1 // Copyright 2012 the V8 project authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef V8_IC_IC_H_ 6 #define V8_IC_IC_H_ 7 8 #include <vector> 9 10 #include "src/common/message-template.h" 11 #include "src/execution/isolate.h" 12 #include "src/heap/factory.h" 13 #include "src/ic/stub-cache.h" 14 #include "src/objects/feedback-vector.h" 15 #include "src/objects/map.h" 16 #include "src/objects/maybe-object.h" 17 #include "src/objects/smi.h" 18 19 namespace v8 { 20 namespace internal { 21 22 enum class NamedPropertyType : bool { kNotOwn, kOwn }; 23 24 // 25 // IC is the base class for LoadIC, StoreIC, KeyedLoadIC, and KeyedStoreIC. 26 // 27 class IC { 28 public: 29 // Alias the inline cache state type to make the IC code more readable. 30 using State = InlineCacheState; 31 32 // Construct the IC structure with the given number of extra 33 // JavaScript frames on the stack. 34 IC(Isolate* isolate, Handle<FeedbackVector> vector, FeedbackSlot slot, 35 FeedbackSlotKind kind); 36 virtual ~IC() = default; 37 state()38 State state() const { return state_; } 39 40 // Compute the current IC state based on the target stub, lookup_start_object 41 // and name. 42 void UpdateState(Handle<Object> lookup_start_object, Handle<Object> name); 43 44 bool RecomputeHandlerForName(Handle<Object> name); MarkRecomputeHandler(Handle<Object> name)45 void MarkRecomputeHandler(Handle<Object> name) { 46 DCHECK(RecomputeHandlerForName(name)); 47 old_state_ = state_; 48 state_ = InlineCacheState::RECOMPUTE_HANDLER; 49 } 50 IsAnyHas()51 bool IsAnyHas() const { return IsKeyedHasIC(); } IsAnyLoad()52 bool IsAnyLoad() const { 53 return IsLoadIC() || IsLoadGlobalIC() || IsKeyedLoadIC(); 54 } IsAnyStore()55 bool IsAnyStore() const { 56 return IsSetNamedIC() || IsDefineNamedOwnIC() || IsStoreGlobalIC() || 57 IsKeyedStoreIC() || IsStoreInArrayLiteralICKind(kind()) || 58 IsDefineKeyedOwnIC(); 59 } IsAnyDefineOwn()60 bool IsAnyDefineOwn() const { 61 return IsDefineNamedOwnIC() || IsDefineKeyedOwnIC(); 62 } 63 64 static inline bool IsHandler(MaybeObject object); 65 66 // Nofity the IC system that a feedback has changed. 67 static void OnFeedbackChanged(Isolate* isolate, FeedbackVector vector, 68 FeedbackSlot slot, const char* reason); 69 70 void OnFeedbackChanged(const char* reason); 71 72 protected: set_slow_stub_reason(const char * reason)73 void set_slow_stub_reason(const char* reason) { slow_stub_reason_ = reason; } set_accessor(Handle<Object> accessor)74 void set_accessor(Handle<Object> accessor) { accessor_ = accessor; } accessor()75 MaybeHandle<Object> accessor() const { return accessor_; } 76 isolate()77 Isolate* isolate() const { return isolate_; } 78 is_vector_set()79 bool is_vector_set() { return vector_set_; } 80 inline bool vector_needs_update(); 81 82 inline Handle<Object> CodeHandler(Builtin builtin); 83 84 // Configure for most states. 85 bool ConfigureVectorState(IC::State new_state, Handle<Object> key); 86 // Configure the vector for MONOMORPHIC. 87 void ConfigureVectorState(Handle<Name> name, Handle<Map> map, 88 Handle<Object> handler); 89 void ConfigureVectorState(Handle<Name> name, Handle<Map> map, 90 const MaybeObjectHandle& handler); 91 // Configure the vector for POLYMORPHIC. 92 void ConfigureVectorState(Handle<Name> name, MapHandles const& maps, 93 MaybeObjectHandles* handlers); 94 void ConfigureVectorState( 95 Handle<Name> name, std::vector<MapAndHandler> const& maps_and_handlers); 96 97 char TransitionMarkFromState(IC::State state); 98 void TraceIC(const char* type, Handle<Object> name); 99 void TraceIC(const char* type, Handle<Object> name, State old_state, 100 State new_state); 101 102 MaybeHandle<Object> TypeError(MessageTemplate, Handle<Object> object, 103 Handle<Object> key); 104 MaybeHandle<Object> ReferenceError(Handle<Name> name); 105 106 void UpdateMonomorphicIC(const MaybeObjectHandle& handler, Handle<Name> name); 107 bool UpdateMegaDOMIC(const MaybeObjectHandle& handler, Handle<Name> name); 108 bool UpdatePolymorphicIC(Handle<Name> name, const MaybeObjectHandle& handler); 109 void UpdateMegamorphicCache(Handle<Map> map, Handle<Name> name, 110 const MaybeObjectHandle& handler); 111 112 StubCache* stub_cache(); 113 114 void CopyICToMegamorphicCache(Handle<Name> name); 115 bool IsTransitionOfMonomorphicTarget(Map source_map, Map target_map); 116 void SetCache(Handle<Name> name, Handle<Object> handler); 117 void SetCache(Handle<Name> name, const MaybeObjectHandle& handler); kind()118 FeedbackSlotKind kind() const { return kind_; } IsGlobalIC()119 bool IsGlobalIC() const { return IsLoadGlobalIC() || IsStoreGlobalIC(); } IsLoadIC()120 bool IsLoadIC() const { return IsLoadICKind(kind_); } IsLoadGlobalIC()121 bool IsLoadGlobalIC() const { return IsLoadGlobalICKind(kind_); } IsKeyedLoadIC()122 bool IsKeyedLoadIC() const { return IsKeyedLoadICKind(kind_); } IsStoreGlobalIC()123 bool IsStoreGlobalIC() const { return IsStoreGlobalICKind(kind_); } IsSetNamedIC()124 bool IsSetNamedIC() const { return IsSetNamedICKind(kind_); } IsDefineNamedOwnIC()125 bool IsDefineNamedOwnIC() const { return IsDefineNamedOwnICKind(kind_); } IsStoreInArrayLiteralIC()126 bool IsStoreInArrayLiteralIC() const { 127 return IsStoreInArrayLiteralICKind(kind_); 128 } IsKeyedStoreIC()129 bool IsKeyedStoreIC() const { return IsKeyedStoreICKind(kind_); } IsKeyedHasIC()130 bool IsKeyedHasIC() const { return IsKeyedHasICKind(kind_); } IsDefineKeyedOwnIC()131 bool IsDefineKeyedOwnIC() const { return IsDefineKeyedOwnICKind(kind_); } is_keyed()132 bool is_keyed() const { 133 return IsKeyedLoadIC() || IsKeyedStoreIC() || IsStoreInArrayLiteralIC() || 134 IsKeyedHasIC() || IsDefineKeyedOwnIC(); 135 } 136 bool ShouldRecomputeHandler(Handle<String> name); 137 lookup_start_object_map()138 Handle<Map> lookup_start_object_map() { return lookup_start_object_map_; } 139 inline void update_lookup_start_object_map(Handle<Object> object); 140 TargetMaps(MapHandles * list)141 void TargetMaps(MapHandles* list) { 142 FindTargetMaps(); 143 for (Handle<Map> map : target_maps_) { 144 list->push_back(map); 145 } 146 } 147 FirstTargetMap()148 Map FirstTargetMap() { 149 FindTargetMaps(); 150 return !target_maps_.empty() ? *target_maps_[0] : Map(); 151 } 152 nexus()153 const FeedbackNexus* nexus() const { return &nexus_; } nexus()154 FeedbackNexus* nexus() { return &nexus_; } 155 156 private: FindTargetMaps()157 void FindTargetMaps() { 158 if (target_maps_set_) return; 159 target_maps_set_ = true; 160 nexus()->ExtractMaps(&target_maps_); 161 } 162 163 Isolate* isolate_; 164 165 bool vector_set_; 166 State old_state_; // For saving if we marked as prototype failure. 167 State state_; 168 FeedbackSlotKind kind_; 169 Handle<Map> lookup_start_object_map_; 170 MaybeHandle<Object> accessor_; 171 MapHandles target_maps_; 172 bool target_maps_set_; 173 174 const char* slow_stub_reason_; 175 176 FeedbackNexus nexus_; 177 178 DISALLOW_IMPLICIT_CONSTRUCTORS(IC); 179 }; 180 181 class LoadIC : public IC { 182 public: LoadIC(Isolate * isolate,Handle<FeedbackVector> vector,FeedbackSlot slot,FeedbackSlotKind kind)183 LoadIC(Isolate* isolate, Handle<FeedbackVector> vector, FeedbackSlot slot, 184 FeedbackSlotKind kind) 185 : IC(isolate, vector, slot, kind) { 186 DCHECK(IsAnyLoad() || IsAnyHas()); 187 } 188 ShouldThrowReferenceError(FeedbackSlotKind kind)189 static bool ShouldThrowReferenceError(FeedbackSlotKind kind) { 190 return kind == FeedbackSlotKind::kLoadGlobalNotInsideTypeof; 191 } 192 ShouldThrowReferenceError()193 bool ShouldThrowReferenceError() const { 194 return ShouldThrowReferenceError(kind()); 195 } 196 197 // If receiver is empty, use object as the receiver. 198 V8_WARN_UNUSED_RESULT MaybeHandle<Object> Load( 199 Handle<Object> object, Handle<Name> name, bool update_feedback = true, 200 Handle<Object> receiver = Handle<Object>()); 201 202 protected: 203 // Update the inline cache and the global stub cache based on the 204 // lookup result. 205 void UpdateCaches(LookupIterator* lookup); 206 207 private: 208 Handle<Object> ComputeHandler(LookupIterator* lookup); 209 210 friend class IC; 211 friend class NamedLoadHandlerCompiler; 212 }; 213 214 class LoadGlobalIC : public LoadIC { 215 public: LoadGlobalIC(Isolate * isolate,Handle<FeedbackVector> vector,FeedbackSlot slot,FeedbackSlotKind kind)216 LoadGlobalIC(Isolate* isolate, Handle<FeedbackVector> vector, 217 FeedbackSlot slot, FeedbackSlotKind kind) 218 : LoadIC(isolate, vector, slot, kind) {} 219 220 V8_WARN_UNUSED_RESULT MaybeHandle<Object> Load(Handle<Name> name, 221 bool update_feedback = true); 222 }; 223 224 class KeyedLoadIC : public LoadIC { 225 public: KeyedLoadIC(Isolate * isolate,Handle<FeedbackVector> vector,FeedbackSlot slot,FeedbackSlotKind kind)226 KeyedLoadIC(Isolate* isolate, Handle<FeedbackVector> vector, 227 FeedbackSlot slot, FeedbackSlotKind kind) 228 : LoadIC(isolate, vector, slot, kind) {} 229 230 V8_WARN_UNUSED_RESULT MaybeHandle<Object> Load(Handle<Object> object, 231 Handle<Object> key); 232 233 protected: 234 V8_WARN_UNUSED_RESULT MaybeHandle<Object> RuntimeLoad(Handle<Object> object, 235 Handle<Object> key); 236 237 // receiver is HeapObject because it could be a String or a JSObject 238 void UpdateLoadElement(Handle<HeapObject> receiver, 239 KeyedAccessLoadMode load_mode); 240 241 private: 242 friend class IC; 243 244 Handle<Object> LoadElementHandler(Handle<Map> receiver_map, 245 KeyedAccessLoadMode load_mode); 246 247 void LoadElementPolymorphicHandlers(MapHandles* receiver_maps, 248 MaybeObjectHandles* handlers, 249 KeyedAccessLoadMode load_mode); 250 251 // Returns true if the receiver_map has a kElement or kIndexedString 252 // handler in the nexus currently but didn't yet allow out of bounds 253 // accesses. 254 bool CanChangeToAllowOutOfBounds(Handle<Map> receiver_map); 255 }; 256 257 class StoreIC : public IC { 258 public: StoreIC(Isolate * isolate,Handle<FeedbackVector> vector,FeedbackSlot slot,FeedbackSlotKind kind)259 StoreIC(Isolate* isolate, Handle<FeedbackVector> vector, FeedbackSlot slot, 260 FeedbackSlotKind kind) 261 : IC(isolate, vector, slot, kind) { 262 DCHECK(IsAnyStore()); 263 } 264 265 V8_WARN_UNUSED_RESULT MaybeHandle<Object> Store( 266 Handle<Object> object, Handle<Name> name, Handle<Object> value, 267 StoreOrigin store_origin = StoreOrigin::kNamed); 268 269 bool LookupForWrite(LookupIterator* it, Handle<Object> value, 270 StoreOrigin store_origin); 271 272 protected: 273 // Stub accessors. 274 // Update the inline cache and the global stub cache based on the 275 // lookup result. 276 void UpdateCaches(LookupIterator* lookup, Handle<Object> value, 277 StoreOrigin store_origin); 278 279 private: 280 MaybeObjectHandle ComputeHandler(LookupIterator* lookup); 281 282 friend class IC; 283 }; 284 285 class StoreGlobalIC : public StoreIC { 286 public: StoreGlobalIC(Isolate * isolate,Handle<FeedbackVector> vector,FeedbackSlot slot,FeedbackSlotKind kind)287 StoreGlobalIC(Isolate* isolate, Handle<FeedbackVector> vector, 288 FeedbackSlot slot, FeedbackSlotKind kind) 289 : StoreIC(isolate, vector, slot, kind) {} 290 291 V8_WARN_UNUSED_RESULT MaybeHandle<Object> Store(Handle<Name> name, 292 Handle<Object> value); 293 }; 294 295 enum KeyedStoreCheckMap { kDontCheckMap, kCheckMap }; 296 297 enum KeyedStoreIncrementLength { kDontIncrementLength, kIncrementLength }; 298 299 enum class TransitionMode { 300 kNoTransition, 301 kTransitionToDouble, 302 kTransitionToObject 303 }; 304 305 class KeyedStoreIC : public StoreIC { 306 public: GetKeyedAccessStoreMode()307 KeyedAccessStoreMode GetKeyedAccessStoreMode() { 308 return nexus()->GetKeyedAccessStoreMode(); 309 } 310 KeyedStoreIC(Isolate * isolate,Handle<FeedbackVector> vector,FeedbackSlot slot,FeedbackSlotKind kind)311 KeyedStoreIC(Isolate* isolate, Handle<FeedbackVector> vector, 312 FeedbackSlot slot, FeedbackSlotKind kind) 313 : StoreIC(isolate, vector, slot, kind) {} 314 315 V8_WARN_UNUSED_RESULT MaybeHandle<Object> Store(Handle<Object> object, 316 Handle<Object> name, 317 Handle<Object> value); 318 319 protected: 320 void UpdateStoreElement(Handle<Map> receiver_map, 321 KeyedAccessStoreMode store_mode, 322 Handle<Map> new_receiver_map); 323 324 private: 325 Handle<Map> ComputeTransitionedMap(Handle<Map> map, 326 TransitionMode transition_mode); 327 328 Handle<Object> StoreElementHandler( 329 Handle<Map> receiver_map, KeyedAccessStoreMode store_mode, 330 MaybeHandle<Object> prev_validity_cell = MaybeHandle<Object>()); 331 332 void StoreElementPolymorphicHandlers( 333 std::vector<MapAndHandler>* receiver_maps_and_handlers, 334 KeyedAccessStoreMode store_mode); 335 336 friend class IC; 337 }; 338 339 class StoreInArrayLiteralIC : public KeyedStoreIC { 340 public: StoreInArrayLiteralIC(Isolate * isolate,Handle<FeedbackVector> vector,FeedbackSlot slot)341 StoreInArrayLiteralIC(Isolate* isolate, Handle<FeedbackVector> vector, 342 FeedbackSlot slot) 343 : KeyedStoreIC(isolate, vector, slot, 344 FeedbackSlotKind::kStoreInArrayLiteral) { 345 DCHECK(IsStoreInArrayLiteralICKind(kind())); 346 } 347 348 MaybeHandle<Object> Store(Handle<JSArray> array, Handle<Object> index, 349 Handle<Object> value); 350 }; 351 352 } // namespace internal 353 } // namespace v8 354 355 #endif // V8_IC_IC_H_ 356