Revision: 12159 Author: [email protected] Date: Fri Jul 20 04:39:44 2012 Log: Merged r12088 into 3.10 branch.
Fix ICs for slow objects with native accessor. [email protected] BUG=chromium:137002 TEST=test/test-api/Regress137002[a,b] Review URL: https://chromiumcodereview.appspot.com/10796059 http://code.google.com/p/v8/source/detail?r=12159 Modified: /branches/3.10/src/ic.cc /branches/3.10/src/version.cc /branches/3.10/test/cctest/test-api.cc ======================================= --- /branches/3.10/src/ic.cc Fri Apr 13 02:58:30 2012 +++ /branches/3.10/src/ic.cc Fri Jul 20 04:39:44 2012 @@ -983,6 +983,7 @@ Handle<AccessorInfo> callback = Handle<AccessorInfo>::cast(callback_object); if (v8::ToCData<Address>(callback->getter()) == 0) return; + if (!receiver->HasFastProperties()) return; code = isolate()->stub_cache()->ComputeLoadCallback( name, receiver, holder, callback); break; @@ -1246,6 +1247,7 @@ Handle<AccessorInfo> callback = Handle<AccessorInfo>::cast(callback_object); if (v8::ToCData<Address>(callback->getter()) == 0) return; + if (!receiver->HasFastProperties()) return; code = isolate()->stub_cache()->ComputeKeyedLoadCallback( name, receiver, holder, callback); break; @@ -1460,6 +1462,7 @@ Handle<AccessorInfo> callback = Handle<AccessorInfo>::cast(callback_object); if (v8::ToCData<Address>(callback->setter()) == 0) return; + if (!receiver->HasFastProperties()) return; code = isolate()->stub_cache()->ComputeStoreCallback( name, receiver, callback, strict_mode); break; ======================================= --- /branches/3.10/src/version.cc Wed Jul 18 06:45:27 2012 +++ /branches/3.10/src/version.cc Fri Jul 20 04:39:44 2012 @@ -35,7 +35,7 @@ #define MAJOR_VERSION 3 #define MINOR_VERSION 10 #define BUILD_NUMBER 8 -#define PATCH_LEVEL 22 +#define PATCH_LEVEL 23 // Use 1 for candidates and 0 otherwise. // (Boolean macro values are not supported by all preprocessors.) #define IS_CANDIDATE_VERSION 0 ======================================= --- /branches/3.10/test/cctest/test-api.cc Mon May 21 02:39:31 2012 +++ /branches/3.10/test/cctest/test-api.cc Fri Jul 20 04:39:44 2012 @@ -16593,3 +16593,46 @@ CHECK(v8::String::Empty(isolate).IsEmpty()); CHECK_EQ(3, fatal_error_callback_counter); } + + +THREADED_TEST(Regress137002a) { + i::FLAG_allow_natives_syntax = true; + v8::HandleScope scope; + LocalContext context; + Local<ObjectTemplate> templ = ObjectTemplate::New(); + templ->SetAccessor(v8_str("foo"), + GetterWhichReturns42, + SetterWhichSetsYOnThisTo23); + context->Global()->Set(v8_str("obj"), templ->NewInstance()); + + // Turn monomorphic on slow object with native accessor, then turn + // polymorphic, finally optimize to create negative lookup and fail. + CompileRun("function f(x) { return x.foo; }" + "%OptimizeObjectForAddingMultipleProperties(obj, 1);" + "obj.__proto__ = null;" + "f(obj); f(obj); f({});" + "%OptimizeFunctionOnNextCall(f);" + "var result = f(obj);"); + CHECK_EQ(42, context->Global()->Get(v8_str("result"))->Int32Value()); +} + + +THREADED_TEST(Regress137002b) { + i::FLAG_allow_natives_syntax = true; + v8::HandleScope scope; + LocalContext context; + Local<ObjectTemplate> templ = ObjectTemplate::New(); + templ->SetAccessor(v8_str("foo"), + GetterWhichReturns42, + SetterWhichSetsYOnThisTo23); + context->Global()->Set(v8_str("obj"), templ->NewInstance()); + + // Turn monomorphic on slow object with native accessor, then just + // delete the property and fail. + CompileRun("function f(x) { return x.foo; }" + "%OptimizeObjectForAddingMultipleProperties(obj, 1);" + "obj.__proto__ = null;" + "f(obj); f(obj); delete obj.foo;" + "var result = f(obj);"); + CHECK(context->Global()->Get(v8_str("result"))->IsUndefined()); +} -- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev
