1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
9 #include "src/ic/ic-compiler.h"
14 #define __ ACCESS_MASM(masm)
17 void PropertyHandlerCompiler::GenerateDictionaryNegativeLookup(
18 MacroAssembler* masm, Label* miss_label, Register receiver,
19 Handle<Name> name, Register scratch0, Register scratch1) {
20 DCHECK(name->IsUniqueName());
21 DCHECK(!receiver.is(scratch0));
22 Counters* counters = masm->isolate()->counters();
23 __ IncrementCounter(counters->negative_lookups(), 1);
24 __ IncrementCounter(counters->negative_lookups_miss(), 1);
26 __ movp(scratch0, FieldOperand(receiver, HeapObject::kMapOffset));
28 const int kInterceptorOrAccessCheckNeededMask =
29 (1 << Map::kHasNamedInterceptor) | (1 << Map::kIsAccessCheckNeeded);
31 // Bail out if the receiver has a named interceptor or requires access checks.
32 __ testb(FieldOperand(scratch0, Map::kBitFieldOffset),
33 Immediate(kInterceptorOrAccessCheckNeededMask));
34 __ j(not_zero, miss_label);
36 // Check that receiver is a JSObject.
37 __ CmpInstanceType(scratch0, FIRST_SPEC_OBJECT_TYPE);
38 __ j(below, miss_label);
40 // Load properties array.
41 Register properties = scratch0;
42 __ movp(properties, FieldOperand(receiver, JSObject::kPropertiesOffset));
44 // Check that the properties array is a dictionary.
45 __ CompareRoot(FieldOperand(properties, HeapObject::kMapOffset),
46 Heap::kHashTableMapRootIndex);
47 __ j(not_equal, miss_label);
50 NameDictionaryLookupStub::GenerateNegativeLookup(masm, miss_label, &done,
51 properties, name, scratch1);
53 __ DecrementCounter(counters->negative_lookups_miss(), 1);
57 void NamedLoadHandlerCompiler::GenerateDirectLoadGlobalFunctionPrototype(
58 MacroAssembler* masm, int index, Register prototype, Label* miss) {
59 Isolate* isolate = masm->isolate();
60 // Get the global function with the given index.
61 Handle<JSFunction> function(
62 JSFunction::cast(isolate->native_context()->get(index)));
64 // Check we're still in the same context.
65 Register scratch = prototype;
66 const int offset = Context::SlotOffset(Context::GLOBAL_OBJECT_INDEX);
67 __ movp(scratch, Operand(rsi, offset));
68 __ movp(scratch, FieldOperand(scratch, GlobalObject::kNativeContextOffset));
69 __ Cmp(Operand(scratch, Context::SlotOffset(index)), function);
70 __ j(not_equal, miss);
72 // Load its initial map. The global functions all have initial maps.
73 __ Move(prototype, Handle<Map>(function->initial_map()));
74 // Load the prototype from the initial map.
75 __ movp(prototype, FieldOperand(prototype, Map::kPrototypeOffset));
79 void NamedLoadHandlerCompiler::GenerateLoadFunctionPrototype(
80 MacroAssembler* masm, Register receiver, Register result, Register scratch,
82 __ TryGetFunctionPrototype(receiver, result, miss_label);
83 if (!result.is(rax)) __ movp(rax, result);
88 static void PushInterceptorArguments(MacroAssembler* masm, Register receiver,
89 Register holder, Register name,
90 Handle<JSObject> holder_obj) {
91 STATIC_ASSERT(NamedLoadHandlerCompiler::kInterceptorArgsNameIndex == 0);
92 STATIC_ASSERT(NamedLoadHandlerCompiler::kInterceptorArgsInfoIndex == 1);
93 STATIC_ASSERT(NamedLoadHandlerCompiler::kInterceptorArgsThisIndex == 2);
94 STATIC_ASSERT(NamedLoadHandlerCompiler::kInterceptorArgsHolderIndex == 3);
95 STATIC_ASSERT(NamedLoadHandlerCompiler::kInterceptorArgsLength == 4);
97 Handle<InterceptorInfo> interceptor(holder_obj->GetNamedInterceptor());
98 DCHECK(!masm->isolate()->heap()->InNewSpace(*interceptor));
99 __ Move(kScratchRegister, interceptor);
100 __ Push(kScratchRegister);
106 static void CompileCallLoadPropertyWithInterceptor(
107 MacroAssembler* masm, Register receiver, Register holder, Register name,
108 Handle<JSObject> holder_obj, IC::UtilityId id) {
109 PushInterceptorArguments(masm, receiver, holder, name, holder_obj);
110 __ CallExternalReference(ExternalReference(IC_Utility(id), masm->isolate()),
111 NamedLoadHandlerCompiler::kInterceptorArgsLength);
115 // Generate call to api function.
116 void PropertyHandlerCompiler::GenerateFastApiCall(
117 MacroAssembler* masm, const CallOptimization& optimization,
118 Handle<Map> receiver_map, Register receiver, Register scratch_in,
119 bool is_store, int argc, Register* values) {
120 DCHECK(optimization.is_simple_api_call());
122 __ PopReturnAddressTo(scratch_in);
125 // Write the arguments to stack frame.
126 for (int i = 0; i < argc; i++) {
127 Register arg = values[argc - 1 - i];
128 DCHECK(!receiver.is(arg));
129 DCHECK(!scratch_in.is(arg));
132 __ PushReturnAddressFrom(scratch_in);
133 // Stack now matches JSFunction abi.
135 // Abi for CallApiFunctionStub.
136 Register callee = rax;
137 Register call_data = rbx;
138 Register holder = rcx;
139 Register api_function_address = rdx;
140 Register scratch = rdi; // scratch_in is no longer valid.
142 // Put holder in place.
143 CallOptimization::HolderLookup holder_lookup;
144 Handle<JSObject> api_holder =
145 optimization.LookupHolderOfExpectedType(receiver_map, &holder_lookup);
146 switch (holder_lookup) {
147 case CallOptimization::kHolderIsReceiver:
148 __ Move(holder, receiver);
150 case CallOptimization::kHolderFound:
151 __ Move(holder, api_holder);
153 case CallOptimization::kHolderNotFound:
158 Isolate* isolate = masm->isolate();
159 Handle<JSFunction> function = optimization.constant_function();
160 Handle<CallHandlerInfo> api_call_info = optimization.api_call_info();
161 Handle<Object> call_data_obj(api_call_info->data(), isolate);
163 // Put callee in place.
164 __ Move(callee, function);
166 bool call_data_undefined = false;
167 // Put call_data in place.
168 if (isolate->heap()->InNewSpace(*call_data_obj)) {
169 __ Move(scratch, api_call_info);
170 __ movp(call_data, FieldOperand(scratch, CallHandlerInfo::kDataOffset));
171 } else if (call_data_obj->IsUndefined()) {
172 call_data_undefined = true;
173 __ LoadRoot(call_data, Heap::kUndefinedValueRootIndex);
175 __ Move(call_data, call_data_obj);
178 // Put api_function_address in place.
179 Address function_address = v8::ToCData<Address>(api_call_info->callback());
180 __ Move(api_function_address, function_address,
181 RelocInfo::EXTERNAL_REFERENCE);
184 CallApiFunctionStub stub(isolate, is_store, call_data_undefined, argc);
185 __ TailCallStub(&stub);
189 void PropertyHandlerCompiler::GenerateCheckPropertyCell(
190 MacroAssembler* masm, Handle<JSGlobalObject> global, Handle<Name> name,
191 Register scratch, Label* miss) {
192 Handle<PropertyCell> cell = JSGlobalObject::EnsurePropertyCell(global, name);
193 DCHECK(cell->value()->IsTheHole());
194 __ Move(scratch, cell);
195 __ Cmp(FieldOperand(scratch, Cell::kValueOffset),
196 masm->isolate()->factory()->the_hole_value());
197 __ j(not_equal, miss);
201 void PropertyAccessCompiler::GenerateTailCall(MacroAssembler* masm,
203 __ jmp(code, RelocInfo::CODE_TARGET);
208 #define __ ACCESS_MASM((masm()))
211 void NamedStoreHandlerCompiler::GenerateRestoreName(Label* label,
213 if (!label->is_unused()) {
215 __ Move(this->name(), name);
220 // Receiver_reg is preserved on jumps to miss_label, but may be destroyed if
221 // store is successful.
222 void NamedStoreHandlerCompiler::GenerateStoreTransition(
223 Handle<Map> transition, Handle<Name> name, Register receiver_reg,
224 Register storage_reg, Register value_reg, Register scratch1,
225 Register scratch2, Register unused, Label* miss_label, Label* slow) {
226 int descriptor = transition->LastAdded();
227 DescriptorArray* descriptors = transition->instance_descriptors();
228 PropertyDetails details = descriptors->GetDetails(descriptor);
229 Representation representation = details.representation();
230 DCHECK(!representation.IsNone());
232 if (details.type() == CONSTANT) {
233 Handle<Object> constant(descriptors->GetValue(descriptor), isolate());
234 __ Cmp(value_reg, constant);
235 __ j(not_equal, miss_label);
236 } else if (representation.IsSmi()) {
237 __ JumpIfNotSmi(value_reg, miss_label);
238 } else if (representation.IsHeapObject()) {
239 __ JumpIfSmi(value_reg, miss_label);
240 HeapType* field_type = descriptors->GetFieldType(descriptor);
241 HeapType::Iterator<Map> it = field_type->Classes();
245 __ CompareMap(value_reg, it.Current());
248 __ j(not_equal, miss_label);
251 __ j(equal, &do_store, Label::kNear);
255 } else if (representation.IsDouble()) {
256 Label do_store, heap_number;
257 __ AllocateHeapNumber(storage_reg, scratch1, slow, MUTABLE);
259 __ JumpIfNotSmi(value_reg, &heap_number);
260 __ SmiToInteger32(scratch1, value_reg);
261 __ Cvtlsi2sd(xmm0, scratch1);
264 __ bind(&heap_number);
265 __ CheckMap(value_reg, isolate()->factory()->heap_number_map(), miss_label,
267 __ movsd(xmm0, FieldOperand(value_reg, HeapNumber::kValueOffset));
270 __ movsd(FieldOperand(storage_reg, HeapNumber::kValueOffset), xmm0);
273 // Stub never generated for objects that require access checks.
274 DCHECK(!transition->is_access_check_needed());
276 // Perform map transition for the receiver if necessary.
277 if (details.type() == FIELD &&
278 Map::cast(transition->GetBackPointer())->unused_property_fields() == 0) {
279 // The properties must be extended before we can store the value.
280 // We jump to a runtime call that extends the properties array.
281 __ PopReturnAddressTo(scratch1);
282 __ Push(receiver_reg);
285 __ PushReturnAddressFrom(scratch1);
286 __ TailCallExternalReference(
287 ExternalReference(IC_Utility(IC::kSharedStoreIC_ExtendStorage),
293 // Update the map of the object.
294 __ Move(scratch1, transition);
295 __ movp(FieldOperand(receiver_reg, HeapObject::kMapOffset), scratch1);
297 // Update the write barrier for the map field.
298 __ RecordWriteField(receiver_reg, HeapObject::kMapOffset, scratch1, scratch2,
299 kDontSaveFPRegs, OMIT_REMEMBERED_SET, OMIT_SMI_CHECK);
301 if (details.type() == CONSTANT) {
302 DCHECK(value_reg.is(rax));
307 int index = transition->instance_descriptors()->GetFieldIndex(
308 transition->LastAdded());
310 // Adjust for the number of properties stored in the object. Even in the
311 // face of a transition we can use the old map here because the size of the
312 // object and the number of in-object properties is not going to change.
313 index -= transition->inobject_properties();
315 // TODO(verwaest): Share this code as a code stub.
317 representation.IsTagged() ? INLINE_SMI_CHECK : OMIT_SMI_CHECK;
319 // Set the property straight into the object.
320 int offset = transition->instance_size() + (index * kPointerSize);
321 if (representation.IsDouble()) {
322 __ movp(FieldOperand(receiver_reg, offset), storage_reg);
324 __ movp(FieldOperand(receiver_reg, offset), value_reg);
327 if (!representation.IsSmi()) {
328 // Update the write barrier for the array address.
329 if (!representation.IsDouble()) {
330 __ movp(storage_reg, value_reg);
332 __ RecordWriteField(receiver_reg, offset, storage_reg, scratch1,
333 kDontSaveFPRegs, EMIT_REMEMBERED_SET, smi_check);
336 // Write to the properties array.
337 int offset = index * kPointerSize + FixedArray::kHeaderSize;
338 // Get the properties array (optimistically).
339 __ movp(scratch1, FieldOperand(receiver_reg, JSObject::kPropertiesOffset));
340 if (representation.IsDouble()) {
341 __ movp(FieldOperand(scratch1, offset), storage_reg);
343 __ movp(FieldOperand(scratch1, offset), value_reg);
346 if (!representation.IsSmi()) {
347 // Update the write barrier for the array address.
348 if (!representation.IsDouble()) {
349 __ movp(storage_reg, value_reg);
351 __ RecordWriteField(scratch1, offset, storage_reg, receiver_reg,
352 kDontSaveFPRegs, EMIT_REMEMBERED_SET, smi_check);
356 // Return the value (register rax).
357 DCHECK(value_reg.is(rax));
362 void NamedStoreHandlerCompiler::GenerateStoreField(LookupIterator* lookup,
365 DCHECK(lookup->representation().IsHeapObject());
366 __ JumpIfSmi(value_reg, miss_label);
367 HeapType::Iterator<Map> it = lookup->GetFieldType()->Classes();
370 __ CompareMap(value_reg, it.Current());
373 __ j(not_equal, miss_label);
376 __ j(equal, &do_store, Label::kNear);
380 StoreFieldStub stub(isolate(), lookup->GetFieldIndex(),
381 lookup->representation());
382 GenerateTailCall(masm(), stub.GetCode());
386 Register PropertyHandlerCompiler::CheckPrototypes(
387 Register object_reg, Register holder_reg, Register scratch1,
388 Register scratch2, Handle<Name> name, Label* miss,
389 PrototypeCheckType check) {
390 Handle<Map> receiver_map(IC::TypeToMap(*type(), isolate()));
392 // Make sure there's no overlap between holder and object registers.
393 DCHECK(!scratch1.is(object_reg) && !scratch1.is(holder_reg));
394 DCHECK(!scratch2.is(object_reg) && !scratch2.is(holder_reg) &&
395 !scratch2.is(scratch1));
397 // Keep track of the current object in register reg. On the first
398 // iteration, reg is an alias for object_reg, on later iterations,
399 // it is an alias for holder_reg.
400 Register reg = object_reg;
403 Handle<JSObject> current = Handle<JSObject>::null();
404 if (type()->IsConstant()) {
405 current = Handle<JSObject>::cast(type()->AsConstant()->Value());
407 Handle<JSObject> prototype = Handle<JSObject>::null();
408 Handle<Map> current_map = receiver_map;
409 Handle<Map> holder_map(holder()->map());
410 // Traverse the prototype chain and check the maps in the prototype chain for
411 // fast and global objects or do negative lookup for normal objects.
412 while (!current_map.is_identical_to(holder_map)) {
415 // Only global objects and objects that do not require access
416 // checks are allowed in stubs.
417 DCHECK(current_map->IsJSGlobalProxyMap() ||
418 !current_map->is_access_check_needed());
420 prototype = handle(JSObject::cast(current_map->prototype()));
421 if (current_map->is_dictionary_map() &&
422 !current_map->IsJSGlobalObjectMap()) {
423 DCHECK(!current_map->IsJSGlobalProxyMap()); // Proxy maps are fast.
424 if (!name->IsUniqueName()) {
425 DCHECK(name->IsString());
426 name = factory()->InternalizeString(Handle<String>::cast(name));
428 DCHECK(current.is_null() ||
429 current->property_dictionary()->FindEntry(name) ==
430 NameDictionary::kNotFound);
432 GenerateDictionaryNegativeLookup(masm(), miss, reg, name, scratch1,
435 __ movp(scratch1, FieldOperand(reg, HeapObject::kMapOffset));
436 reg = holder_reg; // From now on the object will be in holder_reg.
437 __ movp(reg, FieldOperand(scratch1, Map::kPrototypeOffset));
439 bool in_new_space = heap()->InNewSpace(*prototype);
440 // Two possible reasons for loading the prototype from the map:
441 // (1) Can't store references to new space in code.
442 // (2) Handler is shared for all receivers with the same prototype
443 // map (but not necessarily the same prototype instance).
444 bool load_prototype_from_map = in_new_space || depth == 1;
445 if (load_prototype_from_map) {
446 // Save the map in scratch1 for later.
447 __ movp(scratch1, FieldOperand(reg, HeapObject::kMapOffset));
449 if (depth != 1 || check == CHECK_ALL_MAPS) {
450 __ CheckMap(reg, current_map, miss, DONT_DO_SMI_CHECK);
453 // Check access rights to the global object. This has to happen after
454 // the map check so that we know that the object is actually a global
456 // This allows us to install generated handlers for accesses to the
457 // global proxy (as opposed to using slow ICs). See corresponding code
458 // in LookupForRead().
459 if (current_map->IsJSGlobalProxyMap()) {
460 __ CheckAccessGlobalProxy(reg, scratch2, miss);
461 } else if (current_map->IsJSGlobalObjectMap()) {
462 GenerateCheckPropertyCell(masm(), Handle<JSGlobalObject>::cast(current),
463 name, scratch2, miss);
465 reg = holder_reg; // From now on the object will be in holder_reg.
467 if (load_prototype_from_map) {
468 __ movp(reg, FieldOperand(scratch1, Map::kPrototypeOffset));
470 __ Move(reg, prototype);
474 // Go to the next object in the prototype chain.
476 current_map = handle(current->map());
479 // Log the check depth.
480 LOG(isolate(), IntEvent("check-maps-depth", depth + 1));
482 if (depth != 0 || check == CHECK_ALL_MAPS) {
483 // Check the holder map.
484 __ CheckMap(reg, current_map, miss, DONT_DO_SMI_CHECK);
487 // Perform security check for access to the global object.
488 DCHECK(current_map->IsJSGlobalProxyMap() ||
489 !current_map->is_access_check_needed());
490 if (current_map->IsJSGlobalProxyMap()) {
491 __ CheckAccessGlobalProxy(reg, scratch1, miss);
494 // Return the register containing the holder.
499 void NamedLoadHandlerCompiler::FrontendFooter(Handle<Name> name, Label* miss) {
500 if (!miss->is_unused()) {
504 TailCallBuiltin(masm(), MissBuiltin(kind()));
510 void NamedStoreHandlerCompiler::FrontendFooter(Handle<Name> name, Label* miss) {
511 if (!miss->is_unused()) {
514 GenerateRestoreName(miss, name);
515 TailCallBuiltin(masm(), MissBuiltin(kind()));
521 void NamedLoadHandlerCompiler::GenerateLoadCallback(
522 Register reg, Handle<ExecutableAccessorInfo> callback) {
523 // Insert additional parameters into the stack frame above return address.
524 DCHECK(!scratch4().is(reg));
525 __ PopReturnAddressTo(scratch4());
527 STATIC_ASSERT(PropertyCallbackArguments::kHolderIndex == 0);
528 STATIC_ASSERT(PropertyCallbackArguments::kIsolateIndex == 1);
529 STATIC_ASSERT(PropertyCallbackArguments::kReturnValueDefaultValueIndex == 2);
530 STATIC_ASSERT(PropertyCallbackArguments::kReturnValueOffset == 3);
531 STATIC_ASSERT(PropertyCallbackArguments::kDataIndex == 4);
532 STATIC_ASSERT(PropertyCallbackArguments::kThisIndex == 5);
533 STATIC_ASSERT(PropertyCallbackArguments::kArgsLength == 6);
534 __ Push(receiver()); // receiver
535 if (heap()->InNewSpace(callback->data())) {
536 DCHECK(!scratch2().is(reg));
537 __ Move(scratch2(), callback);
538 __ Push(FieldOperand(scratch2(),
539 ExecutableAccessorInfo::kDataOffset)); // data
541 __ Push(Handle<Object>(callback->data(), isolate()));
543 DCHECK(!kScratchRegister.is(reg));
544 __ LoadRoot(kScratchRegister, Heap::kUndefinedValueRootIndex);
545 __ Push(kScratchRegister); // return value
546 __ Push(kScratchRegister); // return value default
547 __ PushAddress(ExternalReference::isolate_address(isolate()));
548 __ Push(reg); // holder
549 __ Push(name()); // name
550 // Save a pointer to where we pushed the arguments pointer. This will be
551 // passed as the const PropertyAccessorInfo& to the C++ callback.
553 __ PushReturnAddressFrom(scratch4());
555 // Abi for CallApiGetter
556 Register api_function_address = r8;
557 Address getter_address = v8::ToCData<Address>(callback->getter());
558 __ Move(api_function_address, getter_address, RelocInfo::EXTERNAL_REFERENCE);
560 CallApiGetterStub stub(isolate());
561 __ TailCallStub(&stub);
565 void NamedLoadHandlerCompiler::GenerateLoadConstant(Handle<Object> value) {
566 // Return the constant value.
572 void NamedLoadHandlerCompiler::GenerateLoadInterceptorWithFollowup(
573 LookupIterator* it, Register holder_reg) {
574 DCHECK(holder()->HasNamedInterceptor());
575 DCHECK(!holder()->GetNamedInterceptor()->getter()->IsUndefined());
577 // Compile the interceptor call, followed by inline code to load the
578 // property from further up the prototype chain if the call fails.
579 // Check that the maps haven't changed.
580 DCHECK(holder_reg.is(receiver()) || holder_reg.is(scratch1()));
582 // Preserve the receiver register explicitly whenever it is different from the
583 // holder and it is needed should the interceptor return without any result.
584 // The ACCESSOR case needs the receiver to be passed into C++ code, the FIELD
585 // case might cause a miss during the prototype check.
586 bool must_perform_prototype_check =
587 !holder().is_identical_to(it->GetHolder<JSObject>());
588 bool must_preserve_receiver_reg =
589 !receiver().is(holder_reg) &&
590 (it->property_kind() == LookupIterator::ACCESSOR ||
591 must_perform_prototype_check);
593 // Save necessary data before invoking an interceptor.
594 // Requires a frame to make GC aware of pushed pointers.
596 FrameScope frame_scope(masm(), StackFrame::INTERNAL);
598 if (must_preserve_receiver_reg) {
602 __ Push(this->name());
604 // Invoke an interceptor. Note: map checks from receiver to
605 // interceptor's holder has been compiled before (see a caller
607 CompileCallLoadPropertyWithInterceptor(
608 masm(), receiver(), holder_reg, this->name(), holder(),
609 IC::kLoadPropertyWithInterceptorOnly);
611 // Check if interceptor provided a value for property. If it's
612 // the case, return immediately.
613 Label interceptor_failed;
614 __ CompareRoot(rax, Heap::kNoInterceptorResultSentinelRootIndex);
615 __ j(equal, &interceptor_failed);
616 frame_scope.GenerateLeaveFrame();
619 __ bind(&interceptor_failed);
620 __ Pop(this->name());
622 if (must_preserve_receiver_reg) {
626 // Leave the internal frame.
629 GenerateLoadPostInterceptor(it, holder_reg);
633 void NamedLoadHandlerCompiler::GenerateLoadInterceptor(Register holder_reg) {
634 // Call the runtime system to load the interceptor.
635 DCHECK(holder()->HasNamedInterceptor());
636 DCHECK(!holder()->GetNamedInterceptor()->getter()->IsUndefined());
637 __ PopReturnAddressTo(scratch2());
638 PushInterceptorArguments(masm(), receiver(), holder_reg, this->name(),
640 __ PushReturnAddressFrom(scratch2());
642 ExternalReference ref = ExternalReference(
643 IC_Utility(IC::kLoadPropertyWithInterceptor), isolate());
644 __ TailCallExternalReference(
645 ref, NamedLoadHandlerCompiler::kInterceptorArgsLength, 1);
649 Handle<Code> NamedStoreHandlerCompiler::CompileStoreCallback(
650 Handle<JSObject> object, Handle<Name> name,
651 Handle<ExecutableAccessorInfo> callback) {
652 Register holder_reg = Frontend(receiver(), name);
654 __ PopReturnAddressTo(scratch1());
657 __ Push(callback); // callback info
660 __ PushReturnAddressFrom(scratch1());
662 // Do tail-call to the runtime system.
663 ExternalReference store_callback_property =
664 ExternalReference(IC_Utility(IC::kStoreCallbackProperty), isolate());
665 __ TailCallExternalReference(store_callback_property, 5, 1);
667 // Return the generated code.
668 return GetCode(kind(), Code::FAST, name);
673 #define __ ACCESS_MASM(masm)
676 void NamedStoreHandlerCompiler::GenerateStoreViaSetter(
677 MacroAssembler* masm, Handle<HeapType> type, Register receiver,
678 Handle<JSFunction> setter) {
679 // ----------- S t a t e -------------
680 // -- rsp[0] : return address
681 // -----------------------------------
683 FrameScope scope(masm, StackFrame::INTERNAL);
685 // Save value register, so we can restore it later.
688 if (!setter.is_null()) {
689 // Call the JavaScript setter with receiver and value on the stack.
690 if (IC::TypeToMap(*type, masm->isolate())->IsJSGlobalObjectMap()) {
691 // Swap in the global receiver.
693 FieldOperand(receiver, JSGlobalObject::kGlobalProxyOffset));
697 ParameterCount actual(1);
698 ParameterCount expected(setter);
699 __ InvokeFunction(setter, expected, actual, CALL_FUNCTION,
702 // If we generate a global code snippet for deoptimization only, remember
703 // the place to continue after deoptimization.
704 masm->isolate()->heap()->SetSetterStubDeoptPCOffset(masm->pc_offset());
707 // We have to return the passed value, not the return value of the setter.
710 // Restore context register.
711 __ movp(rsi, Operand(rbp, StandardFrameConstants::kContextOffset));
718 #define __ ACCESS_MASM(masm())
721 Handle<Code> NamedStoreHandlerCompiler::CompileStoreInterceptor(
723 __ PopReturnAddressTo(scratch1());
725 __ Push(this->name());
727 __ PushReturnAddressFrom(scratch1());
729 // Do tail-call to the runtime system.
730 ExternalReference store_ic_property = ExternalReference(
731 IC_Utility(IC::kStorePropertyWithInterceptor), isolate());
732 __ TailCallExternalReference(store_ic_property, 3, 1);
734 // Return the generated code.
735 return GetCode(kind(), Code::FAST, name);
739 Handle<Code> PropertyICCompiler::CompileKeyedStorePolymorphic(
740 MapHandleList* receiver_maps, CodeHandleList* handler_stubs,
741 MapHandleList* transitioned_maps) {
743 __ JumpIfSmi(receiver(), &miss, Label::kNear);
745 __ movp(scratch1(), FieldOperand(receiver(), HeapObject::kMapOffset));
746 int receiver_count = receiver_maps->length();
747 for (int i = 0; i < receiver_count; ++i) {
748 // Check map and tail call if there's a match
749 __ Cmp(scratch1(), receiver_maps->at(i));
750 if (transitioned_maps->at(i).is_null()) {
751 __ j(equal, handler_stubs->at(i), RelocInfo::CODE_TARGET);
754 __ j(not_equal, &next_map, Label::kNear);
755 __ Move(transition_map(), transitioned_maps->at(i),
756 RelocInfo::EMBEDDED_OBJECT);
757 __ jmp(handler_stubs->at(i), RelocInfo::CODE_TARGET);
764 TailCallBuiltin(masm(), MissBuiltin(kind()));
766 // Return the generated code.
767 return GetCode(kind(), Code::NORMAL, factory()->empty_string(), POLYMORPHIC);
771 Register* PropertyAccessCompiler::load_calling_convention() {
772 // receiver, name, scratch1, scratch2, scratch3, scratch4.
773 Register receiver = LoadIC::ReceiverRegister();
774 Register name = LoadIC::NameRegister();
775 static Register registers[] = {receiver, name, rax, rbx, rdi, r8};
780 Register* PropertyAccessCompiler::store_calling_convention() {
781 // receiver, name, scratch1, scratch2, scratch3.
782 Register receiver = KeyedStoreIC::ReceiverRegister();
783 Register name = KeyedStoreIC::NameRegister();
784 DCHECK(rbx.is(KeyedStoreIC::MapRegister()));
785 static Register registers[] = {receiver, name, rbx, rdi, r8};
790 Register NamedStoreHandlerCompiler::value() { return StoreIC::ValueRegister(); }
794 #define __ ACCESS_MASM(masm)
797 void NamedLoadHandlerCompiler::GenerateLoadViaGetter(
798 MacroAssembler* masm, Handle<HeapType> type, Register receiver,
799 Handle<JSFunction> getter) {
800 // ----------- S t a t e -------------
803 // -- rsp[0] : return address
804 // -----------------------------------
806 FrameScope scope(masm, StackFrame::INTERNAL);
808 if (!getter.is_null()) {
809 // Call the JavaScript getter with the receiver on the stack.
810 if (IC::TypeToMap(*type, masm->isolate())->IsJSGlobalObjectMap()) {
811 // Swap in the global receiver.
813 FieldOperand(receiver, JSGlobalObject::kGlobalProxyOffset));
816 ParameterCount actual(0);
817 ParameterCount expected(getter);
818 __ InvokeFunction(getter, expected, actual, CALL_FUNCTION,
821 // If we generate a global code snippet for deoptimization only, remember
822 // the place to continue after deoptimization.
823 masm->isolate()->heap()->SetGetterStubDeoptPCOffset(masm->pc_offset());
826 // Restore context register.
827 __ movp(rsi, Operand(rbp, StandardFrameConstants::kContextOffset));
834 #define __ ACCESS_MASM(masm())
837 Handle<Code> NamedLoadHandlerCompiler::CompileLoadGlobal(
838 Handle<PropertyCell> cell, Handle<Name> name, bool is_configurable) {
840 FrontendHeader(receiver(), name, &miss);
842 // Get the value from the cell.
843 Register result = StoreIC::ValueRegister();
844 __ Move(result, cell);
845 __ movp(result, FieldOperand(result, PropertyCell::kValueOffset));
847 // Check for deleted property if property can actually be deleted.
848 if (is_configurable) {
849 __ CompareRoot(result, Heap::kTheHoleValueRootIndex);
851 } else if (FLAG_debug_code) {
852 __ CompareRoot(result, Heap::kTheHoleValueRootIndex);
853 __ Check(not_equal, kDontDeleteCellsCannotContainTheHole);
856 Counters* counters = isolate()->counters();
857 __ IncrementCounter(counters->named_load_global_stub(), 1);
860 FrontendFooter(name, &miss);
862 // Return the generated code.
863 return GetCode(kind(), Code::NORMAL, name);
867 Handle<Code> PropertyICCompiler::CompilePolymorphic(TypeHandleList* types,
868 CodeHandleList* handlers,
874 if (check == PROPERTY &&
875 (kind() == Code::KEYED_LOAD_IC || kind() == Code::KEYED_STORE_IC)) {
876 // In case we are compiling an IC for dictionary loads and stores, just
877 // check whether the name is unique.
878 if (name.is_identical_to(isolate()->factory()->normal_ic_symbol())) {
879 __ JumpIfNotUniqueName(this->name(), &miss);
881 __ Cmp(this->name(), name);
882 __ j(not_equal, &miss);
887 Label* smi_target = IncludesNumberType(types) ? &number_case : &miss;
888 __ JumpIfSmi(receiver(), smi_target);
890 // Polymorphic keyed stores may use the map register
891 Register map_reg = scratch1();
892 DCHECK(kind() != Code::KEYED_STORE_IC ||
893 map_reg.is(KeyedStoreIC::MapRegister()));
894 __ movp(map_reg, FieldOperand(receiver(), HeapObject::kMapOffset));
895 int receiver_count = types->length();
896 int number_of_handled_maps = 0;
897 for (int current = 0; current < receiver_count; ++current) {
898 Handle<HeapType> type = types->at(current);
899 Handle<Map> map = IC::TypeToMap(*type, isolate());
900 if (!map->is_deprecated()) {
901 number_of_handled_maps++;
902 // Check map and tail call if there's a match
903 __ Cmp(map_reg, map);
904 if (type->Is(HeapType::Number())) {
905 DCHECK(!number_case.is_unused());
906 __ bind(&number_case);
908 __ j(equal, handlers->at(current), RelocInfo::CODE_TARGET);
911 DCHECK(number_of_handled_maps > 0);
914 TailCallBuiltin(masm(), MissBuiltin(kind()));
916 // Return the generated code.
917 InlineCacheState state =
918 number_of_handled_maps > 1 ? POLYMORPHIC : MONOMORPHIC;
919 return GetCode(kind(), type, name, state);
924 #define __ ACCESS_MASM(masm)
927 void ElementHandlerCompiler::GenerateLoadDictionaryElement(
928 MacroAssembler* masm) {
929 // ----------- S t a t e -------------
932 // -- rsp[0] : return address
933 // -----------------------------------
934 DCHECK(rdx.is(LoadIC::ReceiverRegister()));
935 DCHECK(rcx.is(LoadIC::NameRegister()));
938 // This stub is meant to be tail-jumped to, the receiver must already
939 // have been verified by the caller to not be a smi.
941 __ JumpIfNotSmi(rcx, &miss);
942 __ SmiToInteger32(rbx, rcx);
943 __ movp(rax, FieldOperand(rdx, JSObject::kElementsOffset));
945 // Check whether the elements is a number dictionary.
948 // rbx: key as untagged int32
950 __ LoadFromNumberDictionary(&slow, rax, rcx, rbx, r9, rdi, rax);
954 // ----------- S t a t e -------------
957 // -- rsp[0] : return address
958 // -----------------------------------
959 TailCallBuiltin(masm, Builtins::kKeyedLoadIC_Slow);
962 // ----------- S t a t e -------------
965 // -- rsp[0] : return address
966 // -----------------------------------
967 TailCallBuiltin(masm, Builtins::kKeyedLoadIC_Miss);
973 } // namespace v8::internal
975 #endif // V8_TARGET_ARCH_X64
projects / platform / upstream / v8.git / blob