android-7.0.0_r1/s

// Copyright 2014 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "src/ic/handler-compiler.h"

#include "src/ic/call-optimization.h"
#include "src/ic/ic.h"
#include "src/ic/ic-inl.h"
#include "src/isolate-inl.h"
#include "src/profiler/cpu-profiler.h"

namespace v8 {
namespace internal {


Handle<Code> PropertyHandlerCompiler::Find(Handle<Name> name,
                                           Handle<Map> stub_holder,
                                           Code::Kind kind,
                                           CacheHolderFlag cache_holder,
                                           Code::StubType type) {
  Code::Flags flags = Code::ComputeHandlerFlags(kind, type, cache_holder);
  Object* probe = stub_holder->FindInCodeCache(*name, flags);
  if (probe->IsCode()) return handle(Code::cast(probe));
  return Handle<Code>::null();
}


Handle<Code> NamedLoadHandlerCompiler::ComputeLoadNonexistent(
    Handle<Name> name, Handle<Map> receiver_map) {
  Isolate* isolate = name->GetIsolate();
  if (receiver_map->prototype()->IsNull()) {
    // TODO(jkummerow/verwaest): If there is no prototype and the property
    // is nonexistent, introduce a builtin to handle this (fast properties
    // -> return undefined, dictionary properties -> do negative lookup).
    return Handle<Code>();
  }
  CacheHolderFlag flag;
  Handle<Map> stub_holder_map =
      IC::GetHandlerCacheHolder(receiver_map, false, isolate, &flag);

  // If no dictionary mode objects are present in the prototype chain, the load
  // nonexistent IC stub can be shared for all names for a given map and we use
  // the empty string for the map cache in that case. If there are dictionary
  // mode objects involved, we need to do negative lookups in the stub and
  // therefore the stub will be specific to the name.
  Handle<Name> cache_name =
      receiver_map->is_dictionary_map()
          ? name
          : Handle<Name>::cast(isolate->factory()->nonexistent_symbol());
  Handle<Map> current_map = stub_holder_map;
  Handle<JSObject> last(JSObject::cast(receiver_map->prototype()));
  while (true) {
    if (current_map->is_dictionary_map()) cache_name = name;
    if (current_map->prototype()->IsNull()) break;
    if (name->IsPrivate()) {
      // TODO(verwaest): Use nonexistent_private_symbol.
      cache_name = name;
      JSReceiver* prototype = JSReceiver::cast(current_map->prototype());
      if (!prototype->map()->is_hidden_prototype() &&
          !prototype->map()->IsJSGlobalObjectMap()) {
        break;
      }
    }

    last = handle(JSObject::cast(current_map->prototype()));
    current_map = handle(last->map());
  }
  // Compile the stub that is either shared for all names or
  // name specific if there are global objects involved.
  Handle<Code> handler = PropertyHandlerCompiler::Find(
      cache_name, stub_holder_map, Code::LOAD_IC, flag, Code::FAST);
  if (!handler.is_null()) return handler;

  NamedLoadHandlerCompiler compiler(isolate, receiver_map, last, flag);
  handler = compiler.CompileLoadNonexistent(cache_name);
  Map::UpdateCodeCache(stub_holder_map, cache_name, handler);
  return handler;
}


Handle<Code> PropertyHandlerCompiler::GetCode(Code::Kind kind,
                                              Code::StubType type,
                                              Handle<Name> name) {
  Code::Flags flags = Code::ComputeHandlerFlags(kind, type, cache_holder());
  Handle<Code> code = GetCodeWithFlags(flags, name);
  PROFILE(isolate(), CodeCreateEvent(Logger::HANDLER_TAG, *code, *name));
#ifdef DEBUG
  code->VerifyEmbeddedObjects();
#endif
  return code;
}


#define __ ACCESS_MASM(masm())


Register NamedLoadHandlerCompiler::FrontendHeader(Register object_reg,
                                                  Handle<Name> name,
                                                  Label* miss,
                                                  ReturnHolder return_what) {
  PrototypeCheckType check_type = SKIP_RECEIVER;
  int function_index = map()->IsPrimitiveMap()
                           ? map()->GetConstructorFunctionIndex()
                           : Map::kNoConstructorFunctionIndex;
  if (function_index != Map::kNoConstructorFunctionIndex) {
    GenerateDirectLoadGlobalFunctionPrototype(masm(), function_index,
                                              scratch1(), miss);
    Object* function = isolate()->native_context()->get(function_index);
    Object* prototype = JSFunction::cast(function)->instance_prototype();
    Handle<Map> map(JSObject::cast(prototype)->map());
    set_map(map);
    object_reg = scratch1();
    check_type = CHECK_ALL_MAPS;
  }

  // Check that the maps starting from the prototype haven't changed.
  return CheckPrototypes(object_reg, scratch1(), scratch2(), scratch3(), name,
                         miss, check_type, return_what);
}


// Frontend for store uses the name register. It has to be restored before a
// miss.
Register NamedStoreHandlerCompiler::FrontendHeader(Register object_reg,
                                                   Handle<Name> name,
                                                   Label* miss,
                                                   ReturnHolder return_what) {
  return CheckPrototypes(object_reg, this->name(), scratch1(), scratch2(), name,
                         miss, SKIP_RECEIVER, return_what);
}


Register PropertyHandlerCompiler::Frontend(Handle<Name> name) {
  Label miss;
  if (IC::ICUseVector(kind())) {
    PushVectorAndSlot();
  }
  Register reg = FrontendHeader(receiver(), name, &miss, RETURN_HOLDER);
  FrontendFooter(name, &miss);
  // The footer consumes the vector and slot from the stack if miss occurs.
  if (IC::ICUseVector(kind())) {
    DiscardVectorAndSlot();
  }
  return reg;
}


void PropertyHandlerCompiler::NonexistentFrontendHeader(Handle<Name> name,
                                                        Label* miss,
                                                        Register scratch1,
                                                        Register scratch2) {
  Register holder_reg;
  Handle<Map> last_map;
  if (holder().is_null()) {
    holder_reg = receiver();
    last_map = map();
    // If |type| has null as its prototype, |holder()| is
    // Handle<JSObject>::null().
    DCHECK(last_map->prototype() == isolate()->heap()->null_value());
  } else {
    last_map = handle(holder()->map());
    // This condition matches the branches below.
    bool need_holder =
        last_map->is_dictionary_map() && !last_map->IsJSGlobalObjectMap();
    holder_reg =
        FrontendHeader(receiver(), name, miss,
                       need_holder ? RETURN_HOLDER : DONT_RETURN_ANYTHING);
  }

  if (last_map->is_dictionary_map()) {
    if (last_map->IsJSGlobalObjectMap()) {
      Handle<JSGlobalObject> global =
          holder().is_null()
              ? Handle<JSGlobalObject>::cast(isolate()->global_object())
              : Handle<JSGlobalObject>::cast(holder());
      GenerateCheckPropertyCell(masm(), global, name, scratch1, miss);
    } else {
      if (!name->IsUniqueName()) {
        DCHECK(name->IsString());
        name = factory()->InternalizeString(Handle<String>::cast(name));
      }
      DCHECK(holder().is_null() ||
             holder()->property_dictionary()->FindEntry(name) ==
                 NameDictionary::kNotFound);
      GenerateDictionaryNegativeLookup(masm(), miss, holder_reg, name, scratch1,
                                       scratch2);
    }
  }
}


Handle<Code> NamedLoadHandlerCompiler::CompileLoadField(Handle<Name> name,
                                                        FieldIndex field) {
  Register reg = Frontend(name);
  __ Move(receiver(), reg);
  LoadFieldStub stub(isolate(), field);
  GenerateTailCall(masm(), stub.GetCode());
  return GetCode(kind(), Code::FAST, name);
}


Handle<Code> NamedLoadHandlerCompiler::CompileLoadConstant(Handle<Name> name,
                                                           int constant_index) {
  Register reg = Frontend(name);
  __ Move(receiver(), reg);
  LoadConstantStub stub(isolate(), constant_index);
  GenerateTailCall(masm(), stub.GetCode());
  return GetCode(kind(), Code::FAST, name);
}


Handle<Code> NamedLoadHandlerCompiler::CompileLoadNonexistent(
    Handle<Name> name) {
  Label miss;
  if (IC::ICUseVector(kind())) {
    DCHECK(kind() == Code::LOAD_IC);
    PushVectorAndSlot();
  }
  NonexistentFrontendHeader(name, &miss, scratch2(), scratch3());
  if (IC::ICUseVector(kind())) {
    DiscardVectorAndSlot();
  }
  GenerateLoadConstant(isolate()->factory()->undefined_value());
  FrontendFooter(name, &miss);
  return GetCode(kind(), Code::FAST, name);
}


Handle<Code> NamedLoadHandlerCompiler::CompileLoadCallback(
    Handle<Name> name, Handle<ExecutableAccessorInfo> callback) {
  Register reg = Frontend(name);
  GenerateLoadCallback(reg, callback);
  return GetCode(kind(), Code::FAST, name);
}


Handle<Code> NamedLoadHandlerCompiler::CompileLoadCallback(
    Handle<Name> name, const CallOptimization& call_optimization,
    int accessor_index) {
  DCHECK(call_optimization.is_simple_api_call());
  Register holder = Frontend(name);
  GenerateApiAccessorCall(masm(), call_optimization, map(), receiver(),
                          scratch2(), false, no_reg, holder, accessor_index);
  return GetCode(kind(), Code::FAST, name);
}


void NamedLoadHandlerCompiler::InterceptorVectorSlotPush(Register holder_reg) {
  if (IC::ICUseVector(kind())) {
    if (holder_reg.is(receiver())) {
      PushVectorAndSlot();
    } else {
      DCHECK(holder_reg.is(scratch1()));
      PushVectorAndSlot(scratch2(), scratch3());
    }
  }
}


void NamedLoadHandlerCompiler::InterceptorVectorSlotPop(Register holder_reg,
                                                        PopMode mode) {
  if (IC::ICUseVector(kind())) {
    if (mode == DISCARD) {
      DiscardVectorAndSlot();
    } else {
      if (holder_reg.is(receiver())) {
        PopVectorAndSlot();
      } else {
        DCHECK(holder_reg.is(scratch1()));
        PopVectorAndSlot(scratch2(), scratch3());
      }
    }
  }
}


Handle<Code> NamedLoadHandlerCompiler::CompileLoadInterceptor(
    LookupIterator* it) {
  // So far the most popular follow ups for interceptor loads are DATA and
  // ExecutableAccessorInfo, so inline only them. Other cases may be added
  // later.
  bool inline_followup = false;
  switch (it->state()) {
    case LookupIterator::TRANSITION:
      UNREACHABLE();
    case LookupIterator::ACCESS_CHECK:
    case LookupIterator::INTERCEPTOR:
    case LookupIterator::JSPROXY:
    case LookupIterator::NOT_FOUND:
    case LookupIterator::INTEGER_INDEXED_EXOTIC:
      break;
    case LookupIterator::DATA:
      inline_followup =
          it->property_details().type() == DATA && !it->is_dictionary_holder();
      break;
    case LookupIterator::ACCESSOR: {
      Handle<Object> accessors = it->GetAccessors();
      if (accessors->IsExecutableAccessorInfo()) {
        Handle<ExecutableAccessorInfo> info =
            Handle<ExecutableAccessorInfo>::cast(accessors);
        inline_followup = info->getter() != NULL &&
                          ExecutableAccessorInfo::IsCompatibleReceiverMap(
                              isolate(), info, map());
      } else if (accessors->IsAccessorPair()) {
        Handle<JSObject> property_holder(it->GetHolder<JSObject>());
        Handle<Object> getter(Handle<AccessorPair>::cast(accessors)->getter(),
                              isolate());
        if (!getter->IsJSFunction()) break;
        if (!property_holder->HasFastProperties()) break;
        auto function = Handle<JSFunction>::cast(getter);
        CallOptimization call_optimization(function);
        Handle<Map> receiver_map = map();
        inline_followup = call_optimization.is_simple_api_call() &&
                          call_optimization.IsCompatibleReceiverMap(
                              receiver_map, property_holder);
      }
    }
  }

  Label miss;
  InterceptorVectorSlotPush(receiver());
  bool lost_holder_register = false;
  auto holder_orig = holder();
  // non masking interceptors must check the entire chain, so temporarily reset
  // the holder to be that last element for the FrontendHeader call.
  if (holder()->GetNamedInterceptor()->non_masking()) {
    DCHECK(!inline_followup);
    JSObject* last = *holder();
    PrototypeIterator iter(isolate(), last);
    while (!iter.IsAtEnd()) {
      lost_holder_register = true;
      // Casting to JSObject is fine here. The LookupIterator makes sure to
      // look behind non-masking interceptors during the original lookup, and
      // we wouldn't try to compile a handler if there was a Proxy anywhere.
      last = iter.GetCurrent<JSObject>();
      iter.Advance();
    }
    auto last_handle = handle(last);
    set_holder(last_handle);
  }
  Register reg = FrontendHeader(receiver(), it->name(), &miss, RETURN_HOLDER);
  // Reset the holder so further calculations are correct.
  set_holder(holder_orig);
  if (lost_holder_register) {
    if (*it->GetReceiver() == *holder()) {
      reg = receiver();
    } else {
      // Reload lost holder register.
      auto cell = isolate()->factory()->NewWeakCell(holder());
      __ LoadWeakValue(reg, cell, &miss);
    }
  }
  FrontendFooter(it->name(), &miss);
  InterceptorVectorSlotPop(reg);
  if (inline_followup) {
    // TODO(368): Compile in the whole chain: all the interceptors in
    // prototypes and ultimate answer.
    GenerateLoadInterceptorWithFollowup(it, reg);
  } else {
    GenerateLoadInterceptor(reg);
  }
  return GetCode(kind(), Code::FAST, it->name());
}


void NamedLoadHandlerCompiler::GenerateLoadPostInterceptor(
    LookupIterator* it, Register interceptor_reg) {
  Handle<JSObject> real_named_property_holder(it->GetHolder<JSObject>());

  Handle<Map> holder_map(holder()->map());
  set_map(holder_map);
  set_holder(real_named_property_holder);

  Label miss;
  InterceptorVectorSlotPush(interceptor_reg);
  Register reg =
      FrontendHeader(interceptor_reg, it->name(), &miss, RETURN_HOLDER);
  FrontendFooter(it->name(), &miss);
  // We discard the vector and slot now because we don't miss below this point.
  InterceptorVectorSlotPop(reg, DISCARD);

  switch (it->state()) {
    case LookupIterator::ACCESS_CHECK:
    case LookupIterator::INTERCEPTOR:
    case LookupIterator::JSPROXY:
    case LookupIterator::NOT_FOUND:
    case LookupIterator::INTEGER_INDEXED_EXOTIC:
    case LookupIterator::TRANSITION:
      UNREACHABLE();
    case LookupIterator::DATA: {
      DCHECK_EQ(DATA, it->property_details().type());
      __ Move(receiver(), reg);
      LoadFieldStub stub(isolate(), it->GetFieldIndex());
      GenerateTailCall(masm(), stub.GetCode());
      break;
    }
    case LookupIterator::ACCESSOR:
      if (it->GetAccessors()->IsExecutableAccessorInfo()) {
        Handle<ExecutableAccessorInfo> info =
            Handle<ExecutableAccessorInfo>::cast(it->GetAccessors());
        DCHECK_NOT_NULL(info->getter());
        GenerateLoadCallback(reg, info);
      } else {
        auto function = handle(JSFunction::cast(
            AccessorPair::cast(*it->GetAccessors())->getter()));
        CallOptimization call_optimization(function);
        GenerateApiAccessorCall(masm(), call_optimization, holder_map,
                                receiver(), scratch2(), false, no_reg, reg,
                                it->GetAccessorIndex());
      }
  }
}


Handle<Code> NamedLoadHandlerCompiler::CompileLoadViaGetter(
    Handle<Name> name, int accessor_index, int expected_arguments) {
  Register holder = Frontend(name);
  GenerateLoadViaGetter(masm(), map(), receiver(), holder, accessor_index,
                        expected_arguments, scratch2());
  return GetCode(kind(), Code::FAST, name);
}


// TODO(verwaest): Cleanup. holder() is actually the receiver.
Handle<Code> NamedStoreHandlerCompiler::CompileStoreTransition(
    Handle<Map> transition, Handle<Name> name) {
  Label miss;

  PushVectorAndSlot();

  // Check that we are allowed to write this.
  bool is_nonexistent = holder()->map() == transition->GetBackPointer();
  if (is_nonexistent) {
    // Find the top object.
    Handle<JSObject> last;
    PrototypeIterator::WhereToEnd end =
        name->IsPrivate() ? PrototypeIterator::END_AT_NON_HIDDEN
                          : PrototypeIterator::END_AT_NULL;
    PrototypeIterator iter(isolate(), holder());
    while (!iter.IsAtEnd(end)) {
      last = PrototypeIterator::GetCurrent<JSObject>(iter);
      iter.Advance();
    }
    if (!last.is_null()) set_holder(last);
    NonexistentFrontendHeader(name, &miss, scratch1(), scratch2());
  } else {
    FrontendHeader(receiver(), name, &miss, DONT_RETURN_ANYTHING);
    DCHECK(holder()->HasFastProperties());
  }

  int descriptor = transition->LastAdded();
  Handle<DescriptorArray> descriptors(transition->instance_descriptors());
  PropertyDetails details = descriptors->GetDetails(descriptor);
  Representation representation = details.representation();
  DCHECK(!representation.IsNone());

  // Stub is never generated for objects that require access checks.
  DCHECK(!transition->is_access_check_needed());

  // Call to respective StoreTransitionStub.
  bool virtual_args = StoreTransitionHelper::HasVirtualSlotArg();
  Register map_reg = StoreTransitionHelper::MapRegister();

  if (details.type() == DATA_CONSTANT) {
    DCHECK(descriptors->GetValue(descriptor)->IsJSFunction());
    Register tmp =
        virtual_args ? VectorStoreICDescriptor::VectorRegister() : map_reg;
    GenerateRestoreMap(transition, tmp, scratch2(), &miss);
    GenerateConstantCheck(tmp, descriptor, value(), scratch2(), &miss);
    if (virtual_args) {
      // This will move the map from tmp into map_reg.
      RearrangeVectorAndSlot(tmp, map_reg);
    } else {
      PopVectorAndSlot();
    }
    GenerateRestoreName(name);
    StoreTransitionStub stub(isolate());
    GenerateTailCall(masm(), stub.GetCode());

  } else {
    if (representation.IsHeapObject()) {
      GenerateFieldTypeChecks(descriptors->GetFieldType(descriptor), value(),
                              &miss);
    }
    StoreTransitionStub::StoreMode store_mode =
        Map::cast(transition->GetBackPointer())->unused_property_fields() == 0
            ? StoreTransitionStub::ExtendStorageAndStoreMapAndValue
            : StoreTransitionStub::StoreMapAndValue;

    Register tmp =
        virtual_args ? VectorStoreICDescriptor::VectorRegister() : map_reg;
    GenerateRestoreMap(transition, tmp, scratch2(), &miss);
    if (virtual_args) {
      RearrangeVectorAndSlot(tmp, map_reg);
    } else {
      PopVectorAndSlot();
    }
    GenerateRestoreName(name);
    StoreTransitionStub stub(isolate(),
                             FieldIndex::ForDescriptor(*transition, descriptor),
                             representation, store_mode);
    GenerateTailCall(masm(), stub.GetCode());
  }

  GenerateRestoreName(&miss, name);
  PopVectorAndSlot();
  TailCallBuiltin(masm(), MissBuiltin(kind()));

  return GetCode(kind(), Code::FAST, name);
}


bool NamedStoreHandlerCompiler::RequiresFieldTypeChecks(
    HeapType* field_type) const {
  return !field_type->Classes().Done();
}


Handle<Code> NamedStoreHandlerCompiler::CompileStoreField(LookupIterator* it) {
  Label miss;
  DCHECK(it->representation().IsHeapObject());

  HeapType* field_type = *it->GetFieldType();
  bool need_save_restore = false;
  if (RequiresFieldTypeChecks(field_type)) {
    need_save_restore = IC::ICUseVector(kind());
    if (need_save_restore) PushVectorAndSlot();
    GenerateFieldTypeChecks(field_type, value(), &miss);
    if (need_save_restore) PopVectorAndSlot();
  }

  StoreFieldStub stub(isolate(), it->GetFieldIndex(), it->representation());
  GenerateTailCall(masm(), stub.GetCode());

  __ bind(&miss);
  if (need_save_restore) PopVectorAndSlot();
  TailCallBuiltin(masm(), MissBuiltin(kind()));
  return GetCode(kind(), Code::FAST, it->name());
}


Handle<Code> NamedStoreHandlerCompiler::CompileStoreViaSetter(
    Handle<JSObject> object, Handle<Name> name, int accessor_index,
    int expected_arguments) {
  Register holder = Frontend(name);
  GenerateStoreViaSetter(masm(), map(), receiver(), holder, accessor_index,
                         expected_arguments, scratch2());

  return GetCode(kind(), Code::FAST, name);
}


Handle<Code> NamedStoreHandlerCompiler::CompileStoreCallback(
    Handle<JSObject> object, Handle<Name> name,
    const CallOptimization& call_optimization, int accessor_index) {
  Register holder = Frontend(name);
  GenerateApiAccessorCall(masm(), call_optimization, handle(object->map()),
                          receiver(), scratch2(), true, value(), holder,
                          accessor_index);
  return GetCode(kind(), Code::FAST, name);
}


#undef __


void ElementHandlerCompiler::CompileElementHandlers(
    MapHandleList* receiver_maps, CodeHandleList* handlers,
    LanguageMode language_mode) {
  for (int i = 0; i < receiver_maps->length(); ++i) {
    Handle<Map> receiver_map = receiver_maps->at(i);
    Handle<Code> cached_stub;

    if (receiver_map->IsStringMap()) {
      cached_stub = LoadIndexedStringStub(isolate()).GetCode();
    } else if (receiver_map->instance_type() < FIRST_JS_RECEIVER_TYPE) {
      cached_stub = is_strong(language_mode)
                        ? isolate()->builtins()->KeyedLoadIC_Slow_Strong()
                        : isolate()->builtins()->KeyedLoadIC_Slow();
    } else {
      bool is_js_array = receiver_map->instance_type() == JS_ARRAY_TYPE;
      ElementsKind elements_kind = receiver_map->elements_kind();

      // No need to check for an elements-free prototype chain here, the
      // generated stub code needs to check that dynamically anyway.
      bool convert_hole_to_undefined =
          (is_js_array && elements_kind == FAST_HOLEY_ELEMENTS &&
           *receiver_map ==
               isolate()->get_initial_js_array_map(elements_kind)) &&
          !is_strong(language_mode);

      if (receiver_map->has_indexed_interceptor()) {
        cached_stub = LoadIndexedInterceptorStub(isolate()).GetCode();
      } else if (IsSloppyArgumentsElements(elements_kind)) {
        cached_stub = KeyedLoadSloppyArgumentsStub(isolate()).GetCode();
      } else if (IsFastElementsKind(elements_kind) ||
                 IsFixedTypedArrayElementsKind(elements_kind)) {
        cached_stub = LoadFastElementStub(isolate(), is_js_array, elements_kind,
                                          convert_hole_to_undefined).GetCode();
      } else {
        DCHECK(elements_kind == DICTIONARY_ELEMENTS);
        LoadICState state =
            LoadICState(is_strong(language_mode) ? LoadICState::kStrongModeState
                                                 : kNoExtraICState);
        cached_stub = LoadDictionaryElementStub(isolate(), state).GetCode();
      }
    }

    handlers->Add(cached_stub);
  }
}
}  // namespace internal
}  // namespace v8