Revision: 13571
Author: [email protected]
Date: Thu Jan 31 08:18:18 2013
Log: Support slow-mode prototypes for load and call ICs.
This changes LoadNonExistent to handle negative lookups as well.
Review URL: https://chromiumcodereview.appspot.com/12092043
http://code.google.com/p/v8/source/detail?r=13571
Modified:
/branches/bleeding_edge/src/arm/stub-cache-arm.cc
/branches/bleeding_edge/src/ia32/stub-cache-ia32.cc
/branches/bleeding_edge/src/ic.cc
/branches/bleeding_edge/src/stub-cache.cc
/branches/bleeding_edge/src/stub-cache.h
/branches/bleeding_edge/src/x64/stub-cache-x64.cc
=======================================
--- /branches/bleeding_edge/src/arm/stub-cache-arm.cc Fri Jan 25 03:55:29
2013
+++ /branches/bleeding_edge/src/arm/stub-cache-arm.cc Thu Jan 31 08:18:18
2013
@@ -2894,9 +2894,11 @@
}
-Handle<Code> LoadStubCompiler::CompileLoadNonexistent(Handle<String> name,
- Handle<JSObject>
object,
- Handle<JSObject>
last) {
+Handle<Code> LoadStubCompiler::CompileLoadNonexistent(
+ Handle<String> name,
+ Handle<JSObject> object,
+ Handle<JSObject> last,
+ Handle<GlobalObject> global) {
// ----------- S t a t e -------------
// -- r0 : receiver
// -- lr : return address
@@ -2906,14 +2908,24 @@
// Check that receiver is not a smi.
__ JumpIfSmi(r0, &miss);
+
+ Register scratch = r1;
+
// Check the maps of the full prototype chain.
- CheckPrototypes(object, r0, last, r3, r1, r4, name, &miss);
+ Register result =
+ CheckPrototypes(object, r0, last, r3, scratch, r4, name, &miss);
// If the last object in the prototype chain is a global object,
// check that the global property cell is empty.
- if (last->IsGlobalObject()) {
- GenerateCheckPropertyCell(
- masm(), Handle<GlobalObject>::cast(last), name, r1, &miss);
+ if (!global.is_null()) {
+ GenerateCheckPropertyCell(masm(), global, name, scratch, &miss);
+ }
+
+ if (!last->HasFastProperties()) {
+ __ ldr(scratch, FieldMemOperand(result, HeapObject::kMapOffset));
+ __ ldr(scratch, FieldMemOperand(scratch, Map::kPrototypeOffset));
+ __ cmp(scratch, Operand(isolate()->factory()->null_value()));
+ __ b(ne, &miss);
}
// Return undefined if maps of the full prototype chain are still the
=======================================
--- /branches/bleeding_edge/src/ia32/stub-cache-ia32.cc Fri Jan 25 03:55:29
2013
+++ /branches/bleeding_edge/src/ia32/stub-cache-ia32.cc Thu Jan 31 08:18:18
2013
@@ -2964,9 +2964,11 @@
}
-Handle<Code> LoadStubCompiler::CompileLoadNonexistent(Handle<String> name,
- Handle<JSObject>
object,
- Handle<JSObject>
last) {
+Handle<Code> LoadStubCompiler::CompileLoadNonexistent(
+ Handle<String> name,
+ Handle<JSObject> object,
+ Handle<JSObject> last,
+ Handle<GlobalObject> global) {
// ----------- S t a t e -------------
// -- ecx : name
// -- edx : receiver
@@ -2977,18 +2979,25 @@
// Check that the receiver isn't a smi.
__ JumpIfSmi(edx, &miss);
- ASSERT(last->IsGlobalObject() || last->HasFastProperties());
+ Register scratch = eax;
// Check the maps of the full prototype chain. Also check that
// global property cells up to (but not including) the last object
// in the prototype chain are empty.
- CheckPrototypes(object, edx, last, ebx, eax, edi, name, &miss);
+ Register result =
+ CheckPrototypes(object, edx, last, ebx, scratch, edi, name, &miss);
// If the last object in the prototype chain is a global object,
// check that the global property cell is empty.
- if (last->IsGlobalObject()) {
- GenerateCheckPropertyCell(
- masm(), Handle<GlobalObject>::cast(last), name, eax, &miss);
+ if (!global.is_null()) {
+ GenerateCheckPropertyCell(masm(), global, name, scratch, &miss);
+ }
+
+ if (!last->HasFastProperties()) {
+ __ mov(scratch, FieldOperand(result, HeapObject::kMapOffset));
+ __ mov(scratch, FieldOperand(scratch, Map::kPrototypeOffset));
+ __ cmp(scratch, isolate()->factory()->null_value());
+ __ j(not_equal, &miss);
}
// Return undefined if maps of the full prototype chain are still the
=======================================
--- /branches/bleeding_edge/src/ic.cc Wed Jan 30 06:25:34 2013
+++ /branches/bleeding_edge/src/ic.cc Thu Jan 31 08:18:18 2013
@@ -167,26 +167,6 @@
return addr + delta;
}
#endif
-
-
-static bool HasNormalObjectsInPrototypeChain(Isolate* isolate,
- LookupResult* lookup,
- Object* receiver) {
- Object* end = lookup->IsProperty()
- ? lookup->holder() : Object::cast(isolate->heap()->null_value());
- for (Object* current = receiver;
- current != end;
- current = current->GetPrototype()) {
- if (current->IsJSObject() &&
- !JSObject::cast(current)->HasFastProperties() &&
- !current->IsJSGlobalProxy() &&
- !current->IsJSGlobalObject()) {
- return true;
- }
- }
-
- return false;
-}
static bool TryRemoveInvalidPrototypeDependentStub(Code* target,
@@ -699,14 +679,6 @@
Handle<String> name) {
// Bail out if we didn't find a result.
if (!lookup->IsProperty() || !lookup->IsCacheable()) return;
-
- if (lookup->holder() != *object &&
- HasNormalObjectsInPrototypeChain(
- isolate(), lookup, object->GetPrototype())) {
- // Suppress optimization for prototype chains with slow properties
objects
- // in the middle.
- return;
- }
// Compute the number of arguments.
int argc = target()->arguments_count();
@@ -1023,8 +995,6 @@
// deal with non-JS objects here.
if (!object->IsJSObject()) return;
- if (HasNormalObjectsInPrototypeChain(isolate(), lookup, *object)) return;
-
Handle<JSObject> receiver = Handle<JSObject>::cast(object);
Handle<Code> code;
if (state == UNINITIALIZED) {
=======================================
--- /branches/bleeding_edge/src/stub-cache.cc Fri Jan 25 03:55:29 2013
+++ /branches/bleeding_edge/src/stub-cache.cc Thu Jan 31 08:18:18 2013
@@ -102,7 +102,6 @@
Handle<Code> StubCache::ComputeLoadNonexistent(Handle<String> name,
Handle<JSObject> receiver) {
- ASSERT(receiver->IsGlobalObject() || receiver->HasFastProperties());
// If no global objects are present in the prototype chain, the load
// nonexistent IC stub can be shared for all names for a given map
// and we use the empty string for the map cache in that case. If
@@ -110,12 +109,20 @@
// property cells in the stub and therefore the stub will be
// specific to the name.
Handle<String> cache_name = factory()->empty_string();
- if (receiver->IsGlobalObject()) cache_name = name;
- Handle<JSObject> last = receiver;
- while (last->GetPrototype() != heap()->null_value()) {
- last = Handle<JSObject>(JSObject::cast(last->GetPrototype()));
- if (last->IsGlobalObject()) cache_name = name;
- }
+ Handle<JSObject> current;
+ Handle<Object> next = receiver;
+ Handle<GlobalObject> global;
+ do {
+ current = Handle<JSObject>::cast(next);
+ next = Handle<Object>(current->GetPrototype());
+ if (current->IsGlobalObject()) {
+ global = Handle<GlobalObject>::cast(current);
+ cache_name = name;
+ } else if (!current->HasFastProperties()) {
+ cache_name = name;
+ }
+ } while (!next->IsNull());
+
// Compile the stub that is either shared for all names or
// name specific if there are global objects involved.
Code::Flags flags =
@@ -126,7 +133,7 @@
LoadStubCompiler compiler(isolate_);
Handle<Code> code =
- compiler.CompileLoadNonexistent(cache_name, receiver, last);
+ compiler.CompileLoadNonexistent(cache_name, receiver, current,
global);
PROFILE(isolate_, CodeCreateEvent(Logger::LOAD_IC_TAG, *code,
*cache_name));
GDBJIT(AddCode(GDBJITInterface::LOAD_IC, *cache_name, *code));
JSObject::UpdateMapCodeCache(receiver, cache_name, code);
@@ -138,9 +145,11 @@
Handle<JSObject> receiver,
Handle<JSObject> holder,
PropertyIndex field_index) {
- ASSERT(IC::GetCodeCacheForObject(*receiver, *holder) == OWN_MAP);
+ InlineCacheHolderFlag cache_holder =
+ IC::GetCodeCacheForObject(*receiver, *holder);
+ Handle<JSObject> map_holder(IC::GetCodeCacheHolder(*receiver,
cache_holder));
Code::Flags flags = Code::ComputeMonomorphicFlags(Code::LOAD_IC,
Code::FIELD);
- Handle<Object> probe(receiver->map()->FindInCodeCache(*name, flags),
+ Handle<Object> probe(map_holder->map()->FindInCodeCache(*name, flags),
isolate_);
if (probe->IsCode()) return Handle<Code>::cast(probe);
@@ -149,7 +158,7 @@
compiler.CompileLoadField(receiver, holder, field_index, name);
PROFILE(isolate_, CodeCreateEvent(Logger::LOAD_IC_TAG, *code, *name));
GDBJIT(AddCode(GDBJITInterface::LOAD_IC, *name, *code));
- JSObject::UpdateMapCodeCache(receiver, name, code);
+ JSObject::UpdateMapCodeCache(map_holder, name, code);
return code;
}
@@ -159,10 +168,12 @@
Handle<JSObject> holder,
Handle<AccessorInfo> callback)
{
ASSERT(v8::ToCData<Address>(callback->getter()) != 0);
- ASSERT(IC::GetCodeCacheForObject(*receiver, *holder) == OWN_MAP);
+ InlineCacheHolderFlag cache_holder =
+ IC::GetCodeCacheForObject(*receiver, *holder);
+ Handle<JSObject> map_holder(IC::GetCodeCacheHolder(*receiver,
cache_holder));
Code::Flags flags =
Code::ComputeMonomorphicFlags(Code::LOAD_IC, Code::CALLBACKS);
- Handle<Object> probe(receiver->map()->FindInCodeCache(*name, flags),
+ Handle<Object> probe(map_holder->map()->FindInCodeCache(*name, flags),
isolate_);
if (probe->IsCode()) return Handle<Code>::cast(probe);
@@ -171,7 +182,7 @@
compiler.CompileLoadCallback(name, receiver, holder, callback);
PROFILE(isolate_, CodeCreateEvent(Logger::LOAD_IC_TAG, *code, *name));
GDBJIT(AddCode(GDBJITInterface::LOAD_IC, *name, *code));
- JSObject::UpdateMapCodeCache(receiver, name, code);
+ JSObject::UpdateMapCodeCache(map_holder, name, code);
return code;
}
@@ -180,10 +191,12 @@
Handle<JSObject> receiver,
Handle<JSObject> holder,
Handle<JSFunction> getter) {
- ASSERT(IC::GetCodeCacheForObject(*receiver, *holder) == OWN_MAP);
+ InlineCacheHolderFlag cache_holder =
+ IC::GetCodeCacheForObject(*receiver, *holder);
+ Handle<JSObject> map_holder(IC::GetCodeCacheHolder(*receiver,
cache_holder));
Code::Flags flags =
Code::ComputeMonomorphicFlags(Code::LOAD_IC, Code::CALLBACKS);
- Handle<Object> probe(receiver->map()->FindInCodeCache(*name, flags),
+ Handle<Object> probe(map_holder->map()->FindInCodeCache(*name, flags),
isolate_);
if (probe->IsCode()) return Handle<Code>::cast(probe);
@@ -192,7 +205,7 @@
compiler.CompileLoadViaGetter(name, receiver, holder, getter);
PROFILE(isolate_, CodeCreateEvent(Logger::LOAD_IC_TAG, *code, *name));
GDBJIT(AddCode(GDBJITInterface::LOAD_IC, *name, *code));
- JSObject::UpdateMapCodeCache(receiver, name, code);
+ JSObject::UpdateMapCodeCache(map_holder, name, code);
return code;
}
@@ -201,10 +214,12 @@
Handle<JSObject> receiver,
Handle<JSObject> holder,
Handle<JSFunction> value) {
- ASSERT(IC::GetCodeCacheForObject(*receiver, *holder) == OWN_MAP);
+ InlineCacheHolderFlag cache_holder =
+ IC::GetCodeCacheForObject(*receiver, *holder);
+ Handle<JSObject> map_holder(IC::GetCodeCacheHolder(*receiver,
cache_holder));
Code::Flags flags =
Code::ComputeMonomorphicFlags(Code::LOAD_IC,
Code::CONSTANT_FUNCTION);
- Handle<Object> probe(receiver->map()->FindInCodeCache(*name, flags),
+ Handle<Object> probe(map_holder->map()->FindInCodeCache(*name, flags),
isolate_);
if (probe->IsCode()) return Handle<Code>::cast(probe);
@@ -213,7 +228,7 @@
compiler.CompileLoadConstant(receiver, holder, value, name);
PROFILE(isolate_, CodeCreateEvent(Logger::LOAD_IC_TAG, *code, *name));
GDBJIT(AddCode(GDBJITInterface::LOAD_IC, *name, *code));
- JSObject::UpdateMapCodeCache(receiver, name, code);
+ JSObject::UpdateMapCodeCache(map_holder, name, code);
return code;
}
@@ -221,10 +236,12 @@
Handle<Code> StubCache::ComputeLoadInterceptor(Handle<String> name,
Handle<JSObject> receiver,
Handle<JSObject> holder) {
- ASSERT(IC::GetCodeCacheForObject(*receiver, *holder) == OWN_MAP);
+ InlineCacheHolderFlag cache_holder =
+ IC::GetCodeCacheForObject(*receiver, *holder);
+ Handle<JSObject> map_holder(IC::GetCodeCacheHolder(*receiver,
cache_holder));
Code::Flags flags =
Code::ComputeMonomorphicFlags(Code::LOAD_IC, Code::INTERCEPTOR);
- Handle<Object> probe(receiver->map()->FindInCodeCache(*name, flags),
+ Handle<Object> probe(map_holder->map()->FindInCodeCache(*name, flags),
isolate_);
if (probe->IsCode()) return Handle<Code>::cast(probe);
@@ -233,7 +250,7 @@
compiler.CompileLoadInterceptor(receiver, holder, name);
PROFILE(isolate_, CodeCreateEvent(Logger::LOAD_IC_TAG, *code, *name));
GDBJIT(AddCode(GDBJITInterface::LOAD_IC, *name, *code));
- JSObject::UpdateMapCodeCache(receiver, name, code);
+ JSObject::UpdateMapCodeCache(map_holder, name, code);
return code;
}
@@ -248,10 +265,12 @@
Handle<GlobalObject> holder,
Handle<JSGlobalPropertyCell>
cell,
bool is_dont_delete) {
- ASSERT(IC::GetCodeCacheForObject(*receiver, *holder) == OWN_MAP);
+ InlineCacheHolderFlag cache_holder =
+ IC::GetCodeCacheForObject(*receiver, *holder);
+ Handle<JSObject> map_holder(IC::GetCodeCacheHolder(*receiver,
cache_holder));
Code::Flags flags =
Code::ComputeMonomorphicFlags(Code::LOAD_IC, Code::NORMAL);
- Handle<Object> probe(receiver->map()->FindInCodeCache(*name, flags),
+ Handle<Object> probe(map_holder->map()->FindInCodeCache(*name, flags),
isolate_);
if (probe->IsCode()) return Handle<Code>::cast(probe);
@@ -260,7 +279,7 @@
compiler.CompileLoadGlobal(receiver, holder, cell, name,
is_dont_delete);
PROFILE(isolate_, CodeCreateEvent(Logger::LOAD_IC_TAG, *code, *name));
GDBJIT(AddCode(GDBJITInterface::LOAD_IC, *name, *code));
- JSObject::UpdateMapCodeCache(receiver, name, code);
+ JSObject::UpdateMapCodeCache(map_holder, name, code);
return code;
}
@@ -269,10 +288,12 @@
Handle<JSObject> receiver,
Handle<JSObject> holder,
PropertyIndex field_index) {
- ASSERT(IC::GetCodeCacheForObject(*receiver, *holder) == OWN_MAP);
+ InlineCacheHolderFlag cache_holder =
+ IC::GetCodeCacheForObject(*receiver, *holder);
+ Handle<JSObject> map_holder(IC::GetCodeCacheHolder(*receiver,
cache_holder));
Code::Flags flags =
Code::ComputeMonomorphicFlags(Code::KEYED_LOAD_IC, Code::FIELD);
- Handle<Object> probe(receiver->map()->FindInCodeCache(*name, flags),
+ Handle<Object> probe(map_holder->map()->FindInCodeCache(*name, flags),
isolate_);
if (probe->IsCode()) return Handle<Code>::cast(probe);
@@ -281,7 +302,7 @@
compiler.CompileLoadField(name, receiver, holder, field_index);
PROFILE(isolate_, CodeCreateEvent(Logger::KEYED_LOAD_IC_TAG, *code,
*name));
GDBJIT(AddCode(GDBJITInterface::KEYED_LOAD_IC, *name, *code));
- JSObject::UpdateMapCodeCache(receiver, name, code);
+ JSObject::UpdateMapCodeCache(map_holder, name, code);
return code;
}
@@ -290,10 +311,12 @@
Handle<JSObject> receiver,
Handle<JSObject> holder,
Handle<JSFunction> value)
{
- ASSERT(IC::GetCodeCacheForObject(*receiver, *holder) == OWN_MAP);
+ InlineCacheHolderFlag cache_holder =
+ IC::GetCodeCacheForObject(*receiver, *holder);
+ Handle<JSObject> map_holder(IC::GetCodeCacheHolder(*receiver,
cache_holder));
Code::Flags flags = Code::ComputeMonomorphicFlags(Code::KEYED_LOAD_IC,
Code::CONSTANT_FUNCTION);
- Handle<Object> probe(receiver->map()->FindInCodeCache(*name, flags),
+ Handle<Object> probe(map_holder->map()->FindInCodeCache(*name, flags),
isolate_);
if (probe->IsCode()) return Handle<Code>::cast(probe);
@@ -302,7 +325,7 @@
compiler.CompileLoadConstant(name, receiver, holder, value);
PROFILE(isolate_, CodeCreateEvent(Logger::KEYED_LOAD_IC_TAG, *code,
*name));
GDBJIT(AddCode(GDBJITInterface::KEYED_LOAD_IC, *name, *code));
- JSObject::UpdateMapCodeCache(receiver, name, code);
+ JSObject::UpdateMapCodeCache(map_holder, name, code);
return code;
}
@@ -310,10 +333,12 @@
Handle<Code> StubCache::ComputeKeyedLoadInterceptor(Handle<String> name,
Handle<JSObject>
receiver,
Handle<JSObject>
holder) {
- ASSERT(IC::GetCodeCacheForObject(*receiver, *holder) == OWN_MAP);
+ InlineCacheHolderFlag cache_holder =
+ IC::GetCodeCacheForObject(*receiver, *holder);
+ Handle<JSObject> map_holder(IC::GetCodeCacheHolder(*receiver,
cache_holder));
Code::Flags flags =
Code::ComputeMonomorphicFlags(Code::KEYED_LOAD_IC,
Code::INTERCEPTOR);
- Handle<Object> probe(receiver->map()->FindInCodeCache(*name, flags),
+ Handle<Object> probe(map_holder->map()->FindInCodeCache(*name, flags),
isolate_);
if (probe->IsCode()) return Handle<Code>::cast(probe);
@@ -321,7 +346,7 @@
Handle<Code> code = compiler.CompileLoadInterceptor(receiver, holder,
name);
PROFILE(isolate_, CodeCreateEvent(Logger::KEYED_LOAD_IC_TAG, *code,
*name));
GDBJIT(AddCode(GDBJITInterface::KEYED_LOAD_IC, *name, *code));
- JSObject::UpdateMapCodeCache(receiver, name, code);
+ JSObject::UpdateMapCodeCache(map_holder, name, code);
return code;
}
@@ -331,10 +356,12 @@
Handle<JSObject> receiver,
Handle<JSObject> holder,
Handle<AccessorInfo> callback) {
- ASSERT(IC::GetCodeCacheForObject(*receiver, *holder) == OWN_MAP);
+ InlineCacheHolderFlag cache_holder =
+ IC::GetCodeCacheForObject(*receiver, *holder);
+ Handle<JSObject> map_holder(IC::GetCodeCacheHolder(*receiver,
cache_holder));
Code::Flags flags =
Code::ComputeMonomorphicFlags(Code::KEYED_LOAD_IC, Code::CALLBACKS);
- Handle<Object> probe(receiver->map()->FindInCodeCache(*name, flags),
+ Handle<Object> probe(map_holder->map()->FindInCodeCache(*name, flags),
isolate_);
if (probe->IsCode()) return Handle<Code>::cast(probe);
@@ -343,7 +370,7 @@
compiler.CompileLoadCallback(name, receiver, holder, callback);
PROFILE(isolate_, CodeCreateEvent(Logger::KEYED_LOAD_IC_TAG, *code,
*name));
GDBJIT(AddCode(GDBJITInterface::KEYED_LOAD_IC, *name, *code));
- JSObject::UpdateMapCodeCache(receiver, name, code);
+ JSObject::UpdateMapCodeCache(map_holder, name, code);
return code;
}
=======================================
--- /branches/bleeding_edge/src/stub-cache.h Fri Jan 25 03:55:29 2013
+++ /branches/bleeding_edge/src/stub-cache.h Thu Jan 31 08:18:18 2013
@@ -608,7 +608,8 @@
Handle<Code> CompileLoadNonexistent(Handle<String> name,
Handle<JSObject> object,
- Handle<JSObject> last);
+ Handle<JSObject> last,
+ Handle<GlobalObject> global);
Handle<Code> CompileLoadField(Handle<JSObject> object,
Handle<JSObject> holder,
=======================================
--- /branches/bleeding_edge/src/x64/stub-cache-x64.cc Fri Jan 25 03:55:29
2013
+++ /branches/bleeding_edge/src/x64/stub-cache-x64.cc Thu Jan 31 08:18:18
2013
@@ -2789,9 +2789,11 @@
}
-Handle<Code> LoadStubCompiler::CompileLoadNonexistent(Handle<String> name,
- Handle<JSObject>
object,
- Handle<JSObject>
last) {
+Handle<Code> LoadStubCompiler::CompileLoadNonexistent(
+ Handle<String> name,
+ Handle<JSObject> object,
+ Handle<JSObject> last,
+ Handle<GlobalObject> global) {
// ----------- S t a t e -------------
// -- rax : receiver
// -- rcx : name
@@ -2805,13 +2807,21 @@
// Check the maps of the full prototype chain. Also check that
// global property cells up to (but not including) the last object
// in the prototype chain are empty.
- CheckPrototypes(object, rax, last, rbx, rdx, rdi, name, &miss);
+ Register scratch = rdx;
+ Register result =
+ CheckPrototypes(object, rax, last, rbx, scratch, rdi, name, &miss);
// If the last object in the prototype chain is a global object,
// check that the global property cell is empty.
- if (last->IsGlobalObject()) {
- GenerateCheckPropertyCell(
- masm(), Handle<GlobalObject>::cast(last), name, rdx, &miss);
+ if (!global.is_null()) {
+ GenerateCheckPropertyCell(masm(), global, name, scratch, &miss);
+ }
+
+ if (!last->HasFastProperties()) {
+ __ movq(scratch, FieldOperand(result, HeapObject::kMapOffset));
+ __ movq(scratch, FieldOperand(scratch, Map::kPrototypeOffset));
+ __ Cmp(scratch, isolate()->factory()->null_value());
+ __ j(not_equal, &miss);
}
// Return undefined if maps of the full prototype chain are still the
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
