Label miss_cleanup;
Label* miss = can_do_fast_api_call ? &miss_cleanup : miss_label;
Register holder =
- stub_compiler_->CheckPrototypes(object, receiver, interceptor_holder,
- scratch1, scratch2, scratch3,
- name, depth1, miss);
+ stub_compiler_->CheckPrototypes(
+ IC::CurrentTypeOf(object, masm->isolate()), receiver,
+ interceptor_holder, scratch1, scratch2, scratch3,
+ name, depth1, miss);
// Invoke an interceptor and if it provides a value,
// branch to |regular_invoke|.
// Check that the maps from interceptor's holder to constant function's
// holder haven't changed and thus we can use cached constant function.
if (*interceptor_holder != lookup->holder()) {
- stub_compiler_->CheckPrototypes(interceptor_holder, receiver,
- Handle<JSObject>(lookup->holder()),
- scratch1, scratch2, scratch3,
- name, depth2, miss);
+ stub_compiler_->CheckPrototypes(
+ IC::CurrentTypeOf(interceptor_holder, masm->isolate()), receiver,
+ handle(lookup->holder()), scratch1, scratch2, scratch3,
+ name, depth2, miss);
} else {
// CheckPrototypes has a side effect of fetching a 'holder'
// for API (object which is instanceof for the signature). It's
Handle<JSObject> interceptor_holder,
Label* miss_label) {
Register holder =
- stub_compiler_->CheckPrototypes(object, receiver, interceptor_holder,
- scratch1, scratch2, scratch3,
- name, miss_label);
+ stub_compiler_->CheckPrototypes(
+ IC::CurrentTypeOf(object, masm->isolate()), receiver,
+ interceptor_holder, scratch1, scratch2, scratch3, name, miss_label);
// Call a runtime function to load the interceptor property.
FrameScope scope(masm, StackFrame::INTERNAL);
};
-void StubCompiler::GenerateCheckPropertyCells(MacroAssembler* masm,
- Handle<JSObject> object,
- Handle<JSObject> holder,
- Handle<Name> name,
- Register scratch,
- Label* miss) {
- Handle<JSObject> current = object;
- while (!current.is_identical_to(holder)) {
- if (current->IsJSGlobalObject()) {
- GenerateCheckPropertyCell(masm,
- Handle<JSGlobalObject>::cast(current),
- name,
- scratch,
- miss);
- }
- current = Handle<JSObject>(JSObject::cast(current->GetPrototype()));
- }
-}
-
-
void StubCompiler::GenerateTailCall(MacroAssembler* masm, Handle<Code> code) {
__ Jump(code, RelocInfo::CODE_TARGET);
}
#define __ ACCESS_MASM(masm())
-Register StubCompiler::CheckPrototypes(Handle<JSObject> object,
+Register StubCompiler::CheckPrototypes(Handle<Type> type,
Register object_reg,
Handle<JSObject> holder,
Register holder_reg,
int save_at_depth,
Label* miss,
PrototypeCheckType check) {
+ Handle<Map> receiver_map(IC::TypeToMap(*type, isolate()));
// Make sure that the type feedback oracle harvests the receiver map.
// TODO(svenpanne) Remove this hack when all ICs are reworked.
- __ mov(scratch1, Operand(Handle<Map>(object->map())));
+ __ mov(scratch1, Operand(receiver_map));
- Handle<JSObject> first = object;
// Make sure there's no overlap between holder and object registers.
ASSERT(!scratch1.is(object_reg) && !scratch1.is(holder_reg));
ASSERT(!scratch2.is(object_reg) && !scratch2.is(holder_reg)
__ str(reg, MemOperand(sp, FCA::kHolderIndex * kPointerSize));
}
- // Check the maps in the prototype chain.
- // Traverse the prototype chain from the object and do map checks.
- Handle<JSObject> current = object;
- while (!current.is_identical_to(holder)) {
+ Handle<JSObject> current = Handle<JSObject>::null();
+ if (type->IsConstant()) current = Handle<JSObject>::cast(type->AsConstant());
+ Handle<JSObject> prototype = Handle<JSObject>::null();
+ Handle<Map> current_map = receiver_map;
+ Handle<Map> holder_map(holder->map());
+ // Traverse the prototype chain and check the maps in the prototype chain for
+ // fast and global objects or do negative lookup for normal objects.
+ while (!current_map.is_identical_to(holder_map)) {
++depth;
// Only global objects and objects that do not require access
// checks are allowed in stubs.
- ASSERT(current->IsJSGlobalProxy() || !current->IsAccessCheckNeeded());
+ ASSERT(current_map->IsJSGlobalProxyMap() ||
+ !current_map->is_access_check_needed());
- Handle<JSObject> prototype(JSObject::cast(current->GetPrototype()));
- if (!current->HasFastProperties() &&
- !current->IsJSGlobalObject() &&
- !current->IsJSGlobalProxy()) {
+ prototype = handle(JSObject::cast(current_map->prototype()));
+ if (current_map->is_dictionary_map() &&
+ !current_map->IsJSGlobalObjectMap() &&
+ !current_map->IsJSGlobalProxyMap()) {
if (!name->IsUniqueName()) {
ASSERT(name->IsString());
name = factory()->InternalizeString(Handle<String>::cast(name));
}
- ASSERT(current->property_dictionary()->FindEntry(*name) ==
+ ASSERT(current.is_null() ||
+ current->property_dictionary()->FindEntry(*name) ==
NameDictionary::kNotFound);
GenerateDictionaryNegativeLookup(masm(), miss, reg, name,
__ ldr(reg, FieldMemOperand(scratch1, Map::kPrototypeOffset));
} else {
Register map_reg = scratch1;
- if (!current.is_identical_to(first) || check == CHECK_ALL_MAPS) {
- Handle<Map> current_map(current->map());
+ if (depth != 1 || check == CHECK_ALL_MAPS) {
// CheckMap implicitly loads the map of |reg| into |map_reg|.
__ CheckMap(reg, map_reg, current_map, miss, DONT_DO_SMI_CHECK);
} else {
// Check access rights to the global object. This has to happen after
// the map check so that we know that the object is actually a global
// object.
- if (current->IsJSGlobalProxy()) {
+ if (current_map->IsJSGlobalProxyMap()) {
__ CheckAccessGlobalProxy(reg, scratch2, miss);
+ } else if (current_map->IsJSGlobalObjectMap()) {
+ GenerateCheckPropertyCell(
+ masm(), Handle<JSGlobalObject>::cast(current), name,
+ scratch2, miss);
}
+
reg = holder_reg; // From now on the object will be in holder_reg.
if (heap()->InNewSpace(*prototype)) {
// Go to the next object in the prototype chain.
current = prototype;
+ current_map = handle(current->map());
}
// Log the check depth.
LOG(isolate(), IntEvent("check-maps-depth", depth + 1));
- if (!holder.is_identical_to(first) || check == CHECK_ALL_MAPS) {
+ if (depth != 0 || check == CHECK_ALL_MAPS) {
// Check the holder map.
- __ CheckMap(reg, scratch1, Handle<Map>(holder->map()), miss,
- DONT_DO_SMI_CHECK);
+ __ CheckMap(reg, scratch1, current_map, miss, DONT_DO_SMI_CHECK);
}
// Perform security check for access to the global object.
- ASSERT(holder->IsJSGlobalProxy() || !holder->IsAccessCheckNeeded());
- if (holder->IsJSGlobalProxy()) {
+ ASSERT(current_map->IsJSGlobalProxyMap() ||
+ !current_map->is_access_check_needed());
+ if (current_map->IsJSGlobalProxyMap()) {
__ CheckAccessGlobalProxy(reg, scratch1, miss);
}
- // If we've skipped any global objects, it's not enough to verify that
- // their maps haven't changed. We also need to check that the property
- // cell for the property is still empty.
- GenerateCheckPropertyCells(masm(), object, holder, name, scratch1, miss);
-
// Return the register containing the holder.
return reg;
}
// Check that the maps haven't changed.
__ JumpIfSmi(r0, miss);
- CheckPrototypes(object, r0, holder, r3, r1, r4, name, miss);
+ CheckPrototypes(
+ IC::CurrentTypeOf(object, isolate()), r0, holder, r3, r1, r4, name, miss);
}
__ JumpIfSmi(r0, &miss);
// Do the right check and compute the holder register.
- Register reg = CheckPrototypes(object, r0, holder, r1, r3, r4, name, &miss);
+ Register reg = CheckPrototypes(
+ IC::CurrentTypeOf(object, isolate()),
+ r0, holder, r1, r3, r4, name, &miss);
GenerateFastPropertyLoad(masm(), r1, reg, index.is_inobject(holder),
index.translate(holder), Representation::Tagged());
__ JumpIfSmi(receiver, &miss);
// Check that the maps haven't changed.
- CheckPrototypes(Handle<JSObject>::cast(object), receiver, holder, r3, r0,
- r4, name, &miss);
+ CheckPrototypes(
+ IC::CurrentTypeOf(object, isolate()), receiver, holder,
+ r3, r0, r4, name, &miss);
} else {
ASSERT(cell->value() == *function);
GenerateGlobalReceiverCheck(Handle<JSObject>::cast(object), holder, name,
__ JumpIfSmi(receiver, &miss);
// Check that the maps haven't changed.
- CheckPrototypes(Handle<JSObject>::cast(object), receiver, holder, r3, r0, r4,
- name, &miss);
+ CheckPrototypes(
+ IC::CurrentTypeOf(object, isolate()), receiver, holder,
+ r3, r0, r4, name, &miss);
if (argc == 0) {
// Nothing to do, just return the length.
__ JumpIfSmi(receiver, &miss);
// Check that the maps haven't changed.
- CheckPrototypes(Handle<JSObject>::cast(object), receiver, holder, elements,
- r4, r0, name, &miss);
+ CheckPrototypes(IC::CurrentTypeOf(object, isolate()), receiver, holder,
+ elements, r4, r0, name, &miss);
// Get the elements array of the object.
__ ldr(elements, FieldMemOperand(receiver, JSArray::kElementsOffset));
r0,
&miss);
ASSERT(!object.is_identical_to(holder));
+ Handle<JSObject> prototype(JSObject::cast(object->GetPrototype(isolate())));
CheckPrototypes(
- Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
+ IC::CurrentTypeOf(prototype, isolate()),
r0, holder, r1, r3, r4, name, &miss);
Register receiver = r1;
r0,
&miss);
ASSERT(!object.is_identical_to(holder));
+ Handle<JSObject> prototype(JSObject::cast(object->GetPrototype(isolate())));
CheckPrototypes(
- Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
+ IC::CurrentTypeOf(prototype, isolate()),
r0, holder, r1, r3, r4, name, &miss);
Register receiver = r0;
__ JumpIfSmi(r1, &miss);
- CheckPrototypes(Handle<JSObject>::cast(object), r1, holder, r0, r3, r4,
- name, &miss);
+ CheckPrototypes(
+ IC::CurrentTypeOf(object, isolate()),
+ r1, holder, r0, r3, r4, name, &miss);
} else {
ASSERT(cell->value() == *function);
GenerateGlobalReceiverCheck(Handle<JSObject>::cast(object), holder, name,
if (cell.is_null()) {
__ ldr(r1, MemOperand(sp, 1 * kPointerSize));
__ JumpIfSmi(r1, &miss);
- CheckPrototypes(Handle<JSObject>::cast(object), r1, holder, r0, r3, r4,
- name, &miss);
+ CheckPrototypes(
+ IC::CurrentTypeOf(object, isolate()),
+ r1, holder, r0, r3, r4, name, &miss);
} else {
ASSERT(cell->value() == *function);
GenerateGlobalReceiverCheck(Handle<JSObject>::cast(object), holder, name,
if (cell.is_null()) {
__ ldr(r1, MemOperand(sp, 1 * kPointerSize));
__ JumpIfSmi(r1, &miss);
- CheckPrototypes(Handle<JSObject>::cast(object), r1, holder, r0, r3, r4,
- name, &miss);
+ CheckPrototypes(
+ IC::CurrentTypeOf(object, isolate()),
+ r1, holder, r0, r3, r4, name, &miss);
} else {
ASSERT(cell->value() == *function);
GenerateGlobalReceiverCheck(Handle<JSObject>::cast(object), holder, name,
ReserveSpaceForFastApiCall(masm(), r0);
// Check that the maps haven't changed and find a Holder as a side effect.
- CheckPrototypes(Handle<JSObject>::cast(object), r1, holder, r0, r3, r4, name,
- depth, &miss);
+ CheckPrototypes(
+ IC::CurrentTypeOf(object, isolate()),
+ r1, holder, r0, r3, r4, name, depth, &miss);
GenerateFastApiDirectCall(masm(), optimization, argc, false);
__ IncrementCounter(isolate()->counters()->call_const(), 1, r0, r3);
// Check that the maps haven't changed.
- CheckPrototypes(Handle<JSObject>::cast(object), r1, holder, r0, r3, r4,
- name, &miss);
+ CheckPrototypes(
+ IC::CurrentTypeOf(object, isolate()),
+ r1, holder, r0, r3, r4, name, &miss);
// Patch the receiver on the stack with the global proxy if
// necessary.
}
break;
- case STRING_CHECK:
+ case STRING_CHECK: {
// Check that the object is a string.
__ CompareObjectType(r1, r3, r3, FIRST_NONSTRING_TYPE);
__ b(ge, &miss);
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(
masm(), Context::STRING_FUNCTION_INDEX, r0, &miss);
+ Handle<Object> prototype(object->GetPrototype(isolate()), isolate());
CheckPrototypes(
- Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
+ IC::CurrentTypeOf(prototype, isolate()),
r0, holder, r3, r1, r4, name, &miss);
break;
-
- case SYMBOL_CHECK:
+ }
+ case SYMBOL_CHECK: {
// Check that the object is a symbol.
__ CompareObjectType(r1, r1, r3, SYMBOL_TYPE);
__ b(ne, &miss);
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(
masm(), Context::SYMBOL_FUNCTION_INDEX, r0, &miss);
+ Handle<Object> prototype(object->GetPrototype(isolate()), isolate());
CheckPrototypes(
- Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
+ IC::CurrentTypeOf(prototype, isolate()),
r0, holder, r3, r1, r4, name, &miss);
break;
-
+ }
case NUMBER_CHECK: {
Label fast;
// Check that the object is a smi or a heap number.
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(
masm(), Context::NUMBER_FUNCTION_INDEX, r0, &miss);
+ Handle<Object> prototype(object->GetPrototype(isolate()), isolate());
CheckPrototypes(
- Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
+ IC::CurrentTypeOf(prototype, isolate()),
r0, holder, r3, r1, r4, name, &miss);
break;
}
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(
masm(), Context::BOOLEAN_FUNCTION_INDEX, r0, &miss);
+ Handle<Object> prototype(object->GetPrototype(isolate()), isolate());
CheckPrototypes(
- Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
+ IC::CurrentTypeOf(prototype, isolate()),
r0, holder, r3, r1, r4, name, &miss);
break;
}
Label miss_cleanup;
Label* miss = can_do_fast_api_call ? &miss_cleanup : miss_label;
Register holder =
- stub_compiler_->CheckPrototypes(object, receiver, interceptor_holder,
- scratch1, scratch2, scratch3,
- name, depth1, miss);
+ stub_compiler_->CheckPrototypes(
+ IC::CurrentTypeOf(object, masm->isolate()), receiver,
+ interceptor_holder, scratch1, scratch2, scratch3,
+ name, depth1, miss);
// Invoke an interceptor and if it provides a value,
// branch to |regular_invoke|.
// Check that the maps from interceptor's holder to constant function's
// holder haven't changed and thus we can use cached constant function.
if (*interceptor_holder != lookup->holder()) {
- stub_compiler_->CheckPrototypes(interceptor_holder, receiver,
- Handle<JSObject>(lookup->holder()),
- scratch1, scratch2, scratch3,
- name, depth2, miss);
+ stub_compiler_->CheckPrototypes(
+ IC::CurrentTypeOf(interceptor_holder, masm->isolate()), receiver,
+ handle(lookup->holder()), scratch1, scratch2, scratch3,
+ name, depth2, miss);
} else {
// CheckPrototypes has a side effect of fetching a 'holder'
// for API (object which is instanceof for the signature). It's
Handle<JSObject> interceptor_holder,
Label* miss_label) {
Register holder =
- stub_compiler_->CheckPrototypes(object, receiver, interceptor_holder,
- scratch1, scratch2, scratch3,
- name, miss_label);
+ stub_compiler_->CheckPrototypes(
+ IC::CurrentTypeOf(object, masm->isolate()), receiver,
+ interceptor_holder, scratch1, scratch2, scratch3, name, miss_label);
FrameScope scope(masm, StackFrame::INTERNAL);
// Save the name_ register across the call.
}
-void StubCompiler::GenerateCheckPropertyCells(MacroAssembler* masm,
- Handle<JSObject> object,
- Handle<JSObject> holder,
- Handle<Name> name,
- Register scratch,
- Label* miss) {
- Handle<JSObject> current = object;
- while (!current.is_identical_to(holder)) {
- if (current->IsJSGlobalObject()) {
- GenerateCheckPropertyCell(masm,
- Handle<JSGlobalObject>::cast(current),
- name,
- scratch,
- miss);
- }
- current = Handle<JSObject>(JSObject::cast(current->GetPrototype()));
- }
-}
-
-
void StubCompiler::GenerateTailCall(MacroAssembler* masm, Handle<Code> code) {
__ jmp(code, RelocInfo::CODE_TARGET);
}
#define __ ACCESS_MASM(masm())
-Register StubCompiler::CheckPrototypes(Handle<JSObject> object,
+Register StubCompiler::CheckPrototypes(Handle<Type> type,
Register object_reg,
Handle<JSObject> holder,
Register holder_reg,
int save_at_depth,
Label* miss,
PrototypeCheckType check) {
- const int kHolderIndex = FunctionCallbackArguments::kHolderIndex + 1;
+ Handle<Map> receiver_map(IC::TypeToMap(*type, isolate()));
// Make sure that the type feedback oracle harvests the receiver map.
// TODO(svenpanne) Remove this hack when all ICs are reworked.
- __ mov(scratch1, Handle<Map>(object->map()));
+ __ mov(scratch1, receiver_map);
- Handle<JSObject> first = object;
// Make sure there's no overlap between holder and object registers.
ASSERT(!scratch1.is(object_reg) && !scratch1.is(holder_reg));
ASSERT(!scratch2.is(object_reg) && !scratch2.is(holder_reg)
// Keep track of the current object in register reg.
Register reg = object_reg;
- Handle<JSObject> current = object;
int depth = 0;
+ const int kHolderIndex = FunctionCallbackArguments::kHolderIndex + 1;
if (save_at_depth == depth) {
__ mov(Operand(esp, kHolderIndex * kPointerSize), reg);
}
+ Handle<JSObject> current = Handle<JSObject>::null();
+ if (type->IsConstant()) current = Handle<JSObject>::cast(type->AsConstant());
+ Handle<JSObject> prototype = Handle<JSObject>::null();
+ Handle<Map> current_map = receiver_map;
+ Handle<Map> holder_map(holder->map());
// Traverse the prototype chain and check the maps in the prototype chain for
// fast and global objects or do negative lookup for normal objects.
- while (!current.is_identical_to(holder)) {
+ while (!current_map.is_identical_to(holder_map)) {
++depth;
// Only global objects and objects that do not require access
// checks are allowed in stubs.
- ASSERT(current->IsJSGlobalProxy() || !current->IsAccessCheckNeeded());
+ ASSERT(current_map->IsJSGlobalProxyMap() ||
+ !current_map->is_access_check_needed());
- Handle<JSObject> prototype(JSObject::cast(current->GetPrototype()));
- if (!current->HasFastProperties() &&
- !current->IsJSGlobalObject() &&
- !current->IsJSGlobalProxy()) {
+ prototype = handle(JSObject::cast(current_map->prototype()));
+ if (current_map->is_dictionary_map() &&
+ !current_map->IsJSGlobalObjectMap() &&
+ !current_map->IsJSGlobalProxyMap()) {
if (!name->IsUniqueName()) {
ASSERT(name->IsString());
name = factory()->InternalizeString(Handle<String>::cast(name));
}
- ASSERT(current->property_dictionary()->FindEntry(*name) ==
+ ASSERT(current.is_null() ||
+ current->property_dictionary()->FindEntry(*name) ==
NameDictionary::kNotFound);
GenerateDictionaryNegativeLookup(masm(), miss, reg, name,
__ mov(reg, FieldOperand(scratch1, Map::kPrototypeOffset));
} else {
bool in_new_space = heap()->InNewSpace(*prototype);
- Handle<Map> current_map(current->map());
- if (!current.is_identical_to(first) || check == CHECK_ALL_MAPS) {
+ if (depth != 1 || check == CHECK_ALL_MAPS) {
__ CheckMap(reg, current_map, miss, DONT_DO_SMI_CHECK);
}
// Check access rights to the global object. This has to happen after
// the map check so that we know that the object is actually a global
// object.
- if (current->IsJSGlobalProxy()) {
+ if (current_map->IsJSGlobalProxyMap()) {
__ CheckAccessGlobalProxy(reg, scratch1, scratch2, miss);
+ } else if (current_map->IsJSGlobalObjectMap()) {
+ GenerateCheckPropertyCell(
+ masm(), Handle<JSGlobalObject>::cast(current), name,
+ scratch2, miss);
}
if (in_new_space) {
// Go to the next object in the prototype chain.
current = prototype;
+ current_map = handle(current->map());
}
- ASSERT(current.is_identical_to(holder));
// Log the check depth.
LOG(isolate(), IntEvent("check-maps-depth", depth + 1));
- if (!holder.is_identical_to(first) || check == CHECK_ALL_MAPS) {
+ if (depth != 0 || check == CHECK_ALL_MAPS) {
// Check the holder map.
- __ CheckMap(reg, Handle<Map>(holder->map()), miss, DONT_DO_SMI_CHECK);
+ __ CheckMap(reg, current_map, miss, DONT_DO_SMI_CHECK);
}
// Perform security check for access to the global object.
- ASSERT(holder->IsJSGlobalProxy() || !holder->IsAccessCheckNeeded());
- if (holder->IsJSGlobalProxy()) {
+ ASSERT(current_map->IsJSGlobalProxyMap() ||
+ !current_map->is_access_check_needed());
+ if (current_map->IsJSGlobalProxyMap()) {
__ CheckAccessGlobalProxy(reg, scratch1, scratch2, miss);
}
- // If we've skipped any global objects, it's not enough to verify that
- // their maps haven't changed. We also need to check that the property
- // cell for the property is still empty.
- GenerateCheckPropertyCells(masm(), object, holder, name, scratch1, miss);
-
// Return the register containing the holder.
return reg;
}
// Check that the maps haven't changed.
__ JumpIfSmi(edx, miss);
- CheckPrototypes(object, edx, holder, ebx, eax, edi, name, miss);
+ CheckPrototypes(IC::CurrentTypeOf(object, isolate()), edx, holder,
+ ebx, eax, edi, name, miss);
}
__ JumpIfSmi(edx, &miss);
// Do the right check and compute the holder register.
- Register reg = CheckPrototypes(object, edx, holder, ebx, eax, edi,
- name, &miss);
+ Register reg = CheckPrototypes(IC::CurrentTypeOf(object, isolate()), edx,
+ holder, ebx, eax, edi, name, &miss);
GenerateFastPropertyLoad(
masm(), edi, reg, index.is_inobject(holder),
// Check that the receiver isn't a smi.
__ JumpIfSmi(edx, &miss);
- CheckPrototypes(Handle<JSObject>::cast(object), edx, holder, ebx, eax, edi,
- name, &miss);
+ CheckPrototypes(IC::CurrentTypeOf(object, isolate()), edx, holder,
+ ebx, eax, edi, name, &miss);
} else {
ASSERT(cell->value() == *function);
GenerateGlobalReceiverCheck(Handle<JSObject>::cast(object), holder, name,
// Check that the receiver isn't a smi.
__ JumpIfSmi(edx, &miss);
- CheckPrototypes(Handle<JSObject>::cast(object), edx, holder, ebx, eax, edi,
- name, &miss);
+ CheckPrototypes(IC::CurrentTypeOf(object, isolate()), edx, holder,
+ ebx, eax, edi, name, &miss);
if (argc == 0) {
// Noop, return the length.
// Check that the receiver isn't a smi.
__ JumpIfSmi(edx, &miss);
- CheckPrototypes(Handle<JSObject>::cast(object), edx, holder, ebx, eax, edi,
- name, &miss);
+ CheckPrototypes(IC::CurrentTypeOf(object, isolate()), edx, holder,
+ ebx, eax, edi, name, &miss);
// Get the elements array of the object.
__ mov(ebx, FieldOperand(edx, JSArray::kElementsOffset));
eax,
&miss);
ASSERT(!object.is_identical_to(holder));
+ Handle<Object> prototype(object->GetPrototype(isolate()), isolate());
CheckPrototypes(
- Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
+ IC::CurrentTypeOf(prototype, isolate()),
eax, holder, ebx, edx, edi, name, &miss);
Register receiver = ebx;
eax,
&miss);
ASSERT(!object.is_identical_to(holder));
+ Handle<Object> prototype(object->GetPrototype(isolate()), isolate());
CheckPrototypes(
- Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
+ IC::CurrentTypeOf(prototype, isolate()),
eax, holder, ebx, edx, edi, name, &miss);
Register receiver = eax;
__ mov(edx, Operand(esp, 2 * kPointerSize));
STATIC_ASSERT(kSmiTag == 0);
__ JumpIfSmi(edx, &miss);
- CheckPrototypes(Handle<JSObject>::cast(object), edx, holder, ebx, eax, edi,
- name, &miss);
+ CheckPrototypes(IC::CurrentTypeOf(object, isolate()), edx, holder,
+ ebx, eax, edi, name, &miss);
} else {
ASSERT(cell->value() == *function);
GenerateGlobalReceiverCheck(Handle<JSObject>::cast(object), holder, name,
STATIC_ASSERT(kSmiTag == 0);
__ JumpIfSmi(edx, &miss);
- CheckPrototypes(Handle<JSObject>::cast(object), edx, holder, ebx, eax, edi,
- name, &miss);
+ CheckPrototypes(IC::CurrentTypeOf(object, isolate()), edx, holder,
+ ebx, eax, edi, name, &miss);
} else {
ASSERT(cell->value() == *function);
GenerateGlobalReceiverCheck(Handle<JSObject>::cast(object), holder, name,
STATIC_ASSERT(kSmiTag == 0);
__ JumpIfSmi(edx, &miss);
- CheckPrototypes(Handle<JSObject>::cast(object), edx, holder, ebx, eax, edi,
- name, &miss);
+ CheckPrototypes(IC::CurrentTypeOf(object, isolate()), edx, holder,
+ ebx, eax, edi, name, &miss);
} else {
ASSERT(cell->value() == *function);
GenerateGlobalReceiverCheck(Handle<JSObject>::cast(object), holder, name,
__ sub(esp, Immediate(kFastApiCallArguments * kPointerSize));
// Check that the maps haven't changed and find a Holder as a side effect.
- CheckPrototypes(Handle<JSObject>::cast(object), edx, holder, ebx, eax, edi,
- name, depth, &miss);
+ CheckPrototypes(IC::CurrentTypeOf(object, isolate()), edx, holder,
+ ebx, eax, edi, name, depth, &miss);
// Move the return address on top of the stack.
__ mov(eax, Operand(esp, kFastApiCallArguments * kPointerSize));
__ IncrementCounter(isolate()->counters()->call_const(), 1);
// Check that the maps haven't changed.
- CheckPrototypes(Handle<JSObject>::cast(object), edx, holder, ebx, eax,
- edi, name, &miss);
+ CheckPrototypes(IC::CurrentTypeOf(object, isolate()), edx, holder,
+ ebx, eax, edi, name, &miss);
// Patch the receiver on the stack with the global proxy if
// necessary.
}
break;
- case STRING_CHECK:
+ case STRING_CHECK: {
// Check that the object is a string.
__ CmpObjectType(edx, FIRST_NONSTRING_TYPE, eax);
__ j(above_equal, &miss);
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(
masm(), Context::STRING_FUNCTION_INDEX, eax, &miss);
+ Handle<Object> prototype(object->GetPrototype(isolate()), isolate());
CheckPrototypes(
- Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
+ IC::CurrentTypeOf(prototype, isolate()),
eax, holder, ebx, edx, edi, name, &miss);
break;
-
- case SYMBOL_CHECK:
+ }
+ case SYMBOL_CHECK: {
// Check that the object is a symbol.
__ CmpObjectType(edx, SYMBOL_TYPE, eax);
__ j(not_equal, &miss);
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(
masm(), Context::SYMBOL_FUNCTION_INDEX, eax, &miss);
+ Handle<Object> prototype(object->GetPrototype(isolate()), isolate());
CheckPrototypes(
- Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
+ IC::CurrentTypeOf(prototype, isolate()),
eax, holder, ebx, edx, edi, name, &miss);
break;
-
+ }
case NUMBER_CHECK: {
Label fast;
// Check that the object is a smi or a heap number.
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(
masm(), Context::NUMBER_FUNCTION_INDEX, eax, &miss);
+ Handle<Object> prototype(object->GetPrototype(isolate()), isolate());
CheckPrototypes(
- Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
+ IC::CurrentTypeOf(prototype, isolate()),
eax, holder, ebx, edx, edi, name, &miss);
break;
}
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(
masm(), Context::BOOLEAN_FUNCTION_INDEX, eax, &miss);
+ Handle<Object> prototype(object->GetPrototype(isolate()), isolate());
CheckPrototypes(
- Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
+ IC::CurrentTypeOf(prototype, isolate()),
eax, holder, ebx, edx, edi, name, &miss);
break;
}
}
return handle(JSObject::cast(constructor->instance_prototype())->map());
}
- return type->AsClass();
+ return TypeToMap(type, isolate);
}
: Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate())),
isolate());
- PatchCache(handle(Type::OfCurrently(cache_object), isolate()), name, code);
+ PatchCache(CurrentTypeOf(cache_object, isolate()), name, code);
TRACE_IC("CallIC", name);
}
// If the receiver type is already in the polymorphic IC, this indicates
// there was a prototoype chain failure. In that case, just overwrite the
// handler.
- } else if (type->Is(current_type)) {
+ } else if (type->IsCurrently(current_type)) {
ASSERT(handler_to_overwrite == -1);
number_of_valid_types--;
handler_to_overwrite = i;
}
+Handle<Type> IC::CurrentTypeOf(Handle<Object> object, Isolate* isolate) {
+ Type* type = object->IsJSGlobalObject()
+ ? Type::Constant(Handle<JSGlobalObject>::cast(object))
+ : Type::OfCurrently(object);
+ return handle(type, isolate);
+}
+
+
Handle<Map> IC::TypeToMap(Type* type, Isolate* isolate) {
if (type->Is(Type::Number())) return isolate->factory()->heap_number_map();
if (type->Is(Type::Boolean())) return isolate->factory()->oddball_map();
+ if (type->IsConstant()) {
+ return handle(Handle<JSGlobalObject>::cast(type->AsConstant())->map());
+ }
ASSERT(type->IsClass());
return type->AsClass();
}
code = ComputeHandler(lookup, object, name);
}
- PatchCache(handle(Type::OfCurrently(object), isolate()), name, code);
+ PatchCache(CurrentTypeOf(object, isolate()), name, code);
TRACE_IC("LoadIC", name);
}
Handle<Code> code = ComputeHandler(lookup, receiver, name, value);
- PatchCache(handle(Type::OfCurrently(receiver), isolate()), name, code);
+ PatchCache(CurrentTypeOf(receiver, isolate()), name, code);
TRACE_IC("StoreIC", name);
}
// - The oddball map is only used for booleans.
static Handle<Map> TypeToMap(Type* type, Isolate* isolate);
static Type* MapToType(Handle<Map> type);
+ static Handle<Type> CurrentTypeOf(Handle<Object> object, Isolate* isolate);
protected:
// Get the call-site target; used for determining the state.
bool IsJSObjectMap() {
return instance_type() >= FIRST_JS_OBJECT_TYPE;
}
+ bool IsJSGlobalProxyMap() {
+ return instance_type() == JS_GLOBAL_PROXY_TYPE;
+ }
+ bool IsJSGlobalObjectMap() {
+ return instance_type() == JS_GLOBAL_OBJECT_TYPE;
+ }
+ bool IsGlobalObjectMap() {
+ const InstanceType type = instance_type();
+ return type == JS_GLOBAL_OBJECT_TYPE || type == JS_BUILTINS_OBJECT_TYPE;
+ }
// Fires when the layout of an object with a leaf map changes.
// This includes adding transitions to the leaf map or changing
}
// Check that the maps starting from the prototype haven't changed.
- return CheckPrototypes(receiver, object_reg, holder,
- scratch1(), scratch2(), scratch3(),
- name, miss, check_type);
+ return CheckPrototypes(
+ IC::CurrentTypeOf(receiver, isolate()), object_reg, holder,
+ scratch1(), scratch2(), scratch3(), name, miss, check_type);
}
Handle<JSObject> holder,
Handle<Name> name,
Label* miss) {
- return CheckPrototypes(Handle<JSObject>::cast(object), object_reg, holder,
- this->name(), scratch1(), scratch2(),
- name, miss, SKIP_RECEIVER);
+ return CheckPrototypes(
+ IC::CurrentTypeOf(object, isolate()), object_reg, holder, this->name(),
+ scratch1(), scratch2(), name, miss, SKIP_RECEIVER);
}
Register scratch,
Label* miss);
- // Calls GenerateCheckPropertyCell for each global object in the prototype
- // chain from object to (but not including) holder.
- static void GenerateCheckPropertyCells(MacroAssembler* masm,
- Handle<JSObject> object,
- Handle<JSObject> holder,
- Handle<Name> name,
- Register scratch,
- Label* miss);
-
static void TailCallBuiltin(MacroAssembler* masm, Builtins::Name name);
// Generates code that verifies that the property holder has not changed
// The function can optionally (when save_at_depth !=
// kInvalidProtoDepth) save the object at the given depth by moving
// it to [esp + kPointerSize].
- Register CheckPrototypes(Handle<JSObject> object,
+ Register CheckPrototypes(Handle<Type> type,
Register object_reg,
Handle<JSObject> holder,
Register holder_reg,
Handle<Name> name,
Label* miss,
PrototypeCheckType check = CHECK_ALL_MAPS) {
- return CheckPrototypes(object, object_reg, holder, holder_reg, scratch1,
+ return CheckPrototypes(type, object_reg, holder, holder_reg, scratch1,
scratch2, name, kInvalidProtoDepth, miss, check);
}
- Register CheckPrototypes(Handle<JSObject> object,
+ Register CheckPrototypes(Handle<Type> type,
Register object_reg,
Handle<JSObject> holder,
Register holder_reg,
Label miss_cleanup;
Label* miss = can_do_fast_api_call ? &miss_cleanup : miss_label;
Register holder =
- stub_compiler_->CheckPrototypes(object, receiver, interceptor_holder,
- scratch1, scratch2, scratch3,
- name, depth1, miss);
+ stub_compiler_->CheckPrototypes(
+ IC::CurrentTypeOf(object, masm->isolate()), receiver,
+ interceptor_holder, scratch1, scratch2, scratch3,
+ name, depth1, miss);
// Invoke an interceptor and if it provides a value,
// branch to |regular_invoke|.
// Check that the maps from interceptor's holder to constant function's
// holder haven't changed and thus we can use cached constant function.
if (*interceptor_holder != lookup->holder()) {
- stub_compiler_->CheckPrototypes(interceptor_holder, receiver,
- Handle<JSObject>(lookup->holder()),
- scratch1, scratch2, scratch3,
- name, depth2, miss);
+ stub_compiler_->CheckPrototypes(
+ IC::CurrentTypeOf(interceptor_holder, masm->isolate()), receiver,
+ handle(lookup->holder()), scratch1, scratch2, scratch3,
+ name, depth2, miss);
} else {
// CheckPrototypes has a side effect of fetching a 'holder'
// for API (object which is instanceof for the signature). It's
Handle<JSObject> interceptor_holder,
Label* miss_label) {
Register holder =
- stub_compiler_->CheckPrototypes(object, receiver, interceptor_holder,
- scratch1, scratch2, scratch3,
- name, miss_label);
+ stub_compiler_->CheckPrototypes(
+ IC::CurrentTypeOf(object, masm->isolate()), receiver,
+ interceptor_holder, scratch1, scratch2, scratch3, name, miss_label);
FrameScope scope(masm, StackFrame::INTERNAL);
// Save the name_ register across the call.
}
-void StubCompiler::GenerateCheckPropertyCells(MacroAssembler* masm,
- Handle<JSObject> object,
- Handle<JSObject> holder,
- Handle<Name> name,
- Register scratch,
- Label* miss) {
- Handle<JSObject> current = object;
- while (!current.is_identical_to(holder)) {
- if (current->IsJSGlobalObject()) {
- GenerateCheckPropertyCell(masm,
- Handle<JSGlobalObject>::cast(current),
- name,
- scratch,
- miss);
- }
- current = Handle<JSObject>(JSObject::cast(current->GetPrototype()));
- }
-}
-
-
void StubCompiler::GenerateTailCall(MacroAssembler* masm, Handle<Code> code) {
__ jmp(code, RelocInfo::CODE_TARGET);
}
#define __ ACCESS_MASM((masm()))
-Register StubCompiler::CheckPrototypes(Handle<JSObject> object,
+Register StubCompiler::CheckPrototypes(Handle<Type> type,
Register object_reg,
Handle<JSObject> holder,
Register holder_reg,
int save_at_depth,
Label* miss,
PrototypeCheckType check) {
+ Handle<Map> receiver_map(IC::TypeToMap(*type, isolate()));
// Make sure that the type feedback oracle harvests the receiver map.
// TODO(svenpanne) Remove this hack when all ICs are reworked.
- __ Move(scratch1, Handle<Map>(object->map()));
+ __ Move(scratch1, receiver_map);
- Handle<JSObject> first = object;
// Make sure there's no overlap between holder and object registers.
ASSERT(!scratch1.is(object_reg) && !scratch1.is(holder_reg));
ASSERT(!scratch2.is(object_reg) && !scratch2.is(holder_reg)
__ movq(args.GetArgumentOperand(kHolderIndex), object_reg);
}
- // Check the maps in the prototype chain.
- // Traverse the prototype chain from the object and do map checks.
- Handle<JSObject> current = object;
- while (!current.is_identical_to(holder)) {
+ Handle<JSObject> current = Handle<JSObject>::null();
+ if (type->IsConstant()) current = Handle<JSObject>::cast(type->AsConstant());
+ Handle<JSObject> prototype = Handle<JSObject>::null();
+ Handle<Map> current_map = receiver_map;
+ Handle<Map> holder_map(holder->map());
+ // Traverse the prototype chain and check the maps in the prototype chain for
+ // fast and global objects or do negative lookup for normal objects.
+ while (!current_map.is_identical_to(holder_map)) {
++depth;
// Only global objects and objects that do not require access
// checks are allowed in stubs.
- ASSERT(current->IsJSGlobalProxy() || !current->IsAccessCheckNeeded());
+ ASSERT(current_map->IsJSGlobalProxyMap() ||
+ !current_map->is_access_check_needed());
- Handle<JSObject> prototype(JSObject::cast(current->GetPrototype()));
- if (!current->HasFastProperties() &&
- !current->IsJSGlobalObject() &&
- !current->IsJSGlobalProxy()) {
+ prototype = handle(JSObject::cast(current_map->prototype()));
+ if (current_map->is_dictionary_map() &&
+ !current_map->IsJSGlobalObjectMap() &&
+ !current_map->IsJSGlobalProxyMap()) {
if (!name->IsUniqueName()) {
ASSERT(name->IsString());
name = factory()->InternalizeString(Handle<String>::cast(name));
}
- ASSERT(current->property_dictionary()->FindEntry(*name) ==
+ ASSERT(current.is_null() ||
+ current->property_dictionary()->FindEntry(*name) ==
NameDictionary::kNotFound);
GenerateDictionaryNegativeLookup(masm(), miss, reg, name,
__ movq(reg, FieldOperand(scratch1, Map::kPrototypeOffset));
} else {
bool in_new_space = heap()->InNewSpace(*prototype);
- Handle<Map> current_map(current->map());
if (in_new_space) {
// Save the map in scratch1 for later.
__ movq(scratch1, FieldOperand(reg, HeapObject::kMapOffset));
}
- if (!current.is_identical_to(first) || check == CHECK_ALL_MAPS) {
+ if (depth != 1 || check == CHECK_ALL_MAPS) {
__ CheckMap(reg, current_map, miss, DONT_DO_SMI_CHECK);
}
// Check access rights to the global object. This has to happen after
// the map check so that we know that the object is actually a global
// object.
- if (current->IsJSGlobalProxy()) {
+ if (current_map->IsJSGlobalProxyMap()) {
__ CheckAccessGlobalProxy(reg, scratch2, miss);
+ } else if (current_map->IsJSGlobalObjectMap()) {
+ GenerateCheckPropertyCell(
+ masm(), Handle<JSGlobalObject>::cast(current), name,
+ scratch2, miss);
}
reg = holder_reg; // From now on the object will be in holder_reg.
// Go to the next object in the prototype chain.
current = prototype;
+ current_map = handle(current->map());
}
- ASSERT(current.is_identical_to(holder));
// Log the check depth.
LOG(isolate(), IntEvent("check-maps-depth", depth + 1));
- if (!holder.is_identical_to(first) || check == CHECK_ALL_MAPS) {
+ if (depth != 0 || check == CHECK_ALL_MAPS) {
// Check the holder map.
- __ CheckMap(reg, Handle<Map>(holder->map()), miss, DONT_DO_SMI_CHECK);
+ __ CheckMap(reg, current_map, miss, DONT_DO_SMI_CHECK);
}
// Perform security check for access to the global object.
- ASSERT(current->IsJSGlobalProxy() || !current->IsAccessCheckNeeded());
- if (current->IsJSGlobalProxy()) {
+ ASSERT(current_map->IsJSGlobalProxyMap() ||
+ !current_map->is_access_check_needed());
+ if (current_map->IsJSGlobalProxyMap()) {
__ CheckAccessGlobalProxy(reg, scratch1, miss);
}
- // If we've skipped any global objects, it's not enough to verify that
- // their maps haven't changed. We also need to check that the property
- // cell for the property is still empty.
- GenerateCheckPropertyCells(masm(), object, holder, name, scratch1, miss);
-
// Return the register containing the holder.
return reg;
}
// Check that the maps haven't changed.
__ JumpIfSmi(rdx, miss);
- CheckPrototypes(object, rdx, holder, rbx, rax, rdi, name, miss);
+ CheckPrototypes(IC::CurrentTypeOf(object, isolate()), rdx, holder,
+ rbx, rax, rdi, name, miss);
}
__ JumpIfSmi(rdx, &miss);
// Do the right check and compute the holder register.
- Register reg = CheckPrototypes(object, rdx, holder, rbx, rax, rdi,
- name, &miss);
+ Register reg = CheckPrototypes(IC::CurrentTypeOf(object, isolate()), rdx,
+ holder, rbx, rax, rdi, name, &miss);
GenerateFastPropertyLoad(masm(), rdi, reg, index.is_inobject(holder),
index.translate(holder), Representation::Tagged());
// Check that the receiver isn't a smi.
__ JumpIfSmi(rdx, &miss);
- CheckPrototypes(Handle<JSObject>::cast(object), rdx, holder, rbx, rax, rdi,
- name, &miss);
+ CheckPrototypes(IC::CurrentTypeOf(object, isolate()), rdx, holder,
+ rbx, rax, rdi, name, &miss);
} else {
ASSERT(cell->value() == *function);
GenerateGlobalReceiverCheck(Handle<JSObject>::cast(object), holder, name,
// Check that the receiver isn't a smi.
__ JumpIfSmi(rdx, &miss);
- CheckPrototypes(Handle<JSObject>::cast(object), rdx, holder, rbx, rax, rdi,
- name, &miss);
+ CheckPrototypes(IC::CurrentTypeOf(object, isolate()), rdx, holder,
+ rbx, rax, rdi, name, &miss);
if (argc == 0) {
// Noop, return the length.
// Check that the receiver isn't a smi.
__ JumpIfSmi(rdx, &miss);
- CheckPrototypes(Handle<JSObject>::cast(object), rdx, holder, rbx, rax, rdi,
- name, &miss);
+ CheckPrototypes(IC::CurrentTypeOf(object, isolate()), rdx, holder,
+ rbx, rax, rdi, name, &miss);
// Get the elements array of the object.
__ movq(rbx, FieldOperand(rdx, JSArray::kElementsOffset));
rax,
&miss);
ASSERT(!object.is_identical_to(holder));
+ Handle<Object> prototype(object->GetPrototype(isolate()), isolate());
CheckPrototypes(
- Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
+ IC::CurrentTypeOf(prototype, isolate()),
rax, holder, rbx, rdx, rdi, name, &miss);
Register receiver = rbx;
rax,
&miss);
ASSERT(!object.is_identical_to(holder));
+ Handle<Object> prototype(object->GetPrototype(isolate()), isolate());
CheckPrototypes(
- Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
+ IC::CurrentTypeOf(prototype, isolate()),
rax, holder, rbx, rdx, rdi, name, &miss);
Register receiver = rax;
if (cell.is_null()) {
__ movq(rdx, args.GetReceiverOperand());
__ JumpIfSmi(rdx, &miss);
- CheckPrototypes(Handle<JSObject>::cast(object), rdx, holder, rbx, rax, rdi,
- name, &miss);
+ CheckPrototypes(IC::CurrentTypeOf(object, isolate()), rdx, holder,
+ rbx, rax, rdi, name, &miss);
} else {
ASSERT(cell->value() == *function);
GenerateGlobalReceiverCheck(Handle<JSObject>::cast(object), holder, name,
STATIC_ASSERT(kSmiTag == 0);
__ JumpIfSmi(rdx, &miss);
- CheckPrototypes(Handle<JSObject>::cast(object), rdx, holder, rbx, rax, rdi,
- name, &miss);
+ CheckPrototypes(IC::CurrentTypeOf(object, isolate()), rdx, holder,
+ rbx, rax, rdi, name, &miss);
} else {
ASSERT(cell->value() == *function);
GenerateGlobalReceiverCheck(Handle<JSObject>::cast(object), holder, name,
if (cell.is_null()) {
__ movq(rdx, args.GetReceiverOperand());
__ JumpIfSmi(rdx, &miss);
- CheckPrototypes(Handle<JSObject>::cast(object), rdx, holder, rbx, rax, rdi,
- name, &miss);
+ CheckPrototypes(IC::CurrentTypeOf(object, isolate()), rdx, holder,
+ rbx, rax, rdi, name, &miss);
} else {
ASSERT(cell->value() == *function);
GenerateGlobalReceiverCheck(Handle<JSObject>::cast(object), holder, name,
__ subq(rsp, Immediate(kFastApiCallArguments * kPointerSize));
// Check that the maps haven't changed and find a Holder as a side effect.
- CheckPrototypes(Handle<JSObject>::cast(object), rdx, holder, rbx, rax, rdi,
- name, depth, &miss);
+ CheckPrototypes(IC::CurrentTypeOf(object, isolate()), rdx, holder,
+ rbx, rax, rdi, name, depth, &miss);
// Move the return address on top of the stack.
__ movq(rax,
__ IncrementCounter(counters->call_const(), 1);
// Check that the maps haven't changed.
- CheckPrototypes(Handle<JSObject>::cast(object), rdx, holder, rbx, rax,
- rdi, name, &miss);
+ CheckPrototypes(IC::CurrentTypeOf(object, isolate()), rdx, holder,
+ rbx, rax, rdi, name, &miss);
// Patch the receiver on the stack with the global proxy if
// necessary.
}
break;
- case STRING_CHECK:
+ case STRING_CHECK: {
// Check that the object is a string.
__ CmpObjectType(rdx, FIRST_NONSTRING_TYPE, rax);
__ j(above_equal, &miss);
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(
masm(), Context::STRING_FUNCTION_INDEX, rax, &miss);
+ Handle<Object> prototype(object->GetPrototype(isolate()), isolate());
CheckPrototypes(
- Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
+ IC::CurrentTypeOf(prototype, isolate()),
rax, holder, rbx, rdx, rdi, name, &miss);
break;
-
- case SYMBOL_CHECK:
+ }
+ case SYMBOL_CHECK: {
// Check that the object is a symbol.
__ CmpObjectType(rdx, SYMBOL_TYPE, rax);
__ j(not_equal, &miss);
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(
masm(), Context::SYMBOL_FUNCTION_INDEX, rax, &miss);
+ Handle<Object> prototype(object->GetPrototype(isolate()), isolate());
CheckPrototypes(
- Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
+ IC::CurrentTypeOf(prototype, isolate()),
rax, holder, rbx, rdx, rdi, name, &miss);
break;
-
+ }
case NUMBER_CHECK: {
Label fast;
// Check that the object is a smi or a heap number.
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(
masm(), Context::NUMBER_FUNCTION_INDEX, rax, &miss);
+ Handle<Object> prototype(object->GetPrototype(isolate()), isolate());
CheckPrototypes(
- Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
+ IC::CurrentTypeOf(prototype, isolate()),
rax, holder, rbx, rdx, rdi, name, &miss);
break;
}
// Check that the maps starting from the prototype haven't changed.
GenerateDirectLoadGlobalFunctionPrototype(
masm(), Context::BOOLEAN_FUNCTION_INDEX, rax, &miss);
+ Handle<Object> prototype(object->GetPrototype(isolate()), isolate());
CheckPrototypes(
- Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
+ IC::CurrentTypeOf(prototype, isolate()),
rax, holder, rbx, rdx, rdi, name, &miss);
break;
}
projects / platform / upstream / v8.git / commitdiff