Revision: 5487
Author: [email protected]
Date: Fri Sep 17 06:28:10 2010
Log: Bring r5483 "Fix direct loading of global function prototypes" to 2.3.
Review URL: http://codereview.chromium.org/3462001
http://code.google.com/p/v8/source/detail?r=5487
Modified:
/branches/2.3/src/arm/stub-cache-arm.cc
/branches/2.3/src/ia32/stub-cache-ia32.cc
/branches/2.3/src/stub-cache.h
/branches/2.3/src/version.cc
/branches/2.3/src/x64/stub-cache-x64.cc
/branches/2.3/test/cctest/test-api.cc
=======================================
--- /branches/2.3/src/arm/stub-cache-arm.cc Wed Aug 25 08:26:24 2010
+++ /branches/2.3/src/arm/stub-cache-arm.cc Fri Sep 17 06:28:10 2010
@@ -266,7 +266,12 @@
void StubCompiler::GenerateDirectLoadGlobalFunctionPrototype(
- MacroAssembler* masm, int index, Register prototype) {
+ MacroAssembler* masm, int index, Register prototype, Label* miss) {
+ // Check we're still in the same context.
+ __ ldr(prototype, MemOperand(cp,
Context::SlotOffset(Context::GLOBAL_INDEX)));
+ __ Move(ip, Top::global());
+ __ cmp(prototype, ip);
+ __ b(ne, miss);
// Get the global function with the given index.
JSFunction* function =
JSFunction::cast(Top::global_context()->get(index));
// Load its initial map. The global functions all have initial maps.
@@ -1383,7 +1388,8 @@
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(masm(),
Context::STRING_FUNCTION_INDEX,
- r0);
+ r0,
+ &miss);
ASSERT(object != holder);
CheckPrototypes(JSObject::cast(object->GetPrototype()), r0, holder,
r1, r3, r4, name, &miss);
@@ -1454,7 +1460,8 @@
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(masm(),
Context::STRING_FUNCTION_INDEX,
- r0);
+ r0,
+ &miss);
ASSERT(object != holder);
CheckPrototypes(JSObject::cast(object->GetPrototype()), r0, holder,
r1, r3, r4, name, &miss);
@@ -1580,7 +1587,7 @@
__ b(hs, &miss);
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(
- masm(), Context::STRING_FUNCTION_INDEX, r0);
+ masm(), Context::STRING_FUNCTION_INDEX, r0, &miss);
CheckPrototypes(JSObject::cast(object->GetPrototype()), r0,
holder, r3,
r1, r4, name, &miss);
}
@@ -1600,7 +1607,7 @@
__ bind(&fast);
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(
- masm(), Context::NUMBER_FUNCTION_INDEX, r0);
+ masm(), Context::NUMBER_FUNCTION_INDEX, r0, &miss);
CheckPrototypes(JSObject::cast(object->GetPrototype()), r0,
holder, r3,
r1, r4, name, &miss);
}
@@ -1623,7 +1630,7 @@
__ bind(&fast);
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(
- masm(), Context::BOOLEAN_FUNCTION_INDEX, r0);
+ masm(), Context::BOOLEAN_FUNCTION_INDEX, r0, &miss);
CheckPrototypes(JSObject::cast(object->GetPrototype()), r0,
holder, r3,
r1, r4, name, &miss);
}
=======================================
--- /branches/2.3/src/ia32/stub-cache-ia32.cc Wed Aug 18 00:45:01 2010
+++ /branches/2.3/src/ia32/stub-cache-ia32.cc Fri Sep 17 06:28:10 2010
@@ -273,7 +273,11 @@
void StubCompiler::GenerateDirectLoadGlobalFunctionPrototype(
- MacroAssembler* masm, int index, Register prototype) {
+ MacroAssembler* masm, int index, Register prototype, Label* miss) {
+ // Check we're still in the same context.
+ __ cmp(Operand(esi, Context::SlotOffset(Context::GLOBAL_INDEX)),
+ Top::global());
+ __ j(not_equal, miss);
// Get the global function with the given index.
JSFunction* function =
JSFunction::cast(Top::global_context()->get(index));
// Load its initial map. The global functions all have initial maps.
@@ -1584,7 +1588,8 @@
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(masm(),
Context::STRING_FUNCTION_INDEX,
- eax);
+ eax,
+ &miss);
ASSERT(object != holder);
CheckPrototypes(JSObject::cast(object->GetPrototype()), eax, holder,
ebx, edx, edi, name, &miss);
@@ -1653,7 +1658,8 @@
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(masm(),
Context::STRING_FUNCTION_INDEX,
- eax);
+ eax,
+ &miss);
ASSERT(object != holder);
CheckPrototypes(JSObject::cast(object->GetPrototype()), eax, holder,
ebx, edx, edi, name, &miss);
@@ -1781,7 +1787,7 @@
__ j(above_equal, &miss, not_taken);
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(
- masm(), Context::STRING_FUNCTION_INDEX, eax);
+ masm(), Context::STRING_FUNCTION_INDEX, eax, &miss);
CheckPrototypes(JSObject::cast(object->GetPrototype()), eax,
holder,
ebx, edx, edi, name, &miss);
}
@@ -1801,7 +1807,7 @@
__ bind(&fast);
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(
- masm(), Context::NUMBER_FUNCTION_INDEX, eax);
+ masm(), Context::NUMBER_FUNCTION_INDEX, eax, &miss);
CheckPrototypes(JSObject::cast(object->GetPrototype()), eax,
holder,
ebx, edx, edi, name, &miss);
}
@@ -1822,7 +1828,7 @@
__ bind(&fast);
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(
- masm(), Context::BOOLEAN_FUNCTION_INDEX, eax);
+ masm(), Context::BOOLEAN_FUNCTION_INDEX, eax, &miss);
CheckPrototypes(JSObject::cast(object->GetPrototype()), eax,
holder,
ebx, edx, edi, name, &miss);
}
=======================================
--- /branches/2.3/src/stub-cache.h Wed Aug 18 00:45:01 2010
+++ /branches/2.3/src/stub-cache.h Fri Sep 17 06:28:10 2010
@@ -361,13 +361,15 @@
Register prototype);
// Generates prototype loading code that uses the objects from the
- // context we were in when this function was called. This ties the
- // generated code to a particular context and so must not be used in
- // cases where the generated code is not allowed to have references
- // to objects from a context.
+ // context we were in when this function was called. If the context
+ // has changed, a jump to miss is performed. This ties the generated
+ // code to a particular context and so must not be used in cases
+ // where the generated code is not allowed to have references to
+ // objects from a context.
static void GenerateDirectLoadGlobalFunctionPrototype(MacroAssembler*
masm,
int index,
- Register
prototype);
+ Register prototype,
+ Label* miss);
static void GenerateFastPropertyLoad(MacroAssembler* masm,
Register dst, Register src,
=======================================
--- /branches/2.3/src/version.cc Thu Sep 16 05:46:49 2010
+++ /branches/2.3/src/version.cc Fri Sep 17 06:28:10 2010
@@ -35,7 +35,7 @@
#define MAJOR_VERSION 2
#define MINOR_VERSION 3
#define BUILD_NUMBER 11
-#define PATCH_LEVEL 9
+#define PATCH_LEVEL 10
#define CANDIDATE_VERSION false
// Define SONAME to have the SCons build the put a specific SONAME into the
=======================================
--- /branches/2.3/src/x64/stub-cache-x64.cc Wed Aug 25 08:26:24 2010
+++ /branches/2.3/src/x64/stub-cache-x64.cc Fri Sep 17 06:28:10 2010
@@ -216,7 +216,12 @@
void StubCompiler::GenerateDirectLoadGlobalFunctionPrototype(
- MacroAssembler* masm, int index, Register prototype) {
+ MacroAssembler* masm, int index, Register prototype, Label* miss) {
+ // Check we're still in the same context.
+ __ Move(prototype, Top::global());
+ __ cmpq(Operand(rsi, Context::SlotOffset(Context::GLOBAL_INDEX)),
+ prototype);
+ __ j(not_equal, miss);
// Get the global function with the given index.
JSFunction* function =
JSFunction::cast(Top::global_context()->get(index));
// Load its initial map. The global functions all have initial maps.
@@ -913,7 +918,7 @@
__ j(above_equal, &miss);
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(
- masm(), Context::STRING_FUNCTION_INDEX, rax);
+ masm(), Context::STRING_FUNCTION_INDEX, rax, &miss);
CheckPrototypes(JSObject::cast(object->GetPrototype()), rax,
holder,
rbx, rdx, rdi, name, &miss);
}
@@ -932,7 +937,7 @@
__ bind(&fast);
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(
- masm(), Context::NUMBER_FUNCTION_INDEX, rax);
+ masm(), Context::NUMBER_FUNCTION_INDEX, rax, &miss);
CheckPrototypes(JSObject::cast(object->GetPrototype()), rax,
holder,
rbx, rdx, rdi, name, &miss);
}
@@ -953,7 +958,7 @@
__ bind(&fast);
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(
- masm(), Context::BOOLEAN_FUNCTION_INDEX, rax);
+ masm(), Context::BOOLEAN_FUNCTION_INDEX, rax, &miss);
CheckPrototypes(JSObject::cast(object->GetPrototype()), rax,
holder,
rbx, rdx, rdi, name, &miss);
}
@@ -1313,7 +1318,8 @@
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(masm(),
Context::STRING_FUNCTION_INDEX,
- rax);
+ rax,
+ &miss);
ASSERT(object != holder);
CheckPrototypes(JSObject::cast(object->GetPrototype()), rax, holder,
rbx, rdx, rdi, name, &miss);
@@ -1383,7 +1389,8 @@
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(masm(),
Context::STRING_FUNCTION_INDEX,
- rax);
+ rax,
+ &miss);
ASSERT(object != holder);
CheckPrototypes(JSObject::cast(object->GetPrototype()), rax, holder,
rbx, rdx, rdi, name, &miss);
=======================================
--- /branches/2.3/test/cctest/test-api.cc Mon Aug 23 04:36:18 2010
+++ /branches/2.3/test/cctest/test-api.cc Fri Sep 17 06:28:10 2010
@@ -11285,3 +11285,72 @@
// the other tests.
v8::V8::SetFailedAccessCheckCallbackFunction(NULL);
}
+
+
+TEST(StringCheckMultipleContexts) {
+ const char* code =
+ "(function() { return \"a\".charAt(0); })()";
+
+ {
+ // Run the code twice in the first context to initialize the call IC.
+ v8::HandleScope scope;
+ LocalContext context1;
+ ExpectString(code, "a");
+ ExpectString(code, "a");
+ }
+
+ {
+ // Change the String.prototype in the second context and check
+ // that the right function gets called.
+ v8::HandleScope scope;
+ LocalContext context2;
+ CompileRun("String.prototype.charAt = function() { return \"not a\";
}");
+ ExpectString(code, "not a");
+ }
+}
+
+
+TEST(NumberCheckMultipleContexts) {
+ const char* code =
+ "(function() { return (42).toString(); })()";
+
+ {
+ // Run the code twice in the first context to initialize the call IC.
+ v8::HandleScope scope;
+ LocalContext context1;
+ ExpectString(code, "42");
+ ExpectString(code, "42");
+ }
+
+ {
+ // Change the Number.prototype in the second context and check
+ // that the right function gets called.
+ v8::HandleScope scope;
+ LocalContext context2;
+ CompileRun("Number.prototype.toString = function() { return \"not
42\"; }");
+ ExpectString(code, "not 42");
+ }
+}
+
+
+TEST(BooleanCheckMultipleContexts) {
+ const char* code =
+ "(function() { return true.toString(); })()";
+
+ {
+ // Run the code twice in the first context to initialize the call IC.
+ v8::HandleScope scope;
+ LocalContext context1;
+ ExpectString(code, "true");
+ ExpectString(code, "true");
+ }
+
+ {
+ // Change the Boolean.prototype in the second context and check
+ // that the right function gets called.
+ v8::HandleScope scope;
+ LocalContext context2;
+ CompileRun("Boolean.prototype.toString = function() { return \"\"; }");
+ ExpectString(code, "");
+ }
+}
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
