Commit 187fba74 authored by Leszek Swirski's avatar Leszek Swirski Committed by V8 LUCI CQ

[maglev] Distinguish receiver and lookup_start_object

GetNamedPropertyFromSuper needs both the receiver and the
lookup_start_object (the home object prototype), as it does lookups on
the latter but calls accessors with the former as the receiver.

Bug: v8:7700
Change-Id: Ib8b930d06eb8bed090ad1839a05514f0dffc321f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891253
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83134}
parent c8d1ca8a
...@@ -987,14 +987,15 @@ void MaglevGraphBuilder::BuildMapCheck(ValueNode* object, ...@@ -987,14 +987,15 @@ void MaglevGraphBuilder::BuildMapCheck(ValueNode* object,
object, known_info, NodeType::kHeapObjectWithKnownMap); object, known_info, NodeType::kHeapObjectWithKnownMap);
} }
bool MaglevGraphBuilder::TryBuildMonomorphicLoad(ValueNode* object, bool MaglevGraphBuilder::TryBuildMonomorphicLoad(ValueNode* receiver,
ValueNode* lookup_start_object,
const compiler::MapRef& map, const compiler::MapRef& map,
MaybeObjectHandle handler) { MaybeObjectHandle handler) {
if (handler.is_null()) return false; if (handler.is_null()) return false;
if (handler->IsSmi()) { if (handler->IsSmi()) {
return TryBuildMonomorphicLoadFromSmiHandler(object, map, return TryBuildMonomorphicLoadFromSmiHandler(receiver, lookup_start_object,
handler->ToSmi().value()); map, handler->ToSmi().value());
} }
HeapObject ho_handler; HeapObject ho_handler;
if (!handler->GetHeapObject(&ho_handler)) return false; if (!handler->GetHeapObject(&ho_handler)) return false;
...@@ -1007,26 +1008,27 @@ bool MaglevGraphBuilder::TryBuildMonomorphicLoad(ValueNode* object, ...@@ -1007,26 +1008,27 @@ bool MaglevGraphBuilder::TryBuildMonomorphicLoad(ValueNode* object,
return false; return false;
} else { } else {
return TryBuildMonomorphicLoadFromLoadHandler( return TryBuildMonomorphicLoadFromLoadHandler(
object, map, LoadHandler::cast(ho_handler)); receiver, lookup_start_object, map, LoadHandler::cast(ho_handler));
} }
} }
bool MaglevGraphBuilder::TryBuildMonomorphicLoadFromSmiHandler( bool MaglevGraphBuilder::TryBuildMonomorphicLoadFromSmiHandler(
ValueNode* object, const compiler::MapRef& map, int32_t handler) { ValueNode* receiver, ValueNode* lookup_start_object,
const compiler::MapRef& map, int32_t handler) {
// Smi handler, emit a map check and LoadField. // Smi handler, emit a map check and LoadField.
LoadHandler::Kind kind = LoadHandler::KindBits::decode(handler); LoadHandler::Kind kind = LoadHandler::KindBits::decode(handler);
if (kind != LoadHandler::Kind::kField) return false; if (kind != LoadHandler::Kind::kField) return false;
if (LoadHandler::IsWasmStructBits::decode(handler)) return false; if (LoadHandler::IsWasmStructBits::decode(handler)) return false;
BuildMapCheck(object, map); BuildMapCheck(lookup_start_object, map);
ValueNode* load_source; ValueNode* load_source;
if (LoadHandler::IsInobjectBits::decode(handler)) { if (LoadHandler::IsInobjectBits::decode(handler)) {
load_source = object; load_source = lookup_start_object;
} else { } else {
// The field is in the property array, first load it from there. // The field is in the property array, first load it from there.
load_source = AddNewNode<LoadTaggedField>( load_source = AddNewNode<LoadTaggedField>(
{object}, JSReceiver::kPropertiesOrHashOffset); {lookup_start_object}, JSReceiver::kPropertiesOrHashOffset);
} }
int field_index = LoadHandler::FieldIndexBits::decode(handler); int field_index = LoadHandler::FieldIndexBits::decode(handler);
if (LoadHandler::IsDoubleBits::decode(handler)) { if (LoadHandler::IsDoubleBits::decode(handler)) {
...@@ -1051,7 +1053,8 @@ bool MaglevGraphBuilder::TryBuildMonomorphicLoadFromSmiHandler( ...@@ -1051,7 +1053,8 @@ bool MaglevGraphBuilder::TryBuildMonomorphicLoadFromSmiHandler(
} }
bool MaglevGraphBuilder::TryBuildMonomorphicLoadFromLoadHandler( bool MaglevGraphBuilder::TryBuildMonomorphicLoadFromLoadHandler(
ValueNode* object, const compiler::MapRef& map, LoadHandler handler) { ValueNode* receiver, ValueNode* lookup_start_object,
const compiler::MapRef& map, LoadHandler handler) {
Object maybe_smi_handler = handler.smi_handler(local_isolate_); Object maybe_smi_handler = handler.smi_handler(local_isolate_);
if (!maybe_smi_handler.IsSmi()) return false; if (!maybe_smi_handler.IsSmi()) return false;
int smi_handler = Smi::cast(maybe_smi_handler).value(); int smi_handler = Smi::cast(maybe_smi_handler).value();
...@@ -1069,11 +1072,11 @@ bool MaglevGraphBuilder::TryBuildMonomorphicLoadFromLoadHandler( ...@@ -1069,11 +1072,11 @@ bool MaglevGraphBuilder::TryBuildMonomorphicLoadFromLoadHandler(
// Check for string maps before checking if we need to do an access check. // Check for string maps before checking if we need to do an access check.
// Primitive strings always get the prototype from the native context // Primitive strings always get the prototype from the native context
// they're operated on, so they don't need the access check. // they're operated on, so they don't need the access check.
BuildCheckString(object); BuildCheckString(lookup_start_object);
} else if (do_access_check_on_lookup_start_object) { } else if (do_access_check_on_lookup_start_object) {
return false; return false;
} else { } else {
BuildMapCheck(object, map); BuildMapCheck(lookup_start_object, map);
} }
Object validity_cell = handler.validity_cell(local_isolate_); Object validity_cell = handler.validity_cell(local_isolate_);
...@@ -1120,7 +1123,7 @@ bool MaglevGraphBuilder::TryBuildMonomorphicLoadFromLoadHandler( ...@@ -1120,7 +1123,7 @@ bool MaglevGraphBuilder::TryBuildMonomorphicLoadFromLoadHandler(
Call* call = CreateNewNode<Call>(Call::kFixedInputCount + 1, Call* call = CreateNewNode<Call>(Call::kFixedInputCount + 1,
ConvertReceiverMode::kNotNullOrUndefined, ConvertReceiverMode::kNotNullOrUndefined,
GetConstant(getter_ref), GetContext()); GetConstant(getter_ref), GetContext());
call->set_arg(0, object); call->set_arg(0, receiver);
SetAccumulator(AddNode(call)); SetAccumulator(AddNode(call));
break; break;
} }
...@@ -1158,7 +1161,7 @@ void MaglevGraphBuilder::VisitGetNamedProperty() { ...@@ -1158,7 +1161,7 @@ void MaglevGraphBuilder::VisitGetNamedProperty() {
MaybeObjectHandle handler = MaybeObjectHandle handler =
FeedbackNexusForSlot(slot).FindHandlerForMap(map.object()); FeedbackNexusForSlot(slot).FindHandlerForMap(map.object());
if (TryBuildMonomorphicLoad(object, map, handler)) return; if (TryBuildMonomorphicLoad(object, object, map, handler)) return;
} break; } break;
default: default:
...@@ -1206,7 +1209,8 @@ void MaglevGraphBuilder::VisitGetNamedPropertyFromSuper() { ...@@ -1206,7 +1209,8 @@ void MaglevGraphBuilder::VisitGetNamedPropertyFromSuper() {
MaybeObjectHandle handler = MaybeObjectHandle handler =
FeedbackNexusForSlot(slot).FindHandlerForMap(map.object()); FeedbackNexusForSlot(slot).FindHandlerForMap(map.object());
if (TryBuildMonomorphicLoad(lookup_start_object, map, handler)) return; if (TryBuildMonomorphicLoad(receiver, lookup_start_object, map, handler))
return;
} break; } break;
default: default:
......
...@@ -956,12 +956,16 @@ class MaglevGraphBuilder { ...@@ -956,12 +956,16 @@ class MaglevGraphBuilder {
void BuildCheckSymbol(ValueNode* object); void BuildCheckSymbol(ValueNode* object);
void BuildMapCheck(ValueNode* object, const compiler::MapRef& map); void BuildMapCheck(ValueNode* object, const compiler::MapRef& map);
bool TryBuildMonomorphicLoad(ValueNode* object, const compiler::MapRef& map, bool TryBuildMonomorphicLoad(ValueNode* receiver,
ValueNode* lookup_start_object,
const compiler::MapRef& map,
MaybeObjectHandle handler); MaybeObjectHandle handler);
bool TryBuildMonomorphicLoadFromSmiHandler(ValueNode* object, bool TryBuildMonomorphicLoadFromSmiHandler(ValueNode* receiver,
ValueNode* lookup_start_object,
const compiler::MapRef& map, const compiler::MapRef& map,
int32_t handler); int32_t handler);
bool TryBuildMonomorphicLoadFromLoadHandler(ValueNode* object, bool TryBuildMonomorphicLoadFromLoadHandler(ValueNode* receiver,
ValueNode* lookup_start_object,
const compiler::MapRef& map, const compiler::MapRef& map,
LoadHandler handler); LoadHandler handler);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment