From d0c5614f9de3ae983941cf5e47766204101bd794 Mon Sep 17 00:00:00 2001 From: "jkummerow@chromium.org" Date: Tue, 5 Nov 2013 11:01:31 +0000 Subject: [PATCH] Proper fix for the issue exposed by r17459 This reverts r17462 and instead fixes StubCache::ComputeLoadNonexistent by replacing s/IsGlobalObject/IsJSGlobalObject/ there. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/59103005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17474 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/arm/stub-cache-arm.cc | 12 ++++++------ src/ia32/stub-cache-ia32.cc | 12 ++++++------ src/ic.cc | 20 ++++++++------------ src/mips/stub-cache-mips.cc | 12 ++++++------ src/objects.cc | 4 ++-- src/objects.h | 8 ++++---- src/stub-cache.cc | 8 ++++---- src/stub-cache.h | 6 +++--- src/x64/stub-cache-x64.cc | 12 ++++++------ 9 files changed, 45 insertions(+), 49 deletions(-) diff --git a/src/arm/stub-cache-arm.cc b/src/arm/stub-cache-arm.cc index afb65a0..923011f 100644 --- a/src/arm/stub-cache-arm.cc +++ b/src/arm/stub-cache-arm.cc @@ -415,11 +415,11 @@ void StubCompiler::GenerateLoadFunctionPrototype(MacroAssembler* masm, // the property cell at compilation time if no cell exists for the // property. void StubCompiler::GenerateCheckPropertyCell(MacroAssembler* masm, - Handle global, + Handle global, Handle name, Register scratch, Label* miss) { - Handle cell = GlobalObject::EnsurePropertyCell(global, name); + Handle cell = JSGlobalObject::EnsurePropertyCell(global, name); ASSERT(cell->value()->IsTheHole()); __ mov(scratch, Operand(cell)); __ ldr(scratch, FieldMemOperand(scratch, Cell::kValueOffset)); @@ -437,7 +437,7 @@ void StoreStubCompiler::GenerateNegativeHolderLookup( Label* miss) { if (holder->IsJSGlobalObject()) { GenerateCheckPropertyCell( - masm, Handle::cast(holder), name, scratch1(), miss); + masm, Handle::cast(holder), name, scratch1(), miss); } else if (!holder->HasFastProperties() && !holder->IsJSGlobalProxy()) { GenerateDictionaryNegativeLookup( masm, miss, holder_reg, name, scratch1(), scratch2()); @@ -1160,9 +1160,9 @@ void StubCompiler::GenerateCheckPropertyCells(MacroAssembler* masm, Label* miss) { Handle current = object; while (!current.is_identical_to(holder)) { - if (current->IsGlobalObject()) { + if (current->IsJSGlobalObject()) { GenerateCheckPropertyCell(masm, - Handle::cast(current), + Handle::cast(current), name, scratch, miss); @@ -2913,7 +2913,7 @@ Handle LoadStubCompiler::CompileLoadNonexistent( Handle object, Handle last, Handle name, - Handle global) { + Handle global) { Label success; NonexistentHandlerFrontend(object, last, name, &success, global); diff --git a/src/ia32/stub-cache-ia32.cc b/src/ia32/stub-cache-ia32.cc index fda9c20..0648833 100644 --- a/src/ia32/stub-cache-ia32.cc +++ b/src/ia32/stub-cache-ia32.cc @@ -789,12 +789,12 @@ void StoreStubCompiler::GenerateRestoreName(MacroAssembler* masm, // the property cell at compilation time if no cell exists for the // property. void StubCompiler::GenerateCheckPropertyCell(MacroAssembler* masm, - Handle global, + Handle global, Handle name, Register scratch, Label* miss) { Handle cell = - GlobalObject::EnsurePropertyCell(global, name); + JSGlobalObject::EnsurePropertyCell(global, name); ASSERT(cell->value()->IsTheHole()); Handle the_hole = masm->isolate()->factory()->the_hole_value(); if (Serializer::enabled()) { @@ -816,7 +816,7 @@ void StoreStubCompiler::GenerateNegativeHolderLookup( Label* miss) { if (holder->IsJSGlobalObject()) { GenerateCheckPropertyCell( - masm, Handle::cast(holder), name, scratch1(), miss); + masm, Handle::cast(holder), name, scratch1(), miss); } else if (!holder->HasFastProperties() && !holder->IsJSGlobalProxy()) { GenerateDictionaryNegativeLookup( masm, miss, holder_reg, name, scratch1(), scratch2()); @@ -1126,9 +1126,9 @@ void StubCompiler::GenerateCheckPropertyCells(MacroAssembler* masm, Label* miss) { Handle current = object; while (!current.is_identical_to(holder)) { - if (current->IsGlobalObject()) { + if (current->IsJSGlobalObject()) { GenerateCheckPropertyCell(masm, - Handle::cast(current), + Handle::cast(current), name, scratch, miss); @@ -3023,7 +3023,7 @@ Handle LoadStubCompiler::CompileLoadNonexistent( Handle object, Handle last, Handle name, - Handle global) { + Handle global) { Label success; NonexistentHandlerFrontend(object, last, name, &success, global); diff --git a/src/ic.cc b/src/ic.cc index 11cd7ec..55d7ba9 100644 --- a/src/ic.cc +++ b/src/ic.cc @@ -370,18 +370,6 @@ void IC::TryRemoveInvalidHandlers(Handle map, Handle name) { void IC::UpdateState(Handle receiver, Handle name) { if (!name->IsString()) return; - - // The builtins object is special. It only changes when JavaScript - // builtins are loaded lazily. It is important to keep inline - // caches for the builtins object monomorphic. Therefore, if we get - // an inline cache miss for the builtins object after lazily loading - // JavaScript builtins, we return uninitialized as the state to - // force the inline cache back to monomorphic state. - if (receiver->IsJSBuiltinsObject()) { - state_ = UNINITIALIZED; - return; - } - if (state() != MONOMORPHIC) { if (state() == POLYMORPHIC && receiver->IsHeapObject()) { TryRemoveInvalidHandlers( @@ -399,6 +387,14 @@ void IC::UpdateState(Handle receiver, Handle name) { receiver, Handle::cast(name))) { return MarkMonomorphicPrototypeFailure(); } + + // The builtins object is special. It only changes when JavaScript + // builtins are loaded lazily. It is important to keep inline + // caches for the builtins object monomorphic. Therefore, if we get + // an inline cache miss for the builtins object after lazily loading + // JavaScript builtins, we return uninitialized as the state to + // force the inline cache back to monomorphic state. + if (receiver->IsJSBuiltinsObject()) state_ = UNINITIALIZED; } diff --git a/src/mips/stub-cache-mips.cc b/src/mips/stub-cache-mips.cc index 45c4812..68e2074 100644 --- a/src/mips/stub-cache-mips.cc +++ b/src/mips/stub-cache-mips.cc @@ -405,11 +405,11 @@ void StubCompiler::GenerateLoadFunctionPrototype(MacroAssembler* masm, void StubCompiler::GenerateCheckPropertyCell(MacroAssembler* masm, - Handle global, + Handle global, Handle name, Register scratch, Label* miss) { - Handle cell = GlobalObject::EnsurePropertyCell(global, name); + Handle cell = JSGlobalObject::EnsurePropertyCell(global, name); ASSERT(cell->value()->IsTheHole()); __ li(scratch, Operand(cell)); __ lw(scratch, FieldMemOperand(scratch, Cell::kValueOffset)); @@ -426,7 +426,7 @@ void StoreStubCompiler::GenerateNegativeHolderLookup( Label* miss) { if (holder->IsJSGlobalObject()) { GenerateCheckPropertyCell( - masm, Handle::cast(holder), name, scratch1(), miss); + masm, Handle::cast(holder), name, scratch1(), miss); } else if (!holder->HasFastProperties() && !holder->IsJSGlobalProxy()) { GenerateDictionaryNegativeLookup( masm, miss, holder_reg, name, scratch1(), scratch2()); @@ -1150,9 +1150,9 @@ void StubCompiler::GenerateCheckPropertyCells(MacroAssembler* masm, Label* miss) { Handle current = object; while (!current.is_identical_to(holder)) { - if (current->IsGlobalObject()) { + if (current->IsJSGlobalObject()) { GenerateCheckPropertyCell(masm, - Handle::cast(current), + Handle::cast(current), name, scratch, miss); @@ -2928,7 +2928,7 @@ Handle LoadStubCompiler::CompileLoadNonexistent( Handle object, Handle last, Handle name, - Handle global) { + Handle global) { Label success; NonexistentHandlerFrontend(object, last, name, &success, global); diff --git a/src/objects.cc b/src/objects.cc index 46da8a7..4cc0346 100644 --- a/src/objects.cc +++ b/src/objects.cc @@ -14752,8 +14752,8 @@ PropertyCell* GlobalObject::GetPropertyCell(LookupResult* result) { } -Handle GlobalObject::EnsurePropertyCell( - Handle global, +Handle JSGlobalObject::EnsurePropertyCell( + Handle global, Handle name) { ASSERT(!global->HasFastProperties()); int entry = global->property_dictionary()->FindEntry(*name); diff --git a/src/objects.h b/src/objects.h index 33f5396..e2f4350 100644 --- a/src/objects.h +++ b/src/objects.h @@ -7400,10 +7400,6 @@ class GlobalObject: public JSObject { return answer; } - // Ensure that the global object has a cell for the given property name. - static Handle EnsurePropertyCell(Handle global, - Handle name); - // Casting. static inline GlobalObject* cast(Object* obj); @@ -7425,6 +7421,10 @@ class JSGlobalObject: public GlobalObject { // Casting. static inline JSGlobalObject* cast(Object* obj); + // Ensure that the global object has a cell for the given property name. + static Handle EnsurePropertyCell(Handle global, + Handle name); + // Dispatched behavior. DECLARE_PRINTER(JSGlobalObject) DECLARE_VERIFIER(JSGlobalObject) diff --git a/src/stub-cache.cc b/src/stub-cache.cc index 751798d..1ec00d4 100644 --- a/src/stub-cache.cc +++ b/src/stub-cache.cc @@ -177,12 +177,12 @@ Handle StubCache::ComputeLoadNonexistent(Handle name, Handle cache_name = factory()->empty_string(); Handle current; Handle next = receiver; - Handle global; + Handle global; do { current = Handle::cast(next); next = Handle(current->GetPrototype(), isolate_); - if (current->IsGlobalObject()) { - global = Handle::cast(current); + if (current->IsJSGlobalObject()) { + global = Handle::cast(current); cache_name = name; } else if (!current->HasFastProperties()) { cache_name = name; @@ -1213,7 +1213,7 @@ void LoadStubCompiler::NonexistentHandlerFrontend( Handle last, Handle name, Label* success, - Handle global) { + Handle global) { Label miss; Register holder = diff --git a/src/stub-cache.h b/src/stub-cache.h index c481cc6..42685b2 100644 --- a/src/stub-cache.h +++ b/src/stub-cache.h @@ -485,7 +485,7 @@ class StubCompiler BASE_EMBEDDED { // the property cell at compilation time if no cell exists for the // property. static void GenerateCheckPropertyCell(MacroAssembler* masm, - Handle global, + Handle global, Handle name, Register scratch, Label* miss); @@ -703,7 +703,7 @@ class LoadStubCompiler: public BaseLoadStoreStubCompiler { Handle CompileLoadNonexistent(Handle object, Handle last, Handle name, - Handle global); + Handle global); Handle CompileLoadGlobal(Handle object, Handle holder, @@ -734,7 +734,7 @@ class LoadStubCompiler: public BaseLoadStoreStubCompiler { Handle last, Handle name, Label* success, - Handle global); + Handle global); void GenerateLoadField(Register reg, Handle holder, diff --git a/src/x64/stub-cache-x64.cc b/src/x64/stub-cache-x64.cc index 579ede5..28e2a89 100644 --- a/src/x64/stub-cache-x64.cc +++ b/src/x64/stub-cache-x64.cc @@ -774,12 +774,12 @@ void StoreStubCompiler::GenerateRestoreName(MacroAssembler* masm, void StubCompiler::GenerateCheckPropertyCell(MacroAssembler* masm, - Handle global, + Handle global, Handle name, Register scratch, Label* miss) { Handle cell = - GlobalObject::EnsurePropertyCell(global, name); + JSGlobalObject::EnsurePropertyCell(global, name); ASSERT(cell->value()->IsTheHole()); __ Move(scratch, cell); __ Cmp(FieldOperand(scratch, Cell::kValueOffset), @@ -796,7 +796,7 @@ void StoreStubCompiler::GenerateNegativeHolderLookup( Label* miss) { if (holder->IsJSGlobalObject()) { GenerateCheckPropertyCell( - masm, Handle::cast(holder), name, scratch1(), miss); + masm, Handle::cast(holder), name, scratch1(), miss); } else if (!holder->HasFastProperties() && !holder->IsJSGlobalProxy()) { GenerateDictionaryNegativeLookup( masm, miss, holder_reg, name, scratch1(), scratch2()); @@ -1055,9 +1055,9 @@ void StubCompiler::GenerateCheckPropertyCells(MacroAssembler* masm, Label* miss) { Handle current = object; while (!current.is_identical_to(holder)) { - if (current->IsGlobalObject()) { + if (current->IsJSGlobalObject()) { GenerateCheckPropertyCell(masm, - Handle::cast(current), + Handle::cast(current), name, scratch, miss); @@ -2928,7 +2928,7 @@ Handle LoadStubCompiler::CompileLoadNonexistent( Handle object, Handle last, Handle name, - Handle global) { + Handle global) { Label success; NonexistentHandlerFrontend(object, last, name, &success, global); -- 2.7.4