Reviewers: ulan,
Message:
PTAL
Description:
Don't update ICs when the receiver has a deprecated map.
Please review this at https://chromiumcodereview.appspot.com/23658047/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files (+22, -13 lines):
M src/ic.cc
Index: src/ic.cc
diff --git a/src/ic.cc b/src/ic.cc
index
538236336566acfc24f63fcc98305bf66d6f1e1d..5267af1a27152d6be1dcb754f35a542dfeb04947
100644
--- a/src/ic.cc
+++ b/src/ic.cc
@@ -549,9 +549,11 @@ MaybeObject* CallICBase::LoadFunction(State state,
Code::ExtraICState extra_ic_state,
Handle<Object> object,
Handle<String> name) {
+ bool use_ic = FLAG_use_ic;
if (object->IsJSObject()) {
Handle<JSObject> receiver = Handle<JSObject>::cast(object);
if (receiver->map()->is_deprecated()) {
+ use_ic = false;
JSObject::MigrateInstance(receiver);
}
}
@@ -590,9 +592,7 @@ MaybeObject* CallICBase::LoadFunction(State state,
}
// Lookup is valid: Update inline cache and stub cache.
- if (FLAG_use_ic) {
- UpdateCaches(&lookup, state, extra_ic_state, object, name);
- }
+ if (use_ic) UpdateCaches(&lookup, state, extra_ic_state, object, name);
// Get the property.
PropertyAttributes attr;
@@ -819,9 +819,11 @@ MaybeObject* KeyedCallIC::LoadFunction(State state,
Handle<String>::cast(key));
}
+ bool use_ic = FLAG_use_ic && !object->IsAccessCheckNeeded();
if (object->IsJSObject()) {
Handle<JSObject> receiver = Handle<JSObject>::cast(object);
if (receiver->map()->is_deprecated()) {
+ use_ic = false;
JSObject::MigrateInstance(receiver);
}
}
@@ -830,7 +832,6 @@ MaybeObject* KeyedCallIC::LoadFunction(State state,
return TypeError("non_object_property_call", object, key);
}
- bool use_ic = FLAG_use_ic && !object->IsAccessCheckNeeded();
ASSERT(!(use_ic && object->IsJSGlobalProxy()));
if (use_ic && state != MEGAMORPHIC) {
@@ -874,7 +875,9 @@ MaybeObject* LoadIC::Load(State state,
return TypeError("non_object_property_load", object, name);
}
- if (FLAG_use_ic) {
+ bool use_ic = FLAG_use_ic;
+
+ if (use_ic) {
// Use specialized code for getting the length of strings and
// string wrapper objects. The length property of string wrapper
// objects is read-only and therefore always returns the length of
@@ -931,13 +934,14 @@ MaybeObject* LoadIC::Load(State state,
uint32_t index;
if (kind() == Code::KEYED_LOAD_IC && name->AsArrayIndex(&index)) {
// Rewrite to the generic keyed load stub.
- if (FLAG_use_ic) set_target(*generic_stub());
+ if (use_ic) set_target(*generic_stub());
return Runtime::GetElementOrCharAtOrFail(isolate(), object, index);
}
if (object->IsJSObject()) {
Handle<JSObject> receiver = Handle<JSObject>::cast(object);
if (receiver->map()->is_deprecated()) {
+ use_ic = false;
JSObject::MigrateInstance(receiver);
}
}
@@ -955,7 +959,7 @@ MaybeObject* LoadIC::Load(State state,
}
// Update inline cache and stub cache.
- if (FLAG_use_ic) UpdateCaches(&lookup, state, object, name);
+ if (use_ic) UpdateCaches(&lookup, state, object, name);
PropertyAttributes attr;
if (lookup.IsInterceptor() || lookup.IsHandler()) {
@@ -1503,6 +1507,7 @@ MaybeObject* KeyedLoadIC::Load(State state,
} else if (object->IsJSObject()) {
Handle<JSObject> receiver = Handle<JSObject>::cast(object);
if (receiver->map()->is_deprecated()) {
+ use_ic = false;
JSObject::MigrateInstance(receiver);
}
@@ -1519,9 +1524,11 @@ MaybeObject* KeyedLoadIC::Load(State state,
} else {
TRACE_GENERIC_IC(isolate(), "KeyedLoadIC", "force generic");
}
- ASSERT(!stub.is_null());
- set_target(*stub);
- TRACE_IC("KeyedLoadIC", key, state, target());
+ if (use_ic) {
+ ASSERT(!stub.is_null());
+ set_target(*stub);
+ TRACE_IC("KeyedLoadIC", key, state, target());
+ }
}
@@ -1685,7 +1692,9 @@ MaybeObject* StoreIC::Store(State state,
Handle<JSObject> receiver = Handle<JSObject>::cast(object);
+ bool use_ic = FLAG_use_ic;
if (receiver->map()->is_deprecated()) {
+ use_ic = false;
JSObject::MigrateInstance(receiver);
}
@@ -1708,7 +1717,7 @@ MaybeObject* StoreIC::Store(State state,
// properties. Slow properties might indicate redefinition of the length
// property. Note that when redefined using Object.freeze, it's possible
// to have fast properties but a read-only length.
- if (FLAG_use_ic &&
+ if (use_ic &&
receiver->IsJSArray() &&
name->Equals(isolate()->heap()->length_string()) &&
Handle<JSArray>::cast(receiver)->AllowsSetElementsLength() &&
@@ -1723,7 +1732,7 @@ MaybeObject* StoreIC::Store(State state,
}
if (receiver->IsJSGlobalProxy()) {
- if (FLAG_use_ic && kind() != Code::KEYED_STORE_IC) {
+ if (use_ic && kind() != Code::KEYED_STORE_IC) {
// Generate a generic stub that goes to the runtime when we see a
global
// proxy as receiver.
Handle<Code> stub = (strict_mode == kStrictMode)
@@ -1745,7 +1754,7 @@ MaybeObject* StoreIC::Store(State state,
// Strict mode doesn't allow setting non-existent global property.
return ReferenceError("not_defined", name);
}
- if (FLAG_use_ic) {
+ if (use_ic) {
if (state == UNINITIALIZED) {
Handle<Code> stub = (strict_mode == kStrictMode)
? pre_monomorphic_stub_strict()
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
