Reviewers: Jakob,
Description:
Merged r12088 into 3.10 branch.
Fix ICs for slow objects with native accessor.
[email protected]
BUG=chromium:137002
TEST=test/test-api/Regress137002[a,b]
Please review this at https://chromiumcodereview.appspot.com/10796059/
SVN Base: https://v8.googlecode.com/svn/branches/3.10
Affected files:
M src/ic.cc
M src/version.cc
M test/cctest/test-api.cc
Index: src/ic.cc
diff --git a/src/ic.cc b/src/ic.cc
index
643fa884139fa1d041d94d7d7092feb748a508d9..33d93614cf9a121ceb879b627fd136e059a610d4
100644
--- a/src/ic.cc
+++ b/src/ic.cc
@@ -983,6 +983,7 @@ void LoadIC::UpdateCaches(LookupResult* lookup,
Handle<AccessorInfo> callback =
Handle<AccessorInfo>::cast(callback_object);
if (v8::ToCData<Address>(callback->getter()) == 0) return;
+ if (!receiver->HasFastProperties()) return;
code = isolate()->stub_cache()->ComputeLoadCallback(
name, receiver, holder, callback);
break;
@@ -1246,6 +1247,7 @@ void KeyedLoadIC::UpdateCaches(LookupResult* lookup,
Handle<AccessorInfo> callback =
Handle<AccessorInfo>::cast(callback_object);
if (v8::ToCData<Address>(callback->getter()) == 0) return;
+ if (!receiver->HasFastProperties()) return;
code = isolate()->stub_cache()->ComputeKeyedLoadCallback(
name, receiver, holder, callback);
break;
@@ -1460,6 +1462,7 @@ void StoreIC::UpdateCaches(LookupResult* lookup,
Handle<AccessorInfo> callback =
Handle<AccessorInfo>::cast(callback_object);
if (v8::ToCData<Address>(callback->setter()) == 0) return;
+ if (!receiver->HasFastProperties()) return;
code = isolate()->stub_cache()->ComputeStoreCallback(
name, receiver, callback, strict_mode);
break;
Index: src/version.cc
diff --git a/src/version.cc b/src/version.cc
index
a98524f78c631f938e5849939efb2dc400814b2e..c062beb80d80fdf965cf456da3ebc5cc2c3cdca8
100644
--- a/src/version.cc
+++ b/src/version.cc
@@ -35,7 +35,7 @@
#define MAJOR_VERSION 3
#define MINOR_VERSION 10
#define BUILD_NUMBER 8
-#define PATCH_LEVEL 22
+#define PATCH_LEVEL 23
// Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.)
#define IS_CANDIDATE_VERSION 0
Index: test/cctest/test-api.cc
diff --git a/test/cctest/test-api.cc b/test/cctest/test-api.cc
index
8a1e9147369fbde7d20e996c91e45089c0545e67..1a0ad83b0027fe3406d85d353346959b0dcdb9cf
100644
--- a/test/cctest/test-api.cc
+++ b/test/cctest/test-api.cc
@@ -16593,3 +16593,46 @@ TEST(StringEmpty) {
CHECK(v8::String::Empty(isolate).IsEmpty());
CHECK_EQ(3, fatal_error_callback_counter);
}
+
+
+THREADED_TEST(Regress137002a) {
+ i::FLAG_allow_natives_syntax = true;
+ v8::HandleScope scope;
+ LocalContext context;
+ Local<ObjectTemplate> templ = ObjectTemplate::New();
+ templ->SetAccessor(v8_str("foo"),
+ GetterWhichReturns42,
+ SetterWhichSetsYOnThisTo23);
+ context->Global()->Set(v8_str("obj"), templ->NewInstance());
+
+ // Turn monomorphic on slow object with native accessor, then turn
+ // polymorphic, finally optimize to create negative lookup and fail.
+ CompileRun("function f(x) { return x.foo; }"
+ "%OptimizeObjectForAddingMultipleProperties(obj, 1);"
+ "obj.__proto__ = null;"
+ "f(obj); f(obj); f({});"
+ "%OptimizeFunctionOnNextCall(f);"
+ "var result = f(obj);");
+ CHECK_EQ(42, context->Global()->Get(v8_str("result"))->Int32Value());
+}
+
+
+THREADED_TEST(Regress137002b) {
+ i::FLAG_allow_natives_syntax = true;
+ v8::HandleScope scope;
+ LocalContext context;
+ Local<ObjectTemplate> templ = ObjectTemplate::New();
+ templ->SetAccessor(v8_str("foo"),
+ GetterWhichReturns42,
+ SetterWhichSetsYOnThisTo23);
+ context->Global()->Set(v8_str("obj"), templ->NewInstance());
+
+ // Turn monomorphic on slow object with native accessor, then just
+ // delete the property and fail.
+ CompileRun("function f(x) { return x.foo; }"
+ "%OptimizeObjectForAddingMultipleProperties(obj, 1);"
+ "obj.__proto__ = null;"
+ "f(obj); f(obj); delete obj.foo;"
+ "var result = f(obj);");
+ CHECK(context->Global()->Get(v8_str("result"))->IsUndefined());
+}
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev