1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
7 #if V8_TARGET_ARCH_IA32
9 #include "src/ic/ic-compiler.h"
14 #define __ ACCESS_MASM(masm)
16 void PropertyHandlerCompiler::GenerateDictionaryNegativeLookup(
17 MacroAssembler* masm, Label* miss_label, Register receiver,
18 Handle<Name> name, Register scratch0, Register scratch1) {
19 DCHECK(name->IsUniqueName());
20 DCHECK(!receiver.is(scratch0));
21 Counters* counters = masm->isolate()->counters();
22 __ IncrementCounter(counters->negative_lookups(), 1);
23 __ IncrementCounter(counters->negative_lookups_miss(), 1);
25 __ mov(scratch0, FieldOperand(receiver, HeapObject::kMapOffset));
27 const int kInterceptorOrAccessCheckNeededMask =
28 (1 << Map::kHasNamedInterceptor) | (1 << Map::kIsAccessCheckNeeded);
30 // Bail out if the receiver has a named interceptor or requires access checks.
31 __ test_b(FieldOperand(scratch0, Map::kBitFieldOffset),
32 kInterceptorOrAccessCheckNeededMask);
33 __ j(not_zero, miss_label);
35 // Check that receiver is a JSObject.
36 __ CmpInstanceType(scratch0, FIRST_SPEC_OBJECT_TYPE);
37 __ j(below, miss_label);
39 // Load properties array.
40 Register properties = scratch0;
41 __ mov(properties, FieldOperand(receiver, JSObject::kPropertiesOffset));
43 // Check that the properties array is a dictionary.
44 __ cmp(FieldOperand(properties, HeapObject::kMapOffset),
45 Immediate(masm->isolate()->factory()->hash_table_map()));
46 __ j(not_equal, miss_label);
49 NameDictionaryLookupStub::GenerateNegativeLookup(masm, miss_label, &done,
50 properties, name, scratch1);
52 __ DecrementCounter(counters->negative_lookups_miss(), 1);
56 void NamedLoadHandlerCompiler::GenerateDirectLoadGlobalFunctionPrototype(
57 MacroAssembler* masm, int index, Register prototype, Label* miss) {
58 // Get the global function with the given index.
59 Handle<JSFunction> function(
60 JSFunction::cast(masm->isolate()->native_context()->get(index)));
61 // Check we're still in the same context.
62 Register scratch = prototype;
63 const int offset = Context::SlotOffset(Context::GLOBAL_OBJECT_INDEX);
64 __ mov(scratch, Operand(esi, offset));
65 __ mov(scratch, FieldOperand(scratch, GlobalObject::kNativeContextOffset));
66 __ cmp(Operand(scratch, Context::SlotOffset(index)), function);
67 __ j(not_equal, miss);
69 // Load its initial map. The global functions all have initial maps.
70 __ Move(prototype, Immediate(Handle<Map>(function->initial_map())));
71 // Load the prototype from the initial map.
72 __ mov(prototype, FieldOperand(prototype, Map::kPrototypeOffset));
76 void NamedLoadHandlerCompiler::GenerateLoadFunctionPrototype(
77 MacroAssembler* masm, Register receiver, Register scratch1,
78 Register scratch2, Label* miss_label) {
79 __ TryGetFunctionPrototype(receiver, scratch1, scratch2, miss_label);
80 __ mov(eax, scratch1);
85 static void PushInterceptorArguments(MacroAssembler* masm, Register receiver,
86 Register holder, Register name,
87 Handle<JSObject> holder_obj) {
88 STATIC_ASSERT(NamedLoadHandlerCompiler::kInterceptorArgsNameIndex == 0);
89 STATIC_ASSERT(NamedLoadHandlerCompiler::kInterceptorArgsInfoIndex == 1);
90 STATIC_ASSERT(NamedLoadHandlerCompiler::kInterceptorArgsThisIndex == 2);
91 STATIC_ASSERT(NamedLoadHandlerCompiler::kInterceptorArgsHolderIndex == 3);
92 STATIC_ASSERT(NamedLoadHandlerCompiler::kInterceptorArgsLength == 4);
94 Handle<InterceptorInfo> interceptor(holder_obj->GetNamedInterceptor());
95 DCHECK(!masm->isolate()->heap()->InNewSpace(*interceptor));
96 Register scratch = name;
97 __ mov(scratch, Immediate(interceptor));
104 static void CompileCallLoadPropertyWithInterceptor(
105 MacroAssembler* masm, Register receiver, Register holder, Register name,
106 Handle<JSObject> holder_obj, IC::UtilityId id) {
107 PushInterceptorArguments(masm, receiver, holder, name, holder_obj);
108 __ CallExternalReference(ExternalReference(IC_Utility(id), masm->isolate()),
109 NamedLoadHandlerCompiler::kInterceptorArgsLength);
113 // Generate call to api function.
114 // This function uses push() to generate smaller, faster code than
115 // the version above. It is an optimization that should will be removed
116 // when api call ICs are generated in hydrogen.
117 void PropertyHandlerCompiler::GenerateFastApiCall(
118 MacroAssembler* masm, const CallOptimization& optimization,
119 Handle<Map> receiver_map, Register receiver, Register scratch_in,
120 bool is_store, int argc, Register* values) {
121 // Copy return value.
125 // Write the arguments to stack frame.
126 for (int i = 0; i < argc; i++) {
127 Register arg = values[argc - 1 - i];
128 DCHECK(!receiver.is(arg));
129 DCHECK(!scratch_in.is(arg));
133 // Stack now matches JSFunction abi.
134 DCHECK(optimization.is_simple_api_call());
136 // Abi for CallApiFunctionStub.
137 Register callee = eax;
138 Register call_data = ebx;
139 Register holder = ecx;
140 Register api_function_address = edx;
141 Register scratch = edi; // scratch_in is no longer valid.
143 // Put holder in place.
144 CallOptimization::HolderLookup holder_lookup;
145 Handle<JSObject> api_holder =
146 optimization.LookupHolderOfExpectedType(receiver_map, &holder_lookup);
147 switch (holder_lookup) {
148 case CallOptimization::kHolderIsReceiver:
149 __ Move(holder, receiver);
151 case CallOptimization::kHolderFound:
152 __ LoadHeapObject(holder, api_holder);
154 case CallOptimization::kHolderNotFound:
159 Isolate* isolate = masm->isolate();
160 Handle<JSFunction> function = optimization.constant_function();
161 Handle<CallHandlerInfo> api_call_info = optimization.api_call_info();
162 Handle<Object> call_data_obj(api_call_info->data(), isolate);
164 // Put callee in place.
165 __ LoadHeapObject(callee, function);
167 bool call_data_undefined = false;
168 // Put call_data in place.
169 if (isolate->heap()->InNewSpace(*call_data_obj)) {
170 __ mov(scratch, api_call_info);
171 __ mov(call_data, FieldOperand(scratch, CallHandlerInfo::kDataOffset));
172 } else if (call_data_obj->IsUndefined()) {
173 call_data_undefined = true;
174 __ mov(call_data, Immediate(isolate->factory()->undefined_value()));
176 __ mov(call_data, call_data_obj);
179 // Put api_function_address in place.
180 Address function_address = v8::ToCData<Address>(api_call_info->callback());
181 __ mov(api_function_address, Immediate(function_address));
184 CallApiFunctionStub stub(isolate, is_store, call_data_undefined, argc);
185 __ TailCallStub(&stub);
189 // Generate code to check that a global property cell is empty. Create
190 // the property cell at compilation time if no cell exists for the
192 void PropertyHandlerCompiler::GenerateCheckPropertyCell(
193 MacroAssembler* masm, Handle<JSGlobalObject> global, Handle<Name> name,
194 Register scratch, Label* miss) {
195 Handle<PropertyCell> cell = JSGlobalObject::EnsurePropertyCell(global, name);
196 DCHECK(cell->value()->IsTheHole());
197 Handle<Oddball> the_hole = masm->isolate()->factory()->the_hole_value();
198 if (masm->serializer_enabled()) {
199 __ mov(scratch, Immediate(cell));
200 __ cmp(FieldOperand(scratch, PropertyCell::kValueOffset),
201 Immediate(the_hole));
203 __ cmp(Operand::ForCell(cell), Immediate(the_hole));
205 __ j(not_equal, miss);
209 void PropertyAccessCompiler::GenerateTailCall(MacroAssembler* masm,
211 __ jmp(code, RelocInfo::CODE_TARGET);
216 #define __ ACCESS_MASM(masm())
219 void NamedStoreHandlerCompiler::GenerateRestoreName(Label* label,
221 if (!label->is_unused()) {
223 __ mov(this->name(), Immediate(name));
228 // Receiver_reg is preserved on jumps to miss_label, but may be destroyed if
229 // store is successful.
230 void NamedStoreHandlerCompiler::GenerateStoreTransition(
231 Handle<Map> transition, Handle<Name> name, Register receiver_reg,
232 Register storage_reg, Register value_reg, Register scratch1,
233 Register scratch2, Register unused, Label* miss_label, Label* slow) {
234 int descriptor = transition->LastAdded();
235 DescriptorArray* descriptors = transition->instance_descriptors();
236 PropertyDetails details = descriptors->GetDetails(descriptor);
237 Representation representation = details.representation();
238 DCHECK(!representation.IsNone());
240 if (details.type() == CONSTANT) {
241 Handle<Object> constant(descriptors->GetValue(descriptor), isolate());
242 __ CmpObject(value_reg, constant);
243 __ j(not_equal, miss_label);
244 } else if (representation.IsSmi()) {
245 __ JumpIfNotSmi(value_reg, miss_label);
246 } else if (representation.IsHeapObject()) {
247 __ JumpIfSmi(value_reg, miss_label);
248 HeapType* field_type = descriptors->GetFieldType(descriptor);
249 HeapType::Iterator<Map> it = field_type->Classes();
253 __ CompareMap(value_reg, it.Current());
256 __ j(not_equal, miss_label);
259 __ j(equal, &do_store, Label::kNear);
263 } else if (representation.IsDouble()) {
264 Label do_store, heap_number;
265 __ AllocateHeapNumber(storage_reg, scratch1, scratch2, slow, MUTABLE);
267 __ JumpIfNotSmi(value_reg, &heap_number);
268 __ SmiUntag(value_reg);
269 __ Cvtsi2sd(xmm0, value_reg);
270 __ SmiTag(value_reg);
273 __ bind(&heap_number);
274 __ CheckMap(value_reg, isolate()->factory()->heap_number_map(), miss_label,
276 __ movsd(xmm0, FieldOperand(value_reg, HeapNumber::kValueOffset));
279 __ movsd(FieldOperand(storage_reg, HeapNumber::kValueOffset), xmm0);
282 // Stub never generated for objects that require access checks.
283 DCHECK(!transition->is_access_check_needed());
285 // Perform map transition for the receiver if necessary.
286 if (details.type() == FIELD &&
287 Map::cast(transition->GetBackPointer())->unused_property_fields() == 0) {
288 // The properties must be extended before we can store the value.
289 // We jump to a runtime call that extends the properties array.
290 __ pop(scratch1); // Return address.
291 __ push(receiver_reg);
292 __ push(Immediate(transition));
295 __ TailCallExternalReference(
296 ExternalReference(IC_Utility(IC::kSharedStoreIC_ExtendStorage),
302 // Update the map of the object.
303 __ mov(scratch1, Immediate(transition));
304 __ mov(FieldOperand(receiver_reg, HeapObject::kMapOffset), scratch1);
306 // Update the write barrier for the map field.
307 __ RecordWriteField(receiver_reg, HeapObject::kMapOffset, scratch1, scratch2,
308 kDontSaveFPRegs, OMIT_REMEMBERED_SET, OMIT_SMI_CHECK);
310 if (details.type() == CONSTANT) {
311 DCHECK(value_reg.is(eax));
316 int index = transition->instance_descriptors()->GetFieldIndex(
317 transition->LastAdded());
319 // Adjust for the number of properties stored in the object. Even in the
320 // face of a transition we can use the old map here because the size of the
321 // object and the number of in-object properties is not going to change.
322 index -= transition->inobject_properties();
325 representation.IsTagged() ? INLINE_SMI_CHECK : OMIT_SMI_CHECK;
326 // TODO(verwaest): Share this code as a code stub.
328 // Set the property straight into the object.
329 int offset = transition->instance_size() + (index * kPointerSize);
330 if (representation.IsDouble()) {
331 __ mov(FieldOperand(receiver_reg, offset), storage_reg);
333 __ mov(FieldOperand(receiver_reg, offset), value_reg);
336 if (!representation.IsSmi()) {
337 // Update the write barrier for the array address.
338 if (!representation.IsDouble()) {
339 __ mov(storage_reg, value_reg);
341 __ RecordWriteField(receiver_reg, offset, storage_reg, scratch1,
342 kDontSaveFPRegs, EMIT_REMEMBERED_SET, smi_check);
345 // Write to the properties array.
346 int offset = index * kPointerSize + FixedArray::kHeaderSize;
347 // Get the properties array (optimistically).
348 __ mov(scratch1, FieldOperand(receiver_reg, JSObject::kPropertiesOffset));
349 if (representation.IsDouble()) {
350 __ mov(FieldOperand(scratch1, offset), storage_reg);
352 __ mov(FieldOperand(scratch1, offset), value_reg);
355 if (!representation.IsSmi()) {
356 // Update the write barrier for the array address.
357 if (!representation.IsDouble()) {
358 __ mov(storage_reg, value_reg);
360 __ RecordWriteField(scratch1, offset, storage_reg, receiver_reg,
361 kDontSaveFPRegs, EMIT_REMEMBERED_SET, smi_check);
365 // Return the value (register eax).
366 DCHECK(value_reg.is(eax));
371 void NamedStoreHandlerCompiler::GenerateStoreField(LookupIterator* lookup,
374 DCHECK(lookup->representation().IsHeapObject());
375 __ JumpIfSmi(value_reg, miss_label);
376 HeapType::Iterator<Map> it = lookup->GetFieldType()->Classes();
379 __ CompareMap(value_reg, it.Current());
382 __ j(not_equal, miss_label);
385 __ j(equal, &do_store, Label::kNear);
389 StoreFieldStub stub(isolate(), lookup->GetFieldIndex(),
390 lookup->representation());
391 GenerateTailCall(masm(), stub.GetCode());
395 Register PropertyHandlerCompiler::CheckPrototypes(
396 Register object_reg, Register holder_reg, Register scratch1,
397 Register scratch2, Handle<Name> name, Label* miss,
398 PrototypeCheckType check) {
399 Handle<Map> receiver_map(IC::TypeToMap(*type(), isolate()));
401 // Make sure there's no overlap between holder and object registers.
402 DCHECK(!scratch1.is(object_reg) && !scratch1.is(holder_reg));
403 DCHECK(!scratch2.is(object_reg) && !scratch2.is(holder_reg) &&
404 !scratch2.is(scratch1));
406 // Keep track of the current object in register reg.
407 Register reg = object_reg;
410 Handle<JSObject> current = Handle<JSObject>::null();
411 if (type()->IsConstant())
412 current = Handle<JSObject>::cast(type()->AsConstant()->Value());
413 Handle<JSObject> prototype = Handle<JSObject>::null();
414 Handle<Map> current_map = receiver_map;
415 Handle<Map> holder_map(holder()->map());
416 // Traverse the prototype chain and check the maps in the prototype chain for
417 // fast and global objects or do negative lookup for normal objects.
418 while (!current_map.is_identical_to(holder_map)) {
421 // Only global objects and objects that do not require access
422 // checks are allowed in stubs.
423 DCHECK(current_map->IsJSGlobalProxyMap() ||
424 !current_map->is_access_check_needed());
426 prototype = handle(JSObject::cast(current_map->prototype()));
427 if (current_map->is_dictionary_map() &&
428 !current_map->IsJSGlobalObjectMap()) {
429 DCHECK(!current_map->IsJSGlobalProxyMap()); // Proxy maps are fast.
430 if (!name->IsUniqueName()) {
431 DCHECK(name->IsString());
432 name = factory()->InternalizeString(Handle<String>::cast(name));
434 DCHECK(current.is_null() ||
435 current->property_dictionary()->FindEntry(name) ==
436 NameDictionary::kNotFound);
438 GenerateDictionaryNegativeLookup(masm(), miss, reg, name, scratch1,
441 __ mov(scratch1, FieldOperand(reg, HeapObject::kMapOffset));
442 reg = holder_reg; // From now on the object will be in holder_reg.
443 __ mov(reg, FieldOperand(scratch1, Map::kPrototypeOffset));
445 bool in_new_space = heap()->InNewSpace(*prototype);
446 // Two possible reasons for loading the prototype from the map:
447 // (1) Can't store references to new space in code.
448 // (2) Handler is shared for all receivers with the same prototype
449 // map (but not necessarily the same prototype instance).
450 bool load_prototype_from_map = in_new_space || depth == 1;
451 if (depth != 1 || check == CHECK_ALL_MAPS) {
452 __ CheckMap(reg, current_map, miss, DONT_DO_SMI_CHECK);
455 // Check access rights to the global object. This has to happen after
456 // the map check so that we know that the object is actually a global
458 // This allows us to install generated handlers for accesses to the
459 // global proxy (as opposed to using slow ICs). See corresponding code
460 // in LookupForRead().
461 if (current_map->IsJSGlobalProxyMap()) {
462 __ CheckAccessGlobalProxy(reg, scratch1, scratch2, miss);
463 } else if (current_map->IsJSGlobalObjectMap()) {
464 GenerateCheckPropertyCell(masm(), Handle<JSGlobalObject>::cast(current),
465 name, scratch2, miss);
468 if (load_prototype_from_map) {
469 // Save the map in scratch1 for later.
470 __ mov(scratch1, FieldOperand(reg, HeapObject::kMapOffset));
473 reg = holder_reg; // From now on the object will be in holder_reg.
475 if (load_prototype_from_map) {
476 __ mov(reg, FieldOperand(scratch1, Map::kPrototypeOffset));
478 __ mov(reg, prototype);
482 // Go to the next object in the prototype chain.
484 current_map = handle(current->map());
487 // Log the check depth.
488 LOG(isolate(), IntEvent("check-maps-depth", depth + 1));
490 if (depth != 0 || check == CHECK_ALL_MAPS) {
491 // Check the holder map.
492 __ CheckMap(reg, current_map, miss, DONT_DO_SMI_CHECK);
495 // Perform security check for access to the global object.
496 DCHECK(current_map->IsJSGlobalProxyMap() ||
497 !current_map->is_access_check_needed());
498 if (current_map->IsJSGlobalProxyMap()) {
499 __ CheckAccessGlobalProxy(reg, scratch1, scratch2, miss);
502 // Return the register containing the holder.
507 void NamedLoadHandlerCompiler::FrontendFooter(Handle<Name> name, Label* miss) {
508 if (!miss->is_unused()) {
512 TailCallBuiltin(masm(), MissBuiltin(kind()));
518 void NamedStoreHandlerCompiler::FrontendFooter(Handle<Name> name, Label* miss) {
519 if (!miss->is_unused()) {
522 GenerateRestoreName(miss, name);
523 TailCallBuiltin(masm(), MissBuiltin(kind()));
529 void NamedLoadHandlerCompiler::GenerateLoadCallback(
530 Register reg, Handle<ExecutableAccessorInfo> callback) {
531 // Insert additional parameters into the stack frame above return address.
532 DCHECK(!scratch3().is(reg));
533 __ pop(scratch3()); // Get return address to place it below.
535 STATIC_ASSERT(PropertyCallbackArguments::kHolderIndex == 0);
536 STATIC_ASSERT(PropertyCallbackArguments::kIsolateIndex == 1);
537 STATIC_ASSERT(PropertyCallbackArguments::kReturnValueDefaultValueIndex == 2);
538 STATIC_ASSERT(PropertyCallbackArguments::kReturnValueOffset == 3);
539 STATIC_ASSERT(PropertyCallbackArguments::kDataIndex == 4);
540 STATIC_ASSERT(PropertyCallbackArguments::kThisIndex == 5);
541 __ push(receiver()); // receiver
542 // Push data from ExecutableAccessorInfo.
543 if (isolate()->heap()->InNewSpace(callback->data())) {
544 DCHECK(!scratch2().is(reg));
545 __ mov(scratch2(), Immediate(callback));
546 __ push(FieldOperand(scratch2(), ExecutableAccessorInfo::kDataOffset));
548 __ push(Immediate(Handle<Object>(callback->data(), isolate())));
550 __ push(Immediate(isolate()->factory()->undefined_value())); // ReturnValue
551 // ReturnValue default value
552 __ push(Immediate(isolate()->factory()->undefined_value()));
553 __ push(Immediate(reinterpret_cast<int>(isolate())));
554 __ push(reg); // holder
556 // Save a pointer to where we pushed the arguments. This will be
557 // passed as the const PropertyAccessorInfo& to the C++ callback.
560 __ push(name()); // name
562 __ push(scratch3()); // Restore return address.
564 // Abi for CallApiGetter
565 Register getter_address = edx;
566 Address function_address = v8::ToCData<Address>(callback->getter());
567 __ mov(getter_address, Immediate(function_address));
569 CallApiGetterStub stub(isolate());
570 __ TailCallStub(&stub);
574 void NamedLoadHandlerCompiler::GenerateLoadConstant(Handle<Object> value) {
575 // Return the constant value.
576 __ LoadObject(eax, value);
581 void NamedLoadHandlerCompiler::GenerateLoadInterceptorWithFollowup(
582 LookupIterator* it, Register holder_reg) {
583 DCHECK(holder()->HasNamedInterceptor());
584 DCHECK(!holder()->GetNamedInterceptor()->getter()->IsUndefined());
586 // Compile the interceptor call, followed by inline code to load the
587 // property from further up the prototype chain if the call fails.
588 // Check that the maps haven't changed.
589 DCHECK(holder_reg.is(receiver()) || holder_reg.is(scratch1()));
591 // Preserve the receiver register explicitly whenever it is different from the
592 // holder and it is needed should the interceptor return without any result.
593 // The ACCESSOR case needs the receiver to be passed into C++ code, the FIELD
594 // case might cause a miss during the prototype check.
595 bool must_perform_prototype_check =
596 !holder().is_identical_to(it->GetHolder<JSObject>());
597 bool must_preserve_receiver_reg =
598 !receiver().is(holder_reg) &&
599 (it->property_kind() == LookupIterator::ACCESSOR ||
600 must_perform_prototype_check);
602 // Save necessary data before invoking an interceptor.
603 // Requires a frame to make GC aware of pushed pointers.
605 FrameScope frame_scope(masm(), StackFrame::INTERNAL);
607 if (must_preserve_receiver_reg) {
611 __ push(this->name());
613 // Invoke an interceptor. Note: map checks from receiver to
614 // interceptor's holder has been compiled before (see a caller
616 CompileCallLoadPropertyWithInterceptor(
617 masm(), receiver(), holder_reg, this->name(), holder(),
618 IC::kLoadPropertyWithInterceptorOnly);
620 // Check if interceptor provided a value for property. If it's
621 // the case, return immediately.
622 Label interceptor_failed;
623 __ cmp(eax, factory()->no_interceptor_result_sentinel());
624 __ j(equal, &interceptor_failed);
625 frame_scope.GenerateLeaveFrame();
628 // Clobber registers when generating debug-code to provoke errors.
629 __ bind(&interceptor_failed);
630 if (FLAG_debug_code) {
631 __ mov(receiver(), Immediate(BitCast<int32_t>(kZapValue)));
632 __ mov(holder_reg, Immediate(BitCast<int32_t>(kZapValue)));
633 __ mov(this->name(), Immediate(BitCast<int32_t>(kZapValue)));
636 __ pop(this->name());
638 if (must_preserve_receiver_reg) {
642 // Leave the internal frame.
645 GenerateLoadPostInterceptor(it, holder_reg);
649 void NamedLoadHandlerCompiler::GenerateLoadInterceptor(Register holder_reg) {
650 DCHECK(holder()->HasNamedInterceptor());
651 DCHECK(!holder()->GetNamedInterceptor()->getter()->IsUndefined());
652 // Call the runtime system to load the interceptor.
653 __ pop(scratch2()); // save old return address
654 PushInterceptorArguments(masm(), receiver(), holder_reg, this->name(),
656 __ push(scratch2()); // restore old return address
658 ExternalReference ref = ExternalReference(
659 IC_Utility(IC::kLoadPropertyWithInterceptor), isolate());
660 __ TailCallExternalReference(
661 ref, NamedLoadHandlerCompiler::kInterceptorArgsLength, 1);
665 Handle<Code> NamedStoreHandlerCompiler::CompileStoreCallback(
666 Handle<JSObject> object, Handle<Name> name,
667 Handle<ExecutableAccessorInfo> callback) {
668 Register holder_reg = Frontend(receiver(), name);
670 __ pop(scratch1()); // remove the return address
676 __ push(scratch1()); // restore return address
678 // Do tail-call to the runtime system.
679 ExternalReference store_callback_property =
680 ExternalReference(IC_Utility(IC::kStoreCallbackProperty), isolate());
681 __ TailCallExternalReference(store_callback_property, 5, 1);
683 // Return the generated code.
684 return GetCode(kind(), Code::FAST, name);
689 #define __ ACCESS_MASM(masm)
692 void NamedStoreHandlerCompiler::GenerateStoreViaSetter(
693 MacroAssembler* masm, Handle<HeapType> type, Register receiver,
694 Handle<JSFunction> setter) {
695 // ----------- S t a t e -------------
696 // -- esp[0] : return address
697 // -----------------------------------
699 FrameScope scope(masm, StackFrame::INTERNAL);
701 // Save value register, so we can restore it later.
704 if (!setter.is_null()) {
705 // Call the JavaScript setter with receiver and value on the stack.
706 if (IC::TypeToMap(*type, masm->isolate())->IsJSGlobalObjectMap()) {
707 // Swap in the global receiver.
709 FieldOperand(receiver, JSGlobalObject::kGlobalProxyOffset));
713 ParameterCount actual(1);
714 ParameterCount expected(setter);
715 __ InvokeFunction(setter, expected, actual, CALL_FUNCTION,
718 // If we generate a global code snippet for deoptimization only, remember
719 // the place to continue after deoptimization.
720 masm->isolate()->heap()->SetSetterStubDeoptPCOffset(masm->pc_offset());
723 // We have to return the passed value, not the return value of the setter.
726 // Restore context register.
727 __ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
734 #define __ ACCESS_MASM(masm())
737 Handle<Code> NamedStoreHandlerCompiler::CompileStoreInterceptor(
739 __ pop(scratch1()); // remove the return address
741 __ push(this->name());
743 __ push(scratch1()); // restore return address
745 // Do tail-call to the runtime system.
746 ExternalReference store_ic_property = ExternalReference(
747 IC_Utility(IC::kStorePropertyWithInterceptor), isolate());
748 __ TailCallExternalReference(store_ic_property, 3, 1);
750 // Return the generated code.
751 return GetCode(kind(), Code::FAST, name);
755 Handle<Code> PropertyICCompiler::CompileKeyedStorePolymorphic(
756 MapHandleList* receiver_maps, CodeHandleList* handler_stubs,
757 MapHandleList* transitioned_maps) {
759 __ JumpIfSmi(receiver(), &miss, Label::kNear);
760 __ mov(scratch1(), FieldOperand(receiver(), HeapObject::kMapOffset));
761 for (int i = 0; i < receiver_maps->length(); ++i) {
762 __ cmp(scratch1(), receiver_maps->at(i));
763 if (transitioned_maps->at(i).is_null()) {
764 __ j(equal, handler_stubs->at(i));
767 __ j(not_equal, &next_map, Label::kNear);
768 __ mov(transition_map(), Immediate(transitioned_maps->at(i)));
769 __ jmp(handler_stubs->at(i), RelocInfo::CODE_TARGET);
774 TailCallBuiltin(masm(), MissBuiltin(kind()));
776 // Return the generated code.
777 return GetCode(kind(), Code::NORMAL, factory()->empty_string(), POLYMORPHIC);
781 Register* PropertyAccessCompiler::load_calling_convention() {
782 // receiver, name, scratch1, scratch2, scratch3, scratch4.
783 Register receiver = LoadIC::ReceiverRegister();
784 Register name = LoadIC::NameRegister();
785 static Register registers[] = {receiver, name, ebx, eax, edi, no_reg};
790 Register* PropertyAccessCompiler::store_calling_convention() {
791 // receiver, name, scratch1, scratch2, scratch3.
792 Register receiver = StoreIC::ReceiverRegister();
793 Register name = StoreIC::NameRegister();
794 DCHECK(ebx.is(KeyedStoreIC::MapRegister()));
795 static Register registers[] = {receiver, name, ebx, edi, no_reg};
800 Register NamedStoreHandlerCompiler::value() { return StoreIC::ValueRegister(); }
804 #define __ ACCESS_MASM(masm)
807 void NamedLoadHandlerCompiler::GenerateLoadViaGetter(
808 MacroAssembler* masm, Handle<HeapType> type, Register receiver,
809 Handle<JSFunction> getter) {
811 FrameScope scope(masm, StackFrame::INTERNAL);
813 if (!getter.is_null()) {
814 // Call the JavaScript getter with the receiver on the stack.
815 if (IC::TypeToMap(*type, masm->isolate())->IsJSGlobalObjectMap()) {
816 // Swap in the global receiver.
818 FieldOperand(receiver, JSGlobalObject::kGlobalProxyOffset));
821 ParameterCount actual(0);
822 ParameterCount expected(getter);
823 __ InvokeFunction(getter, expected, actual, CALL_FUNCTION,
826 // If we generate a global code snippet for deoptimization only, remember
827 // the place to continue after deoptimization.
828 masm->isolate()->heap()->SetGetterStubDeoptPCOffset(masm->pc_offset());
831 // Restore context register.
832 __ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
839 #define __ ACCESS_MASM(masm())
842 Handle<Code> NamedLoadHandlerCompiler::CompileLoadGlobal(
843 Handle<PropertyCell> cell, Handle<Name> name, bool is_configurable) {
846 FrontendHeader(receiver(), name, &miss);
847 // Get the value from the cell.
848 Register result = StoreIC::ValueRegister();
849 if (masm()->serializer_enabled()) {
850 __ mov(result, Immediate(cell));
851 __ mov(result, FieldOperand(result, PropertyCell::kValueOffset));
853 __ mov(result, Operand::ForCell(cell));
856 // Check for deleted property if property can actually be deleted.
857 if (is_configurable) {
858 __ cmp(result, factory()->the_hole_value());
860 } else if (FLAG_debug_code) {
861 __ cmp(result, factory()->the_hole_value());
862 __ Check(not_equal, kDontDeleteCellsCannotContainTheHole);
865 Counters* counters = isolate()->counters();
866 __ IncrementCounter(counters->named_load_global_stub(), 1);
867 // The code above already loads the result into the return register.
870 FrontendFooter(name, &miss);
872 // Return the generated code.
873 return GetCode(kind(), Code::NORMAL, name);
877 Handle<Code> PropertyICCompiler::CompilePolymorphic(TypeHandleList* types,
878 CodeHandleList* handlers,
884 if (check == PROPERTY &&
885 (kind() == Code::KEYED_LOAD_IC || kind() == Code::KEYED_STORE_IC)) {
886 // In case we are compiling an IC for dictionary loads and stores, just
887 // check whether the name is unique.
888 if (name.is_identical_to(isolate()->factory()->normal_ic_symbol())) {
889 __ JumpIfNotUniqueName(this->name(), &miss);
891 __ cmp(this->name(), Immediate(name));
892 __ j(not_equal, &miss);
897 Label* smi_target = IncludesNumberType(types) ? &number_case : &miss;
898 __ JumpIfSmi(receiver(), smi_target);
900 // Polymorphic keyed stores may use the map register
901 Register map_reg = scratch1();
902 DCHECK(kind() != Code::KEYED_STORE_IC ||
903 map_reg.is(KeyedStoreIC::MapRegister()));
904 __ mov(map_reg, FieldOperand(receiver(), HeapObject::kMapOffset));
905 int receiver_count = types->length();
906 int number_of_handled_maps = 0;
907 for (int current = 0; current < receiver_count; ++current) {
908 Handle<HeapType> type = types->at(current);
909 Handle<Map> map = IC::TypeToMap(*type, isolate());
910 if (!map->is_deprecated()) {
911 number_of_handled_maps++;
912 __ cmp(map_reg, map);
913 if (type->Is(HeapType::Number())) {
914 DCHECK(!number_case.is_unused());
915 __ bind(&number_case);
917 __ j(equal, handlers->at(current));
920 DCHECK(number_of_handled_maps != 0);
923 TailCallBuiltin(masm(), MissBuiltin(kind()));
925 // Return the generated code.
926 InlineCacheState state =
927 number_of_handled_maps > 1 ? POLYMORPHIC : MONOMORPHIC;
928 return GetCode(kind(), type, name, state);
933 #define __ ACCESS_MASM(masm)
936 void ElementHandlerCompiler::GenerateLoadDictionaryElement(
937 MacroAssembler* masm) {
938 // ----------- S t a t e -------------
941 // -- esp[0] : return address
942 // -----------------------------------
943 DCHECK(edx.is(LoadIC::ReceiverRegister()));
944 DCHECK(ecx.is(LoadIC::NameRegister()));
947 // This stub is meant to be tail-jumped to, the receiver must already
948 // have been verified by the caller to not be a smi.
949 __ JumpIfNotSmi(ecx, &miss);
952 __ mov(eax, FieldOperand(edx, JSObject::kElementsOffset));
954 // Push receiver on the stack to free up a register for the dictionary
957 __ LoadFromNumberDictionary(&slow, eax, ecx, ebx, edx, edi, eax);
958 // Pop receiver before returning.
965 // ----------- S t a t e -------------
968 // -- esp[0] : return address
969 // -----------------------------------
970 TailCallBuiltin(masm, Builtins::kKeyedLoadIC_Slow);
973 // ----------- S t a t e -------------
976 // -- esp[0] : return address
977 // -----------------------------------
978 TailCallBuiltin(masm, Builtins::kKeyedLoadIC_Miss);
984 } // namespace v8::internal
986 #endif // V8_TARGET_ARCH_IA32
projects / platform / upstream / v8.git / blob