Centralize handler caching and probing in ic.cc.

src/ic.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 282 matching lines @@
       // The stub was generated for JSObject but called for non-JSObject.
       // IC::GetCodeCacheHolder is not applicable.
       if (!receiver->IsJSObject()) return false;
       break;
     case PROTOTYPE_MAP:
       // IC::GetCodeCacheHolder is not applicable.
       if (receiver->GetPrototype(isolate())->IsNull()) return false;
       break;
   }
 
-  Map* map = IC::GetCodeCacheHolder(isolate(), *receiver, cache_holder)->map();
+  Handle<Map> map(
+      IC::GetCodeCacheHolder(isolate(), *receiver, cache_holder)->map());
 
   // Decide whether the inline cache failed because of changes to the
   // receiver itself or changes to one of its prototypes.
   //
   // If there are changes to the receiver itself, the map of the
   // receiver will have changed and the current target will not be in
   // the receiver map's code cache.  Therefore, if the current target
   // is in the receiver map's code cache, the inline cache failed due
   // to prototype check failure.
   int index = map->IndexInCodeCache(*name, *target());
   if (index >= 0) {
     map->RemoveFromCodeCache(*name, *target(), index);
     // Handlers are stored in addition to the ICs on the map. Remove those, too.
-    Code* handler = target()->FindFirstHandler();
-    if (handler != NULL) {
-      index = map->IndexInCodeCache(*name, handler);
-      if (index >= 0) {
-        map->RemoveFromCodeCache(*name, handler, index);
-      }
-    }
+    TryRemoveInvalidHandlers(map, name);
     return true;
   }
 
   // The stub is not in the cache. We've ruled out all other kinds of failure
   // except for proptotype chain changes, a deprecated map, a map that's
   // different from the one that the stub expects, elements kind changes, or a
   // constant global property that will become mutable. Threat all those
   // situations as prototype failures (stay monomorphic if possible).
 
   // If the IC is shared between multiple receivers (slow dictionary mode), then
   // the map cannot be deprecated and the stub invalidated.
   if (cache_holder == OWN_MAP) {
     Map* old_map = target()->FindFirstMap();
-    if (old_map == map) return true;
+    if (old_map == *map) return true;
     if (old_map != NULL) {
       if (old_map->is_deprecated()) return true;
       if (IsMoreGeneralElementsKindTransition(old_map->elements_kind(),
                                               map->elements_kind())) {
         return true;
       }
     }
   }
 
   if (receiver->IsGlobalObject()) {
     LookupResult lookup(isolate());
     GlobalObject* global = GlobalObject::cast(*receiver);
     global->LocalLookupRealNamedProperty(*name, &lookup);
     if (!lookup.IsFound()) return false;
     PropertyCell* cell = global->GetPropertyCell(&lookup);
     return cell->type()->IsConstant();
   }
 
   return false;
 }
 
 
+void IC::TryRemoveInvalidHandlers(Handle<Map> map, Handle<String> name) {
+  CodeHandleList handlers;
+  target()->FindHandlers(&handlers);
+  for (int i = 0; i < handlers.length(); i++) {
+    Handle<Code> handler = handlers.at(i);
+    int index = map->IndexInCodeCache(*name, *handler);
+    if (index >= 0) {
+      map->RemoveFromCodeCache(*name, *handler, index);
+      return;
+    }
+  }
+}
+
+
 void IC::UpdateState(Handle<Object> receiver, Handle<Object> name) {
-  if (state() != MONOMORPHIC || !name->IsString()) return;
+  if (!name->IsString()) return;
+  if (state() != MONOMORPHIC) {
+    if (state() == POLYMORPHIC && receiver->IsHeapObject()) {
+      TryRemoveInvalidHandlers(
+          handle(Handle<HeapObject>::cast(receiver)->map()),
+          Handle<String>::cast(name));
+    }
+    return;
+  }
   if (receiver->IsUndefined() || receiver->IsNull()) return;
 
   // Remove the target from the code cache if it became invalid
   // because of changes in the prototype chain to avoid hitting it
   // again.
   if (TryRemoveInvalidPrototypeDependentStub(
           receiver, Handle<String>::cast(name))) {
     return MarkMonomorphicPrototypeFailure();
   }
 
@@ skipping 743 matching lines @@
     } else {
       KeyedLoadFieldStub stub(true, length_index, Representation::Tagged());
       code = stub.GetCode(isolate());
     }
   } else if (!object->IsJSObject()) {
     // TODO(jkummerow): It would be nice to support non-JSObjects in
     // ComputeLoadHandler, then we wouldn't need to go generic here.
     code = slow_stub();
   } else {
     code = ComputeLoadHandler(lookup, Handle<JSObject>::cast(receiver), name);
-    if (code.is_null()) code = slow_stub();
   }
 
   PatchCache(receiver, name, code);
   TRACE_IC("LoadIC", name);
 }
 
 
 void IC::UpdateMegamorphicCache(Map* map, Name* name, Code* code) {
   // Cache code holding map should be consistent with
   // GenerateMonomorphicCacheProbe.
   isolate()->stub_cache()->Set(name, map, code);
 }
 
 
 Handle<Code> LoadIC::ComputeLoadHandler(LookupResult* lookup,
                                         Handle<JSObject> receiver,
                                         Handle<String> name) {
   if (!lookup->IsProperty()) {
-    // Nonexistent property. The result is undefined.
-    return isolate()->stub_cache()->ComputeLoadNonexistent(name, receiver);
+    return kind() == Code::LOAD_IC
+        ? isolate()->stub_cache()->ComputeLoadNonexistent(name, receiver)
+        : generic_stub();
   }
 
-  // Compute monomorphic stub.
+  Handle<Code> code = isolate()->stub_cache()->FindHandler(
+      name, receiver, kind());
+  if (!code.is_null()) return code;
+
+  code = CompileLoadHandler(lookup, receiver, name);
+  if (code.is_null()) return slow_stub();
+
+  if (code->is_handler() && code->type() != Code::NORMAL) {
+    HeapObject::UpdateMapCodeCache(receiver, name, code);
+  }
+
+  return code;
+}
+
+
+Handle<Code> LoadIC::CompileLoadHandler(LookupResult* lookup,
+                                        Handle<JSObject> receiver,
+                                        Handle<String> name) {
   Handle<JSObject> holder(lookup->holder());
   switch (lookup->type()) {
     case FIELD:
       return isolate()->stub_cache()->ComputeLoadField(
           name, receiver, holder,
           lookup->GetFieldIndex(), lookup->representation());
     case CONSTANT: {
       Handle<Object> constant(lookup->GetConstant(), isolate());
       // TODO(2803): Don't compute a stub for cons strings because they cannot
       // be embedded into code.
@@ skipping 190 matching lines @@
     ASSERT(!stub.is_null());
     set_target(*stub);
     TRACE_IC("LoadIC", key);
   }
 
 
   return Runtime::GetObjectPropertyOrFail(isolate(), object, key);
 }
 
 
-Handle<Code> KeyedLoadIC::ComputeLoadHandler(LookupResult* lookup,
+Handle<Code> KeyedLoadIC::CompileLoadHandler(LookupResult* lookup,
                                              Handle<JSObject> receiver,
                                              Handle<String> name) {
-  // Bail out if we didn't find a result.
-  if (!lookup->IsProperty()) return Handle<Code>::null();
-
   // Compute a monomorphic stub.
   Handle<JSObject> holder(lookup->holder(), isolate());
   switch (lookup->type()) {
     case FIELD:
       return isolate()->stub_cache()->ComputeKeyedLoadField(
           name, receiver, holder,
           lookup->GetFieldIndex(), lookup->representation());
     case CONSTANT: {
       Handle<Object> constant(lookup->GetConstant(), isolate());
       // TODO(2803): Don't compute a stub for cons strings because they cannot
@@ skipping 221 matching lines @@
                            Handle<JSObject> receiver,
                            Handle<String> name,
                            Handle<Object> value) {
   ASSERT(!receiver->IsJSGlobalProxy());
   ASSERT(lookup->IsFound());
 
   // These are not cacheable, so we never see such LookupResults here.
   ASSERT(!lookup->IsHandler());
 
   Handle<Code> code = ComputeStoreHandler(lookup, receiver, name, value);
-  if (code.is_null()) {
-    set_target(*generic_stub());
-    return;
-  }
 
   PatchCache(receiver, name, code);
   TRACE_IC("StoreIC", name);
 }
 
 
 Handle<Code> StoreIC::ComputeStoreHandler(LookupResult* lookup,
                                           Handle<JSObject> receiver,
                                           Handle<String> name,
                                           Handle<Object> value) {
+  Handle<Code> code = isolate()->stub_cache()->FindHandler(
+      name, receiver, kind(), strict_mode());
+  if (!code.is_null()) return code;
+
+  code = CompileStoreHandler(lookup, receiver, name, value);
+  if (code.is_null()) return generic_stub();
+
+  if (code->is_handler() && code->type() != Code::NORMAL) {
+    HeapObject::UpdateMapCodeCache(receiver, name, code);
+  }
+
+  return code;
+}
+
+
+Handle<Code> StoreIC::CompileStoreHandler(LookupResult* lookup,
+                                          Handle<JSObject> receiver,
+                                          Handle<String> name,
+                                          Handle<Object> value) {
   Handle<JSObject> holder(lookup->holder());
   switch (lookup->type()) {
     case FIELD:
       return isolate()->stub_cache()->ComputeStoreField(
           name, receiver, lookup, strict_mode());
     case NORMAL:
       if (receiver->IsGlobalObject()) {
         // The stub generated for the global object picks the value directly
         // from the property cell. So the property must be directly on the
         // global object.
@@ skipping 368 matching lines @@
     ASSERT(!stub.is_null());
     set_target(*stub);
     TRACE_IC("StoreIC", key);
   }
 
   return Runtime::SetObjectPropertyOrFail(
       isolate(), object , key, value, NONE, strict_mode());
 }
 
 
-Handle<Code> KeyedStoreIC::ComputeStoreHandler(LookupResult* lookup,
+Handle<Code> KeyedStoreIC::CompileStoreHandler(LookupResult* lookup,
                                                Handle<JSObject> receiver,
                                                Handle<String> name,
                                                Handle<Object> value) {
   // If the property has a non-field type allowing map transitions
   // where there is extra room in the object, we leave the IC in its
   // current state.
   switch (lookup->type()) {
     case FIELD:
       return isolate()->stub_cache()->ComputeKeyedStoreField(
           name, receiver, lookup, strict_mode());
@@ skipping 754 matching lines @@
 #undef ADDR
 };
 
 
 Address IC::AddressFromUtilityId(IC::UtilityId id) {
   return IC_utilities[id];
 }
 
 
 } }  // namespace v8::internal