Skip to content

Commit 18e7328

Browse files
yuki3Commit Bot
yuki3
authored and
Commit Bot
committed
Set the current context to the function's context when entering to LAP.
In case of LAP(lazy accessor pair), the function's creation context must be equal to the accessor holder's creation context, so this CL changes the current context to the accessor holder's creation context. BUG=v8:6156 Review-Url: https://codereview.chromium.org/2770003002 Cr-Commit-Position: refs/heads/master@{#46406}
1 parent eaaff1a commit 18e7328

23 files changed

Lines changed: 270 additions & 108 deletions

src/arm/code-stubs-arm.cc

Lines changed: 18 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -2700,8 +2700,9 @@ void CallApiCallbackStub::Generate(MacroAssembler* masm) {
27002700
// --
27012701
// -- sp[0] : last argument
27022702
// -- ...
2703-
// -- sp[(argc - 1)* 4] : first argument
2703+
// -- sp[(argc - 1) * 4] : first argument
27042704
// -- sp[argc * 4] : receiver
2705+
// -- sp[(argc + 1) * 4] : accessor_holder
27052706
// -----------------------------------
27062707

27072708
Register callee = r0;
@@ -2727,10 +2728,6 @@ void CallApiCallbackStub::Generate(MacroAssembler* masm) {
27272728

27282729
// context save
27292730
__ push(context);
2730-
if (!is_lazy()) {
2731-
// load context from callee
2732-
__ ldr(context, FieldMemOperand(callee, JSFunction::kContextOffset));
2733-
}
27342731

27352732
// callee
27362733
__ push(callee);
@@ -2750,6 +2747,20 @@ void CallApiCallbackStub::Generate(MacroAssembler* masm) {
27502747
// holder
27512748
__ push(holder);
27522749

2750+
// enter a new context
2751+
if (is_lazy()) {
2752+
// load context from accessor_holder
2753+
Register accessor_holder = context;
2754+
__ ldr(accessor_holder,
2755+
MemOperand(sp, (FCA::kArgsLength + 1 + argc()) * kPointerSize));
2756+
__ ldr(scratch, FieldMemOperand(accessor_holder, HeapObject::kMapOffset));
2757+
__ GetMapConstructor(scratch, scratch, context, callee);
2758+
__ ldr(context, FieldMemOperand(scratch, JSFunction::kContextOffset));
2759+
} else {
2760+
// load context from callee
2761+
__ ldr(context, FieldMemOperand(callee, JSFunction::kContextOffset));
2762+
}
2763+
27532764
// Prepare arguments.
27542765
__ mov(scratch, sp);
27552766

@@ -2787,11 +2798,8 @@ void CallApiCallbackStub::Generate(MacroAssembler* masm) {
27872798
return_value_offset = 2 + FCA::kReturnValueOffset;
27882799
}
27892800
MemOperand return_value_operand(fp, return_value_offset * kPointerSize);
2790-
int stack_space = 0;
2791-
MemOperand length_operand = MemOperand(sp, 3 * kPointerSize);
2792-
MemOperand* stack_space_operand = &length_operand;
2793-
stack_space = argc() + FCA::kArgsLength + 1;
2794-
stack_space_operand = NULL;
2801+
const int stack_space = argc() + FCA::kArgsLength + 2;
2802+
MemOperand* stack_space_operand = nullptr;
27952803

27962804
CallApiFunctionAndReturn(masm, api_function_address, thunk_ref, stack_space,
27972805
stack_space_operand, return_value_operand,

src/arm64/code-stubs-arm64.cc

Lines changed: 21 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -2941,6 +2941,7 @@ void CallApiCallbackStub::Generate(MacroAssembler* masm) {
29412941
// -- ...
29422942
// -- sp[(argc - 1) * 8] : first argument
29432943
// -- sp[argc * 8] : receiver
2944+
// -- sp[(argc + 1) * 8] : accessor_holder
29442945
// -----------------------------------
29452946

29462947
Register callee = x0;
@@ -2969,18 +2970,29 @@ void CallApiCallbackStub::Generate(MacroAssembler* masm) {
29692970
// context, callee and call data.
29702971
__ Push(context, callee, call_data);
29712972

2972-
if (!is_lazy()) {
2973-
// Load context from callee
2974-
__ Ldr(context, FieldMemOperand(callee, JSFunction::kContextOffset));
2975-
}
2976-
2977-
__ LoadRoot(call_data, Heap::kUndefinedValueRootIndex);
2973+
Register scratch = call_data;
2974+
__ LoadRoot(scratch, Heap::kUndefinedValueRootIndex);
29782975
Register isolate_reg = x5;
29792976
__ Mov(isolate_reg, ExternalReference::isolate_address(masm->isolate()));
29802977

29812978
// FunctionCallbackArguments:
29822979
// return value, return value default, isolate, holder.
2983-
__ Push(call_data, call_data, isolate_reg, holder);
2980+
__ Push(scratch, scratch, isolate_reg, holder);
2981+
2982+
// Enter a new context
2983+
if (is_lazy()) {
2984+
// Load context from accessor_holder
2985+
Register accessor_holder = context;
2986+
__ Ldr(accessor_holder,
2987+
MemOperand(__ StackPointer(),
2988+
(FCA::kArgsLength + 1 + argc()) * kPointerSize));
2989+
__ Ldr(scratch, FieldMemOperand(accessor_holder, HeapObject::kMapOffset));
2990+
__ GetMapConstructor(scratch, scratch, context, callee);
2991+
__ Ldr(context, FieldMemOperand(scratch, JSFunction::kContextOffset));
2992+
} else {
2993+
// Load context from callee
2994+
__ Ldr(context, FieldMemOperand(callee, JSFunction::kContextOffset));
2995+
}
29842996

29852997
// Prepare arguments.
29862998
Register args = x6;
@@ -3022,12 +3034,8 @@ void CallApiCallbackStub::Generate(MacroAssembler* masm) {
30223034
return_value_offset = 2 + FCA::kReturnValueOffset;
30233035
}
30243036
MemOperand return_value_operand(fp, return_value_offset * kPointerSize);
3025-
int stack_space = 0;
3026-
MemOperand length_operand =
3027-
MemOperand(masm->StackPointer(), 3 * kPointerSize);
3028-
MemOperand* stack_space_operand = &length_operand;
3029-
stack_space = argc() + FCA::kArgsLength + 1;
3030-
stack_space_operand = NULL;
3037+
const int stack_space = argc() + FCA::kArgsLength + 2;
3038+
MemOperand* stack_space_operand = nullptr;
30313039

30323040
const int spill_offset = 1 + kApiStackSpace;
30333041
CallApiFunctionAndReturn(masm, api_function_address, thunk_ref, stack_space,

src/compiler/js-call-reducer.cc

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -683,7 +683,8 @@ Reduction JSCallReducer::ReduceCallApiFunction(
683683
CallInterfaceDescriptor cid = stub.GetCallInterfaceDescriptor();
684684
CallDescriptor* call_descriptor = Linkage::GetStubCallDescriptor(
685685
isolate(), graph()->zone(), cid,
686-
cid.GetStackParameterCount() + argc + 1 /* implicit receiver */,
686+
cid.GetStackParameterCount() + argc +
687+
2 /* implicit receiver + accessor_holder */,
687688
CallDescriptor::kNeedsFrameState, Operator::kNoProperties,
688689
MachineType::AnyTagged(), 1);
689690
ApiFunction api_function(v8::ToCData<Address>(call_handler_info->callback()));
@@ -698,7 +699,8 @@ Reduction JSCallReducer::ReduceCallApiFunction(
698699
node->InsertInput(graph()->zone(), 3, holder);
699700
node->InsertInput(graph()->zone(), 4,
700701
jsgraph()->ExternalConstant(function_reference));
701-
node->ReplaceInput(5, receiver);
702+
node->InsertInput(graph()->zone(), 5, holder /* as accessor_holder */);
703+
node->ReplaceInput(6, receiver);
702704
NodeProperties::ChangeOp(node, common()->Call(call_descriptor));
703705
return Changed(node);
704706
}

src/compiler/js-native-context-specialization.cc

Lines changed: 17 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1447,12 +1447,14 @@ Node* JSNativeContextSpecialization::InlinePropertyGetterCall(
14471447
ConvertReceiverMode::kNotNullOrUndefined),
14481448
target, receiver, context, frame_state0, *effect, *control);
14491449
} else {
1450+
Node* holder = jsgraph()->Constant(access_info.holder().ToHandleChecked());
14501451
DCHECK(access_info.constant()->IsFunctionTemplateInfo());
14511452
Handle<FunctionTemplateInfo> function_template_info(
14521453
Handle<FunctionTemplateInfo>::cast(access_info.constant()));
14531454
DCHECK(!function_template_info->call_code()->IsUndefined(isolate()));
1454-
value = InlineApiCall(receiver, context, target, frame_state0, nullptr,
1455-
effect, control, shared_info, function_template_info);
1455+
value =
1456+
InlineApiCall(receiver, holder, context, target, frame_state0, nullptr,
1457+
effect, control, shared_info, function_template_info);
14561458
}
14571459
// Remember to rewire the IfException edge if this is inside a try-block.
14581460
if (if_exceptions != nullptr) {
@@ -1494,12 +1496,14 @@ Node* JSNativeContextSpecialization::InlinePropertySetterCall(
14941496
ConvertReceiverMode::kNotNullOrUndefined),
14951497
target, receiver, value, context, frame_state0, *effect, *control);
14961498
} else {
1499+
Node* holder = jsgraph()->Constant(access_info.holder().ToHandleChecked());
14971500
DCHECK(access_info.constant()->IsFunctionTemplateInfo());
14981501
Handle<FunctionTemplateInfo> function_template_info(
14991502
Handle<FunctionTemplateInfo>::cast(access_info.constant()));
15001503
DCHECK(!function_template_info->call_code()->IsUndefined(isolate()));
1501-
value = InlineApiCall(receiver, context, target, frame_state0, value,
1502-
effect, control, shared_info, function_template_info);
1504+
value =
1505+
InlineApiCall(receiver, holder, context, target, frame_state0, value,
1506+
effect, control, shared_info, function_template_info);
15031507
}
15041508
// Remember to rewire the IfException edge if this is inside a try-block.
15051509
if (if_exceptions != nullptr) {
@@ -1514,8 +1518,9 @@ Node* JSNativeContextSpecialization::InlinePropertySetterCall(
15141518
}
15151519

15161520
Node* JSNativeContextSpecialization::InlineApiCall(
1517-
Node* receiver, Node* context, Node* target, Node* frame_state, Node* value,
1518-
Node** effect, Node** control, Handle<SharedFunctionInfo> shared_info,
1521+
Node* receiver, Node* holder, Node* context, Node* target,
1522+
Node* frame_state, Node* value, Node** effect, Node** control,
1523+
Handle<SharedFunctionInfo> shared_info,
15191524
Handle<FunctionTemplateInfo> function_template_info) {
15201525
Handle<CallHandlerInfo> call_handler_info = handle(
15211526
CallHandlerInfo::cast(function_template_info->call_code()), isolate());
@@ -1532,7 +1537,7 @@ Node* JSNativeContextSpecialization::InlineApiCall(
15321537
CallDescriptor* call_descriptor = Linkage::GetStubCallDescriptor(
15331538
isolate(), graph()->zone(), call_interface_descriptor,
15341539
call_interface_descriptor.GetStackParameterCount() + argc +
1535-
1 /* implicit receiver */,
1540+
1 /* implicit receiver */ + 1 /* accessor holder */,
15361541
CallDescriptor::kNeedsFrameState, Operator::kNoProperties,
15371542
MachineType::AnyTagged(), 1);
15381543

@@ -1544,17 +1549,18 @@ Node* JSNativeContextSpecialization::InlineApiCall(
15441549
Node* code = jsgraph()->HeapConstant(stub.GetCode());
15451550

15461551
// Add CallApiCallbackStub's register argument as well.
1547-
Node* inputs[11] = {
1548-
code, target, data, receiver /* holder */, function_reference, receiver};
1549-
int index = 6 + argc;
1552+
Node* inputs[12] = {
1553+
code, target, data, receiver /* holder */, function_reference,
1554+
holder, receiver};
1555+
int index = 7 + argc;
15501556
inputs[index++] = context;
15511557
inputs[index++] = frame_state;
15521558
inputs[index++] = *effect;
15531559
inputs[index++] = *control;
15541560
// This needs to stay here because of the edge case described in
15551561
// http://crbug.com/675648.
15561562
if (value != nullptr) {
1557-
inputs[6] = value;
1563+
inputs[7] = value;
15581564
}
15591565

15601566
return *effect = *control =

src/compiler/js-native-context-specialization.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -142,7 +142,7 @@ class JSNativeContextSpecialization final : public AdvancedReducer {
142142
Node** control,
143143
ZoneVector<Node*>* if_exceptions,
144144
PropertyAccessInfo const& access_info);
145-
Node* InlineApiCall(Node* receiver, Node* context, Node* target,
145+
Node* InlineApiCall(Node* receiver, Node* holder, Node* context, Node* target,
146146
Node* frame_state, Node* value, Node** effect,
147147
Node** control, Handle<SharedFunctionInfo> shared_info,
148148
Handle<FunctionTemplateInfo> function_template_info);

src/ia32/code-stubs-ia32.cc

Lines changed: 17 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -2688,6 +2688,7 @@ void CallApiCallbackStub::Generate(MacroAssembler* masm) {
26882688
// -- ...
26892689
// -- esp[argc * 4] : first argument
26902690
// -- esp[(argc + 1) * 4] : receiver
2691+
// -- esp[(argc + 2) * 4] : accessor_holder
26912692
// -----------------------------------
26922693

26932694
Register callee = edi;
@@ -2732,17 +2733,26 @@ void CallApiCallbackStub::Generate(MacroAssembler* masm) {
27322733
// holder
27332734
__ push(holder);
27342735

2736+
// enter a new context
27352737
Register scratch = call_data;
2738+
if (is_lazy()) {
2739+
// load context from accessor_holder
2740+
Register accessor_holder = context;
2741+
__ mov(accessor_holder,
2742+
MemOperand(esp, (argc() + FCA::kArgsLength + 1) * kPointerSize));
2743+
__ mov(scratch, FieldOperand(accessor_holder, HeapObject::kMapOffset));
2744+
__ GetMapConstructor(scratch, scratch, context);
2745+
__ mov(context, FieldOperand(scratch, JSFunction::kContextOffset));
2746+
} else {
2747+
// load context from callee
2748+
__ mov(context, FieldOperand(callee, JSFunction::kContextOffset));
2749+
}
2750+
27362751
__ mov(scratch, esp);
27372752

27382753
// push return address
27392754
__ push(return_address);
27402755

2741-
if (!is_lazy()) {
2742-
// load context from callee
2743-
__ mov(context, FieldOperand(callee, JSFunction::kContextOffset));
2744-
}
2745-
27462756
// API function gets reference to the v8::Arguments. If CPU profiler
27472757
// is enabled wrapper function will be called and we need to pass
27482758
// address of the callback as additional parameter, always allocate
@@ -2780,11 +2790,8 @@ void CallApiCallbackStub::Generate(MacroAssembler* masm) {
27802790
return_value_offset = 2 + FCA::kReturnValueOffset;
27812791
}
27822792
Operand return_value_operand(ebp, return_value_offset * kPointerSize);
2783-
int stack_space = 0;
2784-
Operand length_operand = ApiParameterOperand(4);
2785-
Operand* stack_space_operand = &length_operand;
2786-
stack_space = argc() + FCA::kArgsLength + 1;
2787-
stack_space_operand = nullptr;
2793+
const int stack_space = argc() + FCA::kArgsLength + 2;
2794+
Operand* stack_space_operand = nullptr;
27882795
CallApiFunctionAndReturn(masm, api_function_address, thunk_ref,
27892796
ApiParameterOperand(1), stack_space,
27902797
stack_space_operand, return_value_operand,

src/ic/arm/handler-compiler-arm.cc

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -178,6 +178,7 @@ void PropertyHandlerCompiler::GenerateApiAccessorCall(
178178
int accessor_index) {
179179
DCHECK(!accessor_holder.is(scratch_in));
180180
DCHECK(!receiver.is(scratch_in));
181+
__ push(accessor_holder);
181182
__ push(receiver);
182183
// Write the arguments to stack frame.
183184
if (is_store) {

src/ic/arm64/handler-compiler-arm64.cc

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -111,6 +111,7 @@ void PropertyHandlerCompiler::GenerateApiAccessorCall(
111111
DCHECK(!AreAliased(receiver, scratch));
112112

113113
MacroAssembler::PushPopQueue queue(masm);
114+
queue.Queue(accessor_holder);
114115
queue.Queue(receiver);
115116
// Write the arguments to the stack frame.
116117
if (is_store) {

src/ic/ia32/handler-compiler-ia32.cc

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -117,6 +117,7 @@ void PropertyHandlerCompiler::GenerateApiAccessorCall(
117117
kPointerSize));
118118
}
119119
// Write the receiver and arguments to stack frame.
120+
__ push(accessor_holder);
120121
__ push(receiver);
121122
if (is_store) {
122123
DCHECK(!AreAliased(receiver, scratch, store_parameter));

src/ic/mips/handler-compiler-mips.cc

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -168,6 +168,7 @@ void PropertyHandlerCompiler::GenerateApiAccessorCall(
168168
int accessor_index) {
169169
DCHECK(!accessor_holder.is(scratch_in));
170170
DCHECK(!receiver.is(scratch_in));
171+
__ push(accessor_holder);
171172
__ push(receiver);
172173
// Write the arguments to stack frame.
173174
if (is_store) {

0 commit comments

Comments
 (0)