[v8-dev] Fix the context check in LoadGlobalFunctionPrototype (issue 146303003)

verwaest Thu, 30 Jan 2014 09:40:26 -0800

Reviewers: dcarney, jarin,

Message:
PTAL.
Another tiny chunk from the CallIC removal CL.


Description:
Fix the context check in LoadGlobalFunctionPrototype

Please review this at https://codereview.chromium.org/146303003/

SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge

Affected files (+28, -15 lines):
  M src/arm/stub-cache-arm.cc
  M src/ia32/stub-cache-ia32.cc
  M src/x64/stub-cache-x64.cc


Index: src/arm/stub-cache-arm.cc
diff --git a/src/arm/stub-cache-arm.cc b/src/arm/stub-cache-arm.cc

indexfe5e46cadfb9431800d8d773aacf129d05d0b462..8ef852b99c3e342abe916f73533bc5ade666c7d0100644

--- a/src/arm/stub-cache-arm.cc
+++ b/src/arm/stub-cache-arm.cc

@@ -295,15 +295,20 @@ voidStubCompiler::GenerateDirectLoadGlobalFunctionPrototype(

     Register prototype,
     Label* miss) {
   Isolate* isolate = masm->isolate();
-  // Check we're still in the same context.
-  __ ldr(prototype,

- MemOperand(cp,Context::SlotOffset(Context::GLOBAL_OBJECT_INDEX)));

-  __ Move(ip, isolate->global_object());
-  __ cmp(prototype, ip);
-  __ b(ne, miss);
   // Get the global function with the given index.
   Handle<JSFunction> function(
       JSFunction::cast(isolate->native_context()->get(index)));
+
+  // Check we're still in the same context.
+  Register scratch = prototype;
+  const int offset = Context::SlotOffset(Context::GLOBAL_OBJECT_INDEX);
+  __ ldr(scratch, MemOperand(cp, offset));

+ __ ldr(scratch, FieldMemOperand(scratch,GlobalObject::kNativeContextOffset));

+  __ ldr(scratch, MemOperand(scratch, Context::SlotOffset(index)));
+  __ Move(ip, function);
+  __ cmp(ip, scratch);
+  __ b(ne, miss);
+
   // Load its initial map. The global functions all have initial maps.
   __ Move(prototype, Handle<Map>(function->initial_map()));
   // Load the prototype from the initial map.
Index: src/ia32/stub-cache-ia32.cc
diff --git a/src/ia32/stub-cache-ia32.cc b/src/ia32/stub-cache-ia32.cc

indexdf983e9a0b6355854e2bc89111bbf7a1e94ab15e..c8a9ce4b3175607a4859172e36fd991f96cefe59100644

--- a/src/ia32/stub-cache-ia32.cc
+++ b/src/ia32/stub-cache-ia32.cc

@@ -271,13 +271,17 @@ voidStubCompiler::GenerateDirectLoadGlobalFunctionPrototype(

     int index,
     Register prototype,
     Label* miss) {
-  // Check we're still in the same context.
-  __ cmp(Operand(esi, Context::SlotOffset(Context::GLOBAL_OBJECT_INDEX)),
-         masm->isolate()->global_object());
-  __ j(not_equal, miss);
   // Get the global function with the given index.
   Handle<JSFunction> function(
       JSFunction::cast(masm->isolate()->native_context()->get(index)));
+  // Check we're still in the same context.
+  Register scratch = prototype;
+  const int offset = Context::SlotOffset(Context::GLOBAL_OBJECT_INDEX);
+  __ mov(scratch, Operand(esi, offset));

+ __ mov(scratch, FieldOperand(scratch,GlobalObject::kNativeContextOffset));

+  __ cmp(Operand(scratch, Context::SlotOffset(index)), function);
+  __ j(not_equal, miss);
+
   // Load its initial map. The global functions all have initial maps.
   __ Set(prototype, Immediate(Handle<Map>(function->initial_map())));
   // Load the prototype from the initial map.
Index: src/x64/stub-cache-x64.cc
diff --git a/src/x64/stub-cache-x64.cc b/src/x64/stub-cache-x64.cc

index54939d11208b3eb6c8a524c0117ba55f27d7ba9a..8be604fb0bc07ab91ae8b30d969454ae3c3094d2100644

--- a/src/x64/stub-cache-x64.cc
+++ b/src/x64/stub-cache-x64.cc

@@ -245,14 +245,18 @@ voidStubCompiler::GenerateDirectLoadGlobalFunctionPrototype(

     Register prototype,
     Label* miss) {
   Isolate* isolate = masm->isolate();
-  // Check we're still in the same context.
-  __ Move(prototype, isolate->global_object());
-  __ cmpq(Operand(rsi, Context::SlotOffset(Context::GLOBAL_OBJECT_INDEX)),
-          prototype);
-  __ j(not_equal, miss);
   // Get the global function with the given index.
   Handle<JSFunction> function(
       JSFunction::cast(isolate->native_context()->get(index)));
+
+  // Check we're still in the same context.
+  Register scratch = prototype;
+  const int offset = Context::SlotOffset(Context::GLOBAL_OBJECT_INDEX);
+  __ movp(scratch, Operand(rsi, offset));

+ __ movp(scratch, FieldOperand(scratch,GlobalObject::kNativeContextOffset));

+  __ Cmp(Operand(scratch, Context::SlotOffset(index)), function);
+  __ j(not_equal, miss);
+
   // Load its initial map. The global functions all have initial maps.
   __ Move(prototype, Handle<Map>(function->initial_map()));
   // Load the prototype from the initial map.


--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

---You received this message because you are subscribed to the Google Groups "v8-dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.

[v8-dev] Fix the context check in LoadGlobalFunctionPrototype (issue 146303003)

Reply via email to