Merge bleeding_edge r17376:17693.

src/ic.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 252 matching lines @@
       break;
     default:
       return false;
   }
   return false;
 }
 
 
 bool IC::TryRemoveInvalidPrototypeDependentStub(Handle<Object> receiver,
                                                 Handle<String> name) {
-  DisallowHeapAllocation no_gc;
-
   if (target()->is_call_stub()) {
     LookupResult lookup(isolate());
     LookupForRead(receiver, name, &lookup);
     if (static_cast<CallIC*>(this)->TryUpdateExtraICState(&lookup, receiver)) {
       return true;
     }
   }
 
   if (target()->is_keyed_stub()) {
     // Determine whether the failure is due to a name failure.
@@ skipping 476 matching lines @@
       target()->arguments_count(), kind_, extra_ic_state());
 }
 
 
 void CallICBase::UpdateCaches(LookupResult* lookup,
                               Handle<Object> object,
                               Handle<String> name) {
   // Bail out if we didn't find a result.
   if (!lookup->IsProperty() || !lookup->IsCacheable()) return;
 
-  // Compute the number of arguments.
-  Handle<Code> code;
-  code = state() == UNINITIALIZED
-      ? pre_monomorphic_stub()
-      : ComputeMonomorphicStub(lookup, object, name);
+  if (state() == UNINITIALIZED) {
+    set_target(*pre_monomorphic_stub());
+    TRACE_IC("CallIC", name);
+    return;
+  }
 
+  Handle<Code> code = ComputeMonomorphicStub(lookup, object, name);
   // If there's no appropriate stub we simply avoid updating the caches.
   // TODO(verwaest): Install a slow fallback in this case to avoid not learning,
   // and deopting Crankshaft code.
   if (code.is_null()) return;
 
   Handle<JSObject> cache_object = object->IsJSObject()
       ? Handle<JSObject>::cast(object)
       : Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate())),
                          isolate());
 
@@ skipping 160 matching lines @@
   }
   receiver_maps->Add(new_receiver_map);
   return true;
 }
 
 
 bool IC::UpdatePolymorphicIC(Handle<HeapObject> receiver,
                              Handle<String> name,
                              Handle<Code> code) {
   if (!code->is_handler()) return false;
-
   MapHandleList receiver_maps;
   CodeHandleList handlers;
 
   int number_of_valid_maps;
   int handler_to_overwrite = -1;
   Handle<Map> new_receiver_map(receiver->map());
-  {
-    DisallowHeapAllocation no_gc;
-    target()->FindAllMaps(&receiver_maps);
-    int number_of_maps = receiver_maps.length();
-    number_of_valid_maps = number_of_maps;
 
-    for (int i = 0; i < number_of_maps; i++) {
-      Handle<Map> map = receiver_maps.at(i);
-      // Filter out deprecated maps to ensure its instances get migrated.
-      if (map->is_deprecated()) {
-        number_of_valid_maps--;
-      // If the receiver map is already in the polymorphic IC, this indicates
-      // there was a prototoype chain failure. In that case, just overwrite the
-      // handler.
-      } else if (map.is_identical_to(new_receiver_map)) {
-        number_of_valid_maps--;
-        handler_to_overwrite = i;
-      }
-    }
+  target()->FindAllMaps(&receiver_maps);
+  int number_of_maps = receiver_maps.length();
+  number_of_valid_maps = number_of_maps;
 
-    if (number_of_valid_maps >= 4) return false;
-    if (number_of_maps == 0) return false;
-
-    if (!target()->FindHandlers(&handlers, receiver_maps.length())) {
-      return false;
+  for (int i = 0; i < number_of_maps; i++) {
+    Handle<Map> map = receiver_maps.at(i);
+    // Filter out deprecated maps to ensure its instances get migrated.
+    if (map->is_deprecated()) {
+      number_of_valid_maps--;
+    // If the receiver map is already in the polymorphic IC, this indicates
+    // there was a prototoype chain failure. In that case, just overwrite the
+    // handler.
+    } else if (map.is_identical_to(new_receiver_map)) {
+      number_of_valid_maps--;
+      handler_to_overwrite = i;
     }
   }
 
+  if (number_of_valid_maps >= 4) return false;
+  if (number_of_maps == 0) return false;
+
+  if (!target()->FindHandlers(&handlers, receiver_maps.length())) {
+    return false;
+  }
+
   number_of_valid_maps++;
   if (handler_to_overwrite >= 0) {
     handlers.Set(handler_to_overwrite, code);
   } else {
     receiver_maps.Add(new_receiver_map);
     handlers.Add(code);
   }
 
   Handle<Code> ic = isolate()->stub_cache()->ComputePolymorphicIC(
       &receiver_maps, &handlers, number_of_valid_maps, name, strict_mode());
   set_target(*ic);
   return true;
 }
 
 
 void IC::UpdateMonomorphicIC(Handle<HeapObject> receiver,
                              Handle<Code> handler,
                              Handle<String> name) {
   if (!handler->is_handler()) return set_target(*handler);
   Handle<Code> ic = isolate()->stub_cache()->ComputeMonomorphicIC(
       receiver, handler, name, strict_mode());
   set_target(*ic);
 }
 
 
 void IC::CopyICToMegamorphicCache(Handle<String> name) {
   MapHandleList receiver_maps;
   CodeHandleList handlers;
-  {
-    DisallowHeapAllocation no_gc;
-    target()->FindAllMaps(&receiver_maps);
-    if (!target()->FindHandlers(&handlers, receiver_maps.length())) return;
-  }
+  target()->FindAllMaps(&receiver_maps);
+  if (!target()->FindHandlers(&handlers, receiver_maps.length())) return;
   for (int i = 0; i < receiver_maps.length(); i++) {
     UpdateMegamorphicCache(*receiver_maps.at(i), *name, *handlers.at(i));
   }
 }
 
 
 bool IC::IsTransitionedMapOfMonomorphicTarget(Map* receiver_map) {
-  DisallowHeapAllocation no_allocation;
-
   Map* current_map = target()->FindFirstMap();
   ElementsKind receiver_elements_kind = receiver_map->elements_kind();
   bool more_general_transition =
       IsMoreGeneralElementsKindTransition(
         current_map->elements_kind(), receiver_elements_kind);
   Map* transitioned_map = more_general_transition
       ? current_map->LookupElementsTransitionMap(receiver_elements_kind)
       : NULL;
 
   return transitioned_map == receiver_map;
@@ skipping 10 matching lines @@
       UpdateMonomorphicIC(receiver, code, name);
       break;
     case MONOMORPHIC:
       // For now, call stubs are allowed to rewrite to the same stub. This
       // happens e.g., when the field does not contain a function.
       ASSERT(target()->is_call_stub() ||
              target()->is_keyed_call_stub() ||
              !target().is_identical_to(code));
       if (!target()->is_keyed_stub()) {
         bool is_same_handler = false;
-        {
-          DisallowHeapAllocation no_allocation;
-          Code* old_handler = target()->FindFirstHandler();
-          is_same_handler = old_handler == *code;
-        }
-        if (is_same_handler
-            && IsTransitionedMapOfMonomorphicTarget(receiver->map())) {
+        Code* old_handler = target()->FindFirstHandler();
+        is_same_handler = old_handler == *code;
+
+        if (is_same_handler &&
+            IsTransitionedMapOfMonomorphicTarget(receiver->map())) {
           UpdateMonomorphicIC(receiver, code, name);
           break;
         }
-        if (UpdatePolymorphicIC(receiver, name, code)) {
-          break;
-        }
-
+      }
+      // Fall through.
+    case POLYMORPHIC:
+      if (!target()->is_keyed_stub()) {
+        if (UpdatePolymorphicIC(receiver, name, code)) break;
         CopyICToMegamorphicCache(name);
       }
-
-      UpdateMegamorphicCache(receiver->map(), *name, *code);
       set_target(*megamorphic_stub());
-      break;
+      // Fall through.
     case MEGAMORPHIC:
       UpdateMegamorphicCache(receiver->map(), *name, *code);
       break;
-    case POLYMORPHIC:
-      if (target()->is_keyed_stub()) {
-        // When trying to patch a polymorphic keyed stub with anything other
-        // than another polymorphic stub, go generic.
-        set_target(*generic_stub());
-      } else {
-        if (UpdatePolymorphicIC(receiver, name, code)) {
-          break;
-        }
-        CopyICToMegamorphicCache(name);
-        UpdateMegamorphicCache(receiver->map(), *name, *code);
-        set_target(*megamorphic_stub());
-      }
-      break;
     case DEBUG_STUB:
       break;
     case GENERIC:
       UNREACHABLE();
       break;
   }
 }
 
 
 Handle<Code> LoadIC::SimpleFieldLoad(int offset,
                                      bool inobject,
                                      Representation representation) {
   if (kind() == Code::LOAD_IC) {
     LoadFieldStub stub(inobject, offset, representation);
     return stub.GetCode(isolate());
   } else {
     KeyedLoadFieldStub stub(inobject, offset, representation);
     return stub.GetCode(isolate());
   }
 }
 
+
 void LoadIC::UpdateCaches(LookupResult* lookup,
                           Handle<Object> object,
                           Handle<String> name) {
   // TODO(verwaest): It would be nice to support loading fields from smis as
   // well. For now just fail to update the cache.
   if (!object->IsHeapObject()) return;
 
   Handle<HeapObject> receiver = Handle<HeapObject>::cast(object);
 
   Handle<Code> code;
   if (state() == UNINITIALIZED) {
     // This is the first time we execute this inline cache.
     // Set the target to the pre monomorphic stub to delay
     // setting the monomorphic state.
-    code = pre_monomorphic_stub();
+    set_target(*pre_monomorphic_stub());
+    TRACE_IC("LoadIC", name);
+    return;
   } else if (!lookup->IsCacheable()) {
     // Bail out if the result is not cacheable.
     code = slow_stub();
   } else if (object->IsString() &&
              name->Equals(isolate()->heap()->length_string())) {
     int length_index = String::kLengthOffset / kPointerSize;
     code = SimpleFieldLoad(length_index);
   } else if (!object->IsJSObject()) {
     // TODO(jkummerow): It would be nice to support non-JSObjects in
     // ComputeLoadHandler, then we wouldn't need to go generic here.
@@ skipping 21 matching lines @@
 
 Handle<Code> IC::ComputeHandler(LookupResult* lookup,
                                 Handle<JSObject> receiver,
                                 Handle<String> name,
                                 Handle<Object> value) {
   Handle<Code> code = isolate()->stub_cache()->FindHandler(
       name, receiver, kind());
   if (!code.is_null()) return code;
 
   code = CompileHandler(lookup, receiver, name, value);
+  ASSERT(code->is_handler());
 
-  if (code->is_handler() && code->type() != Code::NORMAL) {
+  if (code->type() != Code::NORMAL) {
     HeapObject::UpdateMapCodeCache(receiver, name, code);
   }
 
   return code;
 }
 
 
 Handle<Code> LoadIC::CompileHandler(LookupResult* lookup,
                                     Handle<JSObject> receiver,
                                     Handle<String> name,
@@ skipping 18 matching lines @@
       // be embedded into code.
       if (constant->IsConsString()) break;
       return compiler.CompileLoadConstant(receiver, holder, name, constant);
     }
     case NORMAL:
       if (kind() != Code::LOAD_IC) break;
       if (holder->IsGlobalObject()) {
         Handle<GlobalObject> global = Handle<GlobalObject>::cast(holder);
         Handle<PropertyCell> cell(
             global->GetPropertyCell(lookup), isolate());
-        // TODO(verwaest): Turn into a handler.
-        return isolate()->stub_cache()->ComputeLoadGlobal(
-            name, receiver, global, cell, lookup->IsDontDelete());
+        Handle<Code> code = compiler.CompileLoadGlobal(
+            receiver, global, cell, name, lookup->IsDontDelete());
+        // TODO(verwaest): Move caching of these NORMAL stubs outside as well.
+        HeapObject::UpdateMapCodeCache(receiver, name, code);
+        return code;
       }
       // There is only one shared stub for loading normalized
       // properties. It does not traverse the prototype chain, so the
       // property must be found in the receiver for the stub to be
       // applicable.
       if (!holder.is_identical_to(receiver)) break;
       return isolate()->builtins()->LoadIC_Normal();
     case CALLBACKS: {
       // Use simple field loads for some well-known callback properties.
       int object_offset;
@@ skipping 394 matching lines @@
       return compiler.CompileStoreTransition(
           receiver, lookup, transition, name);
     }
     case NORMAL:
       if (kind() == Code::KEYED_STORE_IC) break;
       if (receiver->IsGlobalObject()) {
         // The stub generated for the global object picks the value directly
         // from the property cell. So the property must be directly on the
         // global object.
         Handle<GlobalObject> global = Handle<GlobalObject>::cast(receiver);
-        Handle<PropertyCell> cell(
-            global->GetPropertyCell(lookup), isolate());
-        // TODO(verwaest): Turn into a handler.
-        return isolate()->stub_cache()->ComputeStoreGlobal(
-            name, global, cell, value, strict_mode());
+        Handle<PropertyCell> cell(global->GetPropertyCell(lookup), isolate());
+        Handle<Type> union_type = PropertyCell::UpdatedType(cell, value);
+        StoreGlobalStub stub(strict_mode(), union_type->IsConstant());
+
+        Handle<Code> code = stub.GetCodeCopyFromTemplate(
+            isolate(), receiver->map(), *cell);
+        // TODO(verwaest): Move caching of these NORMAL stubs outside as well.
+        HeapObject::UpdateMapCodeCache(receiver, name, code);
+        return code;
       }
       ASSERT(holder.is_identical_to(receiver));
       return strict_mode() == kStrictMode
           ? isolate()->builtins()->StoreIC_Normal_Strict()
           : isolate()->builtins()->StoreIC_Normal();
     case CALLBACKS: {
       if (kind() == Code::KEYED_STORE_IC) break;
       Handle<Object> callback(lookup->GetCallbackObject(), isolate());
       if (callback->IsExecutableAccessorInfo()) {
         Handle<ExecutableAccessorInfo> info =
@@ skipping 279 matching lines @@
     }
   }
 }
 
 
 MaybeObject* KeyedStoreIC::Store(Handle<Object> object,
                                  Handle<Object> key,
                                  Handle<Object> value,
                                  ICMissMode miss_mode) {
   if (MigrateDeprecated(object)) {
-    return Runtime::SetObjectPropertyOrFail(
-        isolate(), object , key, value, NONE, strict_mode());
+    Handle<Object> result = Runtime::SetObjectProperty(isolate(), object,
+                                                       key,
+                                                       value,
+                                                       NONE,
+                                                       strict_mode());
+    RETURN_IF_EMPTY_HANDLE(isolate(), result);
+    return *result;
   }
 
   // Check for values that can be converted into an internalized string directly
   // or is representable as a smi.
   key = TryConvertKey(key, isolate());
 
   MaybeObject* maybe_object = NULL;
   Handle<Code> stub = generic_stub();
 
   if (key->IsInternalizedString()) {
@@ skipping 18 matching lines @@
       ASSERT(!object->IsJSGlobalProxy());
 
       if (miss_mode != MISS_FORCE_GENERIC) {
         if (object->IsJSObject()) {
           Handle<JSObject> receiver = Handle<JSObject>::cast(object);
           bool key_is_smi_like = key->IsSmi() || !key->ToSmi()->IsFailure();
           if (receiver->elements()->map() ==
               isolate()->heap()->non_strict_arguments_elements_map()) {
             stub = non_strict_arguments_stub();
           } else if (key_is_smi_like &&
-                     (!target().is_identical_to(non_strict_arguments_stub()))) {
-            KeyedAccessStoreMode store_mode =
-                GetStoreMode(receiver, key, value);
-            stub = StoreElementStub(receiver, store_mode);
+                     !(target().is_identical_to(non_strict_arguments_stub()))) {
+            // We should go generic if receiver isn't a dictionary, but our
+            // prototype chain does have dictionary elements. This ensures that
+            // other non-dictionary receivers in the polymorphic case benefit
+            // from fast path keyed stores.
+            if (!(receiver->map()->DictionaryElementsInPrototypeChainOnly())) {
+              KeyedAccessStoreMode store_mode =
+                  GetStoreMode(receiver, key, value);
+              stub = StoreElementStub(receiver, store_mode);
+            }
           }
         }
       }
     }
   }
 
   if (!is_target_set()) {
     if (*stub == *generic_stub()) {
       TRACE_GENERIC_IC(isolate(), "KeyedStoreIC", "set generic");
     }
     ASSERT(!stub.is_null());
     set_target(*stub);
     TRACE_IC("StoreIC", key);
   }
 
   if (maybe_object) return maybe_object;
-  return Runtime::SetObjectPropertyOrFail(
-      isolate(), object , key, value, NONE, strict_mode());
+  Handle<Object> result = Runtime::SetObjectProperty(isolate(), object, key,
+                                                     value,
+                                                     NONE,
+                                                     strict_mode());
+  RETURN_IF_EMPTY_HANDLE(isolate(), result);
+  return *result;
 }
 
 
 #undef TRACE_IC
 
 
 // ----------------------------------------------------------------------------
 // Static IC stub generators.
 //
 
@@ skipping 210 matching lines @@
 
 
 RUNTIME_FUNCTION(MaybeObject*, StoreIC_Slow) {
   HandleScope scope(isolate);
   ASSERT(args.length() == 3);
   StoreIC ic(IC::NO_EXTRA_FRAME, isolate);
   Handle<Object> object = args.at<Object>(0);
   Handle<Object> key = args.at<Object>(1);
   Handle<Object> value = args.at<Object>(2);
   StrictModeFlag strict_mode = ic.strict_mode();
-  return Runtime::SetObjectProperty(isolate,
-                                    object,
-                                    key,
-                                    value,
-                                    NONE,
-                                    strict_mode);
+  Handle<Object> result = Runtime::SetObjectProperty(isolate, object, key,
+                                                     value,
+                                                     NONE,
+                                                     strict_mode);
+  RETURN_IF_EMPTY_HANDLE(isolate, result);
+  return *result;
 }
 
 
 RUNTIME_FUNCTION(MaybeObject*, KeyedStoreIC_Slow) {
   HandleScope scope(isolate);
   ASSERT(args.length() == 3);
   KeyedStoreIC ic(IC::NO_EXTRA_FRAME, isolate);
   Handle<Object> object = args.at<Object>(0);
   Handle<Object> key = args.at<Object>(1);
   Handle<Object> value = args.at<Object>(2);
   StrictModeFlag strict_mode = ic.strict_mode();
-  return Runtime::SetObjectProperty(isolate,
-                                    object,
-                                    key,
-                                    value,
-                                    NONE,
-                                    strict_mode);
+  Handle<Object> result = Runtime::SetObjectProperty(isolate, object, key,
+                                                     value,
+                                                     NONE,
+                                                     strict_mode);
+  RETURN_IF_EMPTY_HANDLE(isolate, result);
+  return *result;
 }
 
 
 RUNTIME_FUNCTION(MaybeObject*, KeyedStoreIC_MissForceGeneric) {
   HandleScope scope(isolate);
   ASSERT(args.length() == 3);
   KeyedStoreIC ic(IC::NO_EXTRA_FRAME, isolate);
   Handle<Object> receiver = args.at<Object>(0);
   Handle<Object> key = args.at<Object>(1);
   ic.UpdateState(receiver, key);
   return ic.Store(receiver, key, args.at<Object>(2), MISS_FORCE_GENERIC);
 }
 
 
 RUNTIME_FUNCTION(MaybeObject*, ElementsTransitionAndStoreIC_Miss) {
   HandleScope scope(isolate);
   ASSERT(args.length() == 4);
   KeyedStoreIC ic(IC::EXTRA_CALL_FRAME, isolate);
   Handle<Object> value = args.at<Object>(0);
+  Handle<Map> map = args.at<Map>(1);
   Handle<Object> key = args.at<Object>(2);
   Handle<Object> object = args.at<Object>(3);
   StrictModeFlag strict_mode = ic.strict_mode();
-  return Runtime::SetObjectProperty(isolate,
-                                    object,
-                                    key,
-                                    value,
-                                    NONE,
-                                    strict_mode);
+  if (object->IsJSObject()) {
+    JSObject::TransitionElementsKind(Handle<JSObject>::cast(object),
+                                     map->elements_kind());
+  }
+  Handle<Object> result = Runtime::SetObjectProperty(isolate, object, key,
+                                                     value,
+                                                     NONE,
+                                                     strict_mode);
+  RETURN_IF_EMPTY_HANDLE(isolate, result);
+  return *result;
 }
 
 
 const char* BinaryOpIC::GetName(TypeInfo type_info) {
   switch (type_info) {
     case UNINITIALIZED: return "Uninitialized";
     case SMI: return "Smi";
     case INT32: return "Int32";
     case NUMBER: return "Number";
     case ODDBALL: return "Oddball";
     case STRING: return "String";
     case GENERIC: return "Generic";
     default: return "Invalid";
   }
 }
 
 
 MaybeObject* BinaryOpIC::Transition(Handle<Object> left, Handle<Object> right) {
   Code::ExtraICState extra_ic_state = target()->extended_extra_ic_state();
   BinaryOpStub stub(extra_ic_state);
 
   Handle<Type> left_type = stub.GetLeftType(isolate());
   Handle<Type> right_type = stub.GetRightType(isolate());
   bool smi_was_enabled = left_type->Maybe(Type::Smi()) &&
                          right_type->Maybe(Type::Smi());
 
   Maybe<Handle<Object> > result = stub.Result(left, right, isolate());
+  if (!result.has_value) return Failure::Exception();
 
 #ifdef DEBUG
   if (FLAG_trace_ic) {
     char buffer[100];
     NoAllocationStringAllocator allocator(buffer,
                                         static_cast<unsigned>(sizeof(buffer)));
     StringStream stream(&allocator);
     stream.Add("[");
     stub.PrintName(&stream);
 
@@ skipping 20 matching lines @@
   right_type = stub.GetRightType(isolate());
   bool enable_smi = left_type->Maybe(Type::Smi()) &&
                     right_type->Maybe(Type::Smi());
 
   if (!smi_was_enabled && enable_smi) {
     PatchInlinedSmiCode(address(), ENABLE_INLINED_SMI_CHECK);
   } else if (smi_was_enabled && !enable_smi) {
     PatchInlinedSmiCode(address(), DISABLE_INLINED_SMI_CHECK);
   }
 
-  return result.has_value
-      ? static_cast<MaybeObject*>(*result.value)
-      : Failure::Exception();
+  ASSERT(result.has_value);
+  return static_cast<MaybeObject*>(*result.value);
 }
 
 
 RUNTIME_FUNCTION(MaybeObject*, BinaryOpIC_Miss) {
   HandleScope scope(isolate);
   Handle<Object> left = args.at<Object>(0);
   Handle<Object> right = args.at<Object>(1);
   BinaryOpIC ic(isolate);
   return ic.Transition(left, right);
 }
@@ skipping 364 matching lines @@
 #undef ADDR
 };
 
 
 Address IC::AddressFromUtilityId(IC::UtilityId id) {
   return IC_utilities[id];
 }
 
 
 } }  // namespace v8::internal