[v8-dev] Fix IC cache confusion on String.prototype.length (issue 587363002 by [email protected])

Mon, 22 Sep 2014 06:31:49 -0700 

Reviewers: jarin,

Message:
Hi Jarin,
Here is the CL for the issue we worked on. Thanks!
--Michael

Description:
Fix IC cache confusion on String.prototype.length

BUG=416416
[email protected]

Please review this at https://codereview.chromium.org/587363002/

SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge

Affected files (+12, -5 lines):
  M src/ic/ic.cc
  A + test/mjsunit/regress/regress-416416.js


Index: src/ic/ic.cc
diff --git a/src/ic/ic.cc b/src/ic/ic.cc
index 13ba016cb6f094d0f1ba1e8d1753ab860273e753..66ce93526c5b648160a552320b4112aa5cca5a4f 100644 
--- a/src/ic/ic.cc
+++ b/src/ic/ic.cc
@@ -929,7 +929,14 @@ Handle<Code> IC::ComputeHandler(LookupIterator* lookup, Handle<Object> value) { 
   code = CompileHandler(lookup, value, flag);
   DCHECK(code->is_handler());

-  if (code->type() != Code::NORMAL) {
+ // TODO(mvstanton): we'd only like to cache code on the map when it's custom + // code compiled for this map, otherwise it's already cached in the global 
+  // code
+ // cache. We are also guarding against installing code with flags that don't 
+  // match the desired CacheHolderFlag computed above, which would lead to
+  // invalid lookups later.
+  if (code->type() != Code::NORMAL &&
+      Code::ExtractCacheHolderFromFlags(code->flags()) == flag) {
     Map::UpdateCodeCache(stub_holder_map, lookup->name(), code);
   }

Index: test/mjsunit/regress/regress-416416.js
diff --git a/test/mjsunit/regress/regress-347906.js b/test/mjsunit/regress/regress-416416.js 
similarity index 66%
copy from test/mjsunit/regress/regress-347906.js
copy to test/mjsunit/regress/regress-416416.js
index c751618928c93015679087ee1b500637657aa341..66e882e0fc348da422406c5ecf35ef454428455a 100644 
--- a/test/mjsunit/regress/regress-347906.js
+++ b/test/mjsunit/regress/regress-416416.js
@@ -2,13 +2,13 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

-// Flags: --allow-natives-syntax --harmony
-
 function foo() {
-  return Math.clz32(12.34);
+  try {
+    String.prototype.length.x();
+  } catch (e) {
+  }
 }

 foo();
 foo();
-%OptimizeFunctionOnNextCall(foo);
 foo();


--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
--- You received this message because you are subscribed to the Google Groups "v8-dev" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to