Reviewers: ulan,
Description:
Merged r16566, r16471 into 3.20 branch.
Fix polymorphic INTERCEPTOR StoreICs on ARM/MIPS
Representation of interceptor / handler properties are tagged. Otherwise
store
ICs will never be initialized, due to lookup->CanHoldValue(value);
BUG=chromium:284998,chromium:256330
[email protected]
Please review this at https://codereview.chromium.org/23480102/
SVN Base: https://v8.googlecode.com/svn/branches/3.20
Affected files (+21, -5 lines):
M src/arm/stub-cache-arm.cc
M src/mips/stub-cache-mips.cc
M src/property.h
M src/version.cc
M test/cctest/test-api.cc
Index: src/arm/stub-cache-arm.cc
diff --git a/src/arm/stub-cache-arm.cc b/src/arm/stub-cache-arm.cc
index
f7fa9efaca78df41622188a906040f24172a7472..06bd66e92a42d52bc4dec7270e0d7fc07669edf6
100644
--- a/src/arm/stub-cache-arm.cc
+++ b/src/arm/stub-cache-arm.cc
@@ -2890,7 +2890,7 @@ Handle<Code>
StoreStubCompiler::CompileStoreInterceptor(
TailCallBuiltin(masm(), MissBuiltin(kind()));
// Return the generated code.
- return GetICCode(kind(), Code::INTERCEPTOR, name);
+ return GetCode(kind(), Code::INTERCEPTOR, name);
}
Index: src/mips/stub-cache-mips.cc
diff --git a/src/mips/stub-cache-mips.cc b/src/mips/stub-cache-mips.cc
index
c4b1ee57a7239ebb9cb73033fd5b1bbcbbe2b916..299ffd22bd43c4985b60e6c8c08deabbd6d93211
100644
--- a/src/mips/stub-cache-mips.cc
+++ b/src/mips/stub-cache-mips.cc
@@ -2934,7 +2934,7 @@ Handle<Code>
StoreStubCompiler::CompileStoreInterceptor(
TailCallBuiltin(masm(), MissBuiltin(kind()));
// Return the generated code.
- return GetICCode(kind(), Code::INTERCEPTOR, name);
+ return GetCode(kind(), Code::INTERCEPTOR, name);
}
Index: src/property.h
diff --git a/src/property.h b/src/property.h
index
d109de91d10144fc8b8a19e2620c3eaffdfe9ae2..2ee6c2a2d0f40202bc9db78b35bc32ed1c45bcaa
100644
--- a/src/property.h
+++ b/src/property.h
@@ -225,14 +225,14 @@ class LookupResult BASE_EMBEDDED {
void HandlerResult(JSProxy* proxy) {
lookup_type_ = HANDLER_TYPE;
holder_ = proxy;
- details_ = PropertyDetails(NONE, HANDLER, Representation::None());
+ details_ = PropertyDetails(NONE, HANDLER, Representation::Tagged());
cacheable_ = false;
}
void InterceptorResult(JSObject* holder) {
lookup_type_ = INTERCEPTOR_TYPE;
holder_ = holder;
- details_ = PropertyDetails(NONE, INTERCEPTOR, Representation::None());
+ details_ = PropertyDetails(NONE, INTERCEPTOR,
Representation::Tagged());
}
void NotFound() {
Index: src/version.cc
diff --git a/src/version.cc b/src/version.cc
index
2697a5128d065f54444ede19d476c92bbea041e7..c50bc5a5b2e7aea0fa29fcf8beba7883ef97f6a7
100644
--- a/src/version.cc
+++ b/src/version.cc
@@ -35,7 +35,7 @@
#define MAJOR_VERSION 3
#define MINOR_VERSION 20
#define BUILD_NUMBER 17
-#define PATCH_LEVEL 10
+#define PATCH_LEVEL 11
// Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.)
#define IS_CANDIDATE_VERSION 0
Index: test/cctest/test-api.cc
diff --git a/test/cctest/test-api.cc b/test/cctest/test-api.cc
index
0ad38546d2755fe1b53d838f7f0eaf4e47f65d0b..55d376d1545ab3fc2e4fc4b355728d75758503b0
100644
--- a/test/cctest/test-api.cc
+++ b/test/cctest/test-api.cc
@@ -20174,4 +20174,20 @@ TEST(AccessCheckThrows) {
}
+THREADED_TEST(Regress256330) {
+ i::FLAG_allow_natives_syntax = true;
+ LocalContext context;
+ v8::HandleScope scope(context->GetIsolate());
+ Handle<FunctionTemplate> templ = FunctionTemplate::New();
+ AddInterceptor(templ, EmptyInterceptorGetter, EmptyInterceptorSetter);
+ context->Global()->Set(v8_str("Bug"), templ->GetFunction());
+ CompileRun("\"use strict\"; var o = new Bug;"
+ "function f(o) { o.x = 10; };"
+ "f(o); f(o); f(o);"
+ "%OptimizeFunctionOnNextCall(f);"
+ "f(o);");
+ ExpectBoolean("%GetOptimizationStatus(f) != 2", true);
+}
+
+
#endif // WIN32
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
