1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
7 #include "src/accessors.h"
9 #include "src/arguments.h"
10 #include "src/base/bits.h"
11 #include "src/codegen.h"
12 #include "src/conversions.h"
13 #include "src/execution.h"
14 #include "src/ic/call-optimization.h"
15 #include "src/ic/handler-compiler.h"
16 #include "src/ic/ic-inl.h"
17 #include "src/ic/ic-compiler.h"
18 #include "src/ic/stub-cache.h"
19 #include "src/prototype.h"
20 #include "src/runtime.h"
25 char IC::TransitionMarkFromState(IC::State state) {
33 case PROTOTYPE_FAILURE:
42 // We never see the debugger states here, because the state is
43 // computed from the original code - not the patched code. Let
44 // these cases fall through to the unreachable code below.
47 // Type-vector-based ICs resolve state to one of the above.
56 const char* GetTransitionMarkModifier(KeyedAccessStoreMode mode) {
57 if (mode == STORE_NO_TRANSITION_HANDLE_COW) return ".COW";
58 if (mode == STORE_NO_TRANSITION_IGNORE_OUT_OF_BOUNDS) {
61 if (IsGrowStoreMode(mode)) return ".GROW";
68 #define TRACE_GENERIC_IC(isolate, type, reason) \
70 if (FLAG_trace_ic) { \
71 PrintF("[%s patching generic stub in ", type); \
72 JavaScriptFrame::PrintTop(isolate, stdout, false, true); \
73 PrintF(" (%s)]\n", reason); \
79 #define TRACE_GENERIC_IC(isolate, type, reason) \
81 if (FLAG_trace_ic) { \
82 PrintF("[%s patching generic stub in ", type); \
83 PrintF("(see below) (%s)]\n", reason); \
90 void IC::TraceIC(const char* type, Handle<Object> name) {
92 Code* new_target = raw_target();
93 State new_state = new_target->ic_state();
94 TraceIC(type, name, state(), new_state);
99 void IC::TraceIC(const char* type, Handle<Object> name, State old_state,
102 Code* new_target = raw_target();
103 PrintF("[%s%s in ", new_target->is_keyed_stub() ? "Keyed" : "", type);
105 // TODO(jkummerow): Add support for "apply". The logic is roughly:
106 // marker = [fp_ + kMarkerOffset];
107 // if marker is smi and marker.value == INTERNAL and
108 // the frame's code == builtin(Builtins::kFunctionApply):
109 // then print "apply from" and advance one frame
111 Object* maybe_function =
112 Memory::Object_at(fp_ + JavaScriptFrameConstants::kFunctionOffset);
113 if (maybe_function->IsJSFunction()) {
114 JSFunction* function = JSFunction::cast(maybe_function);
115 JavaScriptFrame::PrintFunctionAndOffset(function, function->code(), pc(),
119 ExtraICState extra_state = new_target->extra_ic_state();
120 const char* modifier = "";
121 if (new_target->kind() == Code::KEYED_STORE_IC) {
122 modifier = GetTransitionMarkModifier(
123 KeyedStoreIC::GetKeyedAccessStoreMode(extra_state));
125 PrintF(" (%c->%c%s)", TransitionMarkFromState(old_state),
126 TransitionMarkFromState(new_state), modifier);
131 name->ShortPrint(stdout);
137 #define TRACE_IC(type, name) TraceIC(type, name)
138 #define TRACE_VECTOR_IC(type, name, old_state, new_state) \
139 TraceIC(type, name, old_state, new_state)
141 IC::IC(FrameDepth depth, Isolate* isolate)
142 : isolate_(isolate), target_set_(false), target_maps_set_(false) {
143 // To improve the performance of the (much used) IC code, we unfold a few
144 // levels of the stack frame iteration code. This yields a ~35% speedup when
145 // running DeltaBlue and a ~25% speedup of gbemu with the '--nouse-ic' flag.
146 const Address entry = Isolate::c_entry_fp(isolate->thread_local_top());
147 Address constant_pool = NULL;
148 if (FLAG_enable_ool_constant_pool) {
150 Memory::Address_at(entry + ExitFrameConstants::kConstantPoolOffset);
152 Address* pc_address =
153 reinterpret_cast<Address*>(entry + ExitFrameConstants::kCallerPCOffset);
154 Address fp = Memory::Address_at(entry + ExitFrameConstants::kCallerFPOffset);
155 // If there's another JavaScript frame on the stack or a
156 // StubFailureTrampoline, we need to look one frame further down the stack to
157 // find the frame pointer and the return address stack slot.
158 if (depth == EXTRA_CALL_FRAME) {
159 if (FLAG_enable_ool_constant_pool) {
161 Memory::Address_at(fp + StandardFrameConstants::kConstantPoolOffset);
163 const int kCallerPCOffset = StandardFrameConstants::kCallerPCOffset;
164 pc_address = reinterpret_cast<Address*>(fp + kCallerPCOffset);
165 fp = Memory::Address_at(fp + StandardFrameConstants::kCallerFPOffset);
168 StackFrameIterator it(isolate);
169 for (int i = 0; i < depth + 1; i++) it.Advance();
170 StackFrame* frame = it.frame();
171 DCHECK(fp == frame->fp() && pc_address == frame->pc_address());
174 if (FLAG_enable_ool_constant_pool) {
175 raw_constant_pool_ = handle(
176 ConstantPoolArray::cast(reinterpret_cast<Object*>(constant_pool)),
179 pc_address_ = StackFrame::ResolveReturnAddressLocation(pc_address);
180 target_ = handle(raw_target(), isolate);
181 state_ = target_->ic_state();
182 kind_ = target_->kind();
183 extra_ic_state_ = target_->extra_ic_state();
187 SharedFunctionInfo* IC::GetSharedFunctionInfo() const {
188 // Compute the JavaScript frame for the frame pointer of this IC
189 // structure. We need this to be able to find the function
190 // corresponding to the frame.
191 StackFrameIterator it(isolate());
192 while (it.frame()->fp() != this->fp()) it.Advance();
193 JavaScriptFrame* frame = JavaScriptFrame::cast(it.frame());
194 // Find the function on the stack and both the active code for the
195 // function and the original code.
196 JSFunction* function = frame->function();
197 return function->shared();
201 Code* IC::GetCode() const {
202 HandleScope scope(isolate());
203 Handle<SharedFunctionInfo> shared(GetSharedFunctionInfo(), isolate());
204 Code* code = shared->code();
209 Code* IC::GetOriginalCode() const {
210 HandleScope scope(isolate());
211 Handle<SharedFunctionInfo> shared(GetSharedFunctionInfo(), isolate());
212 DCHECK(Debug::HasDebugInfo(shared));
213 Code* original_code = Debug::GetDebugInfo(shared)->original_code();
214 DCHECK(original_code->IsCode());
215 return original_code;
219 static void LookupForRead(LookupIterator* it) {
220 for (; it->IsFound(); it->Next()) {
221 switch (it->state()) {
222 case LookupIterator::NOT_FOUND:
223 case LookupIterator::TRANSITION:
225 case LookupIterator::JSPROXY:
227 case LookupIterator::INTERCEPTOR: {
228 // If there is a getter, return; otherwise loop to perform the lookup.
229 Handle<JSObject> holder = it->GetHolder<JSObject>();
230 if (!holder->GetNamedInterceptor()->getter()->IsUndefined()) {
235 case LookupIterator::ACCESS_CHECK:
236 // PropertyHandlerCompiler::CheckPrototypes() knows how to emit
237 // access checks for global proxies.
238 if (it->GetHolder<JSObject>()->IsJSGlobalProxy() &&
239 it->HasAccess(v8::ACCESS_GET)) {
243 case LookupIterator::ACCESSOR:
244 case LookupIterator::DATA:
251 bool IC::TryRemoveInvalidPrototypeDependentStub(Handle<Object> receiver,
252 Handle<String> name) {
253 if (!IsNameCompatibleWithPrototypeFailure(name)) return false;
254 Handle<Map> receiver_map = TypeToMap(*receiver_type(), isolate());
255 maybe_handler_ = target()->FindHandlerForMap(*receiver_map);
257 // The current map wasn't handled yet. There's no reason to stay monomorphic,
258 // *unless* we're moving from a deprecated map to its replacement, or
259 // to a more general elements kind.
260 // TODO(verwaest): Check if the current map is actually what the old map
261 // would transition to.
262 if (maybe_handler_.is_null()) {
263 if (!receiver_map->IsJSObjectMap()) return false;
264 Map* first_map = FirstTargetMap();
265 if (first_map == NULL) return false;
266 Handle<Map> old_map(first_map);
267 if (old_map->is_deprecated()) return true;
268 if (IsMoreGeneralElementsKindTransition(old_map->elements_kind(),
269 receiver_map->elements_kind())) {
275 CacheHolderFlag flag;
276 Handle<Map> ic_holder_map(
277 GetICCacheHolder(*receiver_type(), isolate(), &flag));
279 DCHECK(flag != kCacheOnReceiver || receiver->IsJSObject());
280 DCHECK(flag != kCacheOnPrototype || !receiver->IsJSReceiver());
281 DCHECK(flag != kCacheOnPrototypeReceiverIsDictionary);
283 if (state() == MONOMORPHIC) {
284 int index = ic_holder_map->IndexInCodeCache(*name, *target());
286 ic_holder_map->RemoveFromCodeCache(*name, *target(), index);
290 if (receiver->IsGlobalObject()) {
291 Handle<GlobalObject> global = Handle<GlobalObject>::cast(receiver);
292 LookupIterator it(global, name, LookupIterator::OWN_SKIP_INTERCEPTOR);
293 if (it.state() == LookupIterator::ACCESS_CHECK) return false;
294 if (!it.IsFound()) return false;
295 Handle<PropertyCell> cell = it.GetPropertyCell();
296 return cell->type()->IsConstant();
303 bool IC::IsNameCompatibleWithPrototypeFailure(Handle<Object> name) {
304 if (target()->is_keyed_stub()) {
305 // Determine whether the failure is due to a name failure.
306 if (!name->IsName()) return false;
307 Name* stub_name = target()->FindFirstName();
308 if (*name != stub_name) return false;
315 void IC::UpdateState(Handle<Object> receiver, Handle<Object> name) {
316 update_receiver_type(receiver);
317 if (!name->IsString()) return;
318 if (state() != MONOMORPHIC && state() != POLYMORPHIC) return;
319 if (receiver->IsUndefined() || receiver->IsNull()) return;
321 // Remove the target from the code cache if it became invalid
322 // because of changes in the prototype chain to avoid hitting it
324 if (TryRemoveInvalidPrototypeDependentStub(receiver,
325 Handle<String>::cast(name))) {
326 MarkPrototypeFailure(name);
330 // The builtins object is special. It only changes when JavaScript
331 // builtins are loaded lazily. It is important to keep inline
332 // caches for the builtins object monomorphic. Therefore, if we get
333 // an inline cache miss for the builtins object after lazily loading
334 // JavaScript builtins, we return uninitialized as the state to
335 // force the inline cache back to monomorphic state.
336 if (receiver->IsJSBuiltinsObject()) state_ = UNINITIALIZED;
340 MaybeHandle<Object> IC::TypeError(const char* type, Handle<Object> object,
341 Handle<Object> key) {
342 HandleScope scope(isolate());
343 Handle<Object> args[2] = {key, object};
344 THROW_NEW_ERROR(isolate(), NewTypeError(type, HandleVector(args, 2)), Object);
348 MaybeHandle<Object> IC::ReferenceError(const char* type, Handle<Name> name) {
349 HandleScope scope(isolate());
350 THROW_NEW_ERROR(isolate(), NewReferenceError(type, HandleVector(&name, 1)),
355 static void ComputeTypeInfoCountDelta(IC::State old_state, IC::State new_state,
356 int* polymorphic_delta,
357 int* generic_delta) {
361 if (new_state == UNINITIALIZED || new_state == PREMONOMORPHIC) break;
362 if (new_state == MONOMORPHIC || new_state == POLYMORPHIC) {
363 *polymorphic_delta = 1;
364 } else if (new_state == MEGAMORPHIC || new_state == GENERIC) {
370 if (new_state == MONOMORPHIC || new_state == POLYMORPHIC) break;
371 *polymorphic_delta = -1;
372 if (new_state == MEGAMORPHIC || new_state == GENERIC) {
378 if (new_state == MEGAMORPHIC || new_state == GENERIC) break;
380 if (new_state == MONOMORPHIC || new_state == POLYMORPHIC) {
381 *polymorphic_delta = 1;
384 case PROTOTYPE_FAILURE:
392 void IC::OnTypeFeedbackChanged(Isolate* isolate, Address address,
393 State old_state, State new_state,
394 bool target_remains_ic_stub) {
396 isolate->inner_pointer_to_code_cache()->GetCacheEntry(address)->code;
397 if (host->kind() != Code::FUNCTION) return;
399 if (FLAG_type_info_threshold > 0 && target_remains_ic_stub &&
400 // Not all Code objects have TypeFeedbackInfo.
401 host->type_feedback_info()->IsTypeFeedbackInfo()) {
402 int polymorphic_delta = 0; // "Polymorphic" here includes monomorphic.
403 int generic_delta = 0; // "Generic" here includes megamorphic.
404 ComputeTypeInfoCountDelta(old_state, new_state, &polymorphic_delta,
406 TypeFeedbackInfo* info = TypeFeedbackInfo::cast(host->type_feedback_info());
407 info->change_ic_with_type_info_count(polymorphic_delta);
408 info->change_ic_generic_count(generic_delta);
410 if (host->type_feedback_info()->IsTypeFeedbackInfo()) {
411 TypeFeedbackInfo* info = TypeFeedbackInfo::cast(host->type_feedback_info());
412 info->change_own_type_change_checksum();
414 host->set_profiler_ticks(0);
415 isolate->runtime_profiler()->NotifyICChanged();
416 // TODO(2029): When an optimized function is patched, it would
417 // be nice to propagate the corresponding type information to its
418 // unoptimized version for the benefit of later inlining.
422 void IC::PostPatching(Address address, Code* target, Code* old_target) {
423 // Type vector based ICs update these statistics at a different time because
424 // they don't always patch on state change.
425 if (target->kind() == Code::CALL_IC) return;
427 Isolate* isolate = target->GetHeap()->isolate();
428 State old_state = UNINITIALIZED;
429 State new_state = UNINITIALIZED;
430 bool target_remains_ic_stub = false;
431 if (old_target->is_inline_cache_stub() && target->is_inline_cache_stub()) {
432 old_state = old_target->ic_state();
433 new_state = target->ic_state();
434 target_remains_ic_stub = true;
437 OnTypeFeedbackChanged(isolate, address, old_state, new_state,
438 target_remains_ic_stub);
442 void IC::RegisterWeakMapDependency(Handle<Code> stub) {
443 if (FLAG_collect_maps && FLAG_weak_embedded_maps_in_ic &&
444 stub->CanBeWeakStub()) {
445 DCHECK(!stub->is_weak_stub());
447 stub->FindAllMaps(&maps);
448 if (maps.length() == 1 && stub->IsWeakObjectInIC(*maps.at(0))) {
449 Map::AddDependentIC(maps.at(0), stub);
450 stub->mark_as_weak_stub();
451 if (FLAG_enable_ool_constant_pool) {
452 stub->constant_pool()->set_weak_object_state(
453 ConstantPoolArray::WEAK_OBJECTS_IN_IC);
460 void IC::InvalidateMaps(Code* stub) {
461 DCHECK(stub->is_weak_stub());
462 stub->mark_as_invalidated_weak_stub();
463 Isolate* isolate = stub->GetIsolate();
464 Heap* heap = isolate->heap();
465 Object* undefined = heap->undefined_value();
466 int mode_mask = RelocInfo::ModeMask(RelocInfo::EMBEDDED_OBJECT);
467 for (RelocIterator it(stub, mode_mask); !it.done(); it.next()) {
468 RelocInfo::Mode mode = it.rinfo()->rmode();
469 if (mode == RelocInfo::EMBEDDED_OBJECT &&
470 it.rinfo()->target_object()->IsMap()) {
471 it.rinfo()->set_target_object(undefined, SKIP_WRITE_BARRIER);
474 CpuFeatures::FlushICache(stub->instruction_start(), stub->instruction_size());
478 void IC::Clear(Isolate* isolate, Address address,
479 ConstantPoolArray* constant_pool) {
480 Code* target = GetTargetAtAddress(address, constant_pool);
482 // Don't clear debug break inline cache as it will remove the break point.
483 if (target->is_debug_stub()) return;
485 switch (target->kind()) {
487 return LoadIC::Clear(isolate, address, target, constant_pool);
488 case Code::KEYED_LOAD_IC:
489 return KeyedLoadIC::Clear(isolate, address, target, constant_pool);
491 return StoreIC::Clear(isolate, address, target, constant_pool);
492 case Code::KEYED_STORE_IC:
493 return KeyedStoreIC::Clear(isolate, address, target, constant_pool);
495 return CallIC::Clear(isolate, address, target, constant_pool);
496 case Code::COMPARE_IC:
497 return CompareIC::Clear(isolate, address, target, constant_pool);
498 case Code::COMPARE_NIL_IC:
499 return CompareNilIC::Clear(address, target, constant_pool);
500 case Code::BINARY_OP_IC:
501 case Code::TO_BOOLEAN_IC:
502 // Clearing these is tricky and does not
503 // make any performance difference.
511 void KeyedLoadIC::Clear(Isolate* isolate, Address address, Code* target,
512 ConstantPoolArray* constant_pool) {
513 if (IsCleared(target)) return;
514 // Make sure to also clear the map used in inline fast cases. If we
515 // do not clear these maps, cached code can keep objects alive
516 // through the embedded maps.
517 SetTargetAtAddress(address, *pre_monomorphic_stub(isolate), constant_pool);
521 void CallIC::Clear(Isolate* isolate, Address address, Code* target,
522 ConstantPoolArray* constant_pool) {
523 // Currently, CallIC doesn't have state changes.
527 void LoadIC::Clear(Isolate* isolate, Address address, Code* target,
528 ConstantPoolArray* constant_pool) {
529 if (IsCleared(target)) return;
530 Code* code = PropertyICCompiler::FindPreMonomorphic(isolate, Code::LOAD_IC,
531 target->extra_ic_state());
532 SetTargetAtAddress(address, code, constant_pool);
536 void StoreIC::Clear(Isolate* isolate, Address address, Code* target,
537 ConstantPoolArray* constant_pool) {
538 if (IsCleared(target)) return;
539 Code* code = PropertyICCompiler::FindPreMonomorphic(isolate, Code::STORE_IC,
540 target->extra_ic_state());
541 SetTargetAtAddress(address, code, constant_pool);
545 void KeyedStoreIC::Clear(Isolate* isolate, Address address, Code* target,
546 ConstantPoolArray* constant_pool) {
547 if (IsCleared(target)) return;
549 address, *pre_monomorphic_stub(
550 isolate, StoreIC::GetStrictMode(target->extra_ic_state())),
555 void CompareIC::Clear(Isolate* isolate, Address address, Code* target,
556 ConstantPoolArray* constant_pool) {
557 DCHECK(CodeStub::GetMajorKey(target) == CodeStub::CompareIC);
558 CompareICStub stub(target->stub_key(), isolate);
559 // Only clear CompareICs that can retain objects.
560 if (stub.state() != CompareICState::KNOWN_OBJECT) return;
561 SetTargetAtAddress(address, GetRawUninitialized(isolate, stub.op()),
563 PatchInlinedSmiCode(address, DISABLE_INLINED_SMI_CHECK);
568 Handle<Code> KeyedLoadIC::generic_stub(Isolate* isolate) {
569 if (FLAG_compiled_keyed_generic_loads) {
570 return KeyedLoadGenericStub(isolate).GetCode();
572 return isolate->builtins()->KeyedLoadIC_Generic();
577 static bool MigrateDeprecated(Handle<Object> object) {
578 if (!object->IsJSObject()) return false;
579 Handle<JSObject> receiver = Handle<JSObject>::cast(object);
580 if (!receiver->map()->is_deprecated()) return false;
581 JSObject::MigrateInstance(Handle<JSObject>::cast(object));
586 MaybeHandle<Object> LoadIC::Load(Handle<Object> object, Handle<Name> name) {
587 // If the object is undefined or null it's illegal to try to get any
588 // of its properties; throw a TypeError in that case.
589 if (object->IsUndefined() || object->IsNull()) {
590 return TypeError("non_object_property_load", object, name);
593 // Check if the name is trivially convertible to an index and get
594 // the element or char if so.
596 if (kind() == Code::KEYED_LOAD_IC && name->AsArrayIndex(&index)) {
597 // Rewrite to the generic keyed load stub.
599 set_target(*KeyedLoadIC::generic_stub(isolate()));
600 TRACE_IC("LoadIC", name);
601 TRACE_GENERIC_IC(isolate(), "LoadIC", "name as array index");
603 Handle<Object> result;
604 ASSIGN_RETURN_ON_EXCEPTION(
606 Runtime::GetElementOrCharAt(isolate(), object, index), Object);
610 bool use_ic = MigrateDeprecated(object) ? false : FLAG_use_ic;
612 // Named lookup in the object.
613 LookupIterator it(object, name);
616 if (it.IsFound() || !IsUndeclaredGlobal(object)) {
617 // Update inline cache and stub cache.
618 if (use_ic) UpdateCaches(&it);
621 Handle<Object> result;
622 ASSIGN_RETURN_ON_EXCEPTION(isolate(), result, Object::GetProperty(&it),
626 } else if (!IsUndeclaredGlobal(object)) {
627 LOG(isolate(), SuspectReadEvent(*name, *object));
631 return ReferenceError("not_defined", name);
635 static bool AddOneReceiverMapIfMissing(MapHandleList* receiver_maps,
636 Handle<Map> new_receiver_map) {
637 DCHECK(!new_receiver_map.is_null());
638 for (int current = 0; current < receiver_maps->length(); ++current) {
639 if (!receiver_maps->at(current).is_null() &&
640 receiver_maps->at(current).is_identical_to(new_receiver_map)) {
644 receiver_maps->Add(new_receiver_map);
649 bool IC::UpdatePolymorphicIC(Handle<Name> name, Handle<Code> code) {
650 if (!code->is_handler()) return false;
651 if (target()->is_keyed_stub() && state() != PROTOTYPE_FAILURE) return false;
652 Handle<HeapType> type = receiver_type();
653 TypeHandleList types;
654 CodeHandleList handlers;
657 int number_of_types = types.length();
658 int deprecated_types = 0;
659 int handler_to_overwrite = -1;
661 for (int i = 0; i < number_of_types; i++) {
662 Handle<HeapType> current_type = types.at(i);
663 if (current_type->IsClass() &&
664 current_type->AsClass()->Map()->is_deprecated()) {
665 // Filter out deprecated maps to ensure their instances get migrated.
667 } else if (type->NowIs(current_type)) {
668 // If the receiver type is already in the polymorphic IC, this indicates
669 // there was a prototoype chain failure. In that case, just overwrite the
671 handler_to_overwrite = i;
672 } else if (handler_to_overwrite == -1 && current_type->IsClass() &&
674 IsTransitionOfMonomorphicTarget(*current_type->AsClass()->Map(),
675 *type->AsClass()->Map())) {
676 handler_to_overwrite = i;
680 int number_of_valid_types =
681 number_of_types - deprecated_types - (handler_to_overwrite != -1);
683 if (number_of_valid_types >= 4) return false;
684 if (number_of_types == 0) return false;
685 if (!target()->FindHandlers(&handlers, types.length())) return false;
687 number_of_valid_types++;
688 if (number_of_valid_types > 1 && target()->is_keyed_stub()) return false;
690 if (number_of_valid_types == 1) {
691 ic = PropertyICCompiler::ComputeMonomorphic(kind(), name, type, code,
694 if (handler_to_overwrite >= 0) {
695 handlers.Set(handler_to_overwrite, code);
696 if (!type->NowIs(types.at(handler_to_overwrite))) {
697 types.Set(handler_to_overwrite, type);
703 ic = PropertyICCompiler::ComputePolymorphic(kind(), &types, &handlers,
704 number_of_valid_types, name,
712 Handle<HeapType> IC::CurrentTypeOf(Handle<Object> object, Isolate* isolate) {
713 return object->IsJSGlobalObject()
714 ? HeapType::Constant(Handle<JSGlobalObject>::cast(object), isolate)
715 : HeapType::NowOf(object, isolate);
719 Handle<Map> IC::TypeToMap(HeapType* type, Isolate* isolate) {
720 if (type->Is(HeapType::Number()))
721 return isolate->factory()->heap_number_map();
722 if (type->Is(HeapType::Boolean())) return isolate->factory()->boolean_map();
723 if (type->IsConstant()) {
725 Handle<JSGlobalObject>::cast(type->AsConstant()->Value())->map());
727 DCHECK(type->IsClass());
728 return type->AsClass()->Map();
733 typename T::TypeHandle IC::MapToType(Handle<Map> map,
734 typename T::Region* region) {
735 if (map->instance_type() == HEAP_NUMBER_TYPE) {
736 return T::Number(region);
737 } else if (map->instance_type() == ODDBALL_TYPE) {
738 // The only oddballs that can be recorded in ICs are booleans.
739 return T::Boolean(region);
741 return T::Class(map, region);
746 template Type* IC::MapToType<Type>(Handle<Map> map, Zone* zone);
749 template Handle<HeapType> IC::MapToType<HeapType>(Handle<Map> map,
753 void IC::UpdateMonomorphicIC(Handle<Code> handler, Handle<Name> name) {
754 DCHECK(handler->is_handler());
755 Handle<Code> ic = PropertyICCompiler::ComputeMonomorphic(
756 kind(), name, receiver_type(), handler, extra_ic_state());
761 void IC::CopyICToMegamorphicCache(Handle<Name> name) {
762 TypeHandleList types;
763 CodeHandleList handlers;
765 if (!target()->FindHandlers(&handlers, types.length())) return;
766 for (int i = 0; i < types.length(); i++) {
767 UpdateMegamorphicCache(*types.at(i), *name, *handlers.at(i));
772 bool IC::IsTransitionOfMonomorphicTarget(Map* source_map, Map* target_map) {
773 if (source_map == NULL) return true;
774 if (target_map == NULL) return false;
775 ElementsKind target_elements_kind = target_map->elements_kind();
776 bool more_general_transition = IsMoreGeneralElementsKindTransition(
777 source_map->elements_kind(), target_elements_kind);
778 Map* transitioned_map =
779 more_general_transition
780 ? source_map->LookupElementsTransitionMap(target_elements_kind)
783 return transitioned_map == target_map;
787 void IC::PatchCache(Handle<Name> name, Handle<Code> code) {
791 UpdateMonomorphicIC(code, name);
793 case PROTOTYPE_FAILURE:
796 if (!target()->is_keyed_stub() || state() == PROTOTYPE_FAILURE) {
797 if (UpdatePolymorphicIC(name, code)) break;
798 CopyICToMegamorphicCache(name);
800 set_target(*megamorphic_stub());
803 UpdateMegamorphicCache(*receiver_type(), *name, *code);
815 Handle<Code> LoadIC::initialize_stub(Isolate* isolate,
816 ExtraICState extra_state) {
817 return PropertyICCompiler::ComputeLoad(isolate, UNINITIALIZED, extra_state);
821 Handle<Code> LoadIC::megamorphic_stub() {
822 if (kind() == Code::LOAD_IC) {
823 MegamorphicLoadStub stub(isolate(), LoadICState(extra_ic_state()));
824 return stub.GetCode();
826 DCHECK_EQ(Code::KEYED_LOAD_IC, kind());
827 return KeyedLoadIC::generic_stub(isolate());
832 Handle<Code> LoadIC::pre_monomorphic_stub(Isolate* isolate,
833 ExtraICState extra_state) {
834 return PropertyICCompiler::ComputeLoad(isolate, PREMONOMORPHIC, extra_state);
838 Handle<Code> KeyedLoadIC::pre_monomorphic_stub(Isolate* isolate) {
839 return isolate->builtins()->KeyedLoadIC_PreMonomorphic();
843 Handle<Code> LoadIC::pre_monomorphic_stub() const {
844 if (kind() == Code::LOAD_IC) {
845 return LoadIC::pre_monomorphic_stub(isolate(), extra_ic_state());
847 DCHECK_EQ(Code::KEYED_LOAD_IC, kind());
848 return KeyedLoadIC::pre_monomorphic_stub(isolate());
853 Handle<Code> LoadIC::SimpleFieldLoad(FieldIndex index) {
854 LoadFieldStub stub(isolate(), index);
855 return stub.GetCode();
859 void LoadIC::UpdateCaches(LookupIterator* lookup) {
860 if (state() == UNINITIALIZED) {
861 // This is the first time we execute this inline cache. Set the target to
862 // the pre monomorphic stub to delay setting the monomorphic state.
863 set_target(*pre_monomorphic_stub());
864 TRACE_IC("LoadIC", lookup->name());
869 if (lookup->state() == LookupIterator::JSPROXY ||
870 lookup->state() == LookupIterator::ACCESS_CHECK) {
872 } else if (!lookup->IsFound()) {
873 if (kind() == Code::LOAD_IC) {
874 code = NamedLoadHandlerCompiler::ComputeLoadNonexistent(lookup->name(),
876 // TODO(jkummerow/verwaest): Introduce a builtin that handles this case.
877 if (code.is_null()) code = slow_stub();
882 code = ComputeHandler(lookup);
885 PatchCache(lookup->name(), code);
886 TRACE_IC("LoadIC", lookup->name());
890 void IC::UpdateMegamorphicCache(HeapType* type, Name* name, Code* code) {
891 if (kind() == Code::KEYED_LOAD_IC || kind() == Code::KEYED_STORE_IC) return;
892 Map* map = *TypeToMap(type, isolate());
893 isolate()->stub_cache()->Set(name, map, code);
897 Handle<Code> IC::ComputeHandler(LookupIterator* lookup, Handle<Object> value) {
898 bool receiver_is_holder =
899 lookup->GetReceiver().is_identical_to(lookup->GetHolder<JSObject>());
900 CacheHolderFlag flag;
901 Handle<Map> stub_holder_map = IC::GetHandlerCacheHolder(
902 *receiver_type(), receiver_is_holder, isolate(), &flag);
904 Handle<Code> code = PropertyHandlerCompiler::Find(
905 lookup->name(), stub_holder_map, kind(), flag,
906 lookup->is_dictionary_holder() ? Code::NORMAL : Code::FAST);
907 // Use the cached value if it exists, and if it is different from the
908 // handler that just missed.
909 if (!code.is_null()) {
910 if (!maybe_handler_.is_null() &&
911 !maybe_handler_.ToHandleChecked().is_identical_to(code)) {
914 if (maybe_handler_.is_null()) {
915 // maybe_handler_ is only populated for MONOMORPHIC and POLYMORPHIC ICs.
916 // In MEGAMORPHIC case, check if the handler in the megamorphic stub
917 // cache (which just missed) is different from the cached handler.
918 if (state() == MEGAMORPHIC && lookup->GetReceiver()->IsHeapObject()) {
919 Map* map = Handle<HeapObject>::cast(lookup->GetReceiver())->map();
920 Code* megamorphic_cached_code =
921 isolate()->stub_cache()->Get(*lookup->name(), map, code->flags());
922 if (megamorphic_cached_code != *code) return code;
929 code = CompileHandler(lookup, value, flag);
930 DCHECK(code->is_handler());
932 // TODO(mvstanton): we'd only like to cache code on the map when it's custom
933 // code compiled for this map, otherwise it's already cached in the global
935 // cache. We are also guarding against installing code with flags that don't
936 // match the desired CacheHolderFlag computed above, which would lead to
937 // invalid lookups later.
938 if (code->type() != Code::NORMAL &&
939 Code::ExtractCacheHolderFromFlags(code->flags()) == flag) {
940 Map::UpdateCodeCache(stub_holder_map, lookup->name(), code);
947 Handle<Code> LoadIC::CompileHandler(LookupIterator* lookup,
948 Handle<Object> unused,
949 CacheHolderFlag cache_holder) {
950 Handle<Object> receiver = lookup->GetReceiver();
951 if (receiver->IsString() &&
952 Name::Equals(isolate()->factory()->length_string(), lookup->name())) {
953 FieldIndex index = FieldIndex::ForInObjectOffset(String::kLengthOffset);
954 return SimpleFieldLoad(index);
957 if (receiver->IsStringWrapper() &&
958 Name::Equals(isolate()->factory()->length_string(), lookup->name())) {
959 StringLengthStub string_length_stub(isolate());
960 return string_length_stub.GetCode();
963 // Use specialized code for getting prototype of functions.
964 if (receiver->IsJSFunction() &&
965 Name::Equals(isolate()->factory()->prototype_string(), lookup->name()) &&
966 Handle<JSFunction>::cast(receiver)->should_have_prototype() &&
967 !Handle<JSFunction>::cast(receiver)
969 ->has_non_instance_prototype()) {
971 FunctionPrototypeStub function_prototype_stub(isolate());
972 return function_prototype_stub.GetCode();
975 Handle<HeapType> type = receiver_type();
976 Handle<JSObject> holder = lookup->GetHolder<JSObject>();
977 bool receiver_is_holder = receiver.is_identical_to(holder);
978 switch (lookup->state()) {
979 case LookupIterator::INTERCEPTOR: {
980 DCHECK(!holder->GetNamedInterceptor()->getter()->IsUndefined());
981 NamedLoadHandlerCompiler compiler(isolate(), receiver_type(), holder,
983 // Perform a lookup behind the interceptor. Copy the LookupIterator since
984 // the original iterator will be used to fetch the value.
985 LookupIterator it = *lookup;
988 return compiler.CompileLoadInterceptor(&it);
991 case LookupIterator::ACCESSOR: {
992 // Use simple field loads for some well-known callback properties.
993 if (receiver_is_holder) {
994 DCHECK(receiver->IsJSObject());
995 Handle<JSObject> js_receiver = Handle<JSObject>::cast(receiver);
997 if (Accessors::IsJSObjectFieldAccessor<HeapType>(type, lookup->name(),
1000 FieldIndex::ForInObjectOffset(object_offset, js_receiver->map());
1001 return SimpleFieldLoad(index);
1005 Handle<Object> accessors = lookup->GetAccessors();
1006 if (accessors->IsExecutableAccessorInfo()) {
1007 Handle<ExecutableAccessorInfo> info =
1008 Handle<ExecutableAccessorInfo>::cast(accessors);
1009 if (v8::ToCData<Address>(info->getter()) == 0) break;
1010 if (!ExecutableAccessorInfo::IsCompatibleReceiverType(isolate(), info,
1014 if (!holder->HasFastProperties()) break;
1015 NamedLoadHandlerCompiler compiler(isolate(), receiver_type(), holder,
1017 return compiler.CompileLoadCallback(lookup->name(), info);
1019 if (accessors->IsAccessorPair()) {
1020 Handle<Object> getter(Handle<AccessorPair>::cast(accessors)->getter(),
1022 if (!getter->IsJSFunction()) break;
1023 if (!holder->HasFastProperties()) break;
1024 Handle<JSFunction> function = Handle<JSFunction>::cast(getter);
1025 if (!receiver->IsJSObject() && !function->IsBuiltin() &&
1026 function->shared()->strict_mode() == SLOPPY) {
1027 // Calling sloppy non-builtins with a value as the receiver
1031 CallOptimization call_optimization(function);
1032 NamedLoadHandlerCompiler compiler(isolate(), receiver_type(), holder,
1034 if (call_optimization.is_simple_api_call() &&
1035 call_optimization.IsCompatibleReceiver(receiver, holder)) {
1036 return compiler.CompileLoadCallback(lookup->name(),
1039 return compiler.CompileLoadViaGetter(lookup->name(), function);
1041 // TODO(dcarney): Handle correctly.
1042 DCHECK(accessors->IsDeclaredAccessorInfo());
1046 case LookupIterator::DATA: {
1047 if (lookup->is_dictionary_holder()) {
1048 if (kind() != Code::LOAD_IC) break;
1049 if (holder->IsGlobalObject()) {
1050 NamedLoadHandlerCompiler compiler(isolate(), receiver_type(), holder,
1052 Handle<PropertyCell> cell = lookup->GetPropertyCell();
1053 Handle<Code> code = compiler.CompileLoadGlobal(
1054 cell, lookup->name(), lookup->IsConfigurable());
1055 // TODO(verwaest): Move caching of these NORMAL stubs outside as well.
1056 CacheHolderFlag flag;
1057 Handle<Map> stub_holder_map = GetHandlerCacheHolder(
1058 *type, receiver_is_holder, isolate(), &flag);
1059 Map::UpdateCodeCache(stub_holder_map, lookup->name(), code);
1062 // There is only one shared stub for loading normalized
1063 // properties. It does not traverse the prototype chain, so the
1064 // property must be found in the object for the stub to be
1066 if (!receiver_is_holder) break;
1067 return isolate()->builtins()->LoadIC_Normal();
1070 // -------------- Fields --------------
1071 if (lookup->property_details().type() == FIELD) {
1072 FieldIndex field = lookup->GetFieldIndex();
1073 if (receiver_is_holder) {
1074 return SimpleFieldLoad(field);
1076 NamedLoadHandlerCompiler compiler(isolate(), receiver_type(), holder,
1078 return compiler.CompileLoadField(lookup->name(), field);
1081 // -------------- Constant properties --------------
1082 DCHECK(lookup->property_details().type() == CONSTANT);
1083 if (receiver_is_holder) {
1084 LoadConstantStub stub(isolate(), lookup->GetConstantIndex());
1085 return stub.GetCode();
1087 NamedLoadHandlerCompiler compiler(isolate(), receiver_type(), holder,
1089 return compiler.CompileLoadConstant(lookup->name(),
1090 lookup->GetConstantIndex());
1093 case LookupIterator::ACCESS_CHECK:
1094 case LookupIterator::JSPROXY:
1095 case LookupIterator::NOT_FOUND:
1096 case LookupIterator::TRANSITION:
1104 static Handle<Object> TryConvertKey(Handle<Object> key, Isolate* isolate) {
1105 // This helper implements a few common fast cases for converting
1106 // non-smi keys of keyed loads/stores to a smi or a string.
1107 if (key->IsHeapNumber()) {
1108 double value = Handle<HeapNumber>::cast(key)->value();
1109 if (std::isnan(value)) {
1110 key = isolate->factory()->nan_string();
1112 int int_value = FastD2I(value);
1113 if (value == int_value && Smi::IsValid(int_value)) {
1114 key = Handle<Smi>(Smi::FromInt(int_value), isolate);
1117 } else if (key->IsUndefined()) {
1118 key = isolate->factory()->undefined_string();
1124 Handle<Code> KeyedLoadIC::LoadElementStub(Handle<JSObject> receiver) {
1125 Handle<Map> receiver_map(receiver->map(), isolate());
1126 MapHandleList target_receiver_maps;
1127 if (target().is_identical_to(string_stub())) {
1128 target_receiver_maps.Add(isolate()->factory()->string_map());
1130 TargetMaps(&target_receiver_maps);
1132 if (target_receiver_maps.length() == 0) {
1133 return PropertyICCompiler::ComputeKeyedLoadMonomorphic(receiver_map);
1136 // The first time a receiver is seen that is a transitioned version of the
1137 // previous monomorphic receiver type, assume the new ElementsKind is the
1138 // monomorphic type. This benefits global arrays that only transition
1139 // once, and all call sites accessing them are faster if they remain
1140 // monomorphic. If this optimistic assumption is not true, the IC will
1141 // miss again and it will become polymorphic and support both the
1142 // untransitioned and transitioned maps.
1143 if (state() == MONOMORPHIC && IsMoreGeneralElementsKindTransition(
1144 target_receiver_maps.at(0)->elements_kind(),
1145 receiver->GetElementsKind())) {
1146 return PropertyICCompiler::ComputeKeyedLoadMonomorphic(receiver_map);
1149 DCHECK(state() != GENERIC);
1151 // Determine the list of receiver maps that this call site has seen,
1152 // adding the map that was just encountered.
1153 if (!AddOneReceiverMapIfMissing(&target_receiver_maps, receiver_map)) {
1154 // If the miss wasn't due to an unseen map, a polymorphic stub
1155 // won't help, use the generic stub.
1156 TRACE_GENERIC_IC(isolate(), "KeyedLoadIC", "same map added twice");
1157 return generic_stub();
1160 // If the maximum number of receiver maps has been exceeded, use the generic
1161 // version of the IC.
1162 if (target_receiver_maps.length() > kMaxKeyedPolymorphism) {
1163 TRACE_GENERIC_IC(isolate(), "KeyedLoadIC", "max polymorph exceeded");
1164 return generic_stub();
1167 return PropertyICCompiler::ComputeKeyedLoadPolymorphic(&target_receiver_maps);
1171 MaybeHandle<Object> KeyedLoadIC::Load(Handle<Object> object,
1172 Handle<Object> key) {
1173 if (MigrateDeprecated(object)) {
1174 Handle<Object> result;
1175 ASSIGN_RETURN_ON_EXCEPTION(
1176 isolate(), result, Runtime::GetObjectProperty(isolate(), object, key),
1181 Handle<Object> load_handle;
1182 Handle<Code> stub = generic_stub();
1184 // Check for non-string values that can be converted into an
1185 // internalized string directly or is representable as a smi.
1186 key = TryConvertKey(key, isolate());
1188 if (key->IsInternalizedString() || key->IsSymbol()) {
1189 ASSIGN_RETURN_ON_EXCEPTION(isolate(), load_handle,
1190 LoadIC::Load(object, Handle<Name>::cast(key)),
1192 } else if (FLAG_use_ic && !object->IsAccessCheckNeeded()) {
1193 if (object->IsString() && key->IsNumber()) {
1194 if (state() == UNINITIALIZED) stub = string_stub();
1195 } else if (object->IsJSObject()) {
1196 Handle<JSObject> receiver = Handle<JSObject>::cast(object);
1197 if (!Object::ToSmi(isolate(), key).is_null()) {
1198 stub = LoadElementStub(receiver);
1203 if (!is_target_set()) {
1204 Code* generic = *generic_stub();
1205 if (*stub == generic) {
1206 TRACE_GENERIC_IC(isolate(), "KeyedLoadIC", "set generic");
1209 TRACE_IC("LoadIC", key);
1212 if (!load_handle.is_null()) return load_handle;
1213 Handle<Object> result;
1214 ASSIGN_RETURN_ON_EXCEPTION(isolate(), result,
1215 Runtime::GetObjectProperty(isolate(), object, key),
1221 bool StoreIC::LookupForWrite(LookupIterator* it, Handle<Object> value,
1222 JSReceiver::StoreFromKeyed store_mode) {
1223 // Disable ICs for non-JSObjects for now.
1224 Handle<Object> receiver = it->GetReceiver();
1225 if (!receiver->IsJSObject()) return false;
1226 DCHECK(!Handle<JSObject>::cast(receiver)->map()->is_deprecated());
1228 for (; it->IsFound(); it->Next()) {
1229 switch (it->state()) {
1230 case LookupIterator::NOT_FOUND:
1231 case LookupIterator::TRANSITION:
1233 case LookupIterator::JSPROXY:
1235 case LookupIterator::INTERCEPTOR: {
1236 Handle<JSObject> holder = it->GetHolder<JSObject>();
1237 InterceptorInfo* info = holder->GetNamedInterceptor();
1238 if (it->HolderIsReceiverOrHiddenPrototype()) {
1239 if (!info->setter()->IsUndefined()) return true;
1240 } else if (!info->getter()->IsUndefined() ||
1241 !info->query()->IsUndefined()) {
1246 case LookupIterator::ACCESS_CHECK:
1247 if (it->GetHolder<JSObject>()->IsAccessCheckNeeded()) return false;
1249 case LookupIterator::ACCESSOR:
1250 return !it->IsReadOnly();
1251 case LookupIterator::DATA: {
1252 if (it->IsReadOnly()) return false;
1253 Handle<JSObject> holder = it->GetHolder<JSObject>();
1254 if (receiver.is_identical_to(holder)) {
1255 it->PrepareForDataProperty(value);
1256 // The previous receiver map might just have been deprecated,
1258 update_receiver_type(receiver);
1262 // Receiver != holder.
1263 PrototypeIterator iter(it->isolate(), receiver);
1264 if (receiver->IsJSGlobalProxy()) {
1265 return it->GetHolder<Object>().is_identical_to(
1266 PrototypeIterator::GetCurrent(iter));
1269 it->PrepareTransitionToDataProperty(value, NONE, store_mode);
1270 return it->IsCacheableTransition();
1275 it->PrepareTransitionToDataProperty(value, NONE, store_mode);
1276 return it->IsCacheableTransition();
1280 MaybeHandle<Object> StoreIC::Store(Handle<Object> object, Handle<Name> name,
1281 Handle<Object> value,
1282 JSReceiver::StoreFromKeyed store_mode) {
1283 // TODO(verwaest): Let SetProperty do the migration, since storing a property
1284 // might deprecate the current map again, if value does not fit.
1285 if (MigrateDeprecated(object) || object->IsJSProxy()) {
1286 Handle<Object> result;
1287 ASSIGN_RETURN_ON_EXCEPTION(
1289 Object::SetProperty(object, name, value, strict_mode()), Object);
1293 // If the object is undefined or null it's illegal to try to set any
1294 // properties on it; throw a TypeError in that case.
1295 if (object->IsUndefined() || object->IsNull()) {
1296 return TypeError("non_object_property_store", object, name);
1299 // Check if the given name is an array index.
1301 if (name->AsArrayIndex(&index)) {
1302 // Ignore other stores where the receiver is not a JSObject.
1303 // TODO(1475): Must check prototype chains of object wrappers.
1304 if (!object->IsJSObject()) return value;
1305 Handle<JSObject> receiver = Handle<JSObject>::cast(object);
1307 Handle<Object> result;
1308 ASSIGN_RETURN_ON_EXCEPTION(
1310 JSObject::SetElement(receiver, index, value, NONE, strict_mode()),
1315 // Observed objects are always modified through the runtime.
1316 if (object->IsHeapObject() &&
1317 Handle<HeapObject>::cast(object)->map()->is_observed()) {
1318 Handle<Object> result;
1319 ASSIGN_RETURN_ON_EXCEPTION(
1321 Object::SetProperty(object, name, value, strict_mode(), store_mode),
1326 LookupIterator it(object, name);
1327 if (FLAG_use_ic) UpdateCaches(&it, value, store_mode);
1329 // Set the property.
1330 Handle<Object> result;
1331 ASSIGN_RETURN_ON_EXCEPTION(
1333 Object::SetProperty(&it, value, strict_mode(), store_mode), Object);
1338 Handle<Code> CallIC::initialize_stub(Isolate* isolate, int argc,
1339 CallICState::CallType call_type) {
1340 CallICStub stub(isolate, CallICState(argc, call_type));
1341 Handle<Code> code = stub.GetCode();
1346 Handle<Code> StoreIC::initialize_stub(Isolate* isolate,
1347 StrictMode strict_mode) {
1348 ExtraICState extra_state = ComputeExtraICState(strict_mode);
1350 PropertyICCompiler::ComputeStore(isolate, UNINITIALIZED, extra_state);
1355 Handle<Code> StoreIC::megamorphic_stub() {
1356 if (kind() == Code::STORE_IC) {
1357 return PropertyICCompiler::ComputeStore(isolate(), MEGAMORPHIC,
1360 DCHECK(kind() == Code::KEYED_STORE_IC);
1361 if (strict_mode() == STRICT) {
1362 return isolate()->builtins()->KeyedStoreIC_Generic_Strict();
1364 return isolate()->builtins()->KeyedStoreIC_Generic();
1370 Handle<Code> StoreIC::generic_stub() const {
1371 if (kind() == Code::STORE_IC) {
1372 return PropertyICCompiler::ComputeStore(isolate(), GENERIC,
1375 DCHECK(kind() == Code::KEYED_STORE_IC);
1376 if (strict_mode() == STRICT) {
1377 return isolate()->builtins()->KeyedStoreIC_Generic_Strict();
1379 return isolate()->builtins()->KeyedStoreIC_Generic();
1385 Handle<Code> StoreIC::slow_stub() const {
1386 if (kind() == Code::STORE_IC) {
1387 return isolate()->builtins()->StoreIC_Slow();
1389 DCHECK(kind() == Code::KEYED_STORE_IC);
1390 return isolate()->builtins()->KeyedStoreIC_Slow();
1395 Handle<Code> StoreIC::pre_monomorphic_stub(Isolate* isolate,
1396 StrictMode strict_mode) {
1397 ExtraICState state = ComputeExtraICState(strict_mode);
1398 return PropertyICCompiler::ComputeStore(isolate, PREMONOMORPHIC, state);
1402 void StoreIC::UpdateCaches(LookupIterator* lookup, Handle<Object> value,
1403 JSReceiver::StoreFromKeyed store_mode) {
1404 if (state() == UNINITIALIZED) {
1405 // This is the first time we execute this inline cache. Set the target to
1406 // the pre monomorphic stub to delay setting the monomorphic state.
1407 set_target(*pre_monomorphic_stub());
1408 TRACE_IC("StoreIC", lookup->name());
1412 bool use_ic = LookupForWrite(lookup, value, store_mode);
1414 TRACE_GENERIC_IC(isolate(), "StoreIC", "LookupForWrite said 'false'");
1416 Handle<Code> code = use_ic ? ComputeHandler(lookup, value) : slow_stub();
1418 PatchCache(lookup->name(), code);
1419 TRACE_IC("StoreIC", lookup->name());
1423 Handle<Code> StoreIC::CompileHandler(LookupIterator* lookup,
1424 Handle<Object> value,
1425 CacheHolderFlag cache_holder) {
1426 DCHECK_NE(LookupIterator::JSPROXY, lookup->state());
1428 // This is currently guaranteed by checks in StoreIC::Store.
1429 Handle<JSObject> receiver = Handle<JSObject>::cast(lookup->GetReceiver());
1430 Handle<JSObject> holder = lookup->GetHolder<JSObject>();
1431 DCHECK(!receiver->IsAccessCheckNeeded());
1433 switch (lookup->state()) {
1434 case LookupIterator::TRANSITION: {
1435 Handle<Map> transition = lookup->transition_map();
1436 // Currently not handled by CompileStoreTransition.
1437 if (!holder->HasFastProperties()) {
1438 TRACE_GENERIC_IC(isolate(), "StoreIC", "transition from slow");
1442 DCHECK(lookup->IsCacheableTransition());
1443 NamedStoreHandlerCompiler compiler(isolate(), receiver_type(), holder);
1444 return compiler.CompileStoreTransition(transition, lookup->name());
1447 case LookupIterator::INTERCEPTOR: {
1448 DCHECK(!holder->GetNamedInterceptor()->setter()->IsUndefined());
1449 NamedStoreHandlerCompiler compiler(isolate(), receiver_type(), holder);
1450 return compiler.CompileStoreInterceptor(lookup->name());
1453 case LookupIterator::ACCESSOR: {
1454 if (!holder->HasFastProperties()) {
1455 TRACE_GENERIC_IC(isolate(), "StoreIC", "accessor on slow map");
1458 Handle<Object> accessors = lookup->GetAccessors();
1459 if (accessors->IsExecutableAccessorInfo()) {
1460 Handle<ExecutableAccessorInfo> info =
1461 Handle<ExecutableAccessorInfo>::cast(accessors);
1462 if (v8::ToCData<Address>(info->setter()) == 0) {
1463 TRACE_GENERIC_IC(isolate(), "StoreIC", "setter == 0");
1466 if (!ExecutableAccessorInfo::IsCompatibleReceiverType(
1467 isolate(), info, receiver_type())) {
1468 TRACE_GENERIC_IC(isolate(), "StoreIC", "incompatible receiver type");
1471 NamedStoreHandlerCompiler compiler(isolate(), receiver_type(), holder);
1472 return compiler.CompileStoreCallback(receiver, lookup->name(), info);
1473 } else if (accessors->IsAccessorPair()) {
1474 Handle<Object> setter(Handle<AccessorPair>::cast(accessors)->setter(),
1476 if (!setter->IsJSFunction()) {
1477 TRACE_GENERIC_IC(isolate(), "StoreIC", "setter not a function");
1480 Handle<JSFunction> function = Handle<JSFunction>::cast(setter);
1481 CallOptimization call_optimization(function);
1482 NamedStoreHandlerCompiler compiler(isolate(), receiver_type(), holder);
1483 if (call_optimization.is_simple_api_call() &&
1484 call_optimization.IsCompatibleReceiver(receiver, holder)) {
1485 return compiler.CompileStoreCallback(receiver, lookup->name(),
1488 return compiler.CompileStoreViaSetter(receiver, lookup->name(),
1489 Handle<JSFunction>::cast(setter));
1491 // TODO(dcarney): Handle correctly.
1492 DCHECK(accessors->IsDeclaredAccessorInfo());
1493 TRACE_GENERIC_IC(isolate(), "StoreIC", "declared accessor info");
1497 case LookupIterator::DATA: {
1498 if (lookup->is_dictionary_holder()) {
1499 if (holder->IsGlobalObject()) {
1500 Handle<PropertyCell> cell = lookup->GetPropertyCell();
1501 Handle<HeapType> union_type = PropertyCell::UpdatedType(cell, value);
1502 StoreGlobalStub stub(isolate(), union_type->IsConstant(),
1503 receiver->IsJSGlobalProxy());
1504 Handle<Code> code = stub.GetCodeCopyFromTemplate(
1505 Handle<GlobalObject>::cast(holder), cell);
1506 // TODO(verwaest): Move caching of these NORMAL stubs outside as well.
1507 HeapObject::UpdateMapCodeCache(receiver, lookup->name(), code);
1510 DCHECK(holder.is_identical_to(receiver));
1511 return isolate()->builtins()->StoreIC_Normal();
1514 // -------------- Fields --------------
1515 if (lookup->property_details().type() == FIELD) {
1516 bool use_stub = true;
1517 if (lookup->representation().IsHeapObject()) {
1518 // Only use a generic stub if no types need to be tracked.
1519 Handle<HeapType> field_type = lookup->GetFieldType();
1520 HeapType::Iterator<Map> it = field_type->Classes();
1521 use_stub = it.Done();
1524 StoreFieldStub stub(isolate(), lookup->GetFieldIndex(),
1525 lookup->representation());
1526 return stub.GetCode();
1528 NamedStoreHandlerCompiler compiler(isolate(), receiver_type(), holder);
1529 return compiler.CompileStoreField(lookup);
1532 // -------------- Constant properties --------------
1533 DCHECK(lookup->property_details().type() == CONSTANT);
1534 TRACE_GENERIC_IC(isolate(), "StoreIC", "constant property");
1538 case LookupIterator::ACCESS_CHECK:
1539 case LookupIterator::JSPROXY:
1540 case LookupIterator::NOT_FOUND:
1547 Handle<Code> KeyedStoreIC::StoreElementStub(Handle<JSObject> receiver,
1548 KeyedAccessStoreMode store_mode) {
1549 // Don't handle megamorphic property accesses for INTERCEPTORS or CALLBACKS
1550 // via megamorphic stubs, since they don't have a map in their relocation info
1551 // and so the stubs can't be harvested for the object needed for a map check.
1552 if (target()->type() != Code::NORMAL) {
1553 TRACE_GENERIC_IC(isolate(), "KeyedStoreIC", "non-NORMAL target type");
1554 return generic_stub();
1557 Handle<Map> receiver_map(receiver->map(), isolate());
1558 MapHandleList target_receiver_maps;
1559 TargetMaps(&target_receiver_maps);
1560 if (target_receiver_maps.length() == 0) {
1561 Handle<Map> monomorphic_map =
1562 ComputeTransitionedMap(receiver_map, store_mode);
1563 store_mode = GetNonTransitioningStoreMode(store_mode);
1564 return PropertyICCompiler::ComputeKeyedStoreMonomorphic(
1565 monomorphic_map, strict_mode(), store_mode);
1568 // There are several special cases where an IC that is MONOMORPHIC can still
1569 // transition to a different GetNonTransitioningStoreMode IC that handles a
1570 // superset of the original IC. Handle those here if the receiver map hasn't
1571 // changed or it has transitioned to a more general kind.
1572 KeyedAccessStoreMode old_store_mode =
1573 KeyedStoreIC::GetKeyedAccessStoreMode(target()->extra_ic_state());
1574 Handle<Map> previous_receiver_map = target_receiver_maps.at(0);
1575 if (state() == MONOMORPHIC) {
1576 Handle<Map> transitioned_receiver_map = receiver_map;
1577 if (IsTransitionStoreMode(store_mode)) {
1578 transitioned_receiver_map =
1579 ComputeTransitionedMap(receiver_map, store_mode);
1581 if ((receiver_map.is_identical_to(previous_receiver_map) &&
1582 IsTransitionStoreMode(store_mode)) ||
1583 IsTransitionOfMonomorphicTarget(*previous_receiver_map,
1584 *transitioned_receiver_map)) {
1585 // If the "old" and "new" maps are in the same elements map family, or
1586 // if they at least come from the same origin for a transitioning store,
1587 // stay MONOMORPHIC and use the map for the most generic ElementsKind.
1588 store_mode = GetNonTransitioningStoreMode(store_mode);
1589 return PropertyICCompiler::ComputeKeyedStoreMonomorphic(
1590 transitioned_receiver_map, strict_mode(), store_mode);
1591 } else if (*previous_receiver_map == receiver->map() &&
1592 old_store_mode == STANDARD_STORE &&
1593 (store_mode == STORE_AND_GROW_NO_TRANSITION ||
1594 store_mode == STORE_NO_TRANSITION_IGNORE_OUT_OF_BOUNDS ||
1595 store_mode == STORE_NO_TRANSITION_HANDLE_COW)) {
1596 // A "normal" IC that handles stores can switch to a version that can
1597 // grow at the end of the array, handle OOB accesses or copy COW arrays
1598 // and still stay MONOMORPHIC.
1599 return PropertyICCompiler::ComputeKeyedStoreMonomorphic(
1600 receiver_map, strict_mode(), store_mode);
1604 DCHECK(state() != GENERIC);
1607 AddOneReceiverMapIfMissing(&target_receiver_maps, receiver_map);
1609 if (IsTransitionStoreMode(store_mode)) {
1610 Handle<Map> transitioned_receiver_map =
1611 ComputeTransitionedMap(receiver_map, store_mode);
1612 map_added |= AddOneReceiverMapIfMissing(&target_receiver_maps,
1613 transitioned_receiver_map);
1617 // If the miss wasn't due to an unseen map, a polymorphic stub
1618 // won't help, use the generic stub.
1619 TRACE_GENERIC_IC(isolate(), "KeyedStoreIC", "same map added twice");
1620 return generic_stub();
1623 // If the maximum number of receiver maps has been exceeded, use the generic
1624 // version of the IC.
1625 if (target_receiver_maps.length() > kMaxKeyedPolymorphism) {
1626 TRACE_GENERIC_IC(isolate(), "KeyedStoreIC", "max polymorph exceeded");
1627 return generic_stub();
1630 // Make sure all polymorphic handlers have the same store mode, otherwise the
1631 // generic stub must be used.
1632 store_mode = GetNonTransitioningStoreMode(store_mode);
1633 if (old_store_mode != STANDARD_STORE) {
1634 if (store_mode == STANDARD_STORE) {
1635 store_mode = old_store_mode;
1636 } else if (store_mode != old_store_mode) {
1637 TRACE_GENERIC_IC(isolate(), "KeyedStoreIC", "store mode mismatch");
1638 return generic_stub();
1642 // If the store mode isn't the standard mode, make sure that all polymorphic
1643 // receivers are either external arrays, or all "normal" arrays. Otherwise,
1644 // use the generic stub.
1645 if (store_mode != STANDARD_STORE) {
1646 int external_arrays = 0;
1647 for (int i = 0; i < target_receiver_maps.length(); ++i) {
1648 if (target_receiver_maps[i]->has_external_array_elements() ||
1649 target_receiver_maps[i]->has_fixed_typed_array_elements()) {
1653 if (external_arrays != 0 &&
1654 external_arrays != target_receiver_maps.length()) {
1655 TRACE_GENERIC_IC(isolate(), "KeyedStoreIC",
1656 "unsupported combination of external and normal arrays");
1657 return generic_stub();
1661 return PropertyICCompiler::ComputeKeyedStorePolymorphic(
1662 &target_receiver_maps, store_mode, strict_mode());
1666 Handle<Map> KeyedStoreIC::ComputeTransitionedMap(
1667 Handle<Map> map, KeyedAccessStoreMode store_mode) {
1668 switch (store_mode) {
1669 case STORE_TRANSITION_SMI_TO_OBJECT:
1670 case STORE_TRANSITION_DOUBLE_TO_OBJECT:
1671 case STORE_AND_GROW_TRANSITION_SMI_TO_OBJECT:
1672 case STORE_AND_GROW_TRANSITION_DOUBLE_TO_OBJECT:
1673 return Map::TransitionElementsTo(map, FAST_ELEMENTS);
1674 case STORE_TRANSITION_SMI_TO_DOUBLE:
1675 case STORE_AND_GROW_TRANSITION_SMI_TO_DOUBLE:
1676 return Map::TransitionElementsTo(map, FAST_DOUBLE_ELEMENTS);
1677 case STORE_TRANSITION_HOLEY_SMI_TO_OBJECT:
1678 case STORE_TRANSITION_HOLEY_DOUBLE_TO_OBJECT:
1679 case STORE_AND_GROW_TRANSITION_HOLEY_SMI_TO_OBJECT:
1680 case STORE_AND_GROW_TRANSITION_HOLEY_DOUBLE_TO_OBJECT:
1681 return Map::TransitionElementsTo(map, FAST_HOLEY_ELEMENTS);
1682 case STORE_TRANSITION_HOLEY_SMI_TO_DOUBLE:
1683 case STORE_AND_GROW_TRANSITION_HOLEY_SMI_TO_DOUBLE:
1684 return Map::TransitionElementsTo(map, FAST_HOLEY_DOUBLE_ELEMENTS);
1685 case STORE_NO_TRANSITION_IGNORE_OUT_OF_BOUNDS:
1686 DCHECK(map->has_external_array_elements());
1688 case STORE_NO_TRANSITION_HANDLE_COW:
1689 case STANDARD_STORE:
1690 case STORE_AND_GROW_NO_TRANSITION:
1694 return MaybeHandle<Map>().ToHandleChecked();
1698 bool IsOutOfBoundsAccess(Handle<JSObject> receiver, int index) {
1699 if (receiver->IsJSArray()) {
1700 return JSArray::cast(*receiver)->length()->IsSmi() &&
1701 index >= Smi::cast(JSArray::cast(*receiver)->length())->value();
1703 return index >= receiver->elements()->length();
1707 KeyedAccessStoreMode KeyedStoreIC::GetStoreMode(Handle<JSObject> receiver,
1709 Handle<Object> value) {
1710 Handle<Smi> smi_key = Object::ToSmi(isolate(), key).ToHandleChecked();
1711 int index = smi_key->value();
1712 bool oob_access = IsOutOfBoundsAccess(receiver, index);
1713 // Don't consider this a growing store if the store would send the receiver to
1715 bool allow_growth = receiver->IsJSArray() && oob_access &&
1716 !receiver->WouldConvertToSlowElements(key);
1718 // Handle growing array in stub if necessary.
1719 if (receiver->HasFastSmiElements()) {
1720 if (value->IsHeapNumber()) {
1721 if (receiver->HasFastHoleyElements()) {
1722 return STORE_AND_GROW_TRANSITION_HOLEY_SMI_TO_DOUBLE;
1724 return STORE_AND_GROW_TRANSITION_SMI_TO_DOUBLE;
1727 if (value->IsHeapObject()) {
1728 if (receiver->HasFastHoleyElements()) {
1729 return STORE_AND_GROW_TRANSITION_HOLEY_SMI_TO_OBJECT;
1731 return STORE_AND_GROW_TRANSITION_SMI_TO_OBJECT;
1734 } else if (receiver->HasFastDoubleElements()) {
1735 if (!value->IsSmi() && !value->IsHeapNumber()) {
1736 if (receiver->HasFastHoleyElements()) {
1737 return STORE_AND_GROW_TRANSITION_HOLEY_DOUBLE_TO_OBJECT;
1739 return STORE_AND_GROW_TRANSITION_DOUBLE_TO_OBJECT;
1743 return STORE_AND_GROW_NO_TRANSITION;
1745 // Handle only in-bounds elements accesses.
1746 if (receiver->HasFastSmiElements()) {
1747 if (value->IsHeapNumber()) {
1748 if (receiver->HasFastHoleyElements()) {
1749 return STORE_TRANSITION_HOLEY_SMI_TO_DOUBLE;
1751 return STORE_TRANSITION_SMI_TO_DOUBLE;
1753 } else if (value->IsHeapObject()) {
1754 if (receiver->HasFastHoleyElements()) {
1755 return STORE_TRANSITION_HOLEY_SMI_TO_OBJECT;
1757 return STORE_TRANSITION_SMI_TO_OBJECT;
1760 } else if (receiver->HasFastDoubleElements()) {
1761 if (!value->IsSmi() && !value->IsHeapNumber()) {
1762 if (receiver->HasFastHoleyElements()) {
1763 return STORE_TRANSITION_HOLEY_DOUBLE_TO_OBJECT;
1765 return STORE_TRANSITION_DOUBLE_TO_OBJECT;
1769 if (!FLAG_trace_external_array_abuse &&
1770 receiver->map()->has_external_array_elements() && oob_access) {
1771 return STORE_NO_TRANSITION_IGNORE_OUT_OF_BOUNDS;
1773 Heap* heap = receiver->GetHeap();
1774 if (receiver->elements()->map() == heap->fixed_cow_array_map()) {
1775 return STORE_NO_TRANSITION_HANDLE_COW;
1777 return STANDARD_STORE;
1783 MaybeHandle<Object> KeyedStoreIC::Store(Handle<Object> object,
1785 Handle<Object> value) {
1786 // TODO(verwaest): Let SetProperty do the migration, since storing a property
1787 // might deprecate the current map again, if value does not fit.
1788 if (MigrateDeprecated(object)) {
1789 Handle<Object> result;
1790 ASSIGN_RETURN_ON_EXCEPTION(
1791 isolate(), result, Runtime::SetObjectProperty(isolate(), object, key,
1792 value, strict_mode()),
1797 // Check for non-string values that can be converted into an
1798 // internalized string directly or is representable as a smi.
1799 key = TryConvertKey(key, isolate());
1801 Handle<Object> store_handle;
1802 Handle<Code> stub = generic_stub();
1804 if (key->IsInternalizedString()) {
1805 ASSIGN_RETURN_ON_EXCEPTION(
1806 isolate(), store_handle,
1807 StoreIC::Store(object, Handle<String>::cast(key), value,
1808 JSReceiver::MAY_BE_STORE_FROM_KEYED),
1810 // TODO(jkummerow): Ideally we'd wrap this in "if (!is_target_set())",
1811 // but doing so causes Hydrogen crashes. Needs investigation.
1812 TRACE_GENERIC_IC(isolate(), "KeyedStoreIC",
1813 "unhandled internalized string key");
1814 TRACE_IC("StoreIC", key);
1816 return store_handle;
1820 FLAG_use_ic && !object->IsStringWrapper() &&
1821 !object->IsAccessCheckNeeded() && !object->IsJSGlobalProxy() &&
1822 !(object->IsJSObject() && JSObject::cast(*object)->map()->is_observed());
1823 if (use_ic && !object->IsSmi()) {
1824 // Don't use ICs for maps of the objects in Array's prototype chain. We
1825 // expect to be able to trap element sets to objects with those maps in
1826 // the runtime to enable optimization of element hole access.
1827 Handle<HeapObject> heap_object = Handle<HeapObject>::cast(object);
1828 if (heap_object->map()->IsMapInArrayPrototypeChain()) {
1829 TRACE_GENERIC_IC(isolate(), "KeyedStoreIC", "map in array prototype");
1835 DCHECK(!object->IsAccessCheckNeeded());
1837 if (object->IsJSObject()) {
1838 Handle<JSObject> receiver = Handle<JSObject>::cast(object);
1839 bool key_is_smi_like = !Object::ToSmi(isolate(), key).is_null();
1840 if (receiver->elements()->map() ==
1841 isolate()->heap()->sloppy_arguments_elements_map()) {
1842 if (strict_mode() == SLOPPY) {
1843 stub = sloppy_arguments_stub();
1845 TRACE_GENERIC_IC(isolate(), "KeyedStoreIC", "arguments receiver");
1847 } else if (key_is_smi_like &&
1848 !(target().is_identical_to(sloppy_arguments_stub()))) {
1849 // We should go generic if receiver isn't a dictionary, but our
1850 // prototype chain does have dictionary elements. This ensures that
1851 // other non-dictionary receivers in the polymorphic case benefit
1852 // from fast path keyed stores.
1853 if (!(receiver->map()->DictionaryElementsInPrototypeChainOnly())) {
1854 KeyedAccessStoreMode store_mode = GetStoreMode(receiver, key, value);
1855 stub = StoreElementStub(receiver, store_mode);
1857 TRACE_GENERIC_IC(isolate(), "KeyedStoreIC", "dictionary prototype");
1860 TRACE_GENERIC_IC(isolate(), "KeyedStoreIC", "non-smi-like key");
1863 TRACE_GENERIC_IC(isolate(), "KeyedStoreIC", "non-JSObject receiver");
1867 if (store_handle.is_null()) {
1868 ASSIGN_RETURN_ON_EXCEPTION(
1869 isolate(), store_handle,
1870 Runtime::SetObjectProperty(isolate(), object, key, value,
1875 DCHECK(!is_target_set());
1876 Code* generic = *generic_stub();
1877 if (*stub == generic) {
1878 TRACE_GENERIC_IC(isolate(), "KeyedStoreIC", "set generic");
1880 if (*stub == *slow_stub()) {
1881 TRACE_GENERIC_IC(isolate(), "KeyedStoreIC", "slow stub");
1883 DCHECK(!stub.is_null());
1885 TRACE_IC("StoreIC", key);
1887 return store_handle;
1891 bool CallIC::DoCustomHandler(Handle<Object> receiver, Handle<Object> function,
1892 Handle<TypeFeedbackVector> vector,
1893 Handle<Smi> slot, const CallICState& state) {
1894 DCHECK(FLAG_use_ic && function->IsJSFunction());
1896 // Are we the array function?
1897 Handle<JSFunction> array_function =
1898 Handle<JSFunction>(isolate()->native_context()->array_function());
1899 if (array_function.is_identical_to(Handle<JSFunction>::cast(function))) {
1901 IC::State old_state = FeedbackToState(vector, slot);
1902 Object* feedback = vector->get(slot->value());
1903 if (!feedback->IsAllocationSite()) {
1904 Handle<AllocationSite> new_site =
1905 isolate()->factory()->NewAllocationSite();
1906 vector->set(slot->value(), *new_site);
1909 CallIC_ArrayStub stub(isolate(), state);
1910 set_target(*stub.GetCode());
1911 Handle<String> name;
1912 if (array_function->shared()->name()->IsString()) {
1913 name = Handle<String>(String::cast(array_function->shared()->name()),
1917 IC::State new_state = FeedbackToState(vector, slot);
1918 OnTypeFeedbackChanged(isolate(), address(), old_state, new_state, true);
1919 TRACE_VECTOR_IC("CallIC (custom handler)", name, old_state, new_state);
1926 void CallIC::PatchMegamorphic(Handle<Object> function,
1927 Handle<TypeFeedbackVector> vector,
1929 CallICState state(target()->extra_ic_state());
1930 IC::State old_state = FeedbackToState(vector, slot);
1932 // We are going generic.
1933 vector->set(slot->value(),
1934 *TypeFeedbackVector::MegamorphicSentinel(isolate()),
1935 SKIP_WRITE_BARRIER);
1937 CallICStub stub(isolate(), state);
1938 Handle<Code> code = stub.GetCode();
1941 Handle<Object> name = isolate()->factory()->empty_string();
1942 if (function->IsJSFunction()) {
1943 Handle<JSFunction> js_function = Handle<JSFunction>::cast(function);
1944 name = handle(js_function->shared()->name(), isolate());
1947 IC::State new_state = FeedbackToState(vector, slot);
1948 OnTypeFeedbackChanged(isolate(), address(), old_state, new_state, true);
1949 TRACE_VECTOR_IC("CallIC", name, old_state, new_state);
1953 void CallIC::HandleMiss(Handle<Object> receiver, Handle<Object> function,
1954 Handle<TypeFeedbackVector> vector, Handle<Smi> slot) {
1955 CallICState state(target()->extra_ic_state());
1956 IC::State old_state = FeedbackToState(vector, slot);
1957 Handle<Object> name = isolate()->factory()->empty_string();
1958 Object* feedback = vector->get(slot->value());
1960 // Hand-coded MISS handling is easier if CallIC slots don't contain smis.
1961 DCHECK(!feedback->IsSmi());
1963 if (feedback->IsJSFunction() || !function->IsJSFunction()) {
1964 // We are going generic.
1965 vector->set(slot->value(),
1966 *TypeFeedbackVector::MegamorphicSentinel(isolate()),
1967 SKIP_WRITE_BARRIER);
1969 // The feedback is either uninitialized or an allocation site.
1970 // It might be an allocation site because if we re-compile the full code
1971 // to add deoptimization support, we call with the default call-ic, and
1972 // merely need to patch the target to match the feedback.
1973 // TODO(mvstanton): the better approach is to dispense with patching
1974 // altogether, which is in progress.
1975 DCHECK(feedback == *TypeFeedbackVector::UninitializedSentinel(isolate()) ||
1976 feedback->IsAllocationSite());
1978 // Do we want to install a custom handler?
1980 DoCustomHandler(receiver, function, vector, slot, state)) {
1984 vector->set(slot->value(), *function);
1987 if (function->IsJSFunction()) {
1988 Handle<JSFunction> js_function = Handle<JSFunction>::cast(function);
1989 name = handle(js_function->shared()->name(), isolate());
1992 IC::State new_state = FeedbackToState(vector, slot);
1993 OnTypeFeedbackChanged(isolate(), address(), old_state, new_state, true);
1994 TRACE_VECTOR_IC("CallIC", name, old_state, new_state);
2001 // ----------------------------------------------------------------------------
2002 // Static IC stub generators.
2005 // Used from ic-<arch>.cc.
2006 RUNTIME_FUNCTION(CallIC_Miss) {
2007 TimerEventScope<TimerEventIcMiss> timer(isolate);
2008 HandleScope scope(isolate);
2009 DCHECK(args.length() == 4);
2011 Handle<Object> receiver = args.at<Object>(0);
2012 Handle<Object> function = args.at<Object>(1);
2013 Handle<TypeFeedbackVector> vector = args.at<TypeFeedbackVector>(2);
2014 Handle<Smi> slot = args.at<Smi>(3);
2015 ic.HandleMiss(receiver, function, vector, slot);
2020 RUNTIME_FUNCTION(CallIC_Customization_Miss) {
2021 TimerEventScope<TimerEventIcMiss> timer(isolate);
2022 HandleScope scope(isolate);
2023 DCHECK(args.length() == 4);
2024 // A miss on a custom call ic always results in going megamorphic.
2026 Handle<Object> function = args.at<Object>(1);
2027 Handle<TypeFeedbackVector> vector = args.at<TypeFeedbackVector>(2);
2028 Handle<Smi> slot = args.at<Smi>(3);
2029 ic.PatchMegamorphic(function, vector, slot);
2034 // Used from ic-<arch>.cc.
2035 RUNTIME_FUNCTION(LoadIC_Miss) {
2036 TimerEventScope<TimerEventIcMiss> timer(isolate);
2037 HandleScope scope(isolate);
2038 DCHECK(args.length() == 2);
2039 LoadIC ic(IC::NO_EXTRA_FRAME, isolate);
2040 Handle<Object> receiver = args.at<Object>(0);
2041 Handle<Name> key = args.at<Name>(1);
2042 ic.UpdateState(receiver, key);
2043 Handle<Object> result;
2044 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result, ic.Load(receiver, key));
2049 // Used from ic-<arch>.cc
2050 RUNTIME_FUNCTION(KeyedLoadIC_Miss) {
2051 TimerEventScope<TimerEventIcMiss> timer(isolate);
2052 HandleScope scope(isolate);
2053 DCHECK(args.length() == 2);
2054 KeyedLoadIC ic(IC::NO_EXTRA_FRAME, isolate);
2055 Handle<Object> receiver = args.at<Object>(0);
2056 Handle<Object> key = args.at<Object>(1);
2057 ic.UpdateState(receiver, key);
2058 Handle<Object> result;
2059 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result, ic.Load(receiver, key));
2064 RUNTIME_FUNCTION(KeyedLoadIC_MissFromStubFailure) {
2065 TimerEventScope<TimerEventIcMiss> timer(isolate);
2066 HandleScope scope(isolate);
2067 DCHECK(args.length() == 2);
2068 KeyedLoadIC ic(IC::EXTRA_CALL_FRAME, isolate);
2069 Handle<Object> receiver = args.at<Object>(0);
2070 Handle<Object> key = args.at<Object>(1);
2071 ic.UpdateState(receiver, key);
2072 Handle<Object> result;
2073 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result, ic.Load(receiver, key));
2078 // Used from ic-<arch>.cc.
2079 RUNTIME_FUNCTION(StoreIC_Miss) {
2080 TimerEventScope<TimerEventIcMiss> timer(isolate);
2081 HandleScope scope(isolate);
2082 DCHECK(args.length() == 3);
2083 StoreIC ic(IC::NO_EXTRA_FRAME, isolate);
2084 Handle<Object> receiver = args.at<Object>(0);
2085 Handle<String> key = args.at<String>(1);
2086 ic.UpdateState(receiver, key);
2087 Handle<Object> result;
2088 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
2089 isolate, result, ic.Store(receiver, key, args.at<Object>(2)));
2094 RUNTIME_FUNCTION(StoreIC_MissFromStubFailure) {
2095 TimerEventScope<TimerEventIcMiss> timer(isolate);
2096 HandleScope scope(isolate);
2097 DCHECK(args.length() == 3);
2098 StoreIC ic(IC::EXTRA_CALL_FRAME, isolate);
2099 Handle<Object> receiver = args.at<Object>(0);
2100 Handle<String> key = args.at<String>(1);
2101 ic.UpdateState(receiver, key);
2102 Handle<Object> result;
2103 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
2104 isolate, result, ic.Store(receiver, key, args.at<Object>(2)));
2109 // Extend storage is called in a store inline cache when
2110 // it is necessary to extend the properties array of a
2112 RUNTIME_FUNCTION(SharedStoreIC_ExtendStorage) {
2113 TimerEventScope<TimerEventIcMiss> timer(isolate);
2114 HandleScope shs(isolate);
2115 DCHECK(args.length() == 3);
2117 // Convert the parameters
2118 Handle<JSObject> object = args.at<JSObject>(0);
2119 Handle<Map> transition = args.at<Map>(1);
2120 Handle<Object> value = args.at<Object>(2);
2122 // Check the object has run out out property space.
2123 DCHECK(object->HasFastProperties());
2124 DCHECK(object->map()->unused_property_fields() == 0);
2126 JSObject::MigrateToNewProperty(object, transition, value);
2128 // Return the stored value.
2133 // Used from ic-<arch>.cc.
2134 RUNTIME_FUNCTION(KeyedStoreIC_Miss) {
2135 TimerEventScope<TimerEventIcMiss> timer(isolate);
2136 HandleScope scope(isolate);
2137 DCHECK(args.length() == 3);
2138 KeyedStoreIC ic(IC::NO_EXTRA_FRAME, isolate);
2139 Handle<Object> receiver = args.at<Object>(0);
2140 Handle<Object> key = args.at<Object>(1);
2141 ic.UpdateState(receiver, key);
2142 Handle<Object> result;
2143 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
2144 isolate, result, ic.Store(receiver, key, args.at<Object>(2)));
2149 RUNTIME_FUNCTION(KeyedStoreIC_MissFromStubFailure) {
2150 TimerEventScope<TimerEventIcMiss> timer(isolate);
2151 HandleScope scope(isolate);
2152 DCHECK(args.length() == 3);
2153 KeyedStoreIC ic(IC::EXTRA_CALL_FRAME, isolate);
2154 Handle<Object> receiver = args.at<Object>(0);
2155 Handle<Object> key = args.at<Object>(1);
2156 ic.UpdateState(receiver, key);
2157 Handle<Object> result;
2158 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
2159 isolate, result, ic.Store(receiver, key, args.at<Object>(2)));
2164 RUNTIME_FUNCTION(StoreIC_Slow) {
2165 HandleScope scope(isolate);
2166 DCHECK(args.length() == 3);
2167 StoreIC ic(IC::NO_EXTRA_FRAME, isolate);
2168 Handle<Object> object = args.at<Object>(0);
2169 Handle<Object> key = args.at<Object>(1);
2170 Handle<Object> value = args.at<Object>(2);
2171 StrictMode strict_mode = ic.strict_mode();
2172 Handle<Object> result;
2173 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
2175 Runtime::SetObjectProperty(isolate, object, key, value, strict_mode));
2180 RUNTIME_FUNCTION(KeyedStoreIC_Slow) {
2181 HandleScope scope(isolate);
2182 DCHECK(args.length() == 3);
2183 KeyedStoreIC ic(IC::NO_EXTRA_FRAME, isolate);
2184 Handle<Object> object = args.at<Object>(0);
2185 Handle<Object> key = args.at<Object>(1);
2186 Handle<Object> value = args.at<Object>(2);
2187 StrictMode strict_mode = ic.strict_mode();
2188 Handle<Object> result;
2189 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
2191 Runtime::SetObjectProperty(isolate, object, key, value, strict_mode));
2196 RUNTIME_FUNCTION(ElementsTransitionAndStoreIC_Miss) {
2197 TimerEventScope<TimerEventIcMiss> timer(isolate);
2198 HandleScope scope(isolate);
2199 DCHECK(args.length() == 4);
2200 KeyedStoreIC ic(IC::EXTRA_CALL_FRAME, isolate);
2201 Handle<Object> value = args.at<Object>(0);
2202 Handle<Map> map = args.at<Map>(1);
2203 Handle<Object> key = args.at<Object>(2);
2204 Handle<Object> object = args.at<Object>(3);
2205 StrictMode strict_mode = ic.strict_mode();
2206 if (object->IsJSObject()) {
2207 JSObject::TransitionElementsKind(Handle<JSObject>::cast(object),
2208 map->elements_kind());
2210 Handle<Object> result;
2211 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
2213 Runtime::SetObjectProperty(isolate, object, key, value, strict_mode));
2218 MaybeHandle<Object> BinaryOpIC::Transition(
2219 Handle<AllocationSite> allocation_site, Handle<Object> left,
2220 Handle<Object> right) {
2221 BinaryOpICState state(isolate(), target()->extra_ic_state());
2223 // Compute the actual result using the builtin for the binary operation.
2224 Object* builtin = isolate()->js_builtins_object()->javascript_builtin(
2225 TokenToJSBuiltin(state.op()));
2226 Handle<JSFunction> function = handle(JSFunction::cast(builtin), isolate());
2227 Handle<Object> result;
2228 ASSIGN_RETURN_ON_EXCEPTION(
2229 isolate(), result, Execution::Call(isolate(), function, left, 1, &right),
2232 // Execution::Call can execute arbitrary JavaScript, hence potentially
2233 // update the state of this very IC, so we must update the stored state.
2235 // Compute the new state.
2236 BinaryOpICState old_state(isolate(), target()->extra_ic_state());
2237 state.Update(left, right, result);
2239 // Check if we have a string operation here.
2240 Handle<Code> target;
2241 if (!allocation_site.is_null() || state.ShouldCreateAllocationMementos()) {
2242 // Setup the allocation site on-demand.
2243 if (allocation_site.is_null()) {
2244 allocation_site = isolate()->factory()->NewAllocationSite();
2247 // Install the stub with an allocation site.
2248 BinaryOpICWithAllocationSiteStub stub(isolate(), state);
2249 target = stub.GetCodeCopyFromTemplate(allocation_site);
2251 // Sanity check the trampoline stub.
2252 DCHECK_EQ(*allocation_site, target->FindFirstAllocationSite());
2254 // Install the generic stub.
2255 BinaryOpICStub stub(isolate(), state);
2256 target = stub.GetCode();
2258 // Sanity check the generic stub.
2259 DCHECK_EQ(NULL, target->FindFirstAllocationSite());
2261 set_target(*target);
2263 if (FLAG_trace_ic) {
2264 OFStream os(stdout);
2265 os << "[BinaryOpIC" << old_state << " => " << state << " @ "
2266 << static_cast<void*>(*target) << " <- ";
2267 JavaScriptFrame::PrintTop(isolate(), stdout, false, true);
2268 if (!allocation_site.is_null()) {
2269 os << " using allocation site " << static_cast<void*>(*allocation_site);
2274 // Patch the inlined smi code as necessary.
2275 if (!old_state.UseInlinedSmiCode() && state.UseInlinedSmiCode()) {
2276 PatchInlinedSmiCode(address(), ENABLE_INLINED_SMI_CHECK);
2277 } else if (old_state.UseInlinedSmiCode() && !state.UseInlinedSmiCode()) {
2278 PatchInlinedSmiCode(address(), DISABLE_INLINED_SMI_CHECK);
2285 RUNTIME_FUNCTION(BinaryOpIC_Miss) {
2286 TimerEventScope<TimerEventIcMiss> timer(isolate);
2287 HandleScope scope(isolate);
2288 DCHECK_EQ(2, args.length());
2289 Handle<Object> left = args.at<Object>(BinaryOpICStub::kLeft);
2290 Handle<Object> right = args.at<Object>(BinaryOpICStub::kRight);
2291 BinaryOpIC ic(isolate);
2292 Handle<Object> result;
2293 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
2295 ic.Transition(Handle<AllocationSite>::null(), left, right));
2300 RUNTIME_FUNCTION(BinaryOpIC_MissWithAllocationSite) {
2301 TimerEventScope<TimerEventIcMiss> timer(isolate);
2302 HandleScope scope(isolate);
2303 DCHECK_EQ(3, args.length());
2304 Handle<AllocationSite> allocation_site =
2305 args.at<AllocationSite>(BinaryOpWithAllocationSiteStub::kAllocationSite);
2306 Handle<Object> left = args.at<Object>(BinaryOpWithAllocationSiteStub::kLeft);
2307 Handle<Object> right =
2308 args.at<Object>(BinaryOpWithAllocationSiteStub::kRight);
2309 BinaryOpIC ic(isolate);
2310 Handle<Object> result;
2311 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
2312 isolate, result, ic.Transition(allocation_site, left, right));
2317 Code* CompareIC::GetRawUninitialized(Isolate* isolate, Token::Value op) {
2318 CompareICStub stub(isolate, op, CompareICState::UNINITIALIZED,
2319 CompareICState::UNINITIALIZED,
2320 CompareICState::UNINITIALIZED);
2322 CHECK(stub.FindCodeInCache(&code));
2327 Handle<Code> CompareIC::GetUninitialized(Isolate* isolate, Token::Value op) {
2328 CompareICStub stub(isolate, op, CompareICState::UNINITIALIZED,
2329 CompareICState::UNINITIALIZED,
2330 CompareICState::UNINITIALIZED);
2331 return stub.GetCode();
2335 Code* CompareIC::UpdateCaches(Handle<Object> x, Handle<Object> y) {
2336 HandleScope scope(isolate());
2337 CompareICStub old_stub(target()->stub_key(), isolate());
2338 CompareICState::State new_left =
2339 CompareICState::NewInputState(old_stub.left(), x);
2340 CompareICState::State new_right =
2341 CompareICState::NewInputState(old_stub.right(), y);
2342 CompareICState::State state = CompareICState::TargetState(
2343 old_stub.state(), old_stub.left(), old_stub.right(), op_,
2344 HasInlinedSmiCode(address()), x, y);
2345 CompareICStub stub(isolate(), op_, new_left, new_right, state);
2346 if (state == CompareICState::KNOWN_OBJECT) {
2348 Handle<Map>(Handle<JSObject>::cast(x)->map(), isolate()));
2350 Handle<Code> new_target = stub.GetCode();
2351 set_target(*new_target);
2353 if (FLAG_trace_ic) {
2354 PrintF("[CompareIC in ");
2355 JavaScriptFrame::PrintTop(isolate(), stdout, false, true);
2356 PrintF(" ((%s+%s=%s)->(%s+%s=%s))#%s @ %p]\n",
2357 CompareICState::GetStateName(old_stub.left()),
2358 CompareICState::GetStateName(old_stub.right()),
2359 CompareICState::GetStateName(old_stub.state()),
2360 CompareICState::GetStateName(new_left),
2361 CompareICState::GetStateName(new_right),
2362 CompareICState::GetStateName(state), Token::Name(op_),
2363 static_cast<void*>(*stub.GetCode()));
2366 // Activate inlined smi code.
2367 if (old_stub.state() == CompareICState::UNINITIALIZED) {
2368 PatchInlinedSmiCode(address(), ENABLE_INLINED_SMI_CHECK);
2375 // Used from CompareICStub::GenerateMiss in code-stubs-<arch>.cc.
2376 RUNTIME_FUNCTION(CompareIC_Miss) {
2377 TimerEventScope<TimerEventIcMiss> timer(isolate);
2378 HandleScope scope(isolate);
2379 DCHECK(args.length() == 3);
2380 CompareIC ic(isolate, static_cast<Token::Value>(args.smi_at(2)));
2381 return ic.UpdateCaches(args.at<Object>(0), args.at<Object>(1));
2385 void CompareNilIC::Clear(Address address, Code* target,
2386 ConstantPoolArray* constant_pool) {
2387 if (IsCleared(target)) return;
2388 ExtraICState state = target->extra_ic_state();
2390 CompareNilICStub stub(target->GetIsolate(), state,
2391 HydrogenCodeStub::UNINITIALIZED);
2395 CHECK(stub.FindCodeInCache(&code));
2397 SetTargetAtAddress(address, code, constant_pool);
2401 Handle<Object> CompareNilIC::DoCompareNilSlow(Isolate* isolate, NilValue nil,
2402 Handle<Object> object) {
2403 if (object->IsNull() || object->IsUndefined()) {
2404 return handle(Smi::FromInt(true), isolate);
2406 return handle(Smi::FromInt(object->IsUndetectableObject()), isolate);
2410 Handle<Object> CompareNilIC::CompareNil(Handle<Object> object) {
2411 ExtraICState extra_ic_state = target()->extra_ic_state();
2413 CompareNilICStub stub(isolate(), extra_ic_state);
2415 // Extract the current supported types from the patched IC and calculate what
2416 // types must be supported as a result of the miss.
2417 bool already_monomorphic = stub.IsMonomorphic();
2419 stub.UpdateStatus(object);
2421 NilValue nil = stub.nil_value();
2423 // Find or create the specialized stub to support the new set of types.
2425 if (stub.IsMonomorphic()) {
2426 Handle<Map> monomorphic_map(already_monomorphic && FirstTargetMap() != NULL
2428 : HeapObject::cast(*object)->map());
2429 code = PropertyICCompiler::ComputeCompareNil(monomorphic_map, &stub);
2431 code = stub.GetCode();
2434 return DoCompareNilSlow(isolate(), nil, object);
2438 RUNTIME_FUNCTION(CompareNilIC_Miss) {
2439 TimerEventScope<TimerEventIcMiss> timer(isolate);
2440 HandleScope scope(isolate);
2441 Handle<Object> object = args.at<Object>(0);
2442 CompareNilIC ic(isolate);
2443 return *ic.CompareNil(object);
2447 RUNTIME_FUNCTION(Unreachable) {
2450 return isolate->heap()->undefined_value();
2454 Builtins::JavaScript BinaryOpIC::TokenToJSBuiltin(Token::Value op) {
2459 return Builtins::ADD;
2462 return Builtins::SUB;
2465 return Builtins::MUL;
2468 return Builtins::DIV;
2471 return Builtins::MOD;
2474 return Builtins::BIT_OR;
2476 case Token::BIT_AND:
2477 return Builtins::BIT_AND;
2479 case Token::BIT_XOR:
2480 return Builtins::BIT_XOR;
2483 return Builtins::SAR;
2486 return Builtins::SHR;
2489 return Builtins::SHL;
2495 Handle<Object> ToBooleanIC::ToBoolean(Handle<Object> object) {
2496 ToBooleanStub stub(isolate(), target()->extra_ic_state());
2497 bool to_boolean_value = stub.UpdateStatus(object);
2498 Handle<Code> code = stub.GetCode();
2500 return handle(Smi::FromInt(to_boolean_value ? 1 : 0), isolate());
2504 RUNTIME_FUNCTION(ToBooleanIC_Miss) {
2505 TimerEventScope<TimerEventIcMiss> timer(isolate);
2506 DCHECK(args.length() == 1);
2507 HandleScope scope(isolate);
2508 Handle<Object> object = args.at<Object>(0);
2509 ToBooleanIC ic(isolate);
2510 return *ic.ToBoolean(object);
2514 RUNTIME_FUNCTION(StoreCallbackProperty) {
2515 Handle<JSObject> receiver = args.at<JSObject>(0);
2516 Handle<JSObject> holder = args.at<JSObject>(1);
2517 Handle<ExecutableAccessorInfo> callback = args.at<ExecutableAccessorInfo>(2);
2518 Handle<Name> name = args.at<Name>(3);
2519 Handle<Object> value = args.at<Object>(4);
2520 HandleScope scope(isolate);
2522 DCHECK(callback->IsCompatibleReceiver(*receiver));
2524 Address setter_address = v8::ToCData<Address>(callback->setter());
2525 v8::AccessorNameSetterCallback fun =
2526 FUNCTION_CAST<v8::AccessorNameSetterCallback>(setter_address);
2527 DCHECK(fun != NULL);
2529 LOG(isolate, ApiNamedPropertyAccess("store", *receiver, *name));
2530 PropertyCallbackArguments custom_args(isolate, callback->data(), *receiver,
2532 custom_args.Call(fun, v8::Utils::ToLocal(name), v8::Utils::ToLocal(value));
2533 RETURN_FAILURE_IF_SCHEDULED_EXCEPTION(isolate);
2539 * Attempts to load a property with an interceptor (which must be present),
2540 * but doesn't search the prototype chain.
2542 * Returns |Heap::no_interceptor_result_sentinel()| if interceptor doesn't
2543 * provide any value for the given name.
2545 RUNTIME_FUNCTION(LoadPropertyWithInterceptorOnly) {
2546 DCHECK(args.length() == NamedLoadHandlerCompiler::kInterceptorArgsLength);
2547 Handle<Name> name_handle =
2548 args.at<Name>(NamedLoadHandlerCompiler::kInterceptorArgsNameIndex);
2549 Handle<InterceptorInfo> interceptor_info = args.at<InterceptorInfo>(
2550 NamedLoadHandlerCompiler::kInterceptorArgsInfoIndex);
2552 // TODO(rossberg): Support symbols in the API.
2553 if (name_handle->IsSymbol())
2554 return isolate->heap()->no_interceptor_result_sentinel();
2555 Handle<String> name = Handle<String>::cast(name_handle);
2557 Address getter_address = v8::ToCData<Address>(interceptor_info->getter());
2558 v8::NamedPropertyGetterCallback getter =
2559 FUNCTION_CAST<v8::NamedPropertyGetterCallback>(getter_address);
2560 DCHECK(getter != NULL);
2562 Handle<JSObject> receiver =
2563 args.at<JSObject>(NamedLoadHandlerCompiler::kInterceptorArgsThisIndex);
2564 Handle<JSObject> holder =
2565 args.at<JSObject>(NamedLoadHandlerCompiler::kInterceptorArgsHolderIndex);
2566 PropertyCallbackArguments callback_args(isolate, interceptor_info->data(),
2567 *receiver, *holder);
2569 // Use the interceptor getter.
2570 HandleScope scope(isolate);
2571 v8::Handle<v8::Value> r =
2572 callback_args.Call(getter, v8::Utils::ToLocal(name));
2573 RETURN_FAILURE_IF_SCHEDULED_EXCEPTION(isolate);
2575 Handle<Object> result = v8::Utils::OpenHandle(*r);
2576 result->VerifyApiCallResultType();
2577 return *v8::Utils::OpenHandle(*r);
2581 return isolate->heap()->no_interceptor_result_sentinel();
2585 static Object* ThrowReferenceError(Isolate* isolate, Name* name) {
2586 // If the load is non-contextual, just return the undefined result.
2587 // Note that both keyed and non-keyed loads may end up here.
2588 HandleScope scope(isolate);
2589 LoadIC ic(IC::NO_EXTRA_FRAME, isolate);
2590 if (ic.contextual_mode() != CONTEXTUAL) {
2591 return isolate->heap()->undefined_value();
2594 // Throw a reference error.
2595 Handle<Name> name_handle(name);
2596 THROW_NEW_ERROR_RETURN_FAILURE(
2597 isolate, NewReferenceError("not_defined", HandleVector(&name_handle, 1)));
2602 * Loads a property with an interceptor performing post interceptor
2603 * lookup if interceptor failed.
2605 RUNTIME_FUNCTION(LoadPropertyWithInterceptor) {
2606 HandleScope scope(isolate);
2607 DCHECK(args.length() == NamedLoadHandlerCompiler::kInterceptorArgsLength);
2609 args.at<Name>(NamedLoadHandlerCompiler::kInterceptorArgsNameIndex);
2610 Handle<JSObject> receiver =
2611 args.at<JSObject>(NamedLoadHandlerCompiler::kInterceptorArgsThisIndex);
2612 Handle<JSObject> holder =
2613 args.at<JSObject>(NamedLoadHandlerCompiler::kInterceptorArgsHolderIndex);
2615 Handle<Object> result;
2616 LookupIterator it(receiver, name, holder);
2617 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result,
2618 JSObject::GetProperty(&it));
2620 if (it.IsFound()) return *result;
2622 return ThrowReferenceError(isolate, Name::cast(args[0]));
2626 RUNTIME_FUNCTION(StorePropertyWithInterceptor) {
2627 HandleScope scope(isolate);
2628 DCHECK(args.length() == 3);
2629 StoreIC ic(IC::NO_EXTRA_FRAME, isolate);
2630 Handle<JSObject> receiver = args.at<JSObject>(0);
2631 Handle<Name> name = args.at<Name>(1);
2632 Handle<Object> value = args.at<Object>(2);
2634 PrototypeIterator iter(isolate, receiver,
2635 PrototypeIterator::START_AT_RECEIVER);
2637 while (!iter.IsAtEnd(PrototypeIterator::END_AT_NON_HIDDEN)) {
2638 Handle<Object> current = PrototypeIterator::GetCurrent(iter);
2639 if (current->IsJSObject() &&
2640 Handle<JSObject>::cast(current)->HasNamedInterceptor()) {
2647 Handle<Object> result;
2648 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
2650 JSObject::SetProperty(receiver, name, value, ic.strict_mode()));
2655 RUNTIME_FUNCTION(LoadElementWithInterceptor) {
2656 HandleScope scope(isolate);
2657 Handle<JSObject> receiver = args.at<JSObject>(0);
2658 DCHECK(args.smi_at(1) >= 0);
2659 uint32_t index = args.smi_at(1);
2660 Handle<Object> result;
2661 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
2663 JSObject::GetElementWithInterceptor(receiver, receiver, index));
2668 RUNTIME_FUNCTION(VectorLoadIC_MissFromStubFailure) {
2669 // TODO(mvstanton): To be enabled when ICs can accept a vector and slot
2674 RUNTIME_FUNCTION(VectorKeyedLoadIC_MissFromStubFailure) {
2675 // TODO(mvstanton): To be enabled when ICs can accept a vector and slot
2680 static const Address IC_utilities[] = {
2681 #define ADDR(name) FUNCTION_ADDR(name),
2682 IC_UTIL_LIST(ADDR) NULL
2687 Address IC::AddressFromUtilityId(IC::UtilityId id) { return IC_utilities[id]; }
2689 } // namespace v8::internal
projects / platform / framework / web / crosswalk.git / blob