[v8-dev] Move compatible receiver check from CompileHandler to ComputeHandler (issue 1221433010 by [email protected])

Mon, 06 Jul 2015 04:22:22 -0700 

Reviewers: Toon Verwaest,

Description:
Move compatible receiver check from CompileHandler to ComputeHandler

We also need to do the check before using an existing handler from the
cache

BUG=chromium:505374
[email protected]
LOG=y

Please review this at https://codereview.chromium.org/1221433010/

Base URL: https://chromium.googlesource.com/v8/v8.git@master

Affected files (+52, -9 lines):
  M src/ic/ic.h
  M src/ic/ic.cc


Index: src/ic/ic.cc
diff --git a/src/ic/ic.cc b/src/ic/ic.cc
index 52c4732e81ee7866bd2d49550a55cf330d79c123..4f58ec6a0e6c1b3b26dcff699e015ae3436d85e8 100644 
--- a/src/ic/ic.cc
+++ b/src/ic/ic.cc
@@ -1098,6 +1098,41 @@ Handle<Code> IC::ComputeHandler(LookupIterator* lookup, Handle<Object> value) { 
 }


+Handle<Code> LoadIC::ComputeHandler(LookupIterator* lookup,
+                                    Handle<Object> value) {
+  if (lookup->state() == LookupIterator::ACCESSOR) {
+    Handle<Object> accessors = lookup->GetAccessors();
+    Handle<Map> map = receiver_map();
+    if (accessors->IsExecutableAccessorInfo()) {
+      Handle<ExecutableAccessorInfo> info =
+          Handle<ExecutableAccessorInfo>::cast(accessors);
+      if ((v8::ToCData<Address>(info->getter()) != 0) &&
+          !ExecutableAccessorInfo::IsCompatibleReceiverMap(isolate(), info,
+                                                           map)) {
+        return slow_stub();
+      }
+    } else if (accessors->IsAccessorPair()) {
+ Handle<Object> getter(Handle<AccessorPair>::cast(accessors)->getter(), 
+                            isolate());
+      Handle<JSObject> holder = lookup->GetHolder<JSObject>();
+      Handle<Object> receiver = lookup->GetReceiver();
+      if (getter->IsJSFunction() && holder->HasFastProperties()) {
+        Handle<JSFunction> function = Handle<JSFunction>::cast(getter);
+        if (receiver->IsJSObject() || function->IsBuiltin() ||
+            !is_sloppy(function->shared()->language_mode())) {
+          CallOptimization call_optimization(function);
+          if (call_optimization.is_simple_api_call() &&
+              !call_optimization.IsCompatibleReceiver(receiver, holder)) {
+            return slow_stub();
+          }
+        }
+      }
+    }
+  }
+  return IC::ComputeHandler(lookup, value);
+}
+
+
 Handle<Code> LoadIC::CompileHandler(LookupIterator* lookup,
                                     Handle<Object> unused,
                                     CacheHolderFlag cache_holder) {
@@ -1165,6 +1200,8 @@ Handle<Code> LoadIC::CompileHandler(LookupIterator* lookup, 
         if (v8::ToCData<Address>(info->getter()) == 0) break;
if (!ExecutableAccessorInfo::IsCompatibleReceiverMap(isolate(), info, 
                                                              map)) {
+          // This case should be already handled in LoadIC::ComputeHandler.
+          UNREACHABLE();
           break;
         }
         if (!holder->HasFastProperties()) break;
@@ -1185,10 +1222,14 @@ Handle<Code> LoadIC::CompileHandler(LookupIterator* lookup, 
         }
         CallOptimization call_optimization(function);
NamedLoadHandlerCompiler compiler(isolate(), map, holder, cache_holder); 
-        if (call_optimization.is_simple_api_call() &&
-            call_optimization.IsCompatibleReceiver(receiver, holder)) {
- return compiler.CompileLoadCallback(lookup->name(), call_optimization, 
-                                              lookup->GetAccessorIndex());
+        if (call_optimization.is_simple_api_call()) {
+          if (call_optimization.IsCompatibleReceiver(receiver, holder)) {
+            return compiler.CompileLoadCallback(
+ lookup->name(), call_optimization, lookup->GetAccessorIndex()); 
+          } else {
+ // This case should be already handled in LoadIC::ComputeHandler. 
+            UNREACHABLE();
+          }
         }
         int expected_arguments =
             function->shared()->internal_formal_parameter_count();
Index: src/ic/ic.h
diff --git a/src/ic/ic.h b/src/ic/ic.h
index dec8318ae5c7cfd2b6c40fb253365cb055a630a6..a9e8fce7e2ab9980ab4129dc0bf1b1e958e6e919 100644 
--- a/src/ic/ic.h
+++ b/src/ic/ic.h
@@ -184,8 +184,8 @@ class IC {
static void PostPatching(Address address, Code* target, Code* old_target);
// Compute the handler either by compiling or by retrieving a cached version. 
-  Handle<Code> ComputeHandler(LookupIterator* lookup,
-                              Handle<Object> value = Handle<Code>::null());
+  virtual Handle<Code> ComputeHandler(
+      LookupIterator* lookup, Handle<Object> value = Handle<Code>::null());
   virtual Handle<Code> CompileHandler(LookupIterator* lookup,
                                       Handle<Object> value,
                                       CacheHolderFlag cache_holder) {
@@ -432,9 +432,11 @@ class LoadIC : public IC {
   // lookup result.
   void UpdateCaches(LookupIterator* lookup);

-  virtual Handle<Code> CompileHandler(LookupIterator* lookup,
-                                      Handle<Object> unused,
- CacheHolderFlag cache_holder) override; 
+  Handle<Code> ComputeHandler(
+      LookupIterator* lookup,
+      Handle<Object> value = Handle<Code>::null()) override;
+ Handle<Code> CompileHandler(LookupIterator* lookup, Handle<Object> unused, 
+                              CacheHolderFlag cache_holder) override;

  private:
   Handle<Code> SimpleFieldLoad(FieldIndex index);


--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
--- You received this message because you are subscribed to the Google Groups "v8-dev" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to