[v8-dev] Re: Cache template literal callSiteObj (issue 742643003 by [email protected])

Tue, 18 Nov 2014 22:09:56 -0800 

neat


https://codereview.chromium.org/742643003/diff/1/src/harmony-templates.js
File src/harmony-templates.js (right):

https://codereview.chromium.org/742643003/diff/1/src/harmony-templates.js#newcode24
src/harmony-templates.js:24: var obj = callSiteCache.get(hash);
This needs to be be %MapGet(callSiteCache, hash) or someone can hijack
this.

https://codereview.chromium.org/742643003/diff/1/src/harmony-templates.js#newcode28
src/harmony-templates.js:28: if ("raw" in obj) {
On 2014/11/19 03:50:33, caitp wrote:

I know this is broken if Array.prototype is messed with. Maybe a

private symbol

to identify these would make sense?


Why is this needed. Can we not make sure we only store valid call site
objects in the cache?

https://codereview.chromium.org/742643003/diff/1/src/harmony-templates.js#newcode46
src/harmony-templates.js:46: callSiteCache.set(hash, siteObj);
%MapSet

https://codereview.chromium.org/742643003/diff/1/src/harmony-templates.js#newcode47
src/harmony-templates.js:47: } else if ("raw" in obj) {
I'm not sure why this is needed? Don't we only get here if we have a
real call site object?

https://codereview.chromium.org/742643003/diff/1/src/harmony-templates.js#newcode49
src/harmony-templates.js:49: } else if (IS_ARRAY(obj)) {
How can obj be anything but an array?

https://codereview.chromium.org/742643003/diff/1/src/parser.cc
File src/parser.cc (right):

https://codereview.chromium.org/742643003/diff/1/src/parser.cc#newcode5333
src/parser.cc:5333: Vector<uint8_t> hash_string =
Vector<uint8_t>::New(num_dummy_chars);
What about two byte strings?

Can we use StringHasher::HashSequentialString here?

https://codereview.chromium.org/742643003/diff/1/test/mjsunit/harmony/templates.js
File test/mjsunit/harmony/templates.js (right):

https://codereview.chromium.org/742643003/diff/1/test/mjsunit/harmony/templates.js#newcode367
test/mjsunit/harmony/templates.js:367: })();
Maybe a test that has same values in the array but different values in
the raw arrays?

https://codereview.chromium.org/742643003/

--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
--- You received this message because you are subscribed to the Google Groups "v8-dev" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to