Skip to content

V
V8
Commit 440a42b7 authored by mstarzinger's avatar mstarzinger Committed by Commit bot
Browse files
Options

[fullcode] Switch passing of new.target to register. 

This passes the new.target value in a register instead of through a
side-channel via the construct stub. Note that this marks the last
consumer of said side-channel and the special slot in the construct
stub frame can be removed as a follow-up.

R=bmeurer@chromium.org,yangguo@chromium.org
TEST=mjsunit/es6/regress/regress-new-target-context

Review URL: https://codereview.chromium.org/1492793002

Cr-Commit-Position: refs/heads/master@{#32548}
parent 5d38d681
Hide whitespace changes
Inline Side-by-side
Showing with 183 additions and 229 deletions
src/full-codegen/arm/full-codegen-arm.cc
View file @ 440a42b7
...@@ -92,6 +92,7 @@ class JumpPatchSite BASE_EMBEDDED { ...@@ -92,6 +92,7 @@ class JumpPatchSite BASE_EMBEDDED {
// //
// The live registers are: // The live registers are:
// o r1: the JS function object being called (i.e., ourselves) // o r1: the JS function object being called (i.e., ourselves)
// o r3: the new target value
// o cp: our context // o cp: our context
// o pp: our caller's constant pool pointer (if enabled) // o pp: our caller's constant pool pointer (if enabled)
// o fp: our caller's frame pointer // o fp: our caller's frame pointer
...@@ -182,14 +183,24 @@ void FullCodeGenerator::Generate() { ...@@ -182,14 +183,24 @@ void FullCodeGenerator::Generate() {
__ Push(info->scope()->GetScopeInfo(info->isolate())); __ Push(info->scope()->GetScopeInfo(info->isolate()));
__ CallRuntime(Runtime::kNewScriptContext, 2); __ CallRuntime(Runtime::kNewScriptContext, 2);
PrepareForBailoutForId(BailoutId::ScriptContext(), TOS_REG); PrepareForBailoutForId(BailoutId::ScriptContext(), TOS_REG);
} else if (slots <= FastNewContextStub::kMaximumSlots) { // The new target value is not used, clobbering is safe.
FastNewContextStub stub(isolate(), slots); DCHECK_NULL(info->scope()->new_target_var());
__ CallStub(&stub);
// Result of FastNewContextStub is always in new space.
need_write_barrier = false;
} else { } else {
__ push(r1); if (info->scope()->new_target_var() != nullptr) {
__ CallRuntime(Runtime::kNewFunctionContext, 1); __ push(r3); // Preserve new target.
}
if (slots <= FastNewContextStub::kMaximumSlots) {
FastNewContextStub stub(isolate(), slots);
__ CallStub(&stub);
// Result of FastNewContextStub is always in new space.
need_write_barrier = false;
} else {
__ push(r1);
__ CallRuntime(Runtime::kNewFunctionContext, 1);
}
if (info->scope()->new_target_var() != nullptr) {
__ pop(r3); // Preserve new target.
}
} }
function_in_register_r1 = false; function_in_register_r1 = false;
// Context is returned in r0. It replaces the context passed to us. // Context is returned in r0. It replaces the context passed to us.
...@@ -212,8 +223,8 @@ void FullCodeGenerator::Generate() { ...@@ -212,8 +223,8 @@ void FullCodeGenerator::Generate() {
// Update the write barrier. // Update the write barrier.
if (need_write_barrier) { if (need_write_barrier) {
__ RecordWriteContextSlot( __ RecordWriteContextSlot(cp, target.offset(), r0, r2,
cp, target.offset(), r0, r3, kLRHasBeenSaved, kDontSaveFPRegs); kLRHasBeenSaved, kDontSaveFPRegs);
} else if (FLAG_debug_code) { } else if (FLAG_debug_code) {
Label done; Label done;
__ JumpIfInNewSpace(cp, r0, &done); __ JumpIfInNewSpace(cp, r0, &done);
...@@ -223,11 +234,11 @@ void FullCodeGenerator::Generate() { ...@@ -223,11 +234,11 @@ void FullCodeGenerator::Generate() {
} }
} }
} }
PrepareForBailoutForId(BailoutId::FunctionContext(), NO_REGISTERS);
// Function register is trashed in case we bailout here. But since that // Register holding this function and new target are both trashed in case we
// could happen only when we allocate a context the value of // bailout here. But since that can happen only when new target is not used
// |function_in_register_r1| is correct. // and we allocate a context, the value of |function_in_register| is correct.
PrepareForBailoutForId(BailoutId::FunctionContext(), NO_REGISTERS);
// Possibly set up a local binding to the this function which is used in // Possibly set up a local binding to the this function which is used in
// derived constructors with super calls. // derived constructors with super calls.
...@@ -241,28 +252,11 @@ void FullCodeGenerator::Generate() { ...@@ -241,28 +252,11 @@ void FullCodeGenerator::Generate() {
SetVar(this_function_var, r1, r0, r2); SetVar(this_function_var, r1, r0, r2);
} }
// Possibly set up a local binding to the new target value.
Variable* new_target_var = scope()->new_target_var(); Variable* new_target_var = scope()->new_target_var();
if (new_target_var != nullptr) { if (new_target_var != nullptr) {
Comment cmnt(masm_, "[ new.target"); Comment cmnt(masm_, "[ new.target");
SetVar(new_target_var, r3, r0, r2);
__ ldr(r2, MemOperand(fp, StandardFrameConstants::kCallerFPOffset));
__ ldr(r1, MemOperand(r2, StandardFrameConstants::kContextOffset));
__ cmp(r1, Operand(Smi::FromInt(StackFrame::ARGUMENTS_ADAPTOR)));
__ ldr(r2, MemOperand(r2, StandardFrameConstants::kCallerFPOffset), eq);
__ ldr(r1, MemOperand(r2, StandardFrameConstants::kMarkerOffset));
__ cmp(r1, Operand(Smi::FromInt(StackFrame::CONSTRUCT)));
Label non_construct_frame, done;
function_in_register_r1 = false;
__ b(ne, &non_construct_frame);
__ ldr(r0, MemOperand(r2, ConstructFrameConstants::kNewTargetOffset));
__ b(&done);
__ bind(&non_construct_frame);
__ LoadRoot(r0, Heap::kUndefinedValueRootIndex);
__ bind(&done);
SetVar(new_target_var, r0, r2, r3);
} }
Variable* arguments = scope()->arguments(); Variable* arguments = scope()->arguments();
......
src/full-codegen/arm64/full-codegen-arm64.cc
View file @ 440a42b7
...@@ -92,6 +92,7 @@ class JumpPatchSite BASE_EMBEDDED { ...@@ -92,6 +92,7 @@ class JumpPatchSite BASE_EMBEDDED {
// //
// The live registers are: // The live registers are:
// - x1: the JS function object being called (i.e. ourselves). // - x1: the JS function object being called (i.e. ourselves).
// - x3: the new target value
// - cp: our context. // - cp: our context.
// - fp: our caller's frame pointer. // - fp: our caller's frame pointer.
// - jssp: stack pointer. // - jssp: stack pointer.
...@@ -158,12 +159,12 @@ void FullCodeGenerator::Generate() { ...@@ -158,12 +159,12 @@ void FullCodeGenerator::Generate() {
const int kMaxPushes = 32; const int kMaxPushes = 32;
if (locals_count >= kMaxPushes) { if (locals_count >= kMaxPushes) {
int loop_iterations = locals_count / kMaxPushes; int loop_iterations = locals_count / kMaxPushes;
__ Mov(x3, loop_iterations); __ Mov(x2, loop_iterations);
Label loop_header; Label loop_header;
__ Bind(&loop_header); __ Bind(&loop_header);
// Do pushes. // Do pushes.
__ PushMultipleTimes(x10 , kMaxPushes); __ PushMultipleTimes(x10 , kMaxPushes);
__ Subs(x3, x3, 1); __ Subs(x2, x2, 1);
__ B(ne, &loop_header); __ B(ne, &loop_header);
} }
int remaining = locals_count % kMaxPushes; int remaining = locals_count % kMaxPushes;
...@@ -185,14 +186,24 @@ void FullCodeGenerator::Generate() { ...@@ -185,14 +186,24 @@ void FullCodeGenerator::Generate() {
__ Push(x1, x10); __ Push(x1, x10);
__ CallRuntime(Runtime::kNewScriptContext, 2); __ CallRuntime(Runtime::kNewScriptContext, 2);
PrepareForBailoutForId(BailoutId::ScriptContext(), TOS_REG); PrepareForBailoutForId(BailoutId::ScriptContext(), TOS_REG);
} else if (slots <= FastNewContextStub::kMaximumSlots) { // The new target value is not used, clobbering is safe.
FastNewContextStub stub(isolate(), slots); DCHECK_NULL(info->scope()->new_target_var());
__ CallStub(&stub);
// Result of FastNewContextStub is always in new space.
need_write_barrier = false;
} else { } else {
__ Push(x1); if (info->scope()->new_target_var() != nullptr) {
__ CallRuntime(Runtime::kNewFunctionContext, 1); __ Push(x3); // Preserve new target.
}
if (slots <= FastNewContextStub::kMaximumSlots) {
FastNewContextStub stub(isolate(), slots);
__ CallStub(&stub);
// Result of FastNewContextStub is always in new space.
need_write_barrier = false;
} else {
__ Push(x1);
__ CallRuntime(Runtime::kNewFunctionContext, 1);
}
if (info->scope()->new_target_var() != nullptr) {
__ Pop(x3); // Restore new target.
}
} }
function_in_register_x1 = false; function_in_register_x1 = false;
// Context is returned in x0. It replaces the context passed to us. // Context is returned in x0. It replaces the context passed to us.
...@@ -226,11 +237,11 @@ void FullCodeGenerator::Generate() { ...@@ -226,11 +237,11 @@ void FullCodeGenerator::Generate() {
} }
} }
} }
PrepareForBailoutForId(BailoutId::FunctionContext(), NO_REGISTERS);
// Function register is trashed in case we bailout here. But since that // Register holding this function and new target are both trashed in case we
// could happen only when we allocate a context the value of // bailout here. But since that can happen only when new target is not used
// |function_in_register_x1| is correct. // and we allocate a context, the value of |function_in_register| is correct.
PrepareForBailoutForId(BailoutId::FunctionContext(), NO_REGISTERS);
// Possibly set up a local binding to the this function which is used in // Possibly set up a local binding to the this function which is used in
// derived constructors with super calls. // derived constructors with super calls.
...@@ -244,34 +255,11 @@ void FullCodeGenerator::Generate() { ...@@ -244,34 +255,11 @@ void FullCodeGenerator::Generate() {
SetVar(this_function_var, x1, x0, x2); SetVar(this_function_var, x1, x0, x2);
} }
// Possibly set up a local binding to the new target value.
Variable* new_target_var = scope()->new_target_var(); Variable* new_target_var = scope()->new_target_var();
if (new_target_var != nullptr) { if (new_target_var != nullptr) {
Comment cmnt(masm_, "[ new.target"); Comment cmnt(masm_, "[ new.target");
// Get the frame pointer for the calling frame. SetVar(new_target_var, x3, x0, x2);
__ Ldr(x2, MemOperand(fp, StandardFrameConstants::kCallerFPOffset));
Label check_frame_marker;
__ Ldr(x1, MemOperand(x2, StandardFrameConstants::kContextOffset));
__ Cmp(x1, Smi::FromInt(StackFrame::ARGUMENTS_ADAPTOR));
__ B(ne, &check_frame_marker);
__ Ldr(x2, MemOperand(x2, StandardFrameConstants::kCallerFPOffset));
__ Bind(&check_frame_marker);
__ Ldr(x1, MemOperand(x2, StandardFrameConstants::kMarkerOffset));
__ Cmp(x1, Smi::FromInt(StackFrame::CONSTRUCT));
function_in_register_x1 = false;
Label non_construct_frame, done;
__ B(ne, &non_construct_frame);
__ Ldr(x0, MemOperand(x2, ConstructFrameConstants::kNewTargetOffset));
__ B(&done);
__ Bind(&non_construct_frame);
__ LoadRoot(x0, Heap::kUndefinedValueRootIndex);
__ Bind(&done);
SetVar(new_target_var, x0, x2, x3);
} }
Variable* arguments = scope()->arguments(); Variable* arguments = scope()->arguments();
......
src/full-codegen/ia32/full-codegen-ia32.cc
View file @ 440a42b7
...@@ -83,6 +83,7 @@ class JumpPatchSite BASE_EMBEDDED { ...@@ -83,6 +83,7 @@ class JumpPatchSite BASE_EMBEDDED {
// //
// The live registers are: // The live registers are:
// o edi: the JS function object being called (i.e. ourselves) // o edi: the JS function object being called (i.e. ourselves)
// o edx: the new target value
// o esi: our context // o esi: our context
// o ebp: our caller's frame pointer // o ebp: our caller's frame pointer
// o esp: stack pointer (pointing to return address) // o esp: stack pointer (pointing to return address)
...@@ -174,14 +175,24 @@ void FullCodeGenerator::Generate() { ...@@ -174,14 +175,24 @@ void FullCodeGenerator::Generate() {
__ Push(info->scope()->GetScopeInfo(info->isolate())); __ Push(info->scope()->GetScopeInfo(info->isolate()));
__ CallRuntime(Runtime::kNewScriptContext, 2); __ CallRuntime(Runtime::kNewScriptContext, 2);
PrepareForBailoutForId(BailoutId::ScriptContext(), TOS_REG); PrepareForBailoutForId(BailoutId::ScriptContext(), TOS_REG);
} else if (slots <= FastNewContextStub::kMaximumSlots) { // The new target value is not used, clobbering is safe.
FastNewContextStub stub(isolate(), slots); DCHECK_NULL(info->scope()->new_target_var());
__ CallStub(&stub);
// Result of FastNewContextStub is always in new space.
need_write_barrier = false;
} else { } else {
__ push(edi); if (info->scope()->new_target_var() != nullptr) {
__ CallRuntime(Runtime::kNewFunctionContext, 1); __ push(edx); // Preserve new target.
}
if (slots <= FastNewContextStub::kMaximumSlots) {
FastNewContextStub stub(isolate(), slots);
__ CallStub(&stub);
// Result of FastNewContextStub is always in new space.
need_write_barrier = false;
} else {
__ push(edi);
__ CallRuntime(Runtime::kNewFunctionContext, 1);
}
if (info->scope()->new_target_var() != nullptr) {
__ pop(edx); // Restore new target.
}
} }
function_in_register = false; function_in_register = false;
// Context is returned in eax. It replaces the context passed to us. // Context is returned in eax. It replaces the context passed to us.
...@@ -218,11 +229,11 @@ void FullCodeGenerator::Generate() { ...@@ -218,11 +229,11 @@ void FullCodeGenerator::Generate() {
} }
} }
} }
PrepareForBailoutForId(BailoutId::FunctionContext(), NO_REGISTERS);
// Function register is trashed in case we bailout here. But since that // Register holding this function and new target are both trashed in case we
// could happen only when we allocate a context the value of // bailout here. But since that can happen only when new target is not used
// |function_in_register| is correct. // and we allocate a context, the value of |function_in_register| is correct.
PrepareForBailoutForId(BailoutId::FunctionContext(), NO_REGISTERS);
// Possibly set up a local binding to the this function which is used in // Possibly set up a local binding to the this function which is used in
// derived constructors with super calls. // derived constructors with super calls.
...@@ -233,36 +244,14 @@ void FullCodeGenerator::Generate() { ...@@ -233,36 +244,14 @@ void FullCodeGenerator::Generate() {
__ mov(edi, Operand(ebp, JavaScriptFrameConstants::kFunctionOffset)); __ mov(edi, Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
// The write barrier clobbers register again, keep it marked as such. // The write barrier clobbers register again, keep it marked as such.
} }
SetVar(this_function_var, edi, ebx, edx); SetVar(this_function_var, edi, ebx, ecx);
} }
// Possibly set up a local binding to the new target value.
Variable* new_target_var = scope()->new_target_var(); Variable* new_target_var = scope()->new_target_var();
if (new_target_var != nullptr) { if (new_target_var != nullptr) {
Comment cmnt(masm_, "[ new.target"); Comment cmnt(masm_, "[ new.target");
__ mov(eax, Operand(ebp, StandardFrameConstants::kCallerFPOffset)); SetVar(new_target_var, edx, ebx, ecx);
Label non_adaptor_frame;
__ cmp(Operand(eax, StandardFrameConstants::kContextOffset),
Immediate(Smi::FromInt(StackFrame::ARGUMENTS_ADAPTOR)));
__ j(not_equal, &non_adaptor_frame);
__ mov(eax, Operand(eax, StandardFrameConstants::kCallerFPOffset));
__ bind(&non_adaptor_frame);
__ cmp(Operand(eax, StandardFrameConstants::kMarkerOffset),
Immediate(Smi::FromInt(StackFrame::CONSTRUCT)));
Label non_construct_frame, done;
__ j(not_equal, &non_construct_frame);
// Construct frame
__ mov(eax, Operand(eax, ConstructFrameConstants::kNewTargetOffset));
__ jmp(&done);
// Non-construct frame
__ bind(&non_construct_frame);
__ mov(eax, Immediate(isolate()->factory()->undefined_value()));
__ bind(&done);
SetVar(new_target_var, eax, ebx, edx);
} }
Variable* arguments = scope()->arguments(); Variable* arguments = scope()->arguments();
......
src/full-codegen/mips/full-codegen-mips.cc
View file @ 440a42b7
...@@ -101,6 +101,7 @@ class JumpPatchSite BASE_EMBEDDED { ...@@ -101,6 +101,7 @@ class JumpPatchSite BASE_EMBEDDED {
// //
// The live registers are: // The live registers are:
// o a1: the JS function object being called (i.e. ourselves) // o a1: the JS function object being called (i.e. ourselves)
// o a3: the new target value
// o cp: our context // o cp: our context
// o fp: our caller's frame pointer // o fp: our caller's frame pointer
// o sp: stack pointer // o sp: stack pointer
...@@ -192,14 +193,24 @@ void FullCodeGenerator::Generate() { ...@@ -192,14 +193,24 @@ void FullCodeGenerator::Generate() {
__ Push(info->scope()->GetScopeInfo(info->isolate())); __ Push(info->scope()->GetScopeInfo(info->isolate()));
__ CallRuntime(Runtime::kNewScriptContext, 2); __ CallRuntime(Runtime::kNewScriptContext, 2);
PrepareForBailoutForId(BailoutId::ScriptContext(), TOS_REG); PrepareForBailoutForId(BailoutId::ScriptContext(), TOS_REG);
} else if (slots <= FastNewContextStub::kMaximumSlots) { // The new target value is not used, clobbering is safe.
FastNewContextStub stub(isolate(), slots); DCHECK_NULL(info->scope()->new_target_var());
__ CallStub(&stub);
// Result of FastNewContextStub is always in new space.
need_write_barrier = false;
} else { } else {
__ push(a1); if (info->scope()->new_target_var() != nullptr) {
__ CallRuntime(Runtime::kNewFunctionContext, 1); __ push(a3); // Preserve new target.
}
if (slots <= FastNewContextStub::kMaximumSlots) {
FastNewContextStub stub(isolate(), slots);
__ CallStub(&stub);
// Result of FastNewContextStub is always in new space.
need_write_barrier = false;
} else {
__ push(a1);
__ CallRuntime(Runtime::kNewFunctionContext, 1);
}
if (info->scope()->new_target_var() != nullptr) {
__ pop(a3); // Restore new target.
}
} }
function_in_register_a1 = false; function_in_register_a1 = false;
// Context is returned in v0. It replaces the context passed to us. // Context is returned in v0. It replaces the context passed to us.
...@@ -222,8 +233,8 @@ void FullCodeGenerator::Generate() { ...@@ -222,8 +233,8 @@ void FullCodeGenerator::Generate() {
// Update the write barrier. // Update the write barrier.
if (need_write_barrier) { if (need_write_barrier) {
__ RecordWriteContextSlot( __ RecordWriteContextSlot(cp, target.offset(), a0, a2,
cp, target.offset(), a0, a3, kRAHasBeenSaved, kDontSaveFPRegs); kRAHasBeenSaved, kDontSaveFPRegs);
} else if (FLAG_debug_code) { } else if (FLAG_debug_code) {
Label done; Label done;
__ JumpIfInNewSpace(cp, a0, &done); __ JumpIfInNewSpace(cp, a0, &done);
...@@ -233,11 +244,11 @@ void FullCodeGenerator::Generate() { ...@@ -233,11 +244,11 @@ void FullCodeGenerator::Generate() {
} }
} }
} }
PrepareForBailoutForId(BailoutId::FunctionContext(), NO_REGISTERS);
// Function register is trashed in case we bailout here. But since that // Register holding this function and new target are both trashed in case we
// could happen only when we allocate a context the value of // bailout here. But since that can happen only when new target is not used
// |function_in_register_a1| is correct. // and we allocate a context, the value of |function_in_register| is correct.
PrepareForBailoutForId(BailoutId::FunctionContext(), NO_REGISTERS);
// Possibly set up a local binding to the this function which is used in // Possibly set up a local binding to the this function which is used in
// derived constructors with super calls. // derived constructors with super calls.
...@@ -248,40 +259,14 @@ void FullCodeGenerator::Generate() { ...@@ -248,40 +259,14 @@ void FullCodeGenerator::Generate() {
__ lw(a1, MemOperand(fp, JavaScriptFrameConstants::kFunctionOffset)); __ lw(a1, MemOperand(fp, JavaScriptFrameConstants::kFunctionOffset));
// The write barrier clobbers register again, keep it marked as such. // The write barrier clobbers register again, keep it marked as such.
} }
SetVar(this_function_var, a1, a2, a3); SetVar(this_function_var, a1, a0, a2);
} }
// Possibly set up a local binding to the new target value.
Variable* new_target_var = scope()->new_target_var(); Variable* new_target_var = scope()->new_target_var();
if (new_target_var != nullptr) { if (new_target_var != nullptr) {
Comment cmnt(masm_, "[ new.target"); Comment cmnt(masm_, "[ new.target");
SetVar(new_target_var, a3, a0, a2);
// Get the frame pointer for the calling frame.
__ lw(a2, MemOperand(fp, StandardFrameConstants::kCallerFPOffset));
// Skip the arguments adaptor frame if it exists.
Label check_frame_marker;
__ lw(a1, MemOperand(a2, StandardFrameConstants::kContextOffset));
__ Branch(&check_frame_marker, ne, a1,
Operand(Smi::FromInt(StackFrame::ARGUMENTS_ADAPTOR)));
__ lw(a2, MemOperand(a2, StandardFrameConstants::kCallerFPOffset));
// Check the marker in the calling frame.
__ bind(&check_frame_marker);
__ lw(a1, MemOperand(a2, StandardFrameConstants::kMarkerOffset));
function_in_register_a1 = false;
Label non_construct_frame, done;
__ Branch(&non_construct_frame, ne, a1,
Operand(Smi::FromInt(StackFrame::CONSTRUCT)));
__ lw(v0, MemOperand(a2, ConstructFrameConstants::kNewTargetOffset));
__ Branch(&done);
__ bind(&non_construct_frame);
__ LoadRoot(v0, Heap::kUndefinedValueRootIndex);
__ bind(&done);
SetVar(new_target_var, v0, a2, a3);
} }
Variable* arguments = scope()->arguments(); Variable* arguments = scope()->arguments();
......
src/full-codegen/mips64/full-codegen-mips64.cc
View file @ 440a42b7
...@@ -101,6 +101,7 @@ class JumpPatchSite BASE_EMBEDDED { ...@@ -101,6 +101,7 @@ class JumpPatchSite BASE_EMBEDDED {
// //
// The live registers are: // The live registers are:
// o a1: the JS function object being called (i.e. ourselves) // o a1: the JS function object being called (i.e. ourselves)
// o a3: the new target value
// o cp: our context // o cp: our context
// o fp: our caller's frame pointer // o fp: our caller's frame pointer
// o sp: stack pointer // o sp: stack pointer
...@@ -191,14 +192,24 @@ void FullCodeGenerator::Generate() { ...@@ -191,14 +192,24 @@ void FullCodeGenerator::Generate() {
__ Push(info->scope()->GetScopeInfo(info->isolate())); __ Push(info->scope()->GetScopeInfo(info->isolate()));
__ CallRuntime(Runtime::kNewScriptContext, 2); __ CallRuntime(Runtime::kNewScriptContext, 2);
PrepareForBailoutForId(BailoutId::ScriptContext(), TOS_REG); PrepareForBailoutForId(BailoutId::ScriptContext(), TOS_REG);
} else if (slots <= FastNewContextStub::kMaximumSlots) { // The new target value is not used, clobbering is safe.
FastNewContextStub stub(isolate(), slots); DCHECK_NULL(info->scope()->new_target_var());
__ CallStub(&stub);
// Result of FastNewContextStub is always in new space.
need_write_barrier = false;
} else { } else {
__ push(a1); if (info->scope()->new_target_var() != nullptr) {
__ CallRuntime(Runtime::kNewFunctionContext, 1); __ push(a3); // Preserve new target.
}
if (slots <= FastNewContextStub::kMaximumSlots) {
FastNewContextStub stub(isolate(), slots);
__ CallStub(&stub);
// Result of FastNewContextStub is always in new space.
need_write_barrier = false;
} else {
__ push(a1);
__ CallRuntime(Runtime::kNewFunctionContext, 1);
}
if (info->scope()->new_target_var() != nullptr) {
__ pop(a3); // Restore new target.
}
} }
function_in_register_a1 = false; function_in_register_a1 = false;
// Context is returned in v0. It replaces the context passed to us. // Context is returned in v0. It replaces the context passed to us.
...@@ -221,8 +232,8 @@ void FullCodeGenerator::Generate() { ...@@ -221,8 +232,8 @@ void FullCodeGenerator::Generate() {
// Update the write barrier. // Update the write barrier.
if (need_write_barrier) { if (need_write_barrier) {
__ RecordWriteContextSlot( __ RecordWriteContextSlot(cp, target.offset(), a0, a2,
cp, target.offset(), a0, a3, kRAHasBeenSaved, kDontSaveFPRegs); kRAHasBeenSaved, kDontSaveFPRegs);
} else if (FLAG_debug_code) { } else if (FLAG_debug_code) {
Label done; Label done;
__ JumpIfInNewSpace(cp, a0, &done); __ JumpIfInNewSpace(cp, a0, &done);
...@@ -232,11 +243,11 @@ void FullCodeGenerator::Generate() { ...@@ -232,11 +243,11 @@ void FullCodeGenerator::Generate() {
} }
} }
} }
PrepareForBailoutForId(BailoutId::FunctionContext(), NO_REGISTERS);
// Function register is trashed in case we bailout here. But since that // Register holding this function and new target are both trashed in case we
// could happen only when we allocate a context the value of // bailout here. But since that can happen only when new target is not used
// |function_in_register_a1| is correct. // and we allocate a context, the value of |function_in_register| is correct.
PrepareForBailoutForId(BailoutId::FunctionContext(), NO_REGISTERS);
// Possibly set up a local binding to the this function which is used in // Possibly set up a local binding to the this function which is used in
// derived constructors with super calls. // derived constructors with super calls.
...@@ -247,39 +258,13 @@ void FullCodeGenerator::Generate() { ...@@ -247,39 +258,13 @@ void FullCodeGenerator::Generate() {
__ ld(a1, MemOperand(fp, JavaScriptFrameConstants::kFunctionOffset)); __ ld(a1, MemOperand(fp, JavaScriptFrameConstants::kFunctionOffset));
// The write barrier clobbers register again, keep it marked as such. // The write barrier clobbers register again, keep it marked as such.
} }
SetVar(this_function_var, a1, a2, a3); SetVar(this_function_var, a1, a0, a2);
} }
Variable* new_target_var = scope()->new_target_var(); Variable* new_target_var = scope()->new_target_var();
if (new_target_var != nullptr) { if (new_target_var != nullptr) {
Comment cmnt(masm_, "[ new.target"); Comment cmnt(masm_, "[ new.target");
// Get the frame pointer for the calling frame. SetVar(new_target_var, a3, a0, a2);
__ ld(a2, MemOperand(fp, StandardFrameConstants::kCallerFPOffset));
// Skip the arguments adaptor frame if it exists.
Label check_frame_marker;
__ ld(a1, MemOperand(a2, StandardFrameConstants::kContextOffset));
__ Branch(&check_frame_marker, ne, a1,
Operand(Smi::FromInt(StackFrame::ARGUMENTS_ADAPTOR)));
__ ld(a2, MemOperand(a2, StandardFrameConstants::kCallerFPOffset));
// Check the marker in the calling frame.
__ bind(&check_frame_marker);
__ ld(a1, MemOperand(a2, StandardFrameConstants::kMarkerOffset));
function_in_register_a1 = false;
Label non_construct_frame, done;
__ Branch(&non_construct_frame, ne, a1,
Operand(Smi::FromInt(StackFrame::CONSTRUCT)));
__ ld(v0, MemOperand(a2, ConstructFrameConstants::kNewTargetOffset));
__ Branch(&done);
__ bind(&non_construct_frame);
__ LoadRoot(v0, Heap::kUndefinedValueRootIndex);
__ bind(&done);
SetVar(new_target_var, v0, a2, a3);
} }
Variable* arguments = scope()->arguments(); Variable* arguments = scope()->arguments();
......
src/full-codegen/x64/full-codegen-x64.cc
View file @ 440a42b7
...@@ -82,6 +82,7 @@ class JumpPatchSite BASE_EMBEDDED { ...@@ -82,6 +82,7 @@ class JumpPatchSite BASE_EMBEDDED {
// //
// The live registers are: // The live registers are:
// o rdi: the JS function object being called (i.e. ourselves) // o rdi: the JS function object being called (i.e. ourselves)
// o rdx: the new target value
// o rsi: our context // o rsi: our context
// o rbp: our caller's frame pointer // o rbp: our caller's frame pointer
// o rsp: stack pointer (pointing to return address) // o rsp: stack pointer (pointing to return address)
...@@ -136,7 +137,7 @@ void FullCodeGenerator::Generate() { ...@@ -136,7 +137,7 @@ void FullCodeGenerator::Generate() {
__ CallRuntime(Runtime::kThrowStackOverflow, 0); __ CallRuntime(Runtime::kThrowStackOverflow, 0);
__ bind(&ok); __ bind(&ok);
} }
__ LoadRoot(rdx, Heap::kUndefinedValueRootIndex); __ LoadRoot(rax, Heap::kUndefinedValueRootIndex);
const int kMaxPushes = 32; const int kMaxPushes = 32;
if (locals_count >= kMaxPushes) { if (locals_count >= kMaxPushes) {
int loop_iterations = locals_count / kMaxPushes; int loop_iterations = locals_count / kMaxPushes;
...@@ -145,7 +146,7 @@ void FullCodeGenerator::Generate() { ...@@ -145,7 +146,7 @@ void FullCodeGenerator::Generate() {
__ bind(&loop_header); __ bind(&loop_header);
// Do pushes. // Do pushes.
for (int i = 0; i < kMaxPushes; i++) { for (int i = 0; i < kMaxPushes; i++) {
__ Push(rdx); __ Push(rax);
} }
// Continue loop if not done. // Continue loop if not done.
__ decp(rcx); __ decp(rcx);
...@@ -154,7 +155,7 @@ void FullCodeGenerator::Generate() { ...@@ -154,7 +155,7 @@ void FullCodeGenerator::Generate() {
int remaining = locals_count % kMaxPushes; int remaining = locals_count % kMaxPushes;
// Emit the remaining pushes. // Emit the remaining pushes.
for (int i = 0; i < remaining; i++) { for (int i = 0; i < remaining; i++) {
__ Push(rdx); __ Push(rax);
} }
} }
} }
...@@ -172,14 +173,24 @@ void FullCodeGenerator::Generate() { ...@@ -172,14 +173,24 @@ void FullCodeGenerator::Generate() {
__ Push(info->scope()->GetScopeInfo(info->isolate())); __ Push(info->scope()->GetScopeInfo(info->isolate()));
__ CallRuntime(Runtime::kNewScriptContext, 2); __ CallRuntime(Runtime::kNewScriptContext, 2);
PrepareForBailoutForId(BailoutId::ScriptContext(), TOS_REG); PrepareForBailoutForId(BailoutId::ScriptContext(), TOS_REG);
} else if (slots <= FastNewContextStub::kMaximumSlots) { // The new target value is not used, clobbering is safe.
FastNewContextStub stub(isolate(), slots); DCHECK_NULL(info->scope()->new_target_var());
__ CallStub(&stub);
// Result of FastNewContextStub is always in new space.
need_write_barrier = false;
} else { } else {
__ Push(rdi); if (info->scope()->new_target_var() != nullptr) {
__ CallRuntime(Runtime::kNewFunctionContext, 1); __ Push(rdx); // Preserve new target.
}
if (slots <= FastNewContextStub::kMaximumSlots) {
FastNewContextStub stub(isolate(), slots);
__ CallStub(&stub);
// Result of FastNewContextStub is always in new space.
need_write_barrier = false;
} else {
__ Push(rdi);
__ CallRuntime(Runtime::kNewFunctionContext, 1);
}
if (info->scope()->new_target_var() != nullptr) {
__ Pop(rdx); // Restore new target.
}
} }
function_in_register = false; function_in_register = false;
// Context is returned in rax. It replaces the context passed to us. // Context is returned in rax. It replaces the context passed to us.
...@@ -213,11 +224,11 @@ void FullCodeGenerator::Generate() { ...@@ -213,11 +224,11 @@ void FullCodeGenerator::Generate() {
} }
} }
} }
PrepareForBailoutForId(BailoutId::FunctionContext(), NO_REGISTERS);
// Function register is trashed in case we bailout here. But since that // Register holding this function and new target are both trashed in case we
// could happen only when we allocate a context the value of // bailout here. But since that can happen only when new target is not used
// |function_in_register| is correct. // and we allocate a context, the value of |function_in_register| is correct.
PrepareForBailoutForId(BailoutId::FunctionContext(), NO_REGISTERS);
// Possibly set up a local binding to the this function which is used in // Possibly set up a local binding to the this function which is used in
// derived constructors with super calls. // derived constructors with super calls.
...@@ -228,37 +239,14 @@ void FullCodeGenerator::Generate() { ...@@ -228,37 +239,14 @@ void FullCodeGenerator::Generate() {
__ movp(rdi, Operand(rbp, JavaScriptFrameConstants::kFunctionOffset)); __ movp(rdi, Operand(rbp, JavaScriptFrameConstants::kFunctionOffset));
// The write barrier clobbers register again, keep it marked as such. // The write barrier clobbers register again, keep it marked as such.
} }
SetVar(this_function_var, rdi, rbx, rdx); SetVar(this_function_var, rdi, rbx, rcx);
} }
// Possibly set up a local binding to the new target value.
Variable* new_target_var = scope()->new_target_var(); Variable* new_target_var = scope()->new_target_var();
if (new_target_var != nullptr) { if (new_target_var != nullptr) {
Comment cmnt(masm_, "[ new.target"); Comment cmnt(masm_, "[ new.target");
SetVar(new_target_var, rdx, rbx, rcx);
__ movp(rax, Operand(rbp, StandardFrameConstants::kCallerFPOffset));
Label non_adaptor_frame;
__ Cmp(Operand(rax, StandardFrameConstants::kContextOffset),
Smi::FromInt(StackFrame::ARGUMENTS_ADAPTOR));
__ j(not_equal, &non_adaptor_frame);
__ movp(rax, Operand(rax, StandardFrameConstants::kCallerFPOffset));
__ bind(&non_adaptor_frame);
__ Cmp(Operand(rax, StandardFrameConstants::kMarkerOffset),
Smi::FromInt(StackFrame::CONSTRUCT));
Label non_construct_frame, done;
__ j(not_equal, &non_construct_frame);
// Construct frame
__ movp(rax, Operand(rax, ConstructFrameConstants::kNewTargetOffset));
__ jmp(&done);
// Non-construct frame
__ bind(&non_construct_frame);
__ LoadRoot(rax, Heap::kUndefinedValueRootIndex);
__ bind(&done);
SetVar(new_target_var, rax, rbx, rdx);
} }
// Possibly allocate an arguments object. // Possibly allocate an arguments object.
......
test/mjsunit/es6/regress/regress-new-target-context.js 0 → 100644
View file @ 440a42b7
// Copyright 2015 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Test access of the new.target value in functions that also allocate local
// function contexts of varying sizes, making sure the value is not clobbered.
function makeFun(n) {
var source = "(function f" + n + "() { ";
for (var i = 0; i < n; ++i) source += "var v" + i + "; ";
source += "(function() { 0 ";
for (var i = 0; i < n; ++i) source += "+ v" + i + " ";
source += "})(); return { value: new.target }; })";
return eval(source);
}
// Exercise fast case.
var a = makeFun(4);
assertEquals(a, new a().value);
assertEquals(undefined, a().value);
// Exercise slow case.
var b = makeFun(128);
assertEquals(b, new b().value);
assertEquals(undefined, b().value);
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment