Commit 9bd4ee79 authored by Georg Neis's avatar Georg Neis Committed by Commit Bot

[turbofan] Store native_context rather than global_proxy for JSFunction.

This will also be useful for JSCallReducer.

In order to avoid extra work, the CL restricts one path of the JSCall
lowering to functions from the own native context.

Bug: v8:7790
Change-Id: I9f3a478969d641da59661ff196fdedae8195d680
Reviewed-on: https://chromium-review.googlesource.com/c/1286335Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56733}
parent 4c0b56af
...@@ -284,7 +284,7 @@ class JSFunctionData : public JSObjectData { ...@@ -284,7 +284,7 @@ class JSFunctionData : public JSObjectData {
void Serialize(JSHeapBroker* broker); void Serialize(JSHeapBroker* broker);
JSGlobalProxyData* global_proxy() const { return global_proxy_; } NativeContextData* native_context() const { return native_context_; }
MapData* initial_map() const { return initial_map_; } MapData* initial_map() const { return initial_map_; }
ObjectData* prototype() const { return prototype_; } ObjectData* prototype() const { return prototype_; }
SharedFunctionInfoData* shared() const { return shared_; } SharedFunctionInfoData* shared() const { return shared_; }
...@@ -300,7 +300,7 @@ class JSFunctionData : public JSObjectData { ...@@ -300,7 +300,7 @@ class JSFunctionData : public JSObjectData {
bool serialized_ = false; bool serialized_ = false;
JSGlobalProxyData* global_proxy_ = nullptr; NativeContextData* native_context_ = nullptr;
MapData* initial_map_ = nullptr; MapData* initial_map_ = nullptr;
ObjectData* prototype_ = nullptr; ObjectData* prototype_ = nullptr;
SharedFunctionInfoData* shared_ = nullptr; SharedFunctionInfoData* shared_ = nullptr;
...@@ -749,13 +749,13 @@ void JSFunctionData::Serialize(JSHeapBroker* broker) { ...@@ -749,13 +749,13 @@ void JSFunctionData::Serialize(JSHeapBroker* broker) {
TraceScope tracer(broker, this, "JSFunctionData::Serialize"); TraceScope tracer(broker, this, "JSFunctionData::Serialize");
Handle<JSFunction> function = Handle<JSFunction>::cast(object()); Handle<JSFunction> function = Handle<JSFunction>::cast(object());
DCHECK_NULL(global_proxy_); DCHECK_NULL(native_context_);
DCHECK_NULL(initial_map_); DCHECK_NULL(initial_map_);
DCHECK_NULL(prototype_); DCHECK_NULL(prototype_);
DCHECK_NULL(shared_); DCHECK_NULL(shared_);
global_proxy_ = native_context_ =
broker->GetOrCreateData(function->global_proxy())->AsJSGlobalProxy(); broker->GetOrCreateData(function->native_context())->AsNativeContext();
shared_ = broker->GetOrCreateData(function->shared())->AsSharedFunctionInfo(); shared_ = broker->GetOrCreateData(function->shared())->AsSharedFunctionInfo();
initial_map_ = has_initial_map() initial_map_ = has_initial_map()
? broker->GetOrCreateData(function->initial_map())->AsMap() ? broker->GetOrCreateData(function->initial_map())->AsMap()
...@@ -2040,7 +2040,7 @@ BIMODAL_ACCESSOR(JSArray, Object, length) ...@@ -2040,7 +2040,7 @@ BIMODAL_ACCESSOR(JSArray, Object, length)
BIMODAL_ACCESSOR_C(JSFunction, bool, has_prototype) BIMODAL_ACCESSOR_C(JSFunction, bool, has_prototype)
BIMODAL_ACCESSOR_C(JSFunction, bool, has_initial_map) BIMODAL_ACCESSOR_C(JSFunction, bool, has_initial_map)
BIMODAL_ACCESSOR_C(JSFunction, bool, PrototypeRequiresRuntimeLookup) BIMODAL_ACCESSOR_C(JSFunction, bool, PrototypeRequiresRuntimeLookup)
BIMODAL_ACCESSOR(JSFunction, JSGlobalProxy, global_proxy) BIMODAL_ACCESSOR(JSFunction, NativeContext, native_context)
BIMODAL_ACCESSOR(JSFunction, Map, initial_map) BIMODAL_ACCESSOR(JSFunction, Map, initial_map)
BIMODAL_ACCESSOR(JSFunction, Object, prototype) BIMODAL_ACCESSOR(JSFunction, Object, prototype)
BIMODAL_ACCESSOR(JSFunction, SharedFunctionInfo, shared) BIMODAL_ACCESSOR(JSFunction, SharedFunctionInfo, shared)
......
...@@ -199,7 +199,7 @@ class JSFunctionRef : public JSObjectRef { ...@@ -199,7 +199,7 @@ class JSFunctionRef : public JSObjectRef {
// The following are available only after calling Serialize(). // The following are available only after calling Serialize().
ObjectRef prototype() const; ObjectRef prototype() const;
MapRef initial_map() const; MapRef initial_map() const;
JSGlobalProxyRef global_proxy() const; NativeContextRef native_context() const;
SharedFunctionInfoRef shared() const; SharedFunctionInfoRef shared() const;
int InitialMapInstanceSizeWithMinSlack() const; int InitialMapInstanceSizeWithMinSlack() const;
}; };
...@@ -247,6 +247,7 @@ class ContextRef : public HeapObjectRef { ...@@ -247,6 +247,7 @@ class ContextRef : public HeapObjectRef {
V(JSFunction, promise_function) \ V(JSFunction, promise_function) \
V(JSFunction, string_function) \ V(JSFunction, string_function) \
V(JSFunction, symbol_function) \ V(JSFunction, symbol_function) \
V(JSGlobalProxy, global_proxy_object) \
V(Map, fast_aliased_arguments_map) \ V(Map, fast_aliased_arguments_map) \
V(Map, initial_array_iterator_map) \ V(Map, initial_array_iterator_map) \
V(Map, initial_string_iterator_map) \ V(Map, initial_string_iterator_map) \
......
...@@ -1625,22 +1625,27 @@ Reduction JSTypedLowering::ReduceJSCall(Node* node) { ...@@ -1625,22 +1625,27 @@ Reduction JSTypedLowering::ReduceJSCall(Node* node) {
// See ES6 section 9.2.1 [[Call]] ( thisArgument, argumentsList ). // See ES6 section 9.2.1 [[Call]] ( thisArgument, argumentsList ).
if (IsClassConstructor(shared.kind())) return NoChange(); if (IsClassConstructor(shared.kind())) return NoChange();
// Load the context from the {target}. // Check if we need to convert the {receiver}, but bailout if it would
Node* context = effect = graph()->NewNode( // require data from a foreign native context.
simplified()->LoadField(AccessBuilder::ForJSFunctionContext()), target,
effect, control);
NodeProperties::ReplaceContextInput(node, context);
// Check if we need to convert the {receiver}.
if (is_sloppy(shared.language_mode()) && !shared.native() && if (is_sloppy(shared.language_mode()) && !shared.native() &&
!receiver_type.Is(Type::Receiver())) { !receiver_type.Is(Type::Receiver())) {
Node* global_proxy = jsgraph()->Constant(function.global_proxy()); if (!function.native_context().equals(broker()->native_context())) {
return NoChange();
}
Node* global_proxy =
jsgraph()->Constant(function.native_context().global_proxy_object());
receiver = effect = receiver = effect =
graph()->NewNode(simplified()->ConvertReceiver(convert_mode), graph()->NewNode(simplified()->ConvertReceiver(convert_mode),
receiver, global_proxy, effect, control); receiver, global_proxy, effect, control);
NodeProperties::ReplaceValueInput(node, receiver, 1); NodeProperties::ReplaceValueInput(node, receiver, 1);
} }
// Load the context from the {target}.
Node* context = effect = graph()->NewNode(
simplified()->LoadField(AccessBuilder::ForJSFunctionContext()), target,
effect, control);
NodeProperties::ReplaceContextInput(node, context);
// Update the effect dependency for the {node}. // Update the effect dependency for the {node}.
NodeProperties::ReplaceEffectInput(node, effect); NodeProperties::ReplaceEffectInput(node, effect);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment