Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / v8 / d0a1eb7cd361309f9a4f3124a39879efb669db6d / . / src / ic / arm / ic-arm.cc
blob: 70a5d84e93384e47729d71ea8c68286e49f47f9e [file] [log] [blame]
Ben Murdochb8a8cc12014-11-26 15:28:44 +0000[diff] [blame]1// Copyright 2012 the V8 project authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "src/v8.h"
6
7#if V8_TARGET_ARCH_ARM
8
9#include "src/codegen.h"
10#include "src/ic/ic.h"
11#include "src/ic/ic-compiler.h"
12#include "src/ic/stub-cache.h"
13
14namespace v8 {
15namespace internal {
16
17
18// ----------------------------------------------------------------------------
19// Static IC stub generators.
20//
21
22#define __ ACCESS_MASM(masm)
23
24
25static void GenerateGlobalInstanceTypeCheck(MacroAssembler* masm, Register type,
26 Label* global_object) {
27 // Register usage:
28 // type: holds the receiver instance type on entry.
29 __ cmp(type, Operand(JS_GLOBAL_OBJECT_TYPE));
30 __ b(eq, global_object);
31 __ cmp(type, Operand(JS_BUILTINS_OBJECT_TYPE));
32 __ b(eq, global_object);
33 __ cmp(type, Operand(JS_GLOBAL_PROXY_TYPE));
34 __ b(eq, global_object);
35}
36
37
38// Helper function used from LoadIC GenerateNormal.
39//
40// elements: Property dictionary. It is not clobbered if a jump to the miss
41// label is done.
42// name: Property name. It is not clobbered if a jump to the miss label is
43// done
44// result: Register for the result. It is only updated if a jump to the miss
45// label is not done. Can be the same as elements or name clobbering
46// one of these in the case of not jumping to the miss label.
47// The two scratch registers need to be different from elements, name and
48// result.
49// The generated code assumes that the receiver has slow properties,
50// is not a global object and does not have interceptors.
51static void GenerateDictionaryLoad(MacroAssembler* masm, Label* miss,
52 Register elements, Register name,
53 Register result, Register scratch1,
54 Register scratch2) {
55 // Main use of the scratch registers.
56 // scratch1: Used as temporary and to hold the capacity of the property
57 // dictionary.
58 // scratch2: Used as temporary.
59 Label done;
60
61 // Probe the dictionary.
62 NameDictionaryLookupStub::GeneratePositiveLookup(masm, miss, &done, elements,
63 name, scratch1, scratch2);
64
65 // If probing finds an entry check that the value is a normal
66 // property.
67 __ bind(&done); // scratch2 == elements + 4 * index
68 const int kElementsStartOffset =
69 NameDictionary::kHeaderSize +
70 NameDictionary::kElementsStartIndex * kPointerSize;
71 const int kDetailsOffset = kElementsStartOffset + 2 * kPointerSize;
72 __ ldr(scratch1, FieldMemOperand(scratch2, kDetailsOffset));
73 __ tst(scratch1, Operand(PropertyDetails::TypeField::kMask << kSmiTagSize));
74 __ b(ne, miss);
75
76 // Get the value at the masked, scaled index and return.
77 __ ldr(result,
78 FieldMemOperand(scratch2, kElementsStartOffset + 1 * kPointerSize));
79}
80
81
82// Helper function used from StoreIC::GenerateNormal.
83//
84// elements: Property dictionary. It is not clobbered if a jump to the miss
85// label is done.
86// name: Property name. It is not clobbered if a jump to the miss label is
87// done
88// value: The value to store.
89// The two scratch registers need to be different from elements, name and
90// result.
91// The generated code assumes that the receiver has slow properties,
92// is not a global object and does not have interceptors.
93static void GenerateDictionaryStore(MacroAssembler* masm, Label* miss,
94 Register elements, Register name,
95 Register value, Register scratch1,
96 Register scratch2) {
97 // Main use of the scratch registers.
98 // scratch1: Used as temporary and to hold the capacity of the property
99 // dictionary.
100 // scratch2: Used as temporary.
101 Label done;
102
103 // Probe the dictionary.
104 NameDictionaryLookupStub::GeneratePositiveLookup(masm, miss, &done, elements,
105 name, scratch1, scratch2);
106
107 // If probing finds an entry in the dictionary check that the value
108 // is a normal property that is not read only.
109 __ bind(&done); // scratch2 == elements + 4 * index
110 const int kElementsStartOffset =
111 NameDictionary::kHeaderSize +
112 NameDictionary::kElementsStartIndex * kPointerSize;
113 const int kDetailsOffset = kElementsStartOffset + 2 * kPointerSize;
114 const int kTypeAndReadOnlyMask =
115 (PropertyDetails::TypeField::kMask |
116 PropertyDetails::AttributesField::encode(READ_ONLY))
117 << kSmiTagSize;
118 __ ldr(scratch1, FieldMemOperand(scratch2, kDetailsOffset));
119 __ tst(scratch1, Operand(kTypeAndReadOnlyMask));
120 __ b(ne, miss);
121
122 // Store the value at the masked, scaled index and return.
123 const int kValueOffset = kElementsStartOffset + kPointerSize;
124 __ add(scratch2, scratch2, Operand(kValueOffset - kHeapObjectTag));
125 __ str(value, MemOperand(scratch2));
126
127 // Update the write barrier. Make sure not to clobber the value.
128 __ mov(scratch1, value);
129 __ RecordWrite(elements, scratch2, scratch1, kLRHasNotBeenSaved,
130 kDontSaveFPRegs);
131}
132
133
134// Checks the receiver for special cases (value type, slow case bits).
135// Falls through for regular JS object.
136static void GenerateKeyedLoadReceiverCheck(MacroAssembler* masm,
137 Register receiver, Register map,
138 Register scratch,
139 int interceptor_bit, Label* slow) {
140 // Check that the object isn't a smi.
141 __ JumpIfSmi(receiver, slow);
142 // Get the map of the receiver.
143 __ ldr(map, FieldMemOperand(receiver, HeapObject::kMapOffset));
144 // Check bit field.
145 __ ldrb(scratch, FieldMemOperand(map, Map::kBitFieldOffset));
146 __ tst(scratch,
147 Operand((1 << Map::kIsAccessCheckNeeded) | (1 << interceptor_bit)));
148 __ b(ne, slow);
149 // Check that the object is some kind of JS object EXCEPT JS Value type.
150 // In the case that the object is a value-wrapper object,
151 // we enter the runtime system to make sure that indexing into string
152 // objects work as intended.
153 DCHECK(JS_OBJECT_TYPE > JS_VALUE_TYPE);
154 __ ldrb(scratch, FieldMemOperand(map, Map::kInstanceTypeOffset));
155 __ cmp(scratch, Operand(JS_OBJECT_TYPE));
156 __ b(lt, slow);
157}
158
159
160// Loads an indexed element from a fast case array.
161// If not_fast_array is NULL, doesn't perform the elements map check.
162static void GenerateFastArrayLoad(MacroAssembler* masm, Register receiver,
163 Register key, Register elements,
164 Register scratch1, Register scratch2,
165 Register result, Label* not_fast_array,
166 Label* out_of_range) {
167 // Register use:
168 //
169 // receiver - holds the receiver on entry.
170 // Unchanged unless 'result' is the same register.
171 //
172 // key - holds the smi key on entry.
173 // Unchanged unless 'result' is the same register.
174 //
175 // elements - holds the elements of the receiver on exit.
176 //
177 // result - holds the result on exit if the load succeeded.
178 // Allowed to be the the same as 'receiver' or 'key'.
179 // Unchanged on bailout so 'receiver' and 'key' can be safely
180 // used by further computation.
181 //
182 // Scratch registers:
183 //
184 // scratch1 - used to hold elements map and elements length.
185 // Holds the elements map if not_fast_array branch is taken.
186 //
187 // scratch2 - used to hold the loaded value.
188
189 __ ldr(elements, FieldMemOperand(receiver, JSObject::kElementsOffset));
190 if (not_fast_array != NULL) {
191 // Check that the object is in fast mode and writable.
192 __ ldr(scratch1, FieldMemOperand(elements, HeapObject::kMapOffset));
193 __ LoadRoot(ip, Heap::kFixedArrayMapRootIndex);
194 __ cmp(scratch1, ip);
195 __ b(ne, not_fast_array);
196 } else {
197 __ AssertFastElements(elements);
198 }
199 // Check that the key (index) is within bounds.
200 __ ldr(scratch1, FieldMemOperand(elements, FixedArray::kLengthOffset));
201 __ cmp(key, Operand(scratch1));
202 __ b(hs, out_of_range);
203 // Fast case: Do the load.
204 __ add(scratch1, elements, Operand(FixedArray::kHeaderSize - kHeapObjectTag));
205 __ ldr(scratch2, MemOperand::PointerAddressFromSmiKey(scratch1, key));
206 __ LoadRoot(ip, Heap::kTheHoleValueRootIndex);
207 __ cmp(scratch2, ip);
208 // In case the loaded value is the_hole we have to consult GetProperty
209 // to ensure the prototype chain is searched.
210 __ b(eq, out_of_range);
211 __ mov(result, scratch2);
212}
213
214
215// Checks whether a key is an array index string or a unique name.
216// Falls through if a key is a unique name.
217static void GenerateKeyNameCheck(MacroAssembler* masm, Register key,
218 Register map, Register hash,
219 Label* index_string, Label* not_unique) {
220 // The key is not a smi.
221 Label unique;
222 // Is it a name?
223 __ CompareObjectType(key, map, hash, LAST_UNIQUE_NAME_TYPE);
224 __ b(hi, not_unique);
225 STATIC_ASSERT(LAST_UNIQUE_NAME_TYPE == FIRST_NONSTRING_TYPE);
226 __ b(eq, &unique);
227
228 // Is the string an array index, with cached numeric value?
229 __ ldr(hash, FieldMemOperand(key, Name::kHashFieldOffset));
230 __ tst(hash, Operand(Name::kContainsCachedArrayIndexMask));
231 __ b(eq, index_string);
232
233 // Is the string internalized? We know it's a string, so a single
234 // bit test is enough.
235 // map: key map
236 __ ldrb(hash, FieldMemOperand(map, Map::kInstanceTypeOffset));
237 STATIC_ASSERT(kInternalizedTag == 0);
238 __ tst(hash, Operand(kIsNotInternalizedMask));
239 __ b(ne, not_unique);
240
241 __ bind(&unique);
242}
243
244
245void LoadIC::GenerateNormal(MacroAssembler* masm) {
246 Register dictionary = r0;
247 DCHECK(!dictionary.is(LoadDescriptor::ReceiverRegister()));
248 DCHECK(!dictionary.is(LoadDescriptor::NameRegister()));
249
250 Label slow;
251
252 __ ldr(dictionary, FieldMemOperand(LoadDescriptor::ReceiverRegister(),
253 JSObject::kPropertiesOffset));
254 GenerateDictionaryLoad(masm, &slow, dictionary,
255 LoadDescriptor::NameRegister(), r0, r3, r4);
256 __ Ret();
257
258 // Dictionary load failed, go slow (but don't miss).
259 __ bind(&slow);
260 GenerateRuntimeGetProperty(masm);
261}
262
263
264// A register that isn't one of the parameters to the load ic.
265static const Register LoadIC_TempRegister() { return r3; }
266
267
Emily Bernierd0a1eb72015-03-24 16:35:39 -0400[diff] [blame^]268static void LoadIC_PushArgs(MacroAssembler* masm) {
269 Register receiver = LoadDescriptor::ReceiverRegister();
270 Register name = LoadDescriptor::NameRegister();
271 if (FLAG_vector_ics) {
272 Register slot = VectorLoadICDescriptor::SlotRegister();
273 Register vector = VectorLoadICDescriptor::VectorRegister();
274
275 __ Push(receiver, name, slot, vector);
276 } else {
277 __ Push(receiver, name);
278 }
279}
280
281
Ben Murdochb8a8cc12014-11-26 15:28:44 +0000[diff] [blame]282void LoadIC::GenerateMiss(MacroAssembler* masm) {
283 // The return address is in lr.
284 Isolate* isolate = masm->isolate();
285
Emily Bernierd0a1eb72015-03-24 16:35:39 -0400[diff] [blame^]286 DCHECK(!FLAG_vector_ics ||
287 !AreAliased(r4, r5, VectorLoadICDescriptor::SlotRegister(),
288 VectorLoadICDescriptor::VectorRegister()));
289 __ IncrementCounter(isolate->counters()->load_miss(), 1, r4, r5);
Ben Murdochb8a8cc12014-11-26 15:28:44 +0000[diff] [blame]290
Emily Bernierd0a1eb72015-03-24 16:35:39 -0400[diff] [blame^]291 LoadIC_PushArgs(masm);
Ben Murdochb8a8cc12014-11-26 15:28:44 +0000[diff] [blame]292
293 // Perform tail call to the entry.
294 ExternalReference ref = ExternalReference(IC_Utility(kLoadIC_Miss), isolate);
Emily Bernierd0a1eb72015-03-24 16:35:39 -0400[diff] [blame^]295 int arg_count = FLAG_vector_ics ? 4 : 2;
296 __ TailCallExternalReference(ref, arg_count, 1);
Ben Murdochb8a8cc12014-11-26 15:28:44 +0000[diff] [blame]297}
298
299
300void LoadIC::GenerateRuntimeGetProperty(MacroAssembler* masm) {
301 // The return address is in lr.
302
303 __ mov(LoadIC_TempRegister(), LoadDescriptor::ReceiverRegister());
304 __ Push(LoadIC_TempRegister(), LoadDescriptor::NameRegister());
305
306 __ TailCallRuntime(Runtime::kGetProperty, 2, 1);
307}
308
309
310static MemOperand GenerateMappedArgumentsLookup(
311 MacroAssembler* masm, Register object, Register key, Register scratch1,
312 Register scratch2, Register scratch3, Label* unmapped_case,
313 Label* slow_case) {
314 Heap* heap = masm->isolate()->heap();
315
316 // Check that the receiver is a JSObject. Because of the map check
317 // later, we do not need to check for interceptors or whether it
318 // requires access checks.
319 __ JumpIfSmi(object, slow_case);
320 // Check that the object is some kind of JSObject.
321 __ CompareObjectType(object, scratch1, scratch2, FIRST_JS_RECEIVER_TYPE);
322 __ b(lt, slow_case);
323
324 // Check that the key is a positive smi.
325 __ tst(key, Operand(0x80000001));
326 __ b(ne, slow_case);
327
328 // Load the elements into scratch1 and check its map.
329 Handle<Map> arguments_map(heap->sloppy_arguments_elements_map());
330 __ ldr(scratch1, FieldMemOperand(object, JSObject::kElementsOffset));
331 __ CheckMap(scratch1, scratch2, arguments_map, slow_case, DONT_DO_SMI_CHECK);
332
333 // Check if element is in the range of mapped arguments. If not, jump
334 // to the unmapped lookup with the parameter map in scratch1.
335 __ ldr(scratch2, FieldMemOperand(scratch1, FixedArray::kLengthOffset));
336 __ sub(scratch2, scratch2, Operand(Smi::FromInt(2)));
337 __ cmp(key, Operand(scratch2));
338 __ b(cs, unmapped_case);
339
340 // Load element index and check whether it is the hole.
341 const int kOffset =
342 FixedArray::kHeaderSize + 2 * kPointerSize - kHeapObjectTag;
343
344 __ mov(scratch3, Operand(kPointerSize >> 1));
345 __ mul(scratch3, key, scratch3);
346 __ add(scratch3, scratch3, Operand(kOffset));
347
348 __ ldr(scratch2, MemOperand(scratch1, scratch3));
349 __ LoadRoot(scratch3, Heap::kTheHoleValueRootIndex);
350 __ cmp(scratch2, scratch3);
351 __ b(eq, unmapped_case);
352
353 // Load value from context and return it. We can reuse scratch1 because
354 // we do not jump to the unmapped lookup (which requires the parameter
355 // map in scratch1).
356 __ ldr(scratch1, FieldMemOperand(scratch1, FixedArray::kHeaderSize));
357 __ mov(scratch3, Operand(kPointerSize >> 1));
358 __ mul(scratch3, scratch2, scratch3);
359 __ add(scratch3, scratch3, Operand(Context::kHeaderSize - kHeapObjectTag));
360 return MemOperand(scratch1, scratch3);
361}
362
363
364static MemOperand GenerateUnmappedArgumentsLookup(MacroAssembler* masm,
365 Register key,
366 Register parameter_map,
367 Register scratch,
368 Label* slow_case) {
369 // Element is in arguments backing store, which is referenced by the
370 // second element of the parameter_map. The parameter_map register
371 // must be loaded with the parameter map of the arguments object and is
372 // overwritten.
373 const int kBackingStoreOffset = FixedArray::kHeaderSize + kPointerSize;
374 Register backing_store = parameter_map;
375 __ ldr(backing_store, FieldMemOperand(parameter_map, kBackingStoreOffset));
376 Handle<Map> fixed_array_map(masm->isolate()->heap()->fixed_array_map());
377 __ CheckMap(backing_store, scratch, fixed_array_map, slow_case,
378 DONT_DO_SMI_CHECK);
379 __ ldr(scratch, FieldMemOperand(backing_store, FixedArray::kLengthOffset));
380 __ cmp(key, Operand(scratch));
381 __ b(cs, slow_case);
382 __ mov(scratch, Operand(kPointerSize >> 1));
383 __ mul(scratch, key, scratch);
384 __ add(scratch, scratch, Operand(FixedArray::kHeaderSize - kHeapObjectTag));
385 return MemOperand(backing_store, scratch);
386}
387
388
389void KeyedStoreIC::GenerateSloppyArguments(MacroAssembler* masm) {
390 Register receiver = StoreDescriptor::ReceiverRegister();
391 Register key = StoreDescriptor::NameRegister();
392 Register value = StoreDescriptor::ValueRegister();
393 DCHECK(receiver.is(r1));
394 DCHECK(key.is(r2));
395 DCHECK(value.is(r0));
396
397 Label slow, notin;
398 MemOperand mapped_location = GenerateMappedArgumentsLookup(
399 masm, receiver, key, r3, r4, r5, &notin, &slow);
400 __ str(value, mapped_location);
401 __ add(r6, r3, r5);
402 __ mov(r9, value);
403 __ RecordWrite(r3, r6, r9, kLRHasNotBeenSaved, kDontSaveFPRegs);
404 __ Ret();
405 __ bind(&notin);
406 // The unmapped lookup expects that the parameter map is in r3.
407 MemOperand unmapped_location =
408 GenerateUnmappedArgumentsLookup(masm, key, r3, r4, &slow);
409 __ str(value, unmapped_location);
410 __ add(r6, r3, r4);
411 __ mov(r9, value);
412 __ RecordWrite(r3, r6, r9, kLRHasNotBeenSaved, kDontSaveFPRegs);
413 __ Ret();
414 __ bind(&slow);
415 GenerateMiss(masm);
416}
417
418
419void KeyedLoadIC::GenerateMiss(MacroAssembler* masm) {
420 // The return address is in lr.
421 Isolate* isolate = masm->isolate();
422
Emily Bernierd0a1eb72015-03-24 16:35:39 -0400[diff] [blame^]423 DCHECK(!FLAG_vector_ics ||
424 !AreAliased(r4, r5, VectorLoadICDescriptor::SlotRegister(),
425 VectorLoadICDescriptor::VectorRegister()));
426 __ IncrementCounter(isolate->counters()->keyed_load_miss(), 1, r4, r5);
Ben Murdochb8a8cc12014-11-26 15:28:44 +0000[diff] [blame]427
Emily Bernierd0a1eb72015-03-24 16:35:39 -0400[diff] [blame^]428 LoadIC_PushArgs(masm);
Ben Murdochb8a8cc12014-11-26 15:28:44 +0000[diff] [blame]429
430 // Perform tail call to the entry.
431 ExternalReference ref =
432 ExternalReference(IC_Utility(kKeyedLoadIC_Miss), isolate);
Emily Bernierd0a1eb72015-03-24 16:35:39 -0400[diff] [blame^]433 int arg_count = FLAG_vector_ics ? 4 : 2;
434 __ TailCallExternalReference(ref, arg_count, 1);
Ben Murdochb8a8cc12014-11-26 15:28:44 +0000[diff] [blame]435}
436
437
438void KeyedLoadIC::GenerateRuntimeGetProperty(MacroAssembler* masm) {
439 // The return address is in lr.
440
441 __ Push(LoadDescriptor::ReceiverRegister(), LoadDescriptor::NameRegister());
442
443 __ TailCallRuntime(Runtime::kKeyedGetProperty, 2, 1);
444}
445
446
447void KeyedLoadIC::GenerateGeneric(MacroAssembler* masm) {
448 // The return address is in lr.
449 Label slow, check_name, index_smi, index_name, property_array_property;
450 Label probe_dictionary, check_number_dictionary;
451
452 Register key = LoadDescriptor::NameRegister();
453 Register receiver = LoadDescriptor::ReceiverRegister();
454 DCHECK(key.is(r2));
455 DCHECK(receiver.is(r1));
456
457 Isolate* isolate = masm->isolate();
458
459 // Check that the key is a smi.
460 __ JumpIfNotSmi(key, &check_name);
461 __ bind(&index_smi);
462 // Now the key is known to be a smi. This place is also jumped to from below
463 // where a numeric string is converted to a smi.
464
465 GenerateKeyedLoadReceiverCheck(masm, receiver, r0, r3,
466 Map::kHasIndexedInterceptor, &slow);
467
468 // Check the receiver's map to see if it has fast elements.
469 __ CheckFastElements(r0, r3, &check_number_dictionary);
470
471 GenerateFastArrayLoad(masm, receiver, key, r0, r3, r4, r0, NULL, &slow);
472 __ IncrementCounter(isolate->counters()->keyed_load_generic_smi(), 1, r4, r3);
473 __ Ret();
474
475 __ bind(&check_number_dictionary);
476 __ ldr(r4, FieldMemOperand(receiver, JSObject::kElementsOffset));
477 __ ldr(r3, FieldMemOperand(r4, JSObject::kMapOffset));
478
479 // Check whether the elements is a number dictionary.
480 // r3: elements map
481 // r4: elements
482 __ LoadRoot(ip, Heap::kHashTableMapRootIndex);
483 __ cmp(r3, ip);
484 __ b(ne, &slow);
485 __ SmiUntag(r0, key);
486 __ LoadFromNumberDictionary(&slow, r4, key, r0, r0, r3, r5);
487 __ Ret();
488
489 // Slow case, key and receiver still in r2 and r1.
490 __ bind(&slow);
491 __ IncrementCounter(isolate->counters()->keyed_load_generic_slow(), 1, r4,
492 r3);
493 GenerateRuntimeGetProperty(masm);
494
495 __ bind(&check_name);
496 GenerateKeyNameCheck(masm, key, r0, r3, &index_name, &slow);
497
498 GenerateKeyedLoadReceiverCheck(masm, receiver, r0, r3,
499 Map::kHasNamedInterceptor, &slow);
500
501 // If the receiver is a fast-case object, check the keyed lookup
502 // cache. Otherwise probe the dictionary.
503 __ ldr(r3, FieldMemOperand(receiver, JSObject::kPropertiesOffset));
504 __ ldr(r4, FieldMemOperand(r3, HeapObject::kMapOffset));
505 __ LoadRoot(ip, Heap::kHashTableMapRootIndex);
506 __ cmp(r4, ip);
507 __ b(eq, &probe_dictionary);
508
509 // Load the map of the receiver, compute the keyed lookup cache hash
510 // based on 32 bits of the map pointer and the name hash.
511 __ ldr(r0, FieldMemOperand(receiver, HeapObject::kMapOffset));
512 __ mov(r3, Operand(r0, ASR, KeyedLookupCache::kMapHashShift));
513 __ ldr(r4, FieldMemOperand(key, Name::kHashFieldOffset));
514 __ eor(r3, r3, Operand(r4, ASR, Name::kHashShift));
515 int mask = KeyedLookupCache::kCapacityMask & KeyedLookupCache::kHashMask;
516 __ And(r3, r3, Operand(mask));
517
518 // Load the key (consisting of map and unique name) from the cache and
519 // check for match.
520 Label load_in_object_property;
521 static const int kEntriesPerBucket = KeyedLookupCache::kEntriesPerBucket;
522 Label hit_on_nth_entry[kEntriesPerBucket];
523 ExternalReference cache_keys =
524 ExternalReference::keyed_lookup_cache_keys(isolate);
525
526 __ mov(r4, Operand(cache_keys));
527 __ add(r4, r4, Operand(r3, LSL, kPointerSizeLog2 + 1));
528
529 for (int i = 0; i < kEntriesPerBucket - 1; i++) {
530 Label try_next_entry;
531 // Load map and move r4 to next entry.
532 __ ldr(r5, MemOperand(r4, kPointerSize * 2, PostIndex));
533 __ cmp(r0, r5);
534 __ b(ne, &try_next_entry);
535 __ ldr(r5, MemOperand(r4, -kPointerSize)); // Load name
536 __ cmp(key, r5);
537 __ b(eq, &hit_on_nth_entry[i]);
538 __ bind(&try_next_entry);
539 }
540
541 // Last entry: Load map and move r4 to name.
542 __ ldr(r5, MemOperand(r4, kPointerSize, PostIndex));
543 __ cmp(r0, r5);
544 __ b(ne, &slow);
545 __ ldr(r5, MemOperand(r4));
546 __ cmp(key, r5);
547 __ b(ne, &slow);
548
549 // Get field offset.
550 // r0 : receiver's map
551 // r3 : lookup cache index
552 ExternalReference cache_field_offsets =
553 ExternalReference::keyed_lookup_cache_field_offsets(isolate);
554
555 // Hit on nth entry.
556 for (int i = kEntriesPerBucket - 1; i >= 0; i--) {
557 __ bind(&hit_on_nth_entry[i]);
558 __ mov(r4, Operand(cache_field_offsets));
559 if (i != 0) {
560 __ add(r3, r3, Operand(i));
561 }
562 __ ldr(r5, MemOperand(r4, r3, LSL, kPointerSizeLog2));
563 __ ldrb(r6, FieldMemOperand(r0, Map::kInObjectPropertiesOffset));
564 __ sub(r5, r5, r6, SetCC);
565 __ b(ge, &property_array_property);
566 if (i != 0) {
567 __ jmp(&load_in_object_property);
568 }
569 }
570
571 // Load in-object property.
572 __ bind(&load_in_object_property);
573 __ ldrb(r6, FieldMemOperand(r0, Map::kInstanceSizeOffset));
574 __ add(r6, r6, r5); // Index from start of object.
575 __ sub(receiver, receiver, Operand(kHeapObjectTag)); // Remove the heap tag.
576 __ ldr(r0, MemOperand(receiver, r6, LSL, kPointerSizeLog2));
577 __ IncrementCounter(isolate->counters()->keyed_load_generic_lookup_cache(), 1,
578 r4, r3);
579 __ Ret();
580
581 // Load property array property.
582 __ bind(&property_array_property);
583 __ ldr(receiver, FieldMemOperand(receiver, JSObject::kPropertiesOffset));
584 __ add(receiver, receiver, Operand(FixedArray::kHeaderSize - kHeapObjectTag));
585 __ ldr(r0, MemOperand(receiver, r5, LSL, kPointerSizeLog2));
586 __ IncrementCounter(isolate->counters()->keyed_load_generic_lookup_cache(), 1,
587 r4, r3);
588 __ Ret();
589
590 // Do a quick inline probe of the receiver's dictionary, if it
591 // exists.
592 __ bind(&probe_dictionary);
593 // r3: elements
594 __ ldr(r0, FieldMemOperand(receiver, HeapObject::kMapOffset));
595 __ ldrb(r0, FieldMemOperand(r0, Map::kInstanceTypeOffset));
596 GenerateGlobalInstanceTypeCheck(masm, r0, &slow);
597 // Load the property to r0.
598 GenerateDictionaryLoad(masm, &slow, r3, key, r0, r5, r4);
599 __ IncrementCounter(isolate->counters()->keyed_load_generic_symbol(), 1, r4,
600 r3);
601 __ Ret();
602
603 __ bind(&index_name);
604 __ IndexFromHash(r3, key);
605 // Now jump to the place where smi keys are handled.
606 __ jmp(&index_smi);
607}
608
609
Ben Murdochb8a8cc12014-11-26 15:28:44 +0000[diff] [blame]610void KeyedStoreIC::GenerateMiss(MacroAssembler* masm) {
611 // Push receiver, key and value for runtime call.
612 __ Push(StoreDescriptor::ReceiverRegister(), StoreDescriptor::NameRegister(),
613 StoreDescriptor::ValueRegister());
614
615 ExternalReference ref =
616 ExternalReference(IC_Utility(kKeyedStoreIC_Miss), masm->isolate());
617 __ TailCallExternalReference(ref, 3, 1);
618}
619
620
Emily Bernierd0a1eb72015-03-24 16:35:39 -0400[diff] [blame^]621static void KeyedStoreGenerateMegamorphicHelper(
Ben Murdochb8a8cc12014-11-26 15:28:44 +0000[diff] [blame]622 MacroAssembler* masm, Label* fast_object, Label* fast_double, Label* slow,
623 KeyedStoreCheckMap check_map, KeyedStoreIncrementLength increment_length,
624 Register value, Register key, Register receiver, Register receiver_map,
625 Register elements_map, Register elements) {
626 Label transition_smi_elements;
627 Label finish_object_store, non_double_value, transition_double_elements;
628 Label fast_double_without_map_check;
629
630 // Fast case: Do the store, could be either Object or double.
631 __ bind(fast_object);
632 Register scratch_value = r4;
633 Register address = r5;
634 if (check_map == kCheckMap) {
635 __ ldr(elements_map, FieldMemOperand(elements, HeapObject::kMapOffset));
636 __ cmp(elements_map,
637 Operand(masm->isolate()->factory()->fixed_array_map()));
638 __ b(ne, fast_double);
639 }
640
641 // HOLECHECK: guards "A[i] = V"
642 // We have to go to the runtime if the current value is the hole because
643 // there may be a callback on the element
644 Label holecheck_passed1;
645 __ add(address, elements, Operand(FixedArray::kHeaderSize - kHeapObjectTag));
646 __ ldr(scratch_value,
647 MemOperand::PointerAddressFromSmiKey(address, key, PreIndex));
648 __ cmp(scratch_value, Operand(masm->isolate()->factory()->the_hole_value()));
649 __ b(ne, &holecheck_passed1);
650 __ JumpIfDictionaryInPrototypeChain(receiver, elements_map, scratch_value,
651 slow);
652
653 __ bind(&holecheck_passed1);
654
655 // Smi stores don't require further checks.
656 Label non_smi_value;
657 __ JumpIfNotSmi(value, &non_smi_value);
658
659 if (increment_length == kIncrementLength) {
660 // Add 1 to receiver->length.
661 __ add(scratch_value, key, Operand(Smi::FromInt(1)));
662 __ str(scratch_value, FieldMemOperand(receiver, JSArray::kLengthOffset));
663 }
664 // It's irrelevant whether array is smi-only or not when writing a smi.
665 __ add(address, elements, Operand(FixedArray::kHeaderSize - kHeapObjectTag));
666 __ str(value, MemOperand::PointerAddressFromSmiKey(address, key));
667 __ Ret();
668
669 __ bind(&non_smi_value);
670 // Escape to elements kind transition case.
671 __ CheckFastObjectElements(receiver_map, scratch_value,
672 &transition_smi_elements);
673
674 // Fast elements array, store the value to the elements backing store.
675 __ bind(&finish_object_store);
676 if (increment_length == kIncrementLength) {
677 // Add 1 to receiver->length.
678 __ add(scratch_value, key, Operand(Smi::FromInt(1)));
679 __ str(scratch_value, FieldMemOperand(receiver, JSArray::kLengthOffset));
680 }
681 __ add(address, elements, Operand(FixedArray::kHeaderSize - kHeapObjectTag));
682 __ add(address, address, Operand::PointerOffsetFromSmiKey(key));
683 __ str(value, MemOperand(address));
684 // Update write barrier for the elements array address.
685 __ mov(scratch_value, value); // Preserve the value which is returned.
686 __ RecordWrite(elements, address, scratch_value, kLRHasNotBeenSaved,
687 kDontSaveFPRegs, EMIT_REMEMBERED_SET, OMIT_SMI_CHECK);
688 __ Ret();
689
690 __ bind(fast_double);
691 if (check_map == kCheckMap) {
692 // Check for fast double array case. If this fails, call through to the
693 // runtime.
694 __ CompareRoot(elements_map, Heap::kFixedDoubleArrayMapRootIndex);
695 __ b(ne, slow);
696 }
697
698 // HOLECHECK: guards "A[i] double hole?"
699 // We have to see if the double version of the hole is present. If so
700 // go to the runtime.
701 __ add(address, elements,
702 Operand((FixedDoubleArray::kHeaderSize + sizeof(kHoleNanLower32)) -
703 kHeapObjectTag));
704 __ ldr(scratch_value,
705 MemOperand(address, key, LSL, kPointerSizeLog2, PreIndex));
706 __ cmp(scratch_value, Operand(kHoleNanUpper32));
707 __ b(ne, &fast_double_without_map_check);
708 __ JumpIfDictionaryInPrototypeChain(receiver, elements_map, scratch_value,
709 slow);
710
711 __ bind(&fast_double_without_map_check);
712 __ StoreNumberToDoubleElements(value, key, elements, r3, d0,
713 &transition_double_elements);
714 if (increment_length == kIncrementLength) {
715 // Add 1 to receiver->length.
716 __ add(scratch_value, key, Operand(Smi::FromInt(1)));
717 __ str(scratch_value, FieldMemOperand(receiver, JSArray::kLengthOffset));
718 }
719 __ Ret();
720
721 __ bind(&transition_smi_elements);
722 // Transition the array appropriately depending on the value type.
723 __ ldr(r4, FieldMemOperand(value, HeapObject::kMapOffset));
724 __ CompareRoot(r4, Heap::kHeapNumberMapRootIndex);
725 __ b(ne, &non_double_value);
726
727 // Value is a double. Transition FAST_SMI_ELEMENTS ->
728 // FAST_DOUBLE_ELEMENTS and complete the store.
729 __ LoadTransitionedArrayMapConditional(
730 FAST_SMI_ELEMENTS, FAST_DOUBLE_ELEMENTS, receiver_map, r4, slow);
731 AllocationSiteMode mode =
732 AllocationSite::GetMode(FAST_SMI_ELEMENTS, FAST_DOUBLE_ELEMENTS);
733 ElementsTransitionGenerator::GenerateSmiToDouble(masm, receiver, key, value,
734 receiver_map, mode, slow);
735 __ ldr(elements, FieldMemOperand(receiver, JSObject::kElementsOffset));
736 __ jmp(&fast_double_without_map_check);
737
738 __ bind(&non_double_value);
739 // Value is not a double, FAST_SMI_ELEMENTS -> FAST_ELEMENTS
740 __ LoadTransitionedArrayMapConditional(FAST_SMI_ELEMENTS, FAST_ELEMENTS,
741 receiver_map, r4, slow);
742 mode = AllocationSite::GetMode(FAST_SMI_ELEMENTS, FAST_ELEMENTS);
743 ElementsTransitionGenerator::GenerateMapChangeElementsTransition(
744 masm, receiver, key, value, receiver_map, mode, slow);
745 __ ldr(elements, FieldMemOperand(receiver, JSObject::kElementsOffset));
746 __ jmp(&finish_object_store);
747
748 __ bind(&transition_double_elements);
749 // Elements are FAST_DOUBLE_ELEMENTS, but value is an Object that's not a
750 // HeapNumber. Make sure that the receiver is a Array with FAST_ELEMENTS and
751 // transition array from FAST_DOUBLE_ELEMENTS to FAST_ELEMENTS
752 __ LoadTransitionedArrayMapConditional(FAST_DOUBLE_ELEMENTS, FAST_ELEMENTS,
753 receiver_map, r4, slow);
754 mode = AllocationSite::GetMode(FAST_DOUBLE_ELEMENTS, FAST_ELEMENTS);
755 ElementsTransitionGenerator::GenerateDoubleToObject(
756 masm, receiver, key, value, receiver_map, mode, slow);
757 __ ldr(elements, FieldMemOperand(receiver, JSObject::kElementsOffset));
758 __ jmp(&finish_object_store);
759}
760
761
Emily Bernierd0a1eb72015-03-24 16:35:39 -0400[diff] [blame^]762void KeyedStoreIC::GenerateMegamorphic(MacroAssembler* masm,
763 StrictMode strict_mode) {
Ben Murdochb8a8cc12014-11-26 15:28:44 +0000[diff] [blame]764 // ---------- S t a t e --------------
765 // -- r0 : value
766 // -- r1 : key
767 // -- r2 : receiver
768 // -- lr : return address
769 // -----------------------------------
770 Label slow, fast_object, fast_object_grow;
771 Label fast_double, fast_double_grow;
Emily Bernierd0a1eb72015-03-24 16:35:39 -0400[diff] [blame^]772 Label array, extra, check_if_double_array, maybe_name_key, miss;
Ben Murdochb8a8cc12014-11-26 15:28:44 +0000[diff] [blame]773
774 // Register usage.
775 Register value = StoreDescriptor::ValueRegister();
776 Register key = StoreDescriptor::NameRegister();
777 Register receiver = StoreDescriptor::ReceiverRegister();
778 DCHECK(receiver.is(r1));
779 DCHECK(key.is(r2));
780 DCHECK(value.is(r0));
781 Register receiver_map = r3;
782 Register elements_map = r6;
783 Register elements = r9; // Elements array of the receiver.
784 // r4 and r5 are used as general scratch registers.
785
786 // Check that the key is a smi.
Emily Bernierd0a1eb72015-03-24 16:35:39 -0400[diff] [blame^]787 __ JumpIfNotSmi(key, &maybe_name_key);
Ben Murdochb8a8cc12014-11-26 15:28:44 +0000[diff] [blame]788 // Check that the object isn't a smi.
789 __ JumpIfSmi(receiver, &slow);
790 // Get the map of the object.
791 __ ldr(receiver_map, FieldMemOperand(receiver, HeapObject::kMapOffset));
792 // Check that the receiver does not require access checks and is not observed.
793 // The generic stub does not perform map checks or handle observed objects.
794 __ ldrb(ip, FieldMemOperand(receiver_map, Map::kBitFieldOffset));
795 __ tst(ip, Operand(1 << Map::kIsAccessCheckNeeded | 1 << Map::kIsObserved));
796 __ b(ne, &slow);
797 // Check if the object is a JS array or not.
798 __ ldrb(r4, FieldMemOperand(receiver_map, Map::kInstanceTypeOffset));
799 __ cmp(r4, Operand(JS_ARRAY_TYPE));
800 __ b(eq, &array);
801 // Check that the object is some kind of JSObject.
802 __ cmp(r4, Operand(FIRST_JS_OBJECT_TYPE));
803 __ b(lt, &slow);
804
805 // Object case: Check key against length in the elements array.
806 __ ldr(elements, FieldMemOperand(receiver, JSObject::kElementsOffset));
807 // Check array bounds. Both the key and the length of FixedArray are smis.
808 __ ldr(ip, FieldMemOperand(elements, FixedArray::kLengthOffset));
809 __ cmp(key, Operand(ip));
810 __ b(lo, &fast_object);
811
812 // Slow case, handle jump to runtime.
813 __ bind(&slow);
814 // Entry registers are intact.
815 // r0: value.
816 // r1: key.
817 // r2: receiver.
818 PropertyICCompiler::GenerateRuntimeSetProperty(masm, strict_mode);
Emily Bernierd0a1eb72015-03-24 16:35:39 -0400[diff] [blame^]819 // Never returns to here.
820
821 __ bind(&maybe_name_key);
822 __ ldr(r4, FieldMemOperand(key, HeapObject::kMapOffset));
823 __ ldrb(r4, FieldMemOperand(r4, Map::kInstanceTypeOffset));
824 __ JumpIfNotUniqueNameInstanceType(r4, &slow);
825 Code::Flags flags = Code::RemoveTypeAndHolderFromFlags(
826 Code::ComputeHandlerFlags(Code::STORE_IC));
827 masm->isolate()->stub_cache()->GenerateProbe(
828 masm, Code::STORE_IC, flags, false, receiver, key, r3, r4, r5, r6);
829 // Cache miss.
830 __ b(&miss);
Ben Murdochb8a8cc12014-11-26 15:28:44 +0000[diff] [blame]831
832 // Extra capacity case: Check if there is extra capacity to
833 // perform the store and update the length. Used for adding one
834 // element to the array by writing to array[array.length].
835 __ bind(&extra);
836 // Condition code from comparing key and array length is still available.
837 __ b(ne, &slow); // Only support writing to writing to array[array.length].
838 // Check for room in the elements backing store.
839 // Both the key and the length of FixedArray are smis.
840 __ ldr(ip, FieldMemOperand(elements, FixedArray::kLengthOffset));
841 __ cmp(key, Operand(ip));
842 __ b(hs, &slow);
843 __ ldr(elements_map, FieldMemOperand(elements, HeapObject::kMapOffset));
844 __ cmp(elements_map, Operand(masm->isolate()->factory()->fixed_array_map()));
845 __ b(ne, &check_if_double_array);
846 __ jmp(&fast_object_grow);
847
848 __ bind(&check_if_double_array);
849 __ cmp(elements_map,
850 Operand(masm->isolate()->factory()->fixed_double_array_map()));
851 __ b(ne, &slow);
852 __ jmp(&fast_double_grow);
853
854 // Array case: Get the length and the elements array from the JS
855 // array. Check that the array is in fast mode (and writable); if it
856 // is the length is always a smi.
857 __ bind(&array);
858 __ ldr(elements, FieldMemOperand(receiver, JSObject::kElementsOffset));
859
860 // Check the key against the length in the array.
861 __ ldr(ip, FieldMemOperand(receiver, JSArray::kLengthOffset));
862 __ cmp(key, Operand(ip));
863 __ b(hs, &extra);
864
Emily Bernierd0a1eb72015-03-24 16:35:39 -0400[diff] [blame^]865 KeyedStoreGenerateMegamorphicHelper(
Ben Murdochb8a8cc12014-11-26 15:28:44 +0000[diff] [blame]866 masm, &fast_object, &fast_double, &slow, kCheckMap, kDontIncrementLength,
867 value, key, receiver, receiver_map, elements_map, elements);
Emily Bernierd0a1eb72015-03-24 16:35:39 -0400[diff] [blame^]868 KeyedStoreGenerateMegamorphicHelper(masm, &fast_object_grow,
869 &fast_double_grow, &slow, kDontCheckMap,
870 kIncrementLength, value, key, receiver,
871 receiver_map, elements_map, elements);
872
873 __ bind(&miss);
874 GenerateMiss(masm);
Ben Murdochb8a8cc12014-11-26 15:28:44 +0000[diff] [blame]875}
876
877
878void StoreIC::GenerateMegamorphic(MacroAssembler* masm) {
879 Register receiver = StoreDescriptor::ReceiverRegister();
880 Register name = StoreDescriptor::NameRegister();
881 DCHECK(receiver.is(r1));
882 DCHECK(name.is(r2));
883 DCHECK(StoreDescriptor::ValueRegister().is(r0));
884
885 // Get the receiver from the stack and probe the stub cache.
886 Code::Flags flags = Code::RemoveTypeAndHolderFromFlags(
887 Code::ComputeHandlerFlags(Code::STORE_IC));
888
Emily Bernierd0a1eb72015-03-24 16:35:39 -0400[diff] [blame^]889 masm->isolate()->stub_cache()->GenerateProbe(
890 masm, Code::STORE_IC, flags, false, receiver, name, r3, r4, r5, r6);
Ben Murdochb8a8cc12014-11-26 15:28:44 +0000[diff] [blame]891
892 // Cache miss: Jump to runtime.
893 GenerateMiss(masm);
894}
895
896
897void StoreIC::GenerateMiss(MacroAssembler* masm) {
898 __ Push(StoreDescriptor::ReceiverRegister(), StoreDescriptor::NameRegister(),
899 StoreDescriptor::ValueRegister());
900
901 // Perform tail call to the entry.
902 ExternalReference ref =
903 ExternalReference(IC_Utility(kStoreIC_Miss), masm->isolate());
904 __ TailCallExternalReference(ref, 3, 1);
905}
906
907
908void StoreIC::GenerateNormal(MacroAssembler* masm) {
909 Label miss;
910 Register receiver = StoreDescriptor::ReceiverRegister();
911 Register name = StoreDescriptor::NameRegister();
912 Register value = StoreDescriptor::ValueRegister();
913 Register dictionary = r3;
914 DCHECK(receiver.is(r1));
915 DCHECK(name.is(r2));
916 DCHECK(value.is(r0));
917
918 __ ldr(dictionary, FieldMemOperand(receiver, JSObject::kPropertiesOffset));
919
920 GenerateDictionaryStore(masm, &miss, dictionary, name, value, r4, r5);
921 Counters* counters = masm->isolate()->counters();
922 __ IncrementCounter(counters->store_normal_hit(), 1, r4, r5);
923 __ Ret();
924
925 __ bind(&miss);
926 __ IncrementCounter(counters->store_normal_miss(), 1, r4, r5);
927 GenerateMiss(masm);
928}
929
930
931#undef __
932
933
934Condition CompareIC::ComputeCondition(Token::Value op) {
935 switch (op) {
936 case Token::EQ_STRICT:
937 case Token::EQ:
938 return eq;
939 case Token::LT:
940 return lt;
941 case Token::GT:
942 return gt;
943 case Token::LTE:
944 return le;
945 case Token::GTE:
946 return ge;
947 default:
948 UNREACHABLE();
949 return kNoCondition;
950 }
951}
952
953
954bool CompareIC::HasInlinedSmiCode(Address address) {
955 // The address of the instruction following the call.
956 Address cmp_instruction_address =
957 Assembler::return_address_from_call_start(address);
958
959 // If the instruction following the call is not a cmp rx, #yyy, nothing
960 // was inlined.
961 Instr instr = Assembler::instr_at(cmp_instruction_address);
962 return Assembler::IsCmpImmediate(instr);
963}
964
965
966void PatchInlinedSmiCode(Address address, InlinedSmiCheck check) {
967 Address cmp_instruction_address =
968 Assembler::return_address_from_call_start(address);
969
970 // If the instruction following the call is not a cmp rx, #yyy, nothing
971 // was inlined.
972 Instr instr = Assembler::instr_at(cmp_instruction_address);
973 if (!Assembler::IsCmpImmediate(instr)) {
974 return;
975 }
976
977 // The delta to the start of the map check instruction and the
978 // condition code uses at the patched jump.
979 int delta = Assembler::GetCmpImmediateRawImmediate(instr);
980 delta += Assembler::GetCmpImmediateRegister(instr).code() * kOff12Mask;
981 // If the delta is 0 the instruction is cmp r0, #0 which also signals that
982 // nothing was inlined.
983 if (delta == 0) {
984 return;
985 }
986
987 if (FLAG_trace_ic) {
988 PrintF("[ patching ic at %p, cmp=%p, delta=%d\n", address,
989 cmp_instruction_address, delta);
990 }
991
992 Address patch_address =
993 cmp_instruction_address - delta * Instruction::kInstrSize;
994 Instr instr_at_patch = Assembler::instr_at(patch_address);
995 Instr branch_instr =
996 Assembler::instr_at(patch_address + Instruction::kInstrSize);
997 // This is patching a conditional "jump if not smi/jump if smi" site.
998 // Enabling by changing from
999 // cmp rx, rx
1000 // b eq/ne, <target>
1001 // to
1002 // tst rx, #kSmiTagMask
1003 // b ne/eq, <target>
1004 // and vice-versa to be disabled again.
1005 CodePatcher patcher(patch_address, 2);
1006 Register reg = Assembler::GetRn(instr_at_patch);
1007 if (check == ENABLE_INLINED_SMI_CHECK) {
1008 DCHECK(Assembler::IsCmpRegister(instr_at_patch));
1009 DCHECK_EQ(Assembler::GetRn(instr_at_patch).code(),
1010 Assembler::GetRm(instr_at_patch).code());
1011 patcher.masm()->tst(reg, Operand(kSmiTagMask));
1012 } else {
1013 DCHECK(check == DISABLE_INLINED_SMI_CHECK);
1014 DCHECK(Assembler::IsTstImmediate(instr_at_patch));
1015 patcher.masm()->cmp(reg, reg);
1016 }
1017 DCHECK(Assembler::IsBranch(branch_instr));
1018 if (Assembler::GetCondition(branch_instr) == eq) {
1019 patcher.EmitCondition(ne);
1020 } else {
1021 DCHECK(Assembler::GetCondition(branch_instr) == ne);
1022 patcher.EmitCondition(eq);
1023 }
1024}
1025}
1026} // namespace v8::internal
1027
1028#endif // V8_TARGET_ARCH_ARM