Reviewers: Toon Verwaest,
Message:
Hi Toon, could you please take a look?
Description:
Fetch global object from jsproxy prototype instead of embedding it in
StoreGlobal.
BUG=v8:3629
LOG=N
Please review this at https://codereview.chromium.org/892213003/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+18, -7 lines):
M src/code-stubs.h
M src/code-stubs-hydrogen.cc
M src/ic/ic.cc
Index: src/code-stubs-hydrogen.cc
diff --git a/src/code-stubs-hydrogen.cc b/src/code-stubs-hydrogen.cc
index
c679d4c3f56bca0efde13b763756b81216526777..826c1dd730031deef5332b8cbfeb2083d60e939f
100644
--- a/src/code-stubs-hydrogen.cc
+++ b/src/code-stubs-hydrogen.cc
@@ -1313,16 +1313,25 @@ HValue*
CodeStubGraphBuilder<StoreGlobalStub>::BuildCodeInitializedStub() {
Handle<Object> placeholer_value(Smi::FromInt(0), isolate());
Handle<PropertyCell> placeholder_cell =
isolate()->factory()->NewPropertyCell(placeholer_value);
-
HParameter* value = GetParameter(StoreDescriptor::kValueIndex);
-
if (stub->check_global()) {
// Check that the map of the global has not changed: use a placeholder
map
// that will be replaced later with the global object's map.
+ HParameter* proxy = GetParameter(StoreDescriptor::kReceiverIndex);
+ HValue* proxy_map =
+ Add<HLoadNamedField>(proxy, nullptr, HObjectAccess::ForMap());
+ HValue* global =
+ Add<HLoadNamedField>(proxy_map, nullptr,
HObjectAccess::ForPrototype());
Handle<Map> placeholder_map = isolate()->factory()->meta_map();
- HValue* global = Add<HConstant>(
- StoreGlobalStub::global_placeholder(isolate()));
- Add<HCheckMaps>(global, placeholder_map);
+ HValue* cell = Add<HConstant>(Map::WeakCellForMap(placeholder_map));
+ HValue* expected_map =
+ Add<HLoadNamedField>(cell, nullptr,
HObjectAccess::ForWeakCellValue());
+ HValue* map =
+ Add<HLoadNamedField>(global, nullptr, HObjectAccess::ForMap());
+ IfBuilder map_check(this);
+ map_check.IfNot<HCompareObjectEqAndBranch>(expected_map, map);
+ map_check.ThenDeopt("Unknown map");
+ map_check.End();
}
HValue* cell = Add<HConstant>(placeholder_cell);
Index: src/code-stubs.h
diff --git a/src/code-stubs.h b/src/code-stubs.h
index
a0ffd129c309a3a5a7a7f6764829ecad1562579c..f8009a2697428b0241558a77015080b98000f1e0
100644
--- a/src/code-stubs.h
+++ b/src/code-stubs.h
@@ -1092,8 +1092,8 @@ class StoreGlobalStub : public HandlerStub {
Handle<PropertyCell> cell) {
if (check_global()) {
Code::FindAndReplacePattern pattern;
- pattern.Add(Handle<Map>(global_placeholder(isolate())->map()),
global);
- pattern.Add(isolate()->factory()->meta_map(),
Handle<Map>(global->map()));
+ pattern.Add(isolate()->factory()->meta_map(),
+ Map::WeakCellForMap(Handle<Map>(global->map())));
pattern.Add(isolate()->factory()->global_property_cell_map(), cell);
return CodeStub::GetCodeCopy(pattern);
} else {
Index: src/ic/ic.cc
diff --git a/src/ic/ic.cc b/src/ic/ic.cc
index
17d4ee211e69539d82804171fe94f2f71940c67d..68c11596ebae2509984ceb0a5246cd61b356b02c
100644
--- a/src/ic/ic.cc
+++ b/src/ic/ic.cc
@@ -1747,6 +1747,8 @@ Handle<Code> StoreIC::CompileHandler(LookupIterator*
lookup,
if (holder->IsGlobalObject()) {
Handle<PropertyCell> cell = lookup->GetPropertyCell();
Handle<HeapType> union_type = PropertyCell::UpdatedType(cell,
value);
+ DCHECK(holder.is_identical_to(receiver) ||
+ receiver->map()->prototype() == *holder);
StoreGlobalStub stub(isolate(), union_type->IsConstant(),
receiver->IsJSGlobalProxy());
Handle<Code> code = stub.GetCodeCopyFromTemplate(
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
