• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "src/v8.h"
6 
7 #if V8_TARGET_ARCH_MIPS
8 
9 #include "src/ic/call-optimization.h"
10 #include "src/ic/handler-compiler.h"
11 #include "src/ic/ic.h"
12 
13 namespace v8 {
14 namespace internal {
15 
16 #define __ ACCESS_MASM(masm)
17 
18 
GenerateLoadViaGetter(MacroAssembler * masm,Handle<HeapType> type,Register receiver,Handle<JSFunction> getter)19 void NamedLoadHandlerCompiler::GenerateLoadViaGetter(
20     MacroAssembler* masm, Handle<HeapType> type, Register receiver,
21     Handle<JSFunction> getter) {
22   // ----------- S t a t e -------------
23   //  -- a0    : receiver
24   //  -- a2    : name
25   //  -- ra    : return address
26   // -----------------------------------
27   {
28     FrameScope scope(masm, StackFrame::INTERNAL);
29 
30     if (!getter.is_null()) {
31       // Call the JavaScript getter with the receiver on the stack.
32       if (IC::TypeToMap(*type, masm->isolate())->IsJSGlobalObjectMap()) {
33         // Swap in the global receiver.
34         __ lw(receiver,
35               FieldMemOperand(receiver, JSGlobalObject::kGlobalProxyOffset));
36       }
37       __ push(receiver);
38       ParameterCount actual(0);
39       ParameterCount expected(getter);
40       __ InvokeFunction(getter, expected, actual, CALL_FUNCTION,
41                         NullCallWrapper());
42     } else {
43       // If we generate a global code snippet for deoptimization only, remember
44       // the place to continue after deoptimization.
45       masm->isolate()->heap()->SetGetterStubDeoptPCOffset(masm->pc_offset());
46     }
47 
48     // Restore context register.
49     __ lw(cp, MemOperand(fp, StandardFrameConstants::kContextOffset));
50   }
51   __ Ret();
52 }
53 
54 
GenerateStoreViaSetter(MacroAssembler * masm,Handle<HeapType> type,Register receiver,Handle<JSFunction> setter)55 void NamedStoreHandlerCompiler::GenerateStoreViaSetter(
56     MacroAssembler* masm, Handle<HeapType> type, Register receiver,
57     Handle<JSFunction> setter) {
58   // ----------- S t a t e -------------
59   //  -- ra    : return address
60   // -----------------------------------
61   {
62     FrameScope scope(masm, StackFrame::INTERNAL);
63 
64     // Save value register, so we can restore it later.
65     __ push(value());
66 
67     if (!setter.is_null()) {
68       // Call the JavaScript setter with receiver and value on the stack.
69       if (IC::TypeToMap(*type, masm->isolate())->IsJSGlobalObjectMap()) {
70         // Swap in the global receiver.
71         __ lw(receiver,
72               FieldMemOperand(receiver, JSGlobalObject::kGlobalProxyOffset));
73       }
74       __ Push(receiver, value());
75       ParameterCount actual(1);
76       ParameterCount expected(setter);
77       __ InvokeFunction(setter, expected, actual, CALL_FUNCTION,
78                         NullCallWrapper());
79     } else {
80       // If we generate a global code snippet for deoptimization only, remember
81       // the place to continue after deoptimization.
82       masm->isolate()->heap()->SetSetterStubDeoptPCOffset(masm->pc_offset());
83     }
84 
85     // We have to return the passed value, not the return value of the setter.
86     __ pop(v0);
87 
88     // Restore context register.
89     __ lw(cp, MemOperand(fp, StandardFrameConstants::kContextOffset));
90   }
91   __ Ret();
92 }
93 
94 
GenerateDictionaryNegativeLookup(MacroAssembler * masm,Label * miss_label,Register receiver,Handle<Name> name,Register scratch0,Register scratch1)95 void PropertyHandlerCompiler::GenerateDictionaryNegativeLookup(
96     MacroAssembler* masm, Label* miss_label, Register receiver,
97     Handle<Name> name, Register scratch0, Register scratch1) {
98   DCHECK(name->IsUniqueName());
99   DCHECK(!receiver.is(scratch0));
100   Counters* counters = masm->isolate()->counters();
101   __ IncrementCounter(counters->negative_lookups(), 1, scratch0, scratch1);
102   __ IncrementCounter(counters->negative_lookups_miss(), 1, scratch0, scratch1);
103 
104   Label done;
105 
106   const int kInterceptorOrAccessCheckNeededMask =
107   (1 << Map::kHasNamedInterceptor) | (1 << Map::kIsAccessCheckNeeded);
108 
109   // Bail out if the receiver has a named interceptor or requires access checks.
110   Register map = scratch1;
111   __ lw(map, FieldMemOperand(receiver, HeapObject::kMapOffset));
112   __ lbu(scratch0, FieldMemOperand(map, Map::kBitFieldOffset));
113   __ And(scratch0, scratch0, Operand(kInterceptorOrAccessCheckNeededMask));
114   __ Branch(miss_label, ne, scratch0, Operand(zero_reg));
115 
116   // Check that receiver is a JSObject.
117   __ lbu(scratch0, FieldMemOperand(map, Map::kInstanceTypeOffset));
118   __ Branch(miss_label, lt, scratch0, Operand(FIRST_SPEC_OBJECT_TYPE));
119 
120   // Load properties array.
121   Register properties = scratch0;
122   __ lw(properties, FieldMemOperand(receiver, JSObject::kPropertiesOffset));
123   // Check that the properties array is a dictionary.
124   __ lw(map, FieldMemOperand(properties, HeapObject::kMapOffset));
125   Register tmp = properties;
126   __ LoadRoot(tmp, Heap::kHashTableMapRootIndex);
127   __ Branch(miss_label, ne, map, Operand(tmp));
128 
129   // Restore the temporarily used register.
130   __ lw(properties, FieldMemOperand(receiver, JSObject::kPropertiesOffset));
131 
132 
133   NameDictionaryLookupStub::GenerateNegativeLookup(
134       masm, miss_label, &done, receiver, properties, name, scratch1);
135   __ bind(&done);
136   __ DecrementCounter(counters->negative_lookups_miss(), 1, scratch0, scratch1);
137 }
138 
139 
GenerateDirectLoadGlobalFunctionPrototype(MacroAssembler * masm,int index,Register prototype,Label * miss)140 void NamedLoadHandlerCompiler::GenerateDirectLoadGlobalFunctionPrototype(
141     MacroAssembler* masm, int index, Register prototype, Label* miss) {
142   Isolate* isolate = masm->isolate();
143   // Get the global function with the given index.
144   Handle<JSFunction> function(
145       JSFunction::cast(isolate->native_context()->get(index)));
146 
147   // Check we're still in the same context.
148   Register scratch = prototype;
149   const int offset = Context::SlotOffset(Context::GLOBAL_OBJECT_INDEX);
150   __ lw(scratch, MemOperand(cp, offset));
151   __ lw(scratch, FieldMemOperand(scratch, GlobalObject::kNativeContextOffset));
152   __ lw(scratch, MemOperand(scratch, Context::SlotOffset(index)));
153   __ li(at, function);
154   __ Branch(miss, ne, at, Operand(scratch));
155 
156   // Load its initial map. The global functions all have initial maps.
157   __ li(prototype, Handle<Map>(function->initial_map()));
158   // Load the prototype from the initial map.
159   __ lw(prototype, FieldMemOperand(prototype, Map::kPrototypeOffset));
160 }
161 
162 
GenerateLoadFunctionPrototype(MacroAssembler * masm,Register receiver,Register scratch1,Register scratch2,Label * miss_label)163 void NamedLoadHandlerCompiler::GenerateLoadFunctionPrototype(
164     MacroAssembler* masm, Register receiver, Register scratch1,
165     Register scratch2, Label* miss_label) {
166   __ TryGetFunctionPrototype(receiver, scratch1, scratch2, miss_label);
167   __ Ret(USE_DELAY_SLOT);
168   __ mov(v0, scratch1);
169 }
170 
171 
172 // Generate code to check that a global property cell is empty. Create
173 // the property cell at compilation time if no cell exists for the
174 // property.
GenerateCheckPropertyCell(MacroAssembler * masm,Handle<JSGlobalObject> global,Handle<Name> name,Register scratch,Label * miss)175 void PropertyHandlerCompiler::GenerateCheckPropertyCell(
176     MacroAssembler* masm, Handle<JSGlobalObject> global, Handle<Name> name,
177     Register scratch, Label* miss) {
178   Handle<Cell> cell = JSGlobalObject::EnsurePropertyCell(global, name);
179   DCHECK(cell->value()->IsTheHole());
180   __ li(scratch, Operand(cell));
181   __ lw(scratch, FieldMemOperand(scratch, Cell::kValueOffset));
182   __ LoadRoot(at, Heap::kTheHoleValueRootIndex);
183   __ Branch(miss, ne, scratch, Operand(at));
184 }
185 
186 
PushInterceptorArguments(MacroAssembler * masm,Register receiver,Register holder,Register name,Handle<JSObject> holder_obj)187 static void PushInterceptorArguments(MacroAssembler* masm, Register receiver,
188                                      Register holder, Register name,
189                                      Handle<JSObject> holder_obj) {
190   STATIC_ASSERT(NamedLoadHandlerCompiler::kInterceptorArgsNameIndex == 0);
191   STATIC_ASSERT(NamedLoadHandlerCompiler::kInterceptorArgsInfoIndex == 1);
192   STATIC_ASSERT(NamedLoadHandlerCompiler::kInterceptorArgsThisIndex == 2);
193   STATIC_ASSERT(NamedLoadHandlerCompiler::kInterceptorArgsHolderIndex == 3);
194   STATIC_ASSERT(NamedLoadHandlerCompiler::kInterceptorArgsLength == 4);
195   __ push(name);
196   Handle<InterceptorInfo> interceptor(holder_obj->GetNamedInterceptor());
197   DCHECK(!masm->isolate()->heap()->InNewSpace(*interceptor));
198   Register scratch = name;
199   __ li(scratch, Operand(interceptor));
200   __ Push(scratch, receiver, holder);
201 }
202 
203 
CompileCallLoadPropertyWithInterceptor(MacroAssembler * masm,Register receiver,Register holder,Register name,Handle<JSObject> holder_obj,IC::UtilityId id)204 static void CompileCallLoadPropertyWithInterceptor(
205     MacroAssembler* masm, Register receiver, Register holder, Register name,
206     Handle<JSObject> holder_obj, IC::UtilityId id) {
207   PushInterceptorArguments(masm, receiver, holder, name, holder_obj);
208   __ CallExternalReference(ExternalReference(IC_Utility(id), masm->isolate()),
209                            NamedLoadHandlerCompiler::kInterceptorArgsLength);
210 }
211 
212 
213 // Generate call to api function.
GenerateFastApiCall(MacroAssembler * masm,const CallOptimization & optimization,Handle<Map> receiver_map,Register receiver,Register scratch_in,bool is_store,int argc,Register * values)214 void PropertyHandlerCompiler::GenerateFastApiCall(
215     MacroAssembler* masm, const CallOptimization& optimization,
216     Handle<Map> receiver_map, Register receiver, Register scratch_in,
217     bool is_store, int argc, Register* values) {
218   DCHECK(!receiver.is(scratch_in));
219   // Preparing to push, adjust sp.
220   __ Subu(sp, sp, Operand((argc + 1) * kPointerSize));
221   __ sw(receiver, MemOperand(sp, argc * kPointerSize));  // Push receiver.
222   // Write the arguments to stack frame.
223   for (int i = 0; i < argc; i++) {
224     Register arg = values[argc - 1 - i];
225     DCHECK(!receiver.is(arg));
226     DCHECK(!scratch_in.is(arg));
227     __ sw(arg, MemOperand(sp, (argc - 1 - i) * kPointerSize));  // Push arg.
228   }
229   DCHECK(optimization.is_simple_api_call());
230 
231   // Abi for CallApiFunctionStub.
232   Register callee = a0;
233   Register call_data = t0;
234   Register holder = a2;
235   Register api_function_address = a1;
236 
237   // Put holder in place.
238   CallOptimization::HolderLookup holder_lookup;
239   Handle<JSObject> api_holder =
240       optimization.LookupHolderOfExpectedType(receiver_map, &holder_lookup);
241   switch (holder_lookup) {
242     case CallOptimization::kHolderIsReceiver:
243       __ Move(holder, receiver);
244       break;
245     case CallOptimization::kHolderFound:
246       __ li(holder, api_holder);
247       break;
248     case CallOptimization::kHolderNotFound:
249       UNREACHABLE();
250       break;
251   }
252 
253   Isolate* isolate = masm->isolate();
254   Handle<JSFunction> function = optimization.constant_function();
255   Handle<CallHandlerInfo> api_call_info = optimization.api_call_info();
256   Handle<Object> call_data_obj(api_call_info->data(), isolate);
257 
258   // Put callee in place.
259   __ li(callee, function);
260 
261   bool call_data_undefined = false;
262   // Put call_data in place.
263   if (isolate->heap()->InNewSpace(*call_data_obj)) {
264     __ li(call_data, api_call_info);
265     __ lw(call_data, FieldMemOperand(call_data, CallHandlerInfo::kDataOffset));
266   } else if (call_data_obj->IsUndefined()) {
267     call_data_undefined = true;
268     __ LoadRoot(call_data, Heap::kUndefinedValueRootIndex);
269   } else {
270     __ li(call_data, call_data_obj);
271   }
272   // Put api_function_address in place.
273   Address function_address = v8::ToCData<Address>(api_call_info->callback());
274   ApiFunction fun(function_address);
275   ExternalReference::Type type = ExternalReference::DIRECT_API_CALL;
276   ExternalReference ref = ExternalReference(&fun, type, masm->isolate());
277   __ li(api_function_address, Operand(ref));
278 
279   // Jump to stub.
280   CallApiFunctionStub stub(isolate, is_store, call_data_undefined, argc);
281   __ TailCallStub(&stub);
282 }
283 
284 
GenerateSlow(MacroAssembler * masm)285 void NamedStoreHandlerCompiler::GenerateSlow(MacroAssembler* masm) {
286   // Push receiver, key and value for runtime call.
287   __ Push(StoreDescriptor::ReceiverRegister(), StoreDescriptor::NameRegister(),
288           StoreDescriptor::ValueRegister());
289 
290   // The slow case calls into the runtime to complete the store without causing
291   // an IC miss that would otherwise cause a transition to the generic stub.
292   ExternalReference ref =
293       ExternalReference(IC_Utility(IC::kStoreIC_Slow), masm->isolate());
294   __ TailCallExternalReference(ref, 3, 1);
295 }
296 
297 
GenerateStoreSlow(MacroAssembler * masm)298 void ElementHandlerCompiler::GenerateStoreSlow(MacroAssembler* masm) {
299   // Push receiver, key and value for runtime call.
300   __ Push(StoreDescriptor::ReceiverRegister(), StoreDescriptor::NameRegister(),
301           StoreDescriptor::ValueRegister());
302 
303   // The slow case calls into the runtime to complete the store without causing
304   // an IC miss that would otherwise cause a transition to the generic stub.
305   ExternalReference ref =
306       ExternalReference(IC_Utility(IC::kKeyedStoreIC_Slow), masm->isolate());
307   __ TailCallExternalReference(ref, 3, 1);
308 }
309 
310 
311 #undef __
312 #define __ ACCESS_MASM(masm())
313 
314 
GenerateRestoreName(Label * label,Handle<Name> name)315 void NamedStoreHandlerCompiler::GenerateRestoreName(Label* label,
316                                                     Handle<Name> name) {
317   if (!label->is_unused()) {
318     __ bind(label);
319     __ li(this->name(), Operand(name));
320   }
321 }
322 
323 
324 // Generate StoreTransition code, value is passed in a0 register.
325 // After executing generated code, the receiver_reg and name_reg
326 // may be clobbered.
GenerateStoreTransition(Handle<Map> transition,Handle<Name> name,Register receiver_reg,Register storage_reg,Register value_reg,Register scratch1,Register scratch2,Register scratch3,Label * miss_label,Label * slow)327 void NamedStoreHandlerCompiler::GenerateStoreTransition(
328     Handle<Map> transition, Handle<Name> name, Register receiver_reg,
329     Register storage_reg, Register value_reg, Register scratch1,
330     Register scratch2, Register scratch3, Label* miss_label, Label* slow) {
331   // a0 : value.
332   Label exit;
333 
334   int descriptor = transition->LastAdded();
335   DescriptorArray* descriptors = transition->instance_descriptors();
336   PropertyDetails details = descriptors->GetDetails(descriptor);
337   Representation representation = details.representation();
338   DCHECK(!representation.IsNone());
339 
340   if (details.type() == CONSTANT) {
341     Handle<Object> constant(descriptors->GetValue(descriptor), isolate());
342     __ li(scratch1, constant);
343     __ Branch(miss_label, ne, value_reg, Operand(scratch1));
344   } else if (representation.IsSmi()) {
345     __ JumpIfNotSmi(value_reg, miss_label);
346   } else if (representation.IsHeapObject()) {
347     __ JumpIfSmi(value_reg, miss_label);
348     HeapType* field_type = descriptors->GetFieldType(descriptor);
349     HeapType::Iterator<Map> it = field_type->Classes();
350     Handle<Map> current;
351     if (!it.Done()) {
352       __ lw(scratch1, FieldMemOperand(value_reg, HeapObject::kMapOffset));
353       Label do_store;
354       while (true) {
355         // Do the CompareMap() directly within the Branch() functions.
356         current = it.Current();
357         it.Advance();
358         if (it.Done()) {
359           __ Branch(miss_label, ne, scratch1, Operand(current));
360           break;
361         }
362         __ Branch(&do_store, eq, scratch1, Operand(current));
363       }
364       __ bind(&do_store);
365     }
366   } else if (representation.IsDouble()) {
367     Label do_store, heap_number;
368     __ LoadRoot(scratch3, Heap::kMutableHeapNumberMapRootIndex);
369     __ AllocateHeapNumber(storage_reg, scratch1, scratch2, scratch3, slow,
370                           TAG_RESULT, MUTABLE);
371 
372     __ JumpIfNotSmi(value_reg, &heap_number);
373     __ SmiUntag(scratch1, value_reg);
374     __ mtc1(scratch1, f6);
375     __ cvt_d_w(f4, f6);
376     __ jmp(&do_store);
377 
378     __ bind(&heap_number);
379     __ CheckMap(value_reg, scratch1, Heap::kHeapNumberMapRootIndex, miss_label,
380                 DONT_DO_SMI_CHECK);
381     __ ldc1(f4, FieldMemOperand(value_reg, HeapNumber::kValueOffset));
382 
383     __ bind(&do_store);
384     __ sdc1(f4, FieldMemOperand(storage_reg, HeapNumber::kValueOffset));
385   }
386 
387   // Stub never generated for objects that require access checks.
388   DCHECK(!transition->is_access_check_needed());
389 
390   // Perform map transition for the receiver if necessary.
391   if (details.type() == FIELD &&
392       Map::cast(transition->GetBackPointer())->unused_property_fields() == 0) {
393     // The properties must be extended before we can store the value.
394     // We jump to a runtime call that extends the properties array.
395     __ push(receiver_reg);
396     __ li(a2, Operand(transition));
397     __ Push(a2, a0);
398     __ TailCallExternalReference(
399         ExternalReference(IC_Utility(IC::kSharedStoreIC_ExtendStorage),
400                           isolate()),
401         3, 1);
402     return;
403   }
404 
405   // Update the map of the object.
406   __ li(scratch1, Operand(transition));
407   __ sw(scratch1, FieldMemOperand(receiver_reg, HeapObject::kMapOffset));
408 
409   // Update the write barrier for the map field.
410   __ RecordWriteField(receiver_reg, HeapObject::kMapOffset, scratch1, scratch2,
411                       kRAHasNotBeenSaved, kDontSaveFPRegs, OMIT_REMEMBERED_SET,
412                       OMIT_SMI_CHECK);
413 
414   if (details.type() == CONSTANT) {
415     DCHECK(value_reg.is(a0));
416     __ Ret(USE_DELAY_SLOT);
417     __ mov(v0, a0);
418     return;
419   }
420 
421   int index = transition->instance_descriptors()->GetFieldIndex(
422       transition->LastAdded());
423 
424   // Adjust for the number of properties stored in the object. Even in the
425   // face of a transition we can use the old map here because the size of the
426   // object and the number of in-object properties is not going to change.
427   index -= transition->inobject_properties();
428 
429   // TODO(verwaest): Share this code as a code stub.
430   SmiCheck smi_check =
431       representation.IsTagged() ? INLINE_SMI_CHECK : OMIT_SMI_CHECK;
432   if (index < 0) {
433     // Set the property straight into the object.
434     int offset = transition->instance_size() + (index * kPointerSize);
435     if (representation.IsDouble()) {
436       __ sw(storage_reg, FieldMemOperand(receiver_reg, offset));
437     } else {
438       __ sw(value_reg, FieldMemOperand(receiver_reg, offset));
439     }
440 
441     if (!representation.IsSmi()) {
442       // Update the write barrier for the array address.
443       if (!representation.IsDouble()) {
444         __ mov(storage_reg, value_reg);
445       }
446       __ RecordWriteField(receiver_reg, offset, storage_reg, scratch1,
447                           kRAHasNotBeenSaved, kDontSaveFPRegs,
448                           EMIT_REMEMBERED_SET, smi_check);
449     }
450   } else {
451     // Write to the properties array.
452     int offset = index * kPointerSize + FixedArray::kHeaderSize;
453     // Get the properties array
454     __ lw(scratch1, FieldMemOperand(receiver_reg, JSObject::kPropertiesOffset));
455     if (representation.IsDouble()) {
456       __ sw(storage_reg, FieldMemOperand(scratch1, offset));
457     } else {
458       __ sw(value_reg, FieldMemOperand(scratch1, offset));
459     }
460 
461     if (!representation.IsSmi()) {
462       // Update the write barrier for the array address.
463       if (!representation.IsDouble()) {
464         __ mov(storage_reg, value_reg);
465       }
466       __ RecordWriteField(scratch1, offset, storage_reg, receiver_reg,
467                           kRAHasNotBeenSaved, kDontSaveFPRegs,
468                           EMIT_REMEMBERED_SET, smi_check);
469     }
470   }
471 
472   // Return the value (register v0).
473   DCHECK(value_reg.is(a0));
474   __ bind(&exit);
475   __ Ret(USE_DELAY_SLOT);
476   __ mov(v0, a0);
477 }
478 
479 
GenerateStoreField(LookupIterator * lookup,Register value_reg,Label * miss_label)480 void NamedStoreHandlerCompiler::GenerateStoreField(LookupIterator* lookup,
481                                                    Register value_reg,
482                                                    Label* miss_label) {
483   DCHECK(lookup->representation().IsHeapObject());
484   __ JumpIfSmi(value_reg, miss_label);
485   HeapType::Iterator<Map> it = lookup->GetFieldType()->Classes();
486   __ lw(scratch1(), FieldMemOperand(value_reg, HeapObject::kMapOffset));
487   Label do_store;
488   Handle<Map> current;
489   while (true) {
490     // Do the CompareMap() directly within the Branch() functions.
491     current = it.Current();
492     it.Advance();
493     if (it.Done()) {
494       __ Branch(miss_label, ne, scratch1(), Operand(current));
495       break;
496     }
497     __ Branch(&do_store, eq, scratch1(), Operand(current));
498   }
499   __ bind(&do_store);
500 
501   StoreFieldStub stub(isolate(), lookup->GetFieldIndex(),
502                       lookup->representation());
503   GenerateTailCall(masm(), stub.GetCode());
504 }
505 
506 
CheckPrototypes(Register object_reg,Register holder_reg,Register scratch1,Register scratch2,Handle<Name> name,Label * miss,PrototypeCheckType check)507 Register PropertyHandlerCompiler::CheckPrototypes(
508     Register object_reg, Register holder_reg, Register scratch1,
509     Register scratch2, Handle<Name> name, Label* miss,
510     PrototypeCheckType check) {
511   Handle<Map> receiver_map(IC::TypeToMap(*type(), isolate()));
512 
513   // Make sure there's no overlap between holder and object registers.
514   DCHECK(!scratch1.is(object_reg) && !scratch1.is(holder_reg));
515   DCHECK(!scratch2.is(object_reg) && !scratch2.is(holder_reg) &&
516          !scratch2.is(scratch1));
517 
518   // Keep track of the current object in register reg.
519   Register reg = object_reg;
520   int depth = 0;
521 
522   Handle<JSObject> current = Handle<JSObject>::null();
523   if (type()->IsConstant()) {
524     current = Handle<JSObject>::cast(type()->AsConstant()->Value());
525   }
526   Handle<JSObject> prototype = Handle<JSObject>::null();
527   Handle<Map> current_map = receiver_map;
528   Handle<Map> holder_map(holder()->map());
529   // Traverse the prototype chain and check the maps in the prototype chain for
530   // fast and global objects or do negative lookup for normal objects.
531   while (!current_map.is_identical_to(holder_map)) {
532     ++depth;
533 
534     // Only global objects and objects that do not require access
535     // checks are allowed in stubs.
536     DCHECK(current_map->IsJSGlobalProxyMap() ||
537            !current_map->is_access_check_needed());
538 
539     prototype = handle(JSObject::cast(current_map->prototype()));
540     if (current_map->is_dictionary_map() &&
541         !current_map->IsJSGlobalObjectMap()) {
542       DCHECK(!current_map->IsJSGlobalProxyMap());  // Proxy maps are fast.
543       if (!name->IsUniqueName()) {
544         DCHECK(name->IsString());
545         name = factory()->InternalizeString(Handle<String>::cast(name));
546       }
547       DCHECK(current.is_null() ||
548              current->property_dictionary()->FindEntry(name) ==
549                  NameDictionary::kNotFound);
550 
551       GenerateDictionaryNegativeLookup(masm(), miss, reg, name, scratch1,
552                                        scratch2);
553 
554       __ lw(scratch1, FieldMemOperand(reg, HeapObject::kMapOffset));
555       reg = holder_reg;  // From now on the object will be in holder_reg.
556       __ lw(reg, FieldMemOperand(scratch1, Map::kPrototypeOffset));
557     } else {
558       Register map_reg = scratch1;
559       if (depth != 1 || check == CHECK_ALL_MAPS) {
560         // CheckMap implicitly loads the map of |reg| into |map_reg|.
561         __ CheckMap(reg, map_reg, current_map, miss, DONT_DO_SMI_CHECK);
562       } else {
563         __ lw(map_reg, FieldMemOperand(reg, HeapObject::kMapOffset));
564       }
565 
566       // Check access rights to the global object.  This has to happen after
567       // the map check so that we know that the object is actually a global
568       // object.
569       // This allows us to install generated handlers for accesses to the
570       // global proxy (as opposed to using slow ICs). See corresponding code
571       // in LookupForRead().
572       if (current_map->IsJSGlobalProxyMap()) {
573         __ CheckAccessGlobalProxy(reg, scratch2, miss);
574       } else if (current_map->IsJSGlobalObjectMap()) {
575         GenerateCheckPropertyCell(masm(), Handle<JSGlobalObject>::cast(current),
576                                   name, scratch2, miss);
577       }
578 
579       reg = holder_reg;  // From now on the object will be in holder_reg.
580 
581       // Two possible reasons for loading the prototype from the map:
582       // (1) Can't store references to new space in code.
583       // (2) Handler is shared for all receivers with the same prototype
584       //     map (but not necessarily the same prototype instance).
585       bool load_prototype_from_map =
586           heap()->InNewSpace(*prototype) || depth == 1;
587       if (load_prototype_from_map) {
588         __ lw(reg, FieldMemOperand(map_reg, Map::kPrototypeOffset));
589       } else {
590         __ li(reg, Operand(prototype));
591       }
592     }
593 
594     // Go to the next object in the prototype chain.
595     current = prototype;
596     current_map = handle(current->map());
597   }
598 
599   // Log the check depth.
600   LOG(isolate(), IntEvent("check-maps-depth", depth + 1));
601 
602   if (depth != 0 || check == CHECK_ALL_MAPS) {
603     // Check the holder map.
604     __ CheckMap(reg, scratch1, current_map, miss, DONT_DO_SMI_CHECK);
605   }
606 
607   // Perform security check for access to the global object.
608   DCHECK(current_map->IsJSGlobalProxyMap() ||
609          !current_map->is_access_check_needed());
610   if (current_map->IsJSGlobalProxyMap()) {
611     __ CheckAccessGlobalProxy(reg, scratch1, miss);
612   }
613 
614   // Return the register containing the holder.
615   return reg;
616 }
617 
618 
FrontendFooter(Handle<Name> name,Label * miss)619 void NamedLoadHandlerCompiler::FrontendFooter(Handle<Name> name, Label* miss) {
620   if (!miss->is_unused()) {
621     Label success;
622     __ Branch(&success);
623     __ bind(miss);
624     TailCallBuiltin(masm(), MissBuiltin(kind()));
625     __ bind(&success);
626   }
627 }
628 
629 
FrontendFooter(Handle<Name> name,Label * miss)630 void NamedStoreHandlerCompiler::FrontendFooter(Handle<Name> name, Label* miss) {
631   if (!miss->is_unused()) {
632     Label success;
633     __ Branch(&success);
634     GenerateRestoreName(miss, name);
635     TailCallBuiltin(masm(), MissBuiltin(kind()));
636     __ bind(&success);
637   }
638 }
639 
640 
GenerateLoadConstant(Handle<Object> value)641 void NamedLoadHandlerCompiler::GenerateLoadConstant(Handle<Object> value) {
642   // Return the constant value.
643   __ li(v0, value);
644   __ Ret();
645 }
646 
647 
GenerateLoadCallback(Register reg,Handle<ExecutableAccessorInfo> callback)648 void NamedLoadHandlerCompiler::GenerateLoadCallback(
649     Register reg, Handle<ExecutableAccessorInfo> callback) {
650   // Build AccessorInfo::args_ list on the stack and push property name below
651   // the exit frame to make GC aware of them and store pointers to them.
652   STATIC_ASSERT(PropertyCallbackArguments::kHolderIndex == 0);
653   STATIC_ASSERT(PropertyCallbackArguments::kIsolateIndex == 1);
654   STATIC_ASSERT(PropertyCallbackArguments::kReturnValueDefaultValueIndex == 2);
655   STATIC_ASSERT(PropertyCallbackArguments::kReturnValueOffset == 3);
656   STATIC_ASSERT(PropertyCallbackArguments::kDataIndex == 4);
657   STATIC_ASSERT(PropertyCallbackArguments::kThisIndex == 5);
658   STATIC_ASSERT(PropertyCallbackArguments::kArgsLength == 6);
659   DCHECK(!scratch2().is(reg));
660   DCHECK(!scratch3().is(reg));
661   DCHECK(!scratch4().is(reg));
662   __ push(receiver());
663   if (heap()->InNewSpace(callback->data())) {
664     __ li(scratch3(), callback);
665     __ lw(scratch3(),
666           FieldMemOperand(scratch3(), ExecutableAccessorInfo::kDataOffset));
667   } else {
668     __ li(scratch3(), Handle<Object>(callback->data(), isolate()));
669   }
670   __ Subu(sp, sp, 6 * kPointerSize);
671   __ sw(scratch3(), MemOperand(sp, 5 * kPointerSize));
672   __ LoadRoot(scratch3(), Heap::kUndefinedValueRootIndex);
673   __ sw(scratch3(), MemOperand(sp, 4 * kPointerSize));
674   __ sw(scratch3(), MemOperand(sp, 3 * kPointerSize));
675   __ li(scratch4(), Operand(ExternalReference::isolate_address(isolate())));
676   __ sw(scratch4(), MemOperand(sp, 2 * kPointerSize));
677   __ sw(reg, MemOperand(sp, 1 * kPointerSize));
678   __ sw(name(), MemOperand(sp, 0 * kPointerSize));
679   __ Addu(scratch2(), sp, 1 * kPointerSize);
680 
681   __ mov(a2, scratch2());  // Saved in case scratch2 == a1.
682   // Abi for CallApiGetter.
683   Register getter_address_reg = ApiGetterDescriptor::function_address();
684 
685   Address getter_address = v8::ToCData<Address>(callback->getter());
686   ApiFunction fun(getter_address);
687   ExternalReference::Type type = ExternalReference::DIRECT_GETTER_CALL;
688   ExternalReference ref = ExternalReference(&fun, type, isolate());
689   __ li(getter_address_reg, Operand(ref));
690 
691   CallApiGetterStub stub(isolate());
692   __ TailCallStub(&stub);
693 }
694 
695 
GenerateLoadInterceptorWithFollowup(LookupIterator * it,Register holder_reg)696 void NamedLoadHandlerCompiler::GenerateLoadInterceptorWithFollowup(
697     LookupIterator* it, Register holder_reg) {
698   DCHECK(holder()->HasNamedInterceptor());
699   DCHECK(!holder()->GetNamedInterceptor()->getter()->IsUndefined());
700 
701   // Compile the interceptor call, followed by inline code to load the
702   // property from further up the prototype chain if the call fails.
703   // Check that the maps haven't changed.
704   DCHECK(holder_reg.is(receiver()) || holder_reg.is(scratch1()));
705 
706   // Preserve the receiver register explicitly whenever it is different from the
707   // holder and it is needed should the interceptor return without any result.
708   // The ACCESSOR case needs the receiver to be passed into C++ code, the FIELD
709   // case might cause a miss during the prototype check.
710   bool must_perform_prototype_check =
711       !holder().is_identical_to(it->GetHolder<JSObject>());
712   bool must_preserve_receiver_reg =
713       !receiver().is(holder_reg) &&
714       (it->state() == LookupIterator::ACCESSOR || must_perform_prototype_check);
715 
716   // Save necessary data before invoking an interceptor.
717   // Requires a frame to make GC aware of pushed pointers.
718   {
719     FrameScope frame_scope(masm(), StackFrame::INTERNAL);
720     if (must_preserve_receiver_reg) {
721       __ Push(receiver(), holder_reg, this->name());
722     } else {
723       __ Push(holder_reg, this->name());
724     }
725     // Invoke an interceptor.  Note: map checks from receiver to
726     // interceptor's holder has been compiled before (see a caller
727     // of this method).
728     CompileCallLoadPropertyWithInterceptor(
729         masm(), receiver(), holder_reg, this->name(), holder(),
730         IC::kLoadPropertyWithInterceptorOnly);
731 
732     // Check if interceptor provided a value for property.  If it's
733     // the case, return immediately.
734     Label interceptor_failed;
735     __ LoadRoot(scratch1(), Heap::kNoInterceptorResultSentinelRootIndex);
736     __ Branch(&interceptor_failed, eq, v0, Operand(scratch1()));
737     frame_scope.GenerateLeaveFrame();
738     __ Ret();
739 
740     __ bind(&interceptor_failed);
741     if (must_preserve_receiver_reg) {
742       __ Pop(receiver(), holder_reg, this->name());
743     } else {
744       __ Pop(holder_reg, this->name());
745     }
746     // Leave the internal frame.
747   }
748 
749   GenerateLoadPostInterceptor(it, holder_reg);
750 }
751 
752 
GenerateLoadInterceptor(Register holder_reg)753 void NamedLoadHandlerCompiler::GenerateLoadInterceptor(Register holder_reg) {
754   // Call the runtime system to load the interceptor.
755   DCHECK(holder()->HasNamedInterceptor());
756   DCHECK(!holder()->GetNamedInterceptor()->getter()->IsUndefined());
757   PushInterceptorArguments(masm(), receiver(), holder_reg, this->name(),
758                            holder());
759 
760   ExternalReference ref = ExternalReference(
761       IC_Utility(IC::kLoadPropertyWithInterceptor), isolate());
762   __ TailCallExternalReference(
763       ref, NamedLoadHandlerCompiler::kInterceptorArgsLength, 1);
764 }
765 
766 
CompileStoreCallback(Handle<JSObject> object,Handle<Name> name,Handle<ExecutableAccessorInfo> callback)767 Handle<Code> NamedStoreHandlerCompiler::CompileStoreCallback(
768     Handle<JSObject> object, Handle<Name> name,
769     Handle<ExecutableAccessorInfo> callback) {
770   Register holder_reg = Frontend(receiver(), name);
771 
772   __ Push(receiver(), holder_reg);  // Receiver.
773   __ li(at, Operand(callback));     // Callback info.
774   __ push(at);
775   __ li(at, Operand(name));
776   __ Push(at, value());
777 
778   // Do tail-call to the runtime system.
779   ExternalReference store_callback_property =
780       ExternalReference(IC_Utility(IC::kStoreCallbackProperty), isolate());
781   __ TailCallExternalReference(store_callback_property, 5, 1);
782 
783   // Return the generated code.
784   return GetCode(kind(), Code::FAST, name);
785 }
786 
787 
CompileStoreInterceptor(Handle<Name> name)788 Handle<Code> NamedStoreHandlerCompiler::CompileStoreInterceptor(
789     Handle<Name> name) {
790   __ Push(receiver(), this->name(), value());
791 
792   // Do tail-call to the runtime system.
793   ExternalReference store_ic_property = ExternalReference(
794       IC_Utility(IC::kStorePropertyWithInterceptor), isolate());
795   __ TailCallExternalReference(store_ic_property, 3, 1);
796 
797   // Return the generated code.
798   return GetCode(kind(), Code::FAST, name);
799 }
800 
801 
value()802 Register NamedStoreHandlerCompiler::value() {
803   return StoreDescriptor::ValueRegister();
804 }
805 
806 
CompileLoadGlobal(Handle<PropertyCell> cell,Handle<Name> name,bool is_configurable)807 Handle<Code> NamedLoadHandlerCompiler::CompileLoadGlobal(
808     Handle<PropertyCell> cell, Handle<Name> name, bool is_configurable) {
809   Label miss;
810 
811   FrontendHeader(receiver(), name, &miss);
812 
813   // Get the value from the cell.
814   Register result = StoreDescriptor::ValueRegister();
815   __ li(result, Operand(cell));
816   __ lw(result, FieldMemOperand(result, Cell::kValueOffset));
817 
818   // Check for deleted property if property can actually be deleted.
819   if (is_configurable) {
820     __ LoadRoot(at, Heap::kTheHoleValueRootIndex);
821     __ Branch(&miss, eq, result, Operand(at));
822   }
823 
824   Counters* counters = isolate()->counters();
825   __ IncrementCounter(counters->named_load_global_stub(), 1, a1, a3);
826   __ Ret(USE_DELAY_SLOT);
827   __ mov(v0, result);
828 
829   FrontendFooter(name, &miss);
830 
831   // Return the generated code.
832   return GetCode(kind(), Code::NORMAL, name);
833 }
834 
835 
836 #undef __
837 }
838 }  // namespace v8::internal
839 
840 #endif  // V8_TARGET_ARCH_MIPS
841