deps/v8/src/ic/handler-compiler.cc

   1 // Copyright 2014 the V8 project authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "src/v8.h"
   6
   7 #include "src/cpu-profiler.h"
   8 #include "src/ic/call-optimization.h"
   9 #include "src/ic/handler-compiler.h"
  10 #include "src/ic/ic.h"
  11 #include "src/ic/ic-inl.h"
  12
  13 namespace v8 {
  14 namespace internal {
  15
  16
  17 Handle<Code> PropertyHandlerCompiler::Find(Handle<Name> name,
  18                                            Handle<Map> stub_holder,
  19                                            Code::Kind kind,
  20                                            CacheHolderFlag cache_holder,
  21                                            Code::StubType type) {
  22   Code::Flags flags = Code::ComputeHandlerFlags(kind, type, cache_holder);
  23   Object* probe = stub_holder->FindInCodeCache(*name, flags);
  24   if (probe->IsCode()) return handle(Code::cast(probe));
  25   return Handle<Code>::null();
  26 }
  27
  28
  29 Handle<Code> NamedLoadHandlerCompiler::ComputeLoadNonexistent(
  30     Handle<Name> name, Handle<Map> receiver_map) {
  31   Isolate* isolate = name->GetIsolate();
  32   if (receiver_map->prototype()->IsNull()) {
  33     // TODO(jkummerow/verwaest): If there is no prototype and the property
  34     // is nonexistent, introduce a builtin to handle this (fast properties
  35     // -> return undefined, dictionary properties -> do negative lookup).
  36     return Handle<Code>();
  37   }
  38   CacheHolderFlag flag;
  39   Handle<Map> stub_holder_map =
  40       IC::GetHandlerCacheHolder(receiver_map, false, isolate, &flag);
  41
  42   // If no dictionary mode objects are present in the prototype chain, the load
  43   // nonexistent IC stub can be shared for all names for a given map and we use
  44   // the empty string for the map cache in that case. If there are dictionary
  45   // mode objects involved, we need to do negative lookups in the stub and
  46   // therefore the stub will be specific to the name.
  47   Handle<Name> cache_name =
  48       receiver_map->is_dictionary_map()
  49           ? name
  50           : Handle<Name>::cast(isolate->factory()->nonexistent_symbol());
  51   Handle<Map> current_map = stub_holder_map;
  52   Handle<JSObject> last(JSObject::cast(receiver_map->prototype()));
  53   while (true) {
  54     if (current_map->is_dictionary_map()) cache_name = name;
  55     if (current_map->prototype()->IsNull()) break;
  56     last = handle(JSObject::cast(current_map->prototype()));
  57     current_map = handle(last->map());
  58   }
  59   // Compile the stub that is either shared for all names or
  60   // name specific if there are global objects involved.
  61   Handle<Code> handler = PropertyHandlerCompiler::Find(
  62       cache_name, stub_holder_map, Code::LOAD_IC, flag, Code::FAST);
  63   if (!handler.is_null()) return handler;
  64
  65   NamedLoadHandlerCompiler compiler(isolate, receiver_map, last, flag);
  66   handler = compiler.CompileLoadNonexistent(cache_name);
  67   Map::UpdateCodeCache(stub_holder_map, cache_name, handler);
  68   return handler;
  69 }
  70
  71
  72 Handle<Code> PropertyHandlerCompiler::GetCode(Code::Kind kind,
  73                                               Code::StubType type,
  74                                               Handle<Name> name) {
  75   Code::Flags flags = Code::ComputeHandlerFlags(kind, type, cache_holder());
  76   Handle<Code> code = GetCodeWithFlags(flags, name);
  77   PROFILE(isolate(), CodeCreateEvent(Logger::HANDLER_TAG, *code, *name));
  78 #ifdef DEBUG
  79   code->VerifyEmbeddedObjects();
  80 #endif
  81   return code;
  82 }
  83
  84
  85 #define __ ACCESS_MASM(masm())
  86
  87
  88 Register NamedLoadHandlerCompiler::FrontendHeader(Register object_reg,
  89                                                   Handle<Name> name,
  90                                                   Label* miss) {
  91   PrototypeCheckType check_type = CHECK_ALL_MAPS;
  92   int function_index = -1;
  93   if (map()->instance_type() < FIRST_NONSTRING_TYPE) {
  94     function_index = Context::STRING_FUNCTION_INDEX;
  95   } else if (map()->instance_type() == SYMBOL_TYPE) {
  96     function_index = Context::SYMBOL_FUNCTION_INDEX;
  97   } else if (map()->instance_type() == HEAP_NUMBER_TYPE) {
  98     function_index = Context::NUMBER_FUNCTION_INDEX;
  99   } else if (*map() == isolate()->heap()->boolean_map()) {
 100     function_index = Context::BOOLEAN_FUNCTION_INDEX;
 101   } else {
 102     check_type = SKIP_RECEIVER;
 103   }
 104
 105   if (check_type == CHECK_ALL_MAPS) {
 106     GenerateDirectLoadGlobalFunctionPrototype(masm(), function_index,
 107                                               scratch1(), miss);
 108     Object* function = isolate()->native_context()->get(function_index);
 109     Object* prototype = JSFunction::cast(function)->instance_prototype();
 110     Handle<Map> map(JSObject::cast(prototype)->map());
 111     set_map(map);
 112     object_reg = scratch1();
 113   }
 114
 115   // Check that the maps starting from the prototype haven't changed.
 116   return CheckPrototypes(object_reg, scratch1(), scratch2(), scratch3(), name,
 117                          miss, check_type);
 118 }
 119
 120
 121 // Frontend for store uses the name register. It has to be restored before a
 122 // miss.
 123 Register NamedStoreHandlerCompiler::FrontendHeader(Register object_reg,
 124                                                    Handle<Name> name,
 125                                                    Label* miss) {
 126   return CheckPrototypes(object_reg, this->name(), scratch1(), scratch2(), name,
 127                          miss, SKIP_RECEIVER);
 128 }
 129
 130
 131 Register PropertyHandlerCompiler::Frontend(Handle<Name> name) {
 132   Label miss;
 133   if (IC::ICUseVector(kind())) {
 134     PushVectorAndSlot();
 135   }
 136   Register reg = FrontendHeader(receiver(), name, &miss);
 137   FrontendFooter(name, &miss);
 138   // The footer consumes the vector and slot from the stack if miss occurs.
 139   if (IC::ICUseVector(kind())) {
 140     DiscardVectorAndSlot();
 141   }
 142   return reg;
 143 }
 144
 145
 146 void PropertyHandlerCompiler::NonexistentFrontendHeader(Handle<Name> name,
 147                                                         Label* miss,
 148                                                         Register scratch1,
 149                                                         Register scratch2) {
 150   Register holder_reg;
 151   Handle<Map> last_map;
 152   if (holder().is_null()) {
 153     holder_reg = receiver();
 154     last_map = map();
 155     // If |type| has null as its prototype, |holder()| is
 156     // Handle<JSObject>::null().
 157     DCHECK(last_map->prototype() == isolate()->heap()->null_value());
 158   } else {
 159     holder_reg = FrontendHeader(receiver(), name, miss);
 160     last_map = handle(holder()->map());
 161   }
 162
 163   if (last_map->is_dictionary_map()) {
 164     if (last_map->IsJSGlobalObjectMap()) {
 165       Handle<JSGlobalObject> global =
 166           holder().is_null()
 167               ? Handle<JSGlobalObject>::cast(isolate()->global_object())
 168               : Handle<JSGlobalObject>::cast(holder());
 169       GenerateCheckPropertyCell(masm(), global, name, scratch1, miss);
 170     } else {
 171       if (!name->IsUniqueName()) {
 172         DCHECK(name->IsString());
 173         name = factory()->InternalizeString(Handle<String>::cast(name));
 174       }
 175       DCHECK(holder().is_null() ||
 176              holder()->property_dictionary()->FindEntry(name) ==
 177                  NameDictionary::kNotFound);
 178       GenerateDictionaryNegativeLookup(masm(), miss, holder_reg, name, scratch1,
 179                                        scratch2);
 180     }
 181   }
 182 }
 183
 184
 185 Handle<Code> NamedLoadHandlerCompiler::CompileLoadField(Handle<Name> name,
 186                                                         FieldIndex field) {
 187   Register reg = Frontend(name);
 188   __ Move(receiver(), reg);
 189   LoadFieldStub stub(isolate(), field);
 190   GenerateTailCall(masm(), stub.GetCode());
 191   return GetCode(kind(), Code::FAST, name);
 192 }
 193
 194
 195 Handle<Code> NamedLoadHandlerCompiler::CompileLoadConstant(Handle<Name> name,
 196                                                            int constant_index) {
 197   Register reg = Frontend(name);
 198   __ Move(receiver(), reg);
 199   LoadConstantStub stub(isolate(), constant_index);
 200   GenerateTailCall(masm(), stub.GetCode());
 201   return GetCode(kind(), Code::FAST, name);
 202 }
 203
 204
 205 Handle<Code> NamedLoadHandlerCompiler::CompileLoadNonexistent(
 206     Handle<Name> name) {
 207   Label miss;
 208   if (IC::ICUseVector(kind())) {
 209     DCHECK(kind() == Code::LOAD_IC);
 210     PushVectorAndSlot();
 211   }
 212   NonexistentFrontendHeader(name, &miss, scratch2(), scratch3());
 213   if (IC::ICUseVector(kind())) {
 214     DiscardVectorAndSlot();
 215   }
 216   GenerateLoadConstant(isolate()->factory()->undefined_value());
 217   FrontendFooter(name, &miss);
 218   return GetCode(kind(), Code::FAST, name);
 219 }
 220
 221
 222 Handle<Code> NamedLoadHandlerCompiler::CompileLoadCallback(
 223     Handle<Name> name, Handle<ExecutableAccessorInfo> callback) {
 224   Register reg = Frontend(name);
 225   GenerateLoadCallback(reg, callback);
 226   return GetCode(kind(), Code::FAST, name);
 227 }
 228
 229
 230 Handle<Code> NamedLoadHandlerCompiler::CompileLoadCallback(
 231     Handle<Name> name, const CallOptimization& call_optimization,
 232     int accessor_index) {
 233   DCHECK(call_optimization.is_simple_api_call());
 234   Register holder = Frontend(name);
 235   GenerateApiAccessorCall(masm(), call_optimization, map(), receiver(),
 236                           scratch2(), false, no_reg, holder, accessor_index);
 237   return GetCode(kind(), Code::FAST, name);
 238 }
 239
 240
 241 void NamedLoadHandlerCompiler::InterceptorVectorSlotPush(Register holder_reg) {
 242   if (IC::ICUseVector(kind())) {
 243     if (holder_reg.is(receiver())) {
 244       PushVectorAndSlot();
 245     } else {
 246       DCHECK(holder_reg.is(scratch1()));
 247       PushVectorAndSlot(scratch2(), scratch3());
 248     }
 249   }
 250 }
 251
 252
 253 void NamedLoadHandlerCompiler::InterceptorVectorSlotPop(Register holder_reg,
 254                                                         PopMode mode) {
 255   if (IC::ICUseVector(kind())) {
 256     if (mode == DISCARD) {
 257       DiscardVectorAndSlot();
 258     } else {
 259       if (holder_reg.is(receiver())) {
 260         PopVectorAndSlot();
 261       } else {
 262         DCHECK(holder_reg.is(scratch1()));
 263         PopVectorAndSlot(scratch2(), scratch3());
 264       }
 265     }
 266   }
 267 }
 268
 269
 270 Handle<Code> NamedLoadHandlerCompiler::CompileLoadInterceptor(
 271     LookupIterator* it) {
 272   // So far the most popular follow ups for interceptor loads are DATA and
 273   // ExecutableAccessorInfo, so inline only them. Other cases may be added
 274   // later.
 275   bool inline_followup = false;
 276   switch (it->state()) {
 277     case LookupIterator::TRANSITION:
 278       UNREACHABLE();
 279     case LookupIterator::ACCESS_CHECK:
 280     case LookupIterator::INTERCEPTOR:
 281     case LookupIterator::JSPROXY:
 282     case LookupIterator::NOT_FOUND:
 283     case LookupIterator::INTEGER_INDEXED_EXOTIC:
 284       break;
 285     case LookupIterator::DATA:
 286       inline_followup =
 287           it->property_details().type() == DATA && !it->is_dictionary_holder();
 288       break;
 289     case LookupIterator::ACCESSOR: {
 290       Handle<Object> accessors = it->GetAccessors();
 291       if (accessors->IsExecutableAccessorInfo()) {
 292         Handle<ExecutableAccessorInfo> info =
 293             Handle<ExecutableAccessorInfo>::cast(accessors);
 294         inline_followup = info->getter() != NULL &&
 295                           ExecutableAccessorInfo::IsCompatibleReceiverMap(
 296                               isolate(), info, map());
 297       } else if (accessors->IsAccessorPair()) {
 298         Handle<JSObject> property_holder(it->GetHolder<JSObject>());
 299         Handle<Object> getter(Handle<AccessorPair>::cast(accessors)->getter(),
 300                               isolate());
 301         if (!getter->IsJSFunction()) break;
 302         if (!property_holder->HasFastProperties()) break;
 303         auto function = Handle<JSFunction>::cast(getter);
 304         CallOptimization call_optimization(function);
 305         Handle<Map> receiver_map = map();
 306         inline_followup = call_optimization.is_simple_api_call() &&
 307                           call_optimization.IsCompatibleReceiverMap(
 308                               receiver_map, property_holder);
 309       }
 310     }
 311   }
 312
 313   Label miss;
 314   InterceptorVectorSlotPush(receiver());
 315   bool lost_holder_register = false;
 316   auto holder_orig = holder();
 317   // non masking interceptors must check the entire chain, so temporarily reset
 318   // the holder to be that last element for the FrontendHeader call.
 319   if (holder()->GetNamedInterceptor()->non_masking()) {
 320     DCHECK(!inline_followup);
 321     JSObject* last = *holder();
 322     PrototypeIterator iter(isolate(), last);
 323     while (!iter.IsAtEnd()) {
 324       lost_holder_register = true;
 325       last = JSObject::cast(iter.GetCurrent());
 326       iter.Advance();
 327     }
 328     auto last_handle = handle(last);
 329     set_holder(last_handle);
 330   }
 331   Register reg = FrontendHeader(receiver(), it->name(), &miss);
 332   // Reset the holder so further calculations are correct.
 333   set_holder(holder_orig);
 334   if (lost_holder_register) {
 335     if (*it->GetReceiver() == *holder()) {
 336       reg = receiver();
 337     } else {
 338       // Reload lost holder register.
 339       auto cell = isolate()->factory()->NewWeakCell(holder());
 340       __ LoadWeakValue(reg, cell, &miss);
 341     }
 342   }
 343   FrontendFooter(it->name(), &miss);
 344   InterceptorVectorSlotPop(reg);
 345   if (inline_followup) {
 346     // TODO(368): Compile in the whole chain: all the interceptors in
 347     // prototypes and ultimate answer.
 348     GenerateLoadInterceptorWithFollowup(it, reg);
 349   } else {
 350     GenerateLoadInterceptor(reg);
 351   }
 352   return GetCode(kind(), Code::FAST, it->name());
 353 }
 354
 355
 356 void NamedLoadHandlerCompiler::GenerateLoadPostInterceptor(
 357     LookupIterator* it, Register interceptor_reg) {
 358   Handle<JSObject> real_named_property_holder(it->GetHolder<JSObject>());
 359
 360   Handle<Map> holder_map(holder()->map());
 361   set_map(holder_map);
 362   set_holder(real_named_property_holder);
 363
 364   Label miss;
 365   InterceptorVectorSlotPush(interceptor_reg);
 366   Register reg = FrontendHeader(interceptor_reg, it->name(), &miss);
 367   FrontendFooter(it->name(), &miss);
 368   // We discard the vector and slot now because we don't miss below this point.
 369   InterceptorVectorSlotPop(reg, DISCARD);
 370
 371   switch (it->state()) {
 372     case LookupIterator::ACCESS_CHECK:
 373     case LookupIterator::INTERCEPTOR:
 374     case LookupIterator::JSPROXY:
 375     case LookupIterator::NOT_FOUND:
 376     case LookupIterator::INTEGER_INDEXED_EXOTIC:
 377     case LookupIterator::TRANSITION:
 378       UNREACHABLE();
 379     case LookupIterator::DATA: {
 380       DCHECK_EQ(DATA, it->property_details().type());
 381       __ Move(receiver(), reg);
 382       LoadFieldStub stub(isolate(), it->GetFieldIndex());
 383       GenerateTailCall(masm(), stub.GetCode());
 384       break;
 385     }
 386     case LookupIterator::ACCESSOR:
 387       if (it->GetAccessors()->IsExecutableAccessorInfo()) {
 388         Handle<ExecutableAccessorInfo> info =
 389             Handle<ExecutableAccessorInfo>::cast(it->GetAccessors());
 390         DCHECK_NOT_NULL(info->getter());
 391         GenerateLoadCallback(reg, info);
 392       } else {
 393         auto function = handle(JSFunction::cast(
 394             AccessorPair::cast(*it->GetAccessors())->getter()));
 395         CallOptimization call_optimization(function);
 396         GenerateApiAccessorCall(masm(), call_optimization, holder_map,
 397                                 receiver(), scratch2(), false, no_reg, reg,
 398                                 it->GetAccessorIndex());
 399       }
 400   }
 401 }
 402
 403
 404 Handle<Code> NamedLoadHandlerCompiler::CompileLoadViaGetter(
 405     Handle<Name> name, int accessor_index, int expected_arguments) {
 406   Register holder = Frontend(name);
 407   GenerateLoadViaGetter(masm(), map(), receiver(), holder, accessor_index,
 408                         expected_arguments, scratch2());
 409   return GetCode(kind(), Code::FAST, name);
 410 }
 411
 412
 413 // TODO(verwaest): Cleanup. holder() is actually the receiver.
 414 Handle<Code> NamedStoreHandlerCompiler::CompileStoreTransition(
 415     Handle<Map> transition, Handle<Name> name) {
 416   Label miss;
 417
 418   // Check that we are allowed to write this.
 419   bool is_nonexistent = holder()->map() == transition->GetBackPointer();
 420   if (is_nonexistent) {
 421     // Find the top object.
 422     Handle<JSObject> last;
 423     PrototypeIterator iter(isolate(), holder());
 424     while (!iter.IsAtEnd()) {
 425       last = Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter));
 426       iter.Advance();
 427     }
 428     if (!last.is_null()) set_holder(last);
 429     NonexistentFrontendHeader(name, &miss, scratch1(), scratch2());
 430   } else {
 431     FrontendHeader(receiver(), name, &miss);
 432     DCHECK(holder()->HasFastProperties());
 433   }
 434
 435   int descriptor = transition->LastAdded();
 436   Handle<DescriptorArray> descriptors(transition->instance_descriptors());
 437   PropertyDetails details = descriptors->GetDetails(descriptor);
 438   Representation representation = details.representation();
 439   DCHECK(!representation.IsNone());
 440
 441   // Stub is never generated for objects that require access checks.
 442   DCHECK(!transition->is_access_check_needed());
 443
 444   // Call to respective StoreTransitionStub.
 445   if (details.type() == DATA_CONSTANT) {
 446     GenerateRestoreMap(transition, scratch2(), &miss);
 447     DCHECK(descriptors->GetValue(descriptor)->IsJSFunction());
 448     Register map_reg = StoreTransitionDescriptor::MapRegister();
 449     GenerateConstantCheck(map_reg, descriptor, value(), scratch2(), &miss);
 450     GenerateRestoreName(name);
 451     StoreTransitionStub stub(isolate());
 452     GenerateTailCall(masm(), stub.GetCode());
 453
 454   } else {
 455     if (representation.IsHeapObject()) {
 456       GenerateFieldTypeChecks(descriptors->GetFieldType(descriptor), value(),
 457                               &miss);
 458     }
 459     StoreTransitionStub::StoreMode store_mode =
 460         Map::cast(transition->GetBackPointer())->unused_property_fields() == 0
 461             ? StoreTransitionStub::ExtendStorageAndStoreMapAndValue
 462             : StoreTransitionStub::StoreMapAndValue;
 463
 464     GenerateRestoreMap(transition, scratch2(), &miss);
 465     GenerateRestoreName(name);
 466     StoreTransitionStub stub(isolate(),
 467                              FieldIndex::ForDescriptor(*transition, descriptor),
 468                              representation, store_mode);
 469     GenerateTailCall(masm(), stub.GetCode());
 470   }
 471
 472   GenerateRestoreName(&miss, name);
 473   TailCallBuiltin(masm(), MissBuiltin(kind()));
 474
 475   return GetCode(kind(), Code::FAST, name);
 476 }
 477
 478
 479 Handle<Code> NamedStoreHandlerCompiler::CompileStoreField(LookupIterator* it) {
 480   Label miss;
 481   DCHECK(it->representation().IsHeapObject());
 482
 483   GenerateFieldTypeChecks(*it->GetFieldType(), value(), &miss);
 484   StoreFieldStub stub(isolate(), it->GetFieldIndex(), it->representation());
 485   GenerateTailCall(masm(), stub.GetCode());
 486
 487   __ bind(&miss);
 488   TailCallBuiltin(masm(), MissBuiltin(kind()));
 489   return GetCode(kind(), Code::FAST, it->name());
 490 }
 491
 492
 493 Handle<Code> NamedStoreHandlerCompiler::CompileStoreViaSetter(
 494     Handle<JSObject> object, Handle<Name> name, int accessor_index,
 495     int expected_arguments) {
 496   Register holder = Frontend(name);
 497   GenerateStoreViaSetter(masm(), map(), receiver(), holder, accessor_index,
 498                          expected_arguments, scratch2());
 499
 500   return GetCode(kind(), Code::FAST, name);
 501 }
 502
 503
 504 Handle<Code> NamedStoreHandlerCompiler::CompileStoreCallback(
 505     Handle<JSObject> object, Handle<Name> name,
 506     const CallOptimization& call_optimization, int accessor_index) {
 507   Register holder = Frontend(name);
 508   GenerateApiAccessorCall(masm(), call_optimization, handle(object->map()),
 509                           receiver(), scratch2(), true, value(), holder,
 510                           accessor_index);
 511   return GetCode(kind(), Code::FAST, name);
 512 }
 513
 514
 515 #undef __
 516
 517
 518 void ElementHandlerCompiler::CompileElementHandlers(
 519     MapHandleList* receiver_maps, CodeHandleList* handlers) {
 520   for (int i = 0; i < receiver_maps->length(); ++i) {
 521     Handle<Map> receiver_map = receiver_maps->at(i);
 522     Handle<Code> cached_stub;
 523
 524     if (receiver_map->IsStringMap()) {
 525       cached_stub = LoadIndexedStringStub(isolate()).GetCode();
 526     } else if (receiver_map->instance_type() < FIRST_JS_RECEIVER_TYPE) {
 527       cached_stub = isolate()->builtins()->KeyedLoadIC_Slow();
 528     } else {
 529       bool is_js_array = receiver_map->instance_type() == JS_ARRAY_TYPE;
 530       ElementsKind elements_kind = receiver_map->elements_kind();
 531       if (receiver_map->has_indexed_interceptor()) {
 532         cached_stub = LoadIndexedInterceptorStub(isolate()).GetCode();
 533       } else if (IsSloppyArgumentsElements(elements_kind)) {
 534         cached_stub = KeyedLoadSloppyArgumentsStub(isolate()).GetCode();
 535       } else if (IsFastElementsKind(elements_kind) ||
 536                  IsExternalArrayElementsKind(elements_kind) ||
 537                  IsFixedTypedArrayElementsKind(elements_kind)) {
 538         cached_stub = LoadFastElementStub(isolate(), is_js_array, elements_kind)
 539                           .GetCode();
 540       } else {
 541         DCHECK(elements_kind == DICTIONARY_ELEMENTS);
 542         cached_stub = LoadDictionaryElementStub(isolate()).GetCode();
 543       }
 544     }
 545
 546     handlers->Add(cached_stub);
 547   }
 548 }
 549 }
 550 }  // namespace v8::internal