),
- name, scratch2, miss);
+ if (!FLAG_eliminate_prototype_chain_checks) {
+ __ movp(holder_reg, FieldOperand(map_reg, Map::kPrototypeOffset));
}
- reg = holder_reg; // From now on the object will be in holder_reg.
-
- __ movp(reg, FieldOperand(map_reg, Map::kPrototypeOffset));
}
+ reg = holder_reg; // From now on the object will be in holder_reg.
// Go to the next object in the prototype chain.
current = prototype;
current_map = handle(current->map());
}
+ DCHECK(!current_map->IsJSGlobalProxyMap());
+
// Log the check depth.
LOG(isolate(), IntEvent("check-maps-depth", depth + 1));
- if (depth != 0 || check == CHECK_ALL_MAPS) {
+ if (!FLAG_eliminate_prototype_chain_checks &&
+ (depth != 0 || check == CHECK_ALL_MAPS)) {
+ // Check the holder map.
__ movp(scratch1, FieldOperand(reg, HeapObject::kMapOffset));
Handle<WeakCell> cell = Map::WeakCellForMap(current_map);
__ CmpWeakValue(scratch1, cell, scratch2);
__ j(not_equal, miss);
}
- // Perform security check for access to the global object.
- DCHECK(current_map->IsJSGlobalProxyMap() ||
- !current_map->is_access_check_needed());
- if (current_map->IsJSGlobalProxyMap()) {
- __ CheckAccessGlobalProxy(reg, scratch1, miss);
+ bool return_holder = return_what == RETURN_HOLDER;
+ if (FLAG_eliminate_prototype_chain_checks && return_holder && depth != 0) {
+ __ LoadWeakValue(reg, isolate()->factory()->NewWeakCell(current), miss);
}
// Return the register containing the holder.
- return reg;
+ return return_holder ? reg : no_reg;
}
@@ -521,6 +584,7 @@
Label success;
__ jmp(&success);
GenerateRestoreName(miss, name);
+ if (IC::ICUseVector(kind())) PopVectorAndSlot();
TailCallBuiltin(masm(), MissBuiltin(kind()));
__ bind(&success);
}
@@ -541,13 +605,17 @@
STATIC_ASSERT(PropertyCallbackArguments::kThisIndex == 5);
STATIC_ASSERT(PropertyCallbackArguments::kArgsLength == 6);
__ Push(receiver()); // receiver
- if (heap()->InNewSpace(callback->data())) {
- DCHECK(!scratch2().is(reg));
- __ Move(scratch2(), callback);
- __ Push(FieldOperand(scratch2(),
- ExecutableAccessorInfo::kDataOffset)); // data
+ Handle<Object> data(callback->data(), isolate());
+ if (data->IsUndefined() || data->IsSmi()) {
+ __ Push(data);
} else {
- __ Push(Handle<Object>(callback->data(), isolate()));
+ DCHECK(!scratch2().is(reg));
+ Handle<WeakCell> cell =
+ isolate()->factory()->NewWeakCell(Handle<HeapObject>::cast(data));
+ // The callback is alive if this instruction is executed,
+ // so the weak cell is not cleared and points to data.
+ __ GetWeakValue(scratch2(), cell);
+ __ Push(scratch2());
}
DCHECK(!kScratchRegister.is(reg));
__ LoadRoot(kScratchRegister, Heap::kUndefinedValueRootIndex);
@@ -615,7 +683,7 @@
// of this method.)
CompileCallLoadPropertyWithInterceptor(
masm(), receiver(), holder_reg, this->name(), holder(),
- IC::kLoadPropertyWithInterceptorOnly);
+ Runtime::kLoadPropertyWithInterceptorOnly);
// Check if interceptor provided a value for property. If it's
// the case, return immediately.
@@ -649,10 +717,7 @@
holder());
__ PushReturnAddressFrom(scratch2());
- ExternalReference ref = ExternalReference(
- IC_Utility(IC::kLoadPropertyWithInterceptor), isolate());
- __ TailCallExternalReference(
- ref, NamedLoadHandlerCompiler::kInterceptorArgsLength, 1);
+ __ TailCallRuntime(Runtime::kLoadPropertyWithInterceptor);
}
@@ -664,15 +729,20 @@
__ PopReturnAddressTo(scratch1());
__ Push(receiver());
__ Push(holder_reg);
- __ Push(callback); // callback info
+ // If the callback cannot leak, then push the callback directly,
+ // otherwise wrap it in a weak cell.
+ if (callback->data()->IsUndefined() || callback->data()->IsSmi()) {
+ __ Push(callback);
+ } else {
+ Handle<WeakCell> cell = isolate()->factory()->NewWeakCell(callback);
+ __ Push(cell);
+ }
__ Push(name);
__ Push(value());
__ PushReturnAddressFrom(scratch1());
// Do tail-call to the runtime system.
- ExternalReference store_callback_property =
- ExternalReference(IC_Utility(IC::kStoreCallbackProperty), isolate());
- __ TailCallExternalReference(store_callback_property, 5, 1);
+ __ TailCallRuntime(Runtime::kStoreCallbackProperty);
// Return the generated code.
return GetCode(kind(), Code::FAST, name);
@@ -688,9 +758,7 @@
__ PushReturnAddressFrom(scratch1());
// Do tail-call to the runtime system.
- ExternalReference store_ic_property = ExternalReference(
- IC_Utility(IC::kStorePropertyWithInterceptor), isolate());
- __ TailCallExternalReference(store_ic_property, 3, 1);
+ __ TailCallRuntime(Runtime::kStorePropertyWithInterceptor);
// Return the generated code.
return GetCode(kind(), Code::FAST, name);
@@ -708,7 +776,7 @@
if (IC::ICUseVector(kind())) {
PushVectorAndSlot();
}
- FrontendHeader(receiver(), name, &miss);
+ FrontendHeader(receiver(), name, &miss, DONT_RETURN_ANYTHING);
// Get the value from the cell.
Register result = StoreDescriptor::ValueRegister();
@@ -740,7 +808,7 @@
#undef __
-}
-} // namespace v8::internal
+} // namespace internal
+} // namespace v8
#endif // V8_TARGET_ARCH_X64
diff --git a/src/ic/x64/ic-compiler-x64.cc b/src/ic/x64/ic-compiler-x64.cc
index 5be9c46..9d73433 100644
--- a/src/ic/x64/ic-compiler-x64.cc
+++ b/src/ic/x64/ic-compiler-x64.cc
@@ -2,8 +2,6 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "src/v8.h"
-
#if V8_TARGET_ARCH_X64
#include "src/ic/ic.h"
@@ -15,8 +13,8 @@
#define __ ACCESS_MASM(masm)
-void PropertyICCompiler::GenerateRuntimeSetProperty(MacroAssembler* masm,
- StrictMode strict_mode) {
+void PropertyICCompiler::GenerateRuntimeSetProperty(
+ MacroAssembler* masm, LanguageMode language_mode) {
// Return address is on the stack.
DCHECK(!rbx.is(StoreDescriptor::ReceiverRegister()) &&
!rbx.is(StoreDescriptor::NameRegister()) &&
@@ -26,118 +24,16 @@
__ Push(StoreDescriptor::ReceiverRegister());
__ Push(StoreDescriptor::NameRegister());
__ Push(StoreDescriptor::ValueRegister());
- __ Push(Smi::FromInt(strict_mode));
+ __ Push(Smi::FromInt(language_mode));
__ PushReturnAddressFrom(rbx);
// Do tail-call to runtime routine.
- __ TailCallRuntime(Runtime::kSetProperty, 4, 1);
+ __ TailCallRuntime(Runtime::kSetProperty);
}
#undef __
-#define __ ACCESS_MASM(masm())
-
-
-Handle<Code> PropertyICCompiler::CompileKeyedStorePolymorphic(
- MapHandleList* receiver_maps, CodeHandleList* handler_stubs,
- MapHandleList* transitioned_maps) {
- Label miss;
- __ JumpIfSmi(receiver(), &miss);
-
- Register map_reg = scratch1();
- __ movp(map_reg, FieldOperand(receiver(), HeapObject::kMapOffset));
- int receiver_count = receiver_maps->length();
- for (int i = 0; i < receiver_count; ++i) {
- Handle<WeakCell> cell = Map::WeakCellForMap(receiver_maps->at(i));
- // Check map and tail call if there's a match
- __ CmpWeakValue(map_reg, cell, scratch2());
- if (transitioned_maps->at(i).is_null()) {
- __ j(equal, handler_stubs->at(i), RelocInfo::CODE_TARGET);
- } else {
- Label next_map;
- __ j(not_equal, &next_map, Label::kNear);
- Handle<WeakCell> cell = Map::WeakCellForMap(transitioned_maps->at(i));
- __ LoadWeakValue(transition_map(), cell, &miss);
- __ jmp(handler_stubs->at(i), RelocInfo::CODE_TARGET);
- __ bind(&next_map);
- }
- }
-
- __ bind(&miss);
-
- TailCallBuiltin(masm(), MissBuiltin(kind()));
-
- // Return the generated code.
- return GetCode(kind(), Code::NORMAL, factory()->empty_string(), POLYMORPHIC);
-}
-
-
-Handle<Code> PropertyICCompiler::CompilePolymorphic(TypeHandleList* types,
- CodeHandleList* handlers,
- Handle<Name> name,
- Code::StubType type,
- IcCheckType check) {
- Label miss;
-
- if (check == PROPERTY &&
- (kind() == Code::KEYED_LOAD_IC || kind() == Code::KEYED_STORE_IC)) {
- // In case we are compiling an IC for dictionary loads or stores, just
- // check whether the name is unique.
- if (name.is_identical_to(isolate()->factory()->normal_ic_symbol())) {
- // Keyed loads with dictionaries shouldn't be here, they go generic.
- // The DCHECK is to protect assumptions when --vector-ics is on.
- DCHECK(kind() != Code::KEYED_LOAD_IC);
- Register tmp = scratch1();
- __ JumpIfSmi(this->name(), &miss);
- __ movp(tmp, FieldOperand(this->name(), HeapObject::kMapOffset));
- __ movzxbp(tmp, FieldOperand(tmp, Map::kInstanceTypeOffset));
- __ JumpIfNotUniqueNameInstanceType(tmp, &miss);
- } else {
- __ Cmp(this->name(), name);
- __ j(not_equal, &miss);
- }
- }
-
- Label number_case;
- Label* smi_target = IncludesNumberType(types) ? &number_case : &miss;
- __ JumpIfSmi(receiver(), smi_target);
-
- // Polymorphic keyed stores may use the map register
- Register map_reg = scratch1();
- DCHECK(kind() != Code::KEYED_STORE_IC ||
- map_reg.is(ElementTransitionAndStoreDescriptor::MapRegister()));
- __ movp(map_reg, FieldOperand(receiver(), HeapObject::kMapOffset));
- int receiver_count = types->length();
- int number_of_handled_maps = 0;
- for (int current = 0; current < receiver_count; ++current) {
- Handle<HeapType> type = types->at(current);
- Handle<Map> map = IC::TypeToMap(*type, isolate());
- if (!map->is_deprecated()) {
- number_of_handled_maps++;
- Handle<WeakCell> cell = Map::WeakCellForMap(map);
- // Check map and tail call if there's a match
- __ CmpWeakValue(map_reg, cell, scratch2());
- if (type->Is(HeapType::Number())) {
- DCHECK(!number_case.is_unused());
- __ bind(&number_case);
- }
- __ j(equal, handlers->at(current), RelocInfo::CODE_TARGET);
- }
- }
- DCHECK(number_of_handled_maps > 0);
-
- __ bind(&miss);
- TailCallBuiltin(masm(), MissBuiltin(kind()));
-
- // Return the generated code.
- InlineCacheState state =
- number_of_handled_maps > 1 ? POLYMORPHIC : MONOMORPHIC;
- return GetCode(kind(), type, name, state);
-}
-
-
-#undef __
-}
-} // namespace v8::internal
+} // namespace internal
+} // namespace v8
#endif // V8_TARGET_ARCH_X64
diff --git a/src/ic/x64/ic-x64.cc b/src/ic/x64/ic-x64.cc
index 2709a85..bf4ad96 100644
--- a/src/ic/x64/ic-x64.cc
+++ b/src/ic/x64/ic-x64.cc
@@ -2,8 +2,6 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "src/v8.h"
-
#if V8_TARGET_ARCH_X64
#include "src/codegen.h"
@@ -27,8 +25,6 @@
// type: holds the receiver instance type on entry.
__ cmpb(type, Immediate(JS_GLOBAL_OBJECT_TYPE));
__ j(equal, global_object);
- __ cmpb(type, Immediate(JS_BUILTINS_OBJECT_TYPE));
- __ j(equal, global_object);
__ cmpb(type, Immediate(JS_GLOBAL_PROXY_TYPE));
__ j(equal, global_object);
}
@@ -168,11 +164,10 @@
// Loads an indexed element from a fast case array.
-// If not_fast_array is NULL, doesn't perform the elements map check.
static void GenerateFastArrayLoad(MacroAssembler* masm, Register receiver,
Register key, Register elements,
Register scratch, Register result,
- Label* not_fast_array, Label* out_of_range) {
+ Label* slow, LanguageMode language_mode) {
// Register use:
//
// receiver - holds the receiver on entry.
@@ -181,8 +176,6 @@
// key - holds the smi key on entry.
// Unchanged unless 'result' is the same register.
//
- // elements - holds the elements of the receiver on exit.
- //
// result - holds the result on exit if the load succeeded.
// Allowed to be the the same as 'receiver' or 'key'.
// Unchanged on bailout so 'receiver' and 'key' can be safely
@@ -190,32 +183,63 @@
//
// Scratch registers:
//
- // scratch - used to hold elements of the receiver and the loaded value.
+ // elements - holds the elements of the receiver and its prototypes.
+ //
+ // scratch - used to hold maps, prototypes, and the loaded value.
+ Label check_prototypes, check_next_prototype;
+ Label done, in_bounds, absent;
__ movp(elements, FieldOperand(receiver, JSObject::kElementsOffset));
- if (not_fast_array != NULL) {
- // Check that the object is in fast mode and writable.
- __ CompareRoot(FieldOperand(elements, HeapObject::kMapOffset),
- Heap::kFixedArrayMapRootIndex);
- __ j(not_equal, not_fast_array);
- } else {
- __ AssertFastElements(elements);
- }
+ __ AssertFastElements(elements);
// Check that the key (index) is within bounds.
__ SmiCompare(key, FieldOperand(elements, FixedArray::kLengthOffset));
// Unsigned comparison rejects negative indices.
- __ j(above_equal, out_of_range);
+ __ j(below, &in_bounds);
+
+ // Out-of-bounds. Check the prototype chain to see if we can just return
+ // 'undefined'.
+ __ SmiCompare(key, Smi::FromInt(0));
+ __ j(less, slow); // Negative keys can't take the fast OOB path.
+ __ bind(&check_prototypes);
+ __ movp(scratch, FieldOperand(receiver, HeapObject::kMapOffset));
+ __ bind(&check_next_prototype);
+ __ movp(scratch, FieldOperand(scratch, Map::kPrototypeOffset));
+ // scratch: current prototype
+ __ CompareRoot(scratch, Heap::kNullValueRootIndex);
+ __ j(equal, &absent);
+ __ movp(elements, FieldOperand(scratch, JSObject::kElementsOffset));
+ __ movp(scratch, FieldOperand(scratch, HeapObject::kMapOffset));
+ // elements: elements of current prototype
+ // scratch: map of current prototype
+ __ CmpInstanceType(scratch, JS_OBJECT_TYPE);
+ __ j(below, slow);
+ __ testb(FieldOperand(scratch, Map::kBitFieldOffset),
+ Immediate((1 << Map::kIsAccessCheckNeeded) |
+ (1 << Map::kHasIndexedInterceptor)));
+ __ j(not_zero, slow);
+ __ CompareRoot(elements, Heap::kEmptyFixedArrayRootIndex);
+ __ j(not_equal, slow);
+ __ jmp(&check_next_prototype);
+
+ __ bind(&absent);
+ if (is_strong(language_mode)) {
+ // Strong mode accesses must throw in this case, so call the runtime.
+ __ jmp(slow);
+ } else {
+ __ LoadRoot(result, Heap::kUndefinedValueRootIndex);
+ __ jmp(&done);
+ }
+
+ __ bind(&in_bounds);
// Fast case: Do the load.
SmiIndex index = masm->SmiToIndex(scratch, key, kPointerSizeLog2);
__ movp(scratch, FieldOperand(elements, index.reg, index.scale,
FixedArray::kHeaderSize));
__ CompareRoot(scratch, Heap::kTheHoleValueRootIndex);
- // In case the loaded value is the_hole we have to consult GetProperty
- // to ensure the prototype chain is searched.
- __ j(equal, out_of_range);
- if (!result.is(scratch)) {
- __ movp(result, scratch);
- }
+ // In case the loaded value is the_hole we have to check the prototype chain.
+ __ j(equal, &check_prototypes);
+ __ Move(result, scratch);
+ __ bind(&done);
}
@@ -251,7 +275,8 @@
}
-void KeyedLoadIC::GenerateGeneric(MacroAssembler* masm) {
+void KeyedLoadIC::GenerateMegamorphic(MacroAssembler* masm,
+ LanguageMode language_mode) {
// The return address is on the stack.
Label slow, check_name, index_smi, index_name, property_array_property;
Label probe_dictionary, check_number_dictionary;
@@ -273,7 +298,8 @@
// Check the receiver's map to see if it has fast elements.
__ CheckFastElements(rax, &check_number_dictionary);
- GenerateFastArrayLoad(masm, receiver, key, rax, rbx, rax, NULL, &slow);
+ GenerateFastArrayLoad(masm, receiver, key, rax, rbx, rax, &slow,
+ language_mode);
Counters* counters = masm->isolate()->counters();
__ IncrementCounter(counters->keyed_load_generic_smi(), 1);
__ ret(0);
@@ -294,7 +320,7 @@
__ bind(&slow);
// Slow case: Jump to runtime.
__ IncrementCounter(counters->keyed_load_generic_slow(), 1);
- GenerateRuntimeGetProperty(masm);
+ KeyedLoadIC::GenerateRuntimeGetProperty(masm, language_mode);
__ bind(&check_name);
GenerateKeyNameCheck(masm, key, rax, rbx, &index_name, &slow);
@@ -302,86 +328,33 @@
GenerateKeyedLoadReceiverCheck(masm, receiver, rax, Map::kHasNamedInterceptor,
&slow);
- // If the receiver is a fast-case object, check the keyed lookup
- // cache. Otherwise probe the dictionary leaving result in key.
+ // If the receiver is a fast-case object, check the stub cache. Otherwise
+ // probe the dictionary.
__ movp(rbx, FieldOperand(receiver, JSObject::kPropertiesOffset));
__ CompareRoot(FieldOperand(rbx, HeapObject::kMapOffset),
Heap::kHashTableMapRootIndex);
__ j(equal, &probe_dictionary);
- // Load the map of the receiver, compute the keyed lookup cache hash
- // based on 32 bits of the map pointer and the string hash.
- __ movp(rbx, FieldOperand(receiver, HeapObject::kMapOffset));
- __ movl(rax, rbx);
- __ shrl(rax, Immediate(KeyedLookupCache::kMapHashShift));
- __ movl(rdi, FieldOperand(key, String::kHashFieldOffset));
- __ shrl(rdi, Immediate(String::kHashShift));
- __ xorp(rax, rdi);
- int mask = (KeyedLookupCache::kCapacityMask & KeyedLookupCache::kHashMask);
- __ andp(rax, Immediate(mask));
+ Register megamorphic_scratch = rdi;
+ // The handlers in the stub cache expect a vector and slot. Since we won't
+ // change the IC from any downstream misses, a dummy vector can be used.
+ Register vector = LoadWithVectorDescriptor::VectorRegister();
+ Register slot = LoadDescriptor::SlotRegister();
+ DCHECK(!AreAliased(megamorphic_scratch, vector, slot));
+ Handle<TypeFeedbackVector> dummy_vector =
+ TypeFeedbackVector::DummyVector(masm->isolate());
+ int slot_index = dummy_vector->GetIndex(
+ FeedbackVectorSlot(TypeFeedbackVector::kDummyKeyedLoadICSlot));
+ __ Move(vector, dummy_vector);
+ __ Move(slot, Smi::FromInt(slot_index));
- // Load the key (consisting of map and internalized string) from the cache and
- // check for match.
- Label load_in_object_property;
- static const int kEntriesPerBucket = KeyedLookupCache::kEntriesPerBucket;
- Label hit_on_nth_entry[kEntriesPerBucket];
- ExternalReference cache_keys =
- ExternalReference::keyed_lookup_cache_keys(masm->isolate());
-
- for (int i = 0; i < kEntriesPerBucket - 1; i++) {
- Label try_next_entry;
- __ movp(rdi, rax);
- __ shlp(rdi, Immediate(kPointerSizeLog2 + 1));
- __ LoadAddress(kScratchRegister, cache_keys);
- int off = kPointerSize * i * 2;
- __ cmpp(rbx, Operand(kScratchRegister, rdi, times_1, off));
- __ j(not_equal, &try_next_entry);
- __ cmpp(key, Operand(kScratchRegister, rdi, times_1, off + kPointerSize));
- __ j(equal, &hit_on_nth_entry[i]);
- __ bind(&try_next_entry);
- }
-
- int off = kPointerSize * (kEntriesPerBucket - 1) * 2;
- __ cmpp(rbx, Operand(kScratchRegister, rdi, times_1, off));
- __ j(not_equal, &slow);
- __ cmpp(key, Operand(kScratchRegister, rdi, times_1, off + kPointerSize));
- __ j(not_equal, &slow);
-
- // Get field offset, which is a 32-bit integer.
- ExternalReference cache_field_offsets =
- ExternalReference::keyed_lookup_cache_field_offsets(masm->isolate());
-
- // Hit on nth entry.
- for (int i = kEntriesPerBucket - 1; i >= 0; i--) {
- __ bind(&hit_on_nth_entry[i]);
- if (i != 0) {
- __ addl(rax, Immediate(i));
- }
- __ LoadAddress(kScratchRegister, cache_field_offsets);
- __ movl(rdi, Operand(kScratchRegister, rax, times_4, 0));
- __ movzxbp(rax, FieldOperand(rbx, Map::kInObjectPropertiesOffset));
- __ subp(rdi, rax);
- __ j(above_equal, &property_array_property);
- if (i != 0) {
- __ jmp(&load_in_object_property);
- }
- }
-
- // Load in-object property.
- __ bind(&load_in_object_property);
- __ movzxbp(rax, FieldOperand(rbx, Map::kInstanceSizeOffset));
- __ addp(rax, rdi);
- __ movp(rax, FieldOperand(receiver, rax, times_pointer_size, 0));
- __ IncrementCounter(counters->keyed_load_generic_lookup_cache(), 1);
- __ ret(0);
-
- // Load property array property.
- __ bind(&property_array_property);
- __ movp(rax, FieldOperand(receiver, JSObject::kPropertiesOffset));
- __ movp(rax,
- FieldOperand(rax, rdi, times_pointer_size, FixedArray::kHeaderSize));
- __ IncrementCounter(counters->keyed_load_generic_lookup_cache(), 1);
- __ ret(0);
+ Code::Flags flags = Code::RemoveTypeAndHolderFromFlags(
+ Code::ComputeHandlerFlags(Code::LOAD_IC));
+ masm->isolate()->stub_cache()->GenerateProbe(masm, Code::KEYED_LOAD_IC, flags,
+ receiver, key,
+ megamorphic_scratch, no_reg);
+ // Cache miss.
+ GenerateMiss(masm);
// Do a quick inline probe of the receiver's dictionary, if it
// exists.
@@ -540,7 +513,7 @@
void KeyedStoreIC::GenerateMegamorphic(MacroAssembler* masm,
- StrictMode strict_mode) {
+ LanguageMode language_mode) {
// Return address is on the stack.
Label slow, slow_with_tagged_index, fast_object, fast_object_grow;
Label fast_double, fast_double_grow;
@@ -565,8 +538,11 @@
__ CmpInstanceType(r9, JS_ARRAY_TYPE);
__ j(equal, &array);
- // Check that the object is some kind of JSObject.
- __ CmpInstanceType(r9, FIRST_JS_OBJECT_TYPE);
+ // Check that the object is some kind of JS object EXCEPT JS Value type. In
+ // the case that the object is a value-wrapper object, we enter the runtime
+ // system to make sure that indexing into string objects works as intended.
+ STATIC_ASSERT(JS_VALUE_TYPE < JS_OBJECT_TYPE);
+ __ CmpInstanceType(r9, JS_OBJECT_TYPE);
__ j(below, &slow);
// Object case: Check key against length in the elements array.
@@ -580,17 +556,29 @@
__ bind(&slow);
__ Integer32ToSmi(key, key);
__ bind(&slow_with_tagged_index);
- PropertyICCompiler::GenerateRuntimeSetProperty(masm, strict_mode);
+ PropertyICCompiler::GenerateRuntimeSetProperty(masm, language_mode);
// Never returns to here.
__ bind(&maybe_name_key);
__ movp(r9, FieldOperand(key, HeapObject::kMapOffset));
__ movzxbp(r9, FieldOperand(r9, Map::kInstanceTypeOffset));
__ JumpIfNotUniqueNameInstanceType(r9, &slow_with_tagged_index);
+
+ Register vector = VectorStoreICDescriptor::VectorRegister();
+ Register slot = VectorStoreICDescriptor::SlotRegister();
+ // The handlers in the stub cache expect a vector and slot. Since we won't
+ // change the IC from any downstream misses, a dummy vector can be used.
+ Handle<TypeFeedbackVector> dummy_vector =
+ TypeFeedbackVector::DummyVector(masm->isolate());
+ int slot_index = dummy_vector->GetIndex(
+ FeedbackVectorSlot(TypeFeedbackVector::kDummyKeyedStoreICSlot));
+ __ Move(vector, dummy_vector);
+ __ Move(slot, Smi::FromInt(slot_index));
+
Code::Flags flags = Code::RemoveTypeAndHolderFromFlags(
Code::ComputeHandlerFlags(Code::STORE_IC));
- masm->isolate()->stub_cache()->GenerateProbe(
- masm, Code::STORE_IC, flags, false, receiver, key, rbx, no_reg);
+ masm->isolate()->stub_cache()->GenerateProbe(masm, Code::STORE_IC, flags,
+ receiver, key, r9, no_reg);
// Cache miss.
__ jmp(&miss);
@@ -639,111 +627,7 @@
}
-static Operand GenerateMappedArgumentsLookup(
- MacroAssembler* masm, Register object, Register key, Register scratch1,
- Register scratch2, Register scratch3, Label* unmapped_case,
- Label* slow_case) {
- Heap* heap = masm->isolate()->heap();
-
- // Check that the receiver is a JSObject. Because of the elements
- // map check later, we do not need to check for interceptors or
- // whether it requires access checks.
- __ JumpIfSmi(object, slow_case);
- // Check that the object is some kind of JSObject.
- __ CmpObjectType(object, FIRST_JS_RECEIVER_TYPE, scratch1);
- __ j(below, slow_case);
-
- // Check that the key is a positive smi.
- Condition check = masm->CheckNonNegativeSmi(key);
- __ j(NegateCondition(check), slow_case);
-
- // Load the elements into scratch1 and check its map. If not, jump
- // to the unmapped lookup with the parameter map in scratch1.
- Handle<Map> arguments_map(heap->sloppy_arguments_elements_map());
- __ movp(scratch1, FieldOperand(object, JSObject::kElementsOffset));
- __ CheckMap(scratch1, arguments_map, slow_case, DONT_DO_SMI_CHECK);
-
- // Check if element is in the range of mapped arguments.
- __ movp(scratch2, FieldOperand(scratch1, FixedArray::kLengthOffset));
- __ SmiSubConstant(scratch2, scratch2, Smi::FromInt(2));
- __ cmpp(key, scratch2);
- __ j(greater_equal, unmapped_case);
-
- // Load element index and check whether it is the hole.
- const int kHeaderSize = FixedArray::kHeaderSize + 2 * kPointerSize;
- __ SmiToInteger64(scratch3, key);
- __ movp(scratch2,
- FieldOperand(scratch1, scratch3, times_pointer_size, kHeaderSize));
- __ CompareRoot(scratch2, Heap::kTheHoleValueRootIndex);
- __ j(equal, unmapped_case);
-
- // Load value from context and return it. We can reuse scratch1 because
- // we do not jump to the unmapped lookup (which requires the parameter
- // map in scratch1).
- __ movp(scratch1, FieldOperand(scratch1, FixedArray::kHeaderSize));
- __ SmiToInteger64(scratch3, scratch2);
- return FieldOperand(scratch1, scratch3, times_pointer_size,
- Context::kHeaderSize);
-}
-
-
-static Operand GenerateUnmappedArgumentsLookup(MacroAssembler* masm,
- Register key,
- Register parameter_map,
- Register scratch,
- Label* slow_case) {
- // Element is in arguments backing store, which is referenced by the
- // second element of the parameter_map. The parameter_map register
- // must be loaded with the parameter map of the arguments object and is
- // overwritten.
- const int kBackingStoreOffset = FixedArray::kHeaderSize + kPointerSize;
- Register backing_store = parameter_map;
- __ movp(backing_store, FieldOperand(parameter_map, kBackingStoreOffset));
- Handle<Map> fixed_array_map(masm->isolate()->heap()->fixed_array_map());
- __ CheckMap(backing_store, fixed_array_map, slow_case, DONT_DO_SMI_CHECK);
- __ movp(scratch, FieldOperand(backing_store, FixedArray::kLengthOffset));
- __ cmpp(key, scratch);
- __ j(greater_equal, slow_case);
- __ SmiToInteger64(scratch, key);
- return FieldOperand(backing_store, scratch, times_pointer_size,
- FixedArray::kHeaderSize);
-}
-
-
-void KeyedStoreIC::GenerateSloppyArguments(MacroAssembler* masm) {
- // The return address is on the stack.
- Label slow, notin;
- Register receiver = StoreDescriptor::ReceiverRegister();
- Register name = StoreDescriptor::NameRegister();
- Register value = StoreDescriptor::ValueRegister();
- DCHECK(receiver.is(rdx));
- DCHECK(name.is(rcx));
- DCHECK(value.is(rax));
-
- Operand mapped_location = GenerateMappedArgumentsLookup(
- masm, receiver, name, rbx, rdi, r8, ¬in, &slow);
- __ movp(mapped_location, value);
- __ leap(r9, mapped_location);
- __ movp(r8, value);
- __ RecordWrite(rbx, r9, r8, kDontSaveFPRegs, EMIT_REMEMBERED_SET,
- INLINE_SMI_CHECK);
- __ Ret();
- __ bind(¬in);
- // The unmapped lookup expects that the parameter map is in rbx.
- Operand unmapped_location =
- GenerateUnmappedArgumentsLookup(masm, name, rbx, rdi, &slow);
- __ movp(unmapped_location, value);
- __ leap(r9, unmapped_location);
- __ movp(r8, value);
- __ RecordWrite(rbx, r9, r8, kDontSaveFPRegs, EMIT_REMEMBERED_SET,
- INLINE_SMI_CHECK);
- __ Ret();
- __ bind(&slow);
- GenerateMiss(masm);
-}
-
-
-void LoadIC::GenerateNormal(MacroAssembler* masm) {
+void LoadIC::GenerateNormal(MacroAssembler* masm, LanguageMode language_mode) {
Register dictionary = rax;
DCHECK(!dictionary.is(LoadDescriptor::ReceiverRegister()));
DCHECK(!dictionary.is(LoadDescriptor::NameRegister()));
@@ -758,33 +642,24 @@
// Dictionary load failed, go slow (but don't miss).
__ bind(&slow);
- GenerateRuntimeGetProperty(masm);
+ LoadIC::GenerateRuntimeGetProperty(masm, language_mode);
}
static void LoadIC_PushArgs(MacroAssembler* masm) {
Register receiver = LoadDescriptor::ReceiverRegister();
Register name = LoadDescriptor::NameRegister();
- if (FLAG_vector_ics) {
- Register slot = VectorLoadICDescriptor::SlotRegister();
- Register vector = VectorLoadICDescriptor::VectorRegister();
- DCHECK(!rdi.is(receiver) && !rdi.is(name) && !rdi.is(slot) &&
- !rdi.is(vector));
+ Register slot = LoadDescriptor::SlotRegister();
+ Register vector = LoadWithVectorDescriptor::VectorRegister();
+ DCHECK(!rdi.is(receiver) && !rdi.is(name) && !rdi.is(slot) &&
+ !rdi.is(vector));
- __ PopReturnAddressTo(rdi);
- __ Push(receiver);
- __ Push(name);
- __ Push(slot);
- __ Push(vector);
- __ PushReturnAddressFrom(rdi);
- } else {
- DCHECK(!rbx.is(receiver) && !rbx.is(name));
-
- __ PopReturnAddressTo(rbx);
- __ Push(receiver);
- __ Push(name);
- __ PushReturnAddressFrom(rbx);
- }
+ __ PopReturnAddressTo(rdi);
+ __ Push(receiver);
+ __ Push(name);
+ __ Push(slot);
+ __ Push(vector);
+ __ PushReturnAddressFrom(rdi);
}
@@ -797,17 +672,16 @@
LoadIC_PushArgs(masm);
// Perform tail call to the entry.
- ExternalReference ref =
- ExternalReference(IC_Utility(kLoadIC_Miss), masm->isolate());
- int arg_count = FLAG_vector_ics ? 4 : 2;
- __ TailCallExternalReference(ref, arg_count, 1);
+ __ TailCallRuntime(Runtime::kLoadIC_Miss);
}
-void LoadIC::GenerateRuntimeGetProperty(MacroAssembler* masm) {
+void LoadIC::GenerateRuntimeGetProperty(MacroAssembler* masm,
+ LanguageMode language_mode) {
// The return address is on the stack.
Register receiver = LoadDescriptor::ReceiverRegister();
Register name = LoadDescriptor::NameRegister();
+
DCHECK(!rbx.is(receiver) && !rbx.is(name));
__ PopReturnAddressTo(rbx);
@@ -815,8 +689,9 @@
__ Push(name);
__ PushReturnAddressFrom(rbx);
- // Perform tail call to the entry.
- __ TailCallRuntime(Runtime::kGetProperty, 2, 1);
+ // Do tail-call to runtime routine.
+ __ TailCallRuntime(is_strong(language_mode) ? Runtime::kGetPropertyStrong
+ : Runtime::kGetProperty);
}
@@ -828,17 +703,16 @@
LoadIC_PushArgs(masm);
// Perform tail call to the entry.
- ExternalReference ref =
- ExternalReference(IC_Utility(kKeyedLoadIC_Miss), masm->isolate());
- int arg_count = FLAG_vector_ics ? 4 : 2;
- __ TailCallExternalReference(ref, arg_count, 1);
+ __ TailCallRuntime(Runtime::kKeyedLoadIC_Miss);
}
-void KeyedLoadIC::GenerateRuntimeGetProperty(MacroAssembler* masm) {
+void KeyedLoadIC::GenerateRuntimeGetProperty(MacroAssembler* masm,
+ LanguageMode language_mode) {
// The return address is on the stack.
Register receiver = LoadDescriptor::ReceiverRegister();
Register name = LoadDescriptor::NameRegister();
+
DCHECK(!rbx.is(receiver) && !rbx.is(name));
__ PopReturnAddressTo(rbx);
@@ -846,23 +720,15 @@
__ Push(name);
__ PushReturnAddressFrom(rbx);
- // Perform tail call to the entry.
- __ TailCallRuntime(Runtime::kKeyedGetProperty, 2, 1);
+ // Do tail-call to runtime routine.
+ __ TailCallRuntime(is_strong(language_mode) ? Runtime::kKeyedGetPropertyStrong
+ : Runtime::kKeyedGetProperty);
}
void StoreIC::GenerateMegamorphic(MacroAssembler* masm) {
- // The return address is on the stack.
-
- // Get the receiver from the stack and probe the stub cache.
- Code::Flags flags = Code::RemoveTypeAndHolderFromFlags(
- Code::ComputeHandlerFlags(Code::STORE_IC));
- masm->isolate()->stub_cache()->GenerateProbe(
- masm, Code::STORE_IC, flags, false, StoreDescriptor::ReceiverRegister(),
- StoreDescriptor::NameRegister(), rbx, no_reg);
-
- // Cache miss: Jump to runtime.
- GenerateMiss(masm);
+ // This shouldn't be called.
+ __ int3();
}
@@ -870,14 +736,19 @@
Register receiver = StoreDescriptor::ReceiverRegister();
Register name = StoreDescriptor::NameRegister();
Register value = StoreDescriptor::ValueRegister();
+ Register temp = r11;
+ DCHECK(!temp.is(receiver) && !temp.is(name) && !temp.is(value));
- DCHECK(!rbx.is(receiver) && !rbx.is(name) && !rbx.is(value));
-
- __ PopReturnAddressTo(rbx);
+ __ PopReturnAddressTo(temp);
__ Push(receiver);
__ Push(name);
__ Push(value);
- __ PushReturnAddressFrom(rbx);
+ Register slot = VectorStoreICDescriptor::SlotRegister();
+ Register vector = VectorStoreICDescriptor::VectorRegister();
+ DCHECK(!temp.is(slot) && !temp.is(vector));
+ __ Push(slot);
+ __ Push(vector);
+ __ PushReturnAddressFrom(temp);
}
@@ -886,9 +757,7 @@
StoreIC_PushArgs(masm);
// Perform tail call to the entry.
- ExternalReference ref =
- ExternalReference(IC_Utility(kStoreIC_Miss), masm->isolate());
- __ TailCallExternalReference(ref, 3, 1);
+ __ TailCallRuntime(Runtime::kStoreIC_Miss);
}
@@ -896,7 +765,9 @@
Register receiver = StoreDescriptor::ReceiverRegister();
Register name = StoreDescriptor::NameRegister();
Register value = StoreDescriptor::ValueRegister();
- Register dictionary = rbx;
+ Register dictionary = r11;
+ DCHECK(!AreAliased(dictionary, VectorStoreICDescriptor::VectorRegister(),
+ VectorStoreICDescriptor::SlotRegister()));
Label miss;
@@ -917,9 +788,7 @@
StoreIC_PushArgs(masm);
// Do tail-call to runtime routine.
- ExternalReference ref =
- ExternalReference(IC_Utility(kKeyedStoreIC_Miss), masm->isolate());
- __ TailCallExternalReference(ref, 3, 1);
+ __ TailCallRuntime(Runtime::kKeyedStoreIC_Miss);
}
@@ -957,7 +826,8 @@
}
-void PatchInlinedSmiCode(Address address, InlinedSmiCheck check) {
+void PatchInlinedSmiCode(Isolate* isolate, Address address,
+ InlinedSmiCheck check) {
// The address of the instruction following the call.
Address test_instruction_address =
address + Assembler::kCallTargetAddressOffset;
@@ -993,7 +863,7 @@
: (*jmp_address == Assembler::kJnzShortOpcode ? not_carry : carry);
*jmp_address = static_cast<byte>(Assembler::kJccShortPrefix | cc);
}
-}
-} // namespace v8::internal
+} // namespace internal
+} // namespace v8
#endif // V8_TARGET_ARCH_X64
diff --git a/src/ic/x64/stub-cache-x64.cc b/src/ic/x64/stub-cache-x64.cc
index f15635c..9a9dfe9 100644
--- a/src/ic/x64/stub-cache-x64.cc
+++ b/src/ic/x64/stub-cache-x64.cc
@@ -2,8 +2,6 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "src/v8.h"
-
#if V8_TARGET_ARCH_X64
#include "src/codegen.h"
@@ -18,7 +16,7 @@
static void ProbeTable(Isolate* isolate, MacroAssembler* masm,
- Code::Kind ic_kind, Code::Flags flags, bool leave_frame,
+ Code::Kind ic_kind, Code::Flags flags,
StubCache::Table table, Register receiver, Register name,
// The offset is scaled by 4, based on
// kCacheIndexShift, which is two bits
@@ -30,7 +28,7 @@
: kPointerSizeLog2 == StubCache::kCacheIndexShift);
ScaleFactor scale_factor = kPointerSize == kInt64Size ? times_2 : times_1;
- DCHECK_EQ(3 * kPointerSize, sizeof(StubCache::Entry));
+ DCHECK_EQ(3u * kPointerSize, sizeof(StubCache::Entry));
// The offset register holds the entry offset times four (due to masking
// and shifting optimizations).
ExternalReference key_offset(isolate->stub_cache()->key_reference(table));
@@ -74,8 +72,6 @@
}
#endif
- if (leave_frame) __ leave();
-
// Jump to the first instruction in the code stub.
__ addp(kScratchRegister, Immediate(Code::kHeaderSize - kHeapObjectTag));
__ jmp(kScratchRegister);
@@ -85,10 +81,9 @@
void StubCache::GenerateProbe(MacroAssembler* masm, Code::Kind ic_kind,
- Code::Flags flags, bool leave_frame,
- Register receiver, Register name,
- Register scratch, Register extra, Register extra2,
- Register extra3) {
+ Code::Flags flags, Register receiver,
+ Register name, Register scratch, Register extra,
+ Register extra2, Register extra3) {
Isolate* isolate = masm->isolate();
Label miss;
USE(extra); // The register extra is not used on the X64 platform.
@@ -115,9 +110,16 @@
// the vector and slot registers, which need to be preserved for a handler
// call or miss.
if (IC::ICUseVector(ic_kind)) {
- Register vector = VectorLoadICDescriptor::VectorRegister();
- Register slot = VectorLoadICDescriptor::SlotRegister();
- DCHECK(!AreAliased(vector, slot, scratch));
+ if (ic_kind == Code::LOAD_IC || ic_kind == Code::KEYED_LOAD_IC) {
+ Register vector = LoadWithVectorDescriptor::VectorRegister();
+ Register slot = LoadDescriptor::SlotRegister();
+ DCHECK(!AreAliased(vector, slot, scratch));
+ } else {
+ DCHECK(ic_kind == Code::STORE_IC || ic_kind == Code::KEYED_STORE_IC);
+ Register vector = VectorStoreICDescriptor::VectorRegister();
+ Register slot = VectorStoreICDescriptor::SlotRegister();
+ DCHECK(!AreAliased(vector, slot, scratch));
+ }
}
#endif
@@ -137,8 +139,7 @@
__ andp(scratch, Immediate((kPrimaryTableSize - 1) << kCacheIndexShift));
// Probe the primary table.
- ProbeTable(isolate, masm, ic_kind, flags, leave_frame, kPrimary, receiver,
- name, scratch);
+ ProbeTable(isolate, masm, ic_kind, flags, kPrimary, receiver, name, scratch);
// Primary miss: Compute hash for secondary probe.
__ movl(scratch, FieldOperand(name, Name::kHashFieldOffset));
@@ -150,8 +151,8 @@
__ andp(scratch, Immediate((kSecondaryTableSize - 1) << kCacheIndexShift));
// Probe the secondary table.
- ProbeTable(isolate, masm, ic_kind, flags, leave_frame, kSecondary, receiver,
- name, scratch);
+ ProbeTable(isolate, masm, ic_kind, flags, kSecondary, receiver, name,
+ scratch);
// Cache miss: Fall-through and let caller handle the miss by
// entering the runtime system.
@@ -161,7 +162,7 @@
#undef __
-}
-} // namespace v8::internal
+} // namespace internal
+} // namespace v8
#endif // V8_TARGET_ARCH_X64