Reviewers: Michael Starzinger, danno,
Message:
Hi guys, PTAL, here is the version without use of dependent code, just a
deopt
of managed code. I'd rather push that in a separate CL.
--Michael
Description:
Correct handling of arrays with callbacks in the prototype chain.
Our generic KeyedStoreIC doesn't handle the case when a callback is
set on array elements in the prototype chain of the object, nor do
we recognize that we need to avoid the monomorphic case if these
callbacks exist.
This CL addresses the issue by storing a field on the map of an
object that has element callbacks. The IC can walk the prototype
chain looking for this flag.
In general, keyed loads are immune from this problem because they
won't return the hole: discovery of the hole goes to the runtime where
the callback will be found in the prototype chain.
Includes the following patch as well (already reviewed by bmeurer):
Performance regression found in test regress-2185-2.js. The problem was
that the bailout method for TransitionAndStoreStub was not performing
the appropriate transition.
(Review URL for the ElementsTransitionAndStoreIC_Miss change:
https://codereview.chromium.org/26911007)
Please review this at https://codereview.chromium.org/35413006/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files (+533, -28 lines):
M src/heap.h
M src/heap.cc
M src/ia32/ic-ia32.cc
M src/ic.cc
M src/objects-inl.h
M src/objects-printer.cc
M src/objects.h
M src/objects.cc
M test/mjsunit/allocation-site-info.js
A test/mjsunit/getters-on-elements.js
A + test/mjsunit/regress/respect-setters.js
A test/mjsunit/setters-on-elements.js
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
