Reviewers: danno,
Description:
Merged r12088 into 3.11 branch.
Fix ICs for slow objects with native accessor.
[email protected]
BUG=chromium:137002
TEST=test/test-api/Regress137002[a,b]
Please review this at https://chromiumcodereview.appspot.com/10809032/
SVN Base: https://v8.googlecode.com/svn/branches/3.11
Affected files:
M src/ic.cc
M src/version.cc
M test/cctest/test-api.cc
Index: src/ic.cc
diff --git a/src/ic.cc b/src/ic.cc
index
47a72b495636465761ce27fe4a0d97a107430f78..0ad0670c36ed7f9c2d62ffe55781a8bc15dc7818
100644
--- a/src/ic.cc
+++ b/src/ic.cc
@@ -992,6 +992,7 @@ void LoadIC::UpdateCaches(LookupResult* lookup,
if (callback->IsAccessorInfo()) {
Handle<AccessorInfo> info = Handle<AccessorInfo>::cast(callback);
if (v8::ToCData<Address>(info->getter()) == 0) return;
+ if (!receiver->HasFastProperties()) return;
if (!info->IsCompatibleReceiver(*receiver)) return;
code = isolate()->stub_cache()->ComputeLoadCallback(
name, receiver, holder, info);
@@ -1268,6 +1269,7 @@ void KeyedLoadIC::UpdateCaches(LookupResult* lookup,
Handle<AccessorInfo> callback =
Handle<AccessorInfo>::cast(callback_object);
if (v8::ToCData<Address>(callback->getter()) == 0) return;
+ if (!receiver->HasFastProperties()) return;
if (!callback->IsCompatibleReceiver(*receiver)) return;
code = isolate()->stub_cache()->ComputeKeyedLoadCallback(
name, receiver, holder, callback);
@@ -1487,6 +1489,7 @@ void StoreIC::UpdateCaches(LookupResult* lookup,
if (callback->IsAccessorInfo()) {
Handle<AccessorInfo> info = Handle<AccessorInfo>::cast(callback);
if (v8::ToCData<Address>(info->setter()) == 0) return;
+ if (!receiver->HasFastProperties()) return;
ASSERT(info->IsCompatibleReceiver(*receiver));
code = isolate()->stub_cache()->ComputeStoreCallback(
name, receiver, info, strict_mode);
Index: src/version.cc
diff --git a/src/version.cc b/src/version.cc
index
5b4683963d033a5e110368497b6600e491912c8b..75abe57148cb3fe36fc89e4f44e3a09cc66e0cf2
100644
--- a/src/version.cc
+++ b/src/version.cc
@@ -35,7 +35,7 @@
#define MAJOR_VERSION 3
#define MINOR_VERSION 11
#define BUILD_NUMBER 10
-#define PATCH_LEVEL 16
+#define PATCH_LEVEL 17
// Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.)
#define IS_CANDIDATE_VERSION 0
Index: test/cctest/test-api.cc
diff --git a/test/cctest/test-api.cc b/test/cctest/test-api.cc
index
ed31f6ffaea53d89ec428d82373bdab258b6b75d..233cbabd15138a6f673c1cd779d39bbcb782fb54
100644
--- a/test/cctest/test-api.cc
+++ b/test/cctest/test-api.cc
@@ -16811,3 +16811,46 @@ TEST(TryFinallyMessage) {
CHECK_EQ(6, message->GetLineNumber());
}
}
+
+
+THREADED_TEST(Regress137002a) {
+ i::FLAG_allow_natives_syntax = true;
+ v8::HandleScope scope;
+ LocalContext context;
+ Local<ObjectTemplate> templ = ObjectTemplate::New();
+ templ->SetAccessor(v8_str("foo"),
+ GetterWhichReturns42,
+ SetterWhichSetsYOnThisTo23);
+ context->Global()->Set(v8_str("obj"), templ->NewInstance());
+
+ // Turn monomorphic on slow object with native accessor, then turn
+ // polymorphic, finally optimize to create negative lookup and fail.
+ CompileRun("function f(x) { return x.foo; }"
+ "%OptimizeObjectForAddingMultipleProperties(obj, 1);"
+ "obj.__proto__ = null;"
+ "f(obj); f(obj); f({});"
+ "%OptimizeFunctionOnNextCall(f);"
+ "var result = f(obj);");
+ CHECK_EQ(42, context->Global()->Get(v8_str("result"))->Int32Value());
+}
+
+
+THREADED_TEST(Regress137002b) {
+ i::FLAG_allow_natives_syntax = true;
+ v8::HandleScope scope;
+ LocalContext context;
+ Local<ObjectTemplate> templ = ObjectTemplate::New();
+ templ->SetAccessor(v8_str("foo"),
+ GetterWhichReturns42,
+ SetterWhichSetsYOnThisTo23);
+ context->Global()->Set(v8_str("obj"), templ->NewInstance());
+
+ // Turn monomorphic on slow object with native accessor, then just
+ // delete the property and fail.
+ CompileRun("function f(x) { return x.foo; }"
+ "%OptimizeObjectForAddingMultipleProperties(obj, 1);"
+ "obj.__proto__ = null;"
+ "f(obj); f(obj); delete obj.foo;"
+ "var result = f(obj);");
+ CHECK(context->Global()->Get(v8_str("result"))->IsUndefined());
+}
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev