Reviewers: Toon Verwaest,
Message:
Committed patchset #1 manually as r19423 (tree was closed).
Description:
Revert r19409: "Allow ICs to be generated for own global proxy."
Causing Layout test crashes
[email protected]
Committed: https://code.google.com/p/v8/source/detail?r=19423
Please review this at https://codereview.chromium.org/170253002/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files (+27, -53 lines):
M src/code-stubs-hydrogen.cc
M src/code-stubs.h
M src/ic.cc
M src/isolate.cc
M src/objects-inl.h
M src/runtime.cc
Index: src/code-stubs-hydrogen.cc
diff --git a/src/code-stubs-hydrogen.cc b/src/code-stubs-hydrogen.cc
index
b7247eb6bf0bf4e78d0c90f3dc81c4365e819478..e1d11fb2147ec882e1466155f7b979f59edc42dd
100644
--- a/src/code-stubs-hydrogen.cc
+++ b/src/code-stubs-hydrogen.cc
@@ -1051,16 +1051,13 @@ HValue*
CodeStubGraphBuilder<StoreGlobalStub>::BuildCodeInitializedStub() {
Handle<PropertyCell> placeholder_cell =
isolate()->factory()->NewPropertyCell(placeholer_value);
+ HParameter* receiver = GetParameter(0);
HParameter* value = GetParameter(2);
- if (stub->check_global()) {
- // Check that the map of the global has not changed: use a placeholder
map
- // that will be replaced later with the global object's map.
- Handle<Map> placeholder_map = isolate()->factory()->meta_map();
- HValue* global = Add<HConstant>(
- StoreGlobalStub::global_placeholder(isolate()));
- Add<HCheckMaps>(global, placeholder_map, top_info());
- }
+ // Check that the map of the global has not changed: use a placeholder
map
+ // that will be replaced later with the global object's map.
+ Handle<Map> placeholder_map = isolate()->factory()->meta_map();
+ Add<HCheckMaps>(receiver, placeholder_map, top_info());
HValue* cell = Add<HConstant>(placeholder_cell);
HObjectAccess access(HObjectAccess::ForCellPayload(isolate()));
Index: src/code-stubs.h
diff --git a/src/code-stubs.h b/src/code-stubs.h
index
07e34be578b2a6533b5c2759b5281901af41043d..90e7c0ddaddb97d399f75e8de42c79abbaa679b6
100644
--- a/src/code-stubs.h
+++ b/src/code-stubs.h
@@ -954,27 +954,19 @@ class LoadFieldStub: public HandlerStub {
class StoreGlobalStub : public HandlerStub {
public:
- explicit StoreGlobalStub(bool is_constant, bool check_global) {
- bit_field_ = IsConstantBits::encode(is_constant) |
- CheckGlobalBits::encode(check_global);
- }
-
- static Handle<HeapObject> global_placeholder(Isolate* isolate) {
- return isolate->factory()->uninitialized_value();
+ explicit StoreGlobalStub(bool is_constant) {
+ bit_field_ = IsConstantBits::encode(is_constant);
}
Handle<Code> GetCodeCopyFromTemplate(Isolate* isolate,
- GlobalObject* global,
+ Map* receiver_map,
PropertyCell* cell) {
Handle<Code> code = CodeStub::GetCodeCopyFromTemplate(isolate);
- if (check_global()) {
- // Replace the placeholder cell and global object map with the actual
- // global cell and receiver map.
- code->ReplaceNthObject(1, global_placeholder(isolate)->map(),
global);
- code->ReplaceNthObject(1, isolate->heap()->meta_map(),
global->map());
- }
+ // Replace the placeholder cell and global object map with the actual
global
+ // cell and receiver map.
Map* cell_map = isolate->heap()->global_property_cell_map();
code->ReplaceNthObject(1, cell_map, cell);
+ code->ReplaceNthObject(1, isolate->heap()->meta_map(), receiver_map);
return code;
}
@@ -986,12 +978,9 @@ class StoreGlobalStub : public HandlerStub {
Isolate* isolate,
CodeStubInterfaceDescriptor* descriptor);
- bool is_constant() const {
+ bool is_constant() {
return IsConstantBits::decode(bit_field_);
}
- bool check_global() const {
- return CheckGlobalBits::decode(bit_field_);
- }
void set_is_constant(bool value) {
bit_field_ = IsConstantBits::update(bit_field_, value);
}
@@ -1008,7 +997,6 @@ class StoreGlobalStub : public HandlerStub {
class IsConstantBits: public BitField<bool, 0, 1> {};
class RepresentationBits: public BitField<Representation::Kind, 1, 8> {};
- class CheckGlobalBits: public BitField<bool, 9, 1> {};
DISALLOW_COPY_AND_ASSIGN(StoreGlobalStub);
};
Index: src/ic.cc
diff --git a/src/ic.cc b/src/ic.cc
index
dc9daffb82d5632968df5d6544c953da35ab0369..44bc2f2e6b4a56fad8e89fab7e997e58615f8073
100644
--- a/src/ic.cc
+++ b/src/ic.cc
@@ -1069,7 +1069,7 @@ MaybeObject* KeyedLoadIC::Load(Handle<Object> object,
Handle<Object> key) {
maybe_object = LoadIC::Load(object, Handle<String>::cast(key));
if (maybe_object->IsFailure()) return maybe_object;
} else if (FLAG_use_ic && !object->IsAccessCheckNeeded()) {
- ASSERT(!object->IsAccessCheckNeeded());
+ ASSERT(!object->IsJSGlobalProxy());
if (object->IsString() && key->IsNumber()) {
if (state() == UNINITIALIZED) stub = string_stub();
} else if (object->IsJSObject()) {
@@ -1122,9 +1122,7 @@ static bool LookupForWrite(Handle<JSObject> receiver,
}
if (lookup->IsPropertyCallbacks()) return true;
- // JSGlobalProxy either stores on the global object in the prototype,
or
- // goes into the runtime if access checks are needed, so this is always
- // safe.
+ // JSGlobalProxy always goes via the runtime, so it's safe to cache.
if (receiver->IsJSGlobalProxy()) return true;
// Currently normal holders in the prototype chain are not supported.
They
// would require a runtime positive lookup and verification that the
details
@@ -1311,7 +1309,7 @@ Handle<Code> StoreIC::CompileHandler(LookupResult*
lookup,
Handle<String> name,
Handle<Object> value,
InlineCacheHolderFlag cache_holder) {
- if (object->IsAccessCheckNeeded()) return slow_stub();
+ if (object->IsJSGlobalProxy()) return slow_stub();
ASSERT(cache_holder == OWN_MAP);
// This is currently guaranteed by checks in StoreIC::Store.
Handle<JSObject> receiver = Handle<JSObject>::cast(object);
@@ -1339,19 +1337,17 @@ Handle<Code> StoreIC::CompileHandler(LookupResult*
lookup,
}
case NORMAL:
if (kind() == Code::KEYED_STORE_IC) break;
- if (receiver->IsJSGlobalProxy() || receiver->IsGlobalObject()) {
+ if (receiver->IsGlobalObject()) {
// The stub generated for the global object picks the value
directly
// from the property cell. So the property must be directly on the
// global object.
- Handle<GlobalObject> global = receiver->IsJSGlobalProxy()
- ? handle(GlobalObject::cast(receiver->GetPrototype()))
- : Handle<GlobalObject>::cast(receiver);
+ Handle<GlobalObject> global = Handle<GlobalObject>::cast(receiver);
Handle<PropertyCell> cell(global->GetPropertyCell(lookup),
isolate());
Handle<HeapType> union_type = PropertyCell::UpdatedType(cell,
value);
- StoreGlobalStub stub(
- union_type->IsConstant(), receiver->IsJSGlobalProxy());
+ StoreGlobalStub stub(union_type->IsConstant());
+
Handle<Code> code = stub.GetCodeCopyFromTemplate(
- isolate(), *global, *cell);
+ isolate(), receiver->map(), *cell);
// TODO(verwaest): Move caching of these NORMAL stubs outside as
well.
HeapObject::UpdateMapCodeCache(receiver, name, code);
return code;
@@ -1688,7 +1684,7 @@ MaybeObject* KeyedStoreIC::Store(Handle<Object>
object,
}
if (use_ic) {
- ASSERT(!object->IsAccessCheckNeeded());
+ ASSERT(!object->IsJSGlobalProxy());
if (object->IsJSObject()) {
Handle<JSObject> receiver = Handle<JSObject>::cast(object);
Index: src/isolate.cc
diff --git a/src/isolate.cc b/src/isolate.cc
index
ca324603f79bdbbab5b62972c72ab84f948fb31d..a008b6a3c1c402fb747773f4bfade3490a6231df
100644
--- a/src/isolate.cc
+++ b/src/isolate.cc
@@ -778,7 +778,7 @@ static MayAccessDecision MayAccessPreCheck(Isolate*
isolate,
bool Isolate::MayNamedAccess(JSObject* receiver, Object* key,
v8::AccessType type) {
- ASSERT(receiver->IsJSGlobalProxy() || receiver->IsAccessCheckNeeded());
+ ASSERT(receiver->IsAccessCheckNeeded());
// The callers of this method are not expecting a GC.
DisallowHeapAllocation no_gc;
@@ -829,7 +829,7 @@ bool Isolate::MayNamedAccess(JSObject* receiver,
Object* key,
bool Isolate::MayIndexedAccess(JSObject* receiver,
uint32_t index,
v8::AccessType type) {
- ASSERT(receiver->IsJSGlobalProxy() || receiver->IsAccessCheckNeeded());
+ ASSERT(receiver->IsAccessCheckNeeded());
// Check for compatibility between the security tokens in the
// current lexical context and the accessed object.
ASSERT(context());
Index: src/objects-inl.h
diff --git a/src/objects-inl.h b/src/objects-inl.h
index
0cc0d094e16a568b1abccc9b802dcb226371bc97..4cdc073f3760971b5e41a808b8ce4e92049d91dd
100644
--- a/src/objects-inl.h
+++ b/src/objects-inl.h
@@ -927,8 +927,7 @@ bool Object::IsJSGlobalProxy() {
bool result = IsHeapObject() &&
(HeapObject::cast(this)->map()->instance_type() ==
JS_GLOBAL_PROXY_TYPE);
- ASSERT(!result ||
- HeapObject::cast(this)->map()->is_access_check_needed());
+ ASSERT(!result || IsAccessCheckNeeded());
return result;
}
@@ -953,14 +952,8 @@ bool Object::IsUndetectableObject() {
bool Object::IsAccessCheckNeeded() {
- if (!IsHeapObject()) return false;
- if (IsJSGlobalProxy()) {
- JSGlobalProxy* proxy = JSGlobalProxy::cast(this);
- GlobalObject* global =
- proxy->GetIsolate()->context()->global_object();
- return proxy->IsDetachedFrom(global);
- }
- return HeapObject::cast(this)->map()->is_access_check_needed();
+ return IsHeapObject()
+ && HeapObject::cast(this)->map()->is_access_check_needed();
}
Index: src/runtime.cc
diff --git a/src/runtime.cc b/src/runtime.cc
index
958675aa953004de08e40546e188191ccdd7bf41..3ab39abfcc7676d288c57bba9ff0d81672e6a51c
100644
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -14649,7 +14649,7 @@ RUNTIME_FUNCTION(MaybeObject*,
Runtime_IsAccessAllowedForObserver) {
ASSERT(args.length() == 3);
CONVERT_ARG_HANDLE_CHECKED(JSFunction, observer, 0);
CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 1);
- ASSERT(object->map()->is_access_check_needed());
+ ASSERT(object->IsAccessCheckNeeded());
Handle<Object> key = args.at<Object>(2);
SaveContext save(isolate);
isolate->set_context(observer->context());
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
