Revision: 24174
Author: [email protected]
Date: Wed Sep 24 09:33:04 2014 UTC
Log: Fix IC cache confusion on String.prototype.length
BUG=416416
LOG=N
[email protected]
Review URL: https://codereview.chromium.org/587363002
https://code.google.com/p/v8/source/detail?r=24174
Added:
/branches/bleeding_edge/test/mjsunit/regress/regress-416416.js
Modified:
/branches/bleeding_edge/src/ic/ic.cc
=======================================
--- /dev/null
+++ /branches/bleeding_edge/test/mjsunit/regress/regress-416416.js Wed Sep
24 09:33:04 2014 UTC
@@ -0,0 +1,14 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+function foo() {
+ try {
+ String.prototype.length.x();
+ } catch (e) {
+ }
+}
+
+foo();
+foo();
+foo();
=======================================
--- /branches/bleeding_edge/src/ic/ic.cc Tue Sep 23 09:20:36 2014 UTC
+++ /branches/bleeding_edge/src/ic/ic.cc Wed Sep 24 09:33:04 2014 UTC
@@ -929,7 +929,14 @@
code = CompileHandler(lookup, value, flag);
DCHECK(code->is_handler());
- if (code->type() != Code::NORMAL) {
+ // TODO(mvstanton): we'd only like to cache code on the map when it's
custom
+ // code compiled for this map, otherwise it's already cached in the
global
+ // code
+ // cache. We are also guarding against installing code with flags that
don't
+ // match the desired CacheHolderFlag computed above, which would lead to
+ // invalid lookups later.
+ if (code->type() != Code::NORMAL &&
+ Code::ExtractCacheHolderFromFlags(code->flags()) == flag) {
Map::UpdateCodeCache(stub_holder_map, lookup->name(), code);
}
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
