Reviewers: SeRya,
Description:
Merge fix of negative dictionary probing to 2.2 branch.
The code used to assume that only symbol keys are in
dictionaries. That is not the case.
Please review this at http://codereview.chromium.org/3016002/show
SVN Base: http://v8.googlecode.com/svn/branches/2.2/
Affected files:
M src/arm/stub-cache-arm.cc
M src/ia32/stub-cache-ia32.cc
M src/version.cc
M src/x64/stub-cache-x64.cc
M test/mjsunit/call-stub.js
Index: src/arm/stub-cache-arm.cc
===================================================================
--- src/arm/stub-cache-arm.cc (revision 5071)
+++ src/arm/stub-cache-arm.cc (working copy)
@@ -176,6 +176,13 @@
__ cmp(entity_name, Operand(Handle<String>(name)));
__ b(eq, miss_label);
+ // Check if the entry name is not a symbol.
+ __ ldr(entity_name, FieldMemOperand(entity_name,
HeapObject::kMapOffset));
+ __ ldrb(entity_name,
+ FieldMemOperand(entity_name, Map::kInstanceTypeOffset));
+ __ tst(entity_name, Operand(kIsSymbolMask));
+ __ b(eq, miss_label);
+
// Restore the properties.
__ ldr(properties,
FieldMemOperand(receiver, JSObject::kPropertiesOffset));
Index: src/ia32/stub-cache-ia32.cc
===================================================================
--- src/ia32/stub-cache-ia32.cc (revision 5071)
+++ src/ia32/stub-cache-ia32.cc (working copy)
@@ -184,6 +184,12 @@
// Stop if found the property.
__ cmp(entity_name, Handle<String>(name));
__ j(equal, miss_label, not_taken);
+
+ // Check if the entry name is not a symbol.
+ __ mov(entity_name, FieldOperand(entity_name,
HeapObject::kMapOffset));
+ __ test_b(FieldOperand(entity_name, Map::kInstanceTypeOffset),
+ kIsSymbolMask);
+ __ j(zero, miss_label, not_taken);
} else {
// Give up probing if still not found the undefined value.
__ j(not_equal, miss_label, not_taken);
Index: src/version.cc
===================================================================
--- src/version.cc (revision 5071)
+++ src/version.cc (working copy)
@@ -35,7 +35,7 @@
#define MAJOR_VERSION 2
#define MINOR_VERSION 2
#define BUILD_NUMBER 24
-#define PATCH_LEVEL 2
+#define PATCH_LEVEL 3
#define CANDIDATE_VERSION false
// Define SONAME to have the SCons build the put a specific SONAME into the
Index: src/x64/stub-cache-x64.cc
===================================================================
--- src/x64/stub-cache-x64.cc (revision 5071)
+++ src/x64/stub-cache-x64.cc (working copy)
@@ -164,6 +164,12 @@
// Stop if found the property.
__ Cmp(entity_name, Handle<String>(name));
__ j(equal, miss_label);
+
+ // Check if the entry name is not a symbol.
+ __ movq(entity_name, FieldOperand(entity_name,
HeapObject::kMapOffset));
+ __ testb(FieldOperand(entity_name, Map::kInstanceTypeOffset),
+ Immediate(kIsSymbolMask));
+ __ j(zero, miss_label);
} else {
// Give up probing if still not found the undefined value.
__ j(not_equal, miss_label);
Index: test/mjsunit/call-stub.js
===================================================================
--- test/mjsunit/call-stub.js (revision 5071)
+++ test/mjsunit/call-stub.js (working copy)
@@ -49,3 +49,18 @@
}
assertEquals(i < 50 || i >= 70 ? 1 : 2, h.m());
}
+
+
+var nonsymbol = 'wwwww '.split(' ')[0];
+Hash.prototype.wwwww = Hash.prototype.m;
+
+for (var i = 1; i < 100; i++) {
+ if (i == 50) {
+ h[nonsymbol] = function() {
+ return 2;
+ };
+ } else if (i == 70) {
+ delete h[nonsymbol];
+ }
+ assertEquals(i < 50 || i >= 70 ? 1 : 2, h.wwwww());
+}
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
