Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(94)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 3117006: Handle overwriting valueOf on String objects correctly when adding... (Closed)

Created:
10 years, 4 months ago by Søren Thygesen Gjesse
Modified:
9 years, 7 months ago
CC:
v8-dev
Visibility:
Public.

Description

Handle overwriting valueOf on String objects correctly when adding This adds a check to the fast case string add to ensure that the String object still have the default valueOf function. The default valueOf is sitting on a hidden prototype of String.prototype. Before using the fast case valueOf the object is checked for a local valueOf property. For slow case objects this check always reports true (the dictionary is not probed, so valueOf might be there) and for fast case objects the descriptor array is checked for the valueOf symbol (just liniar scan). After that the prototype is checked for beeing the initial value of String.prototype. If this all pass (that is the default valueOf is still in place) this result is cached on the map making the check fast the next time. This is only implemented in the optimizing compiler, as the two usages of %_IsStringWrapperSafeForDefaultValueOf is never hit by the full compiler. I will port to x64 and ARM when this has been reviewed for ia32. I will remove the performance counters prior to final commit. BUG=http://code.google.com/p/v8/issues/detail?id=760 TEST=test/mjsunit/regress/regress-760-1.js TEST=test/mjsunit/regress/regress-760-2.js Committed: http://code.google.com/p/v8/source/detail?r=5252

Patch Set 1 #

Total comments: 6

Patch Set 2 : '' #

Patch Set 3 : '' #

Total comments: 8

Patch Set 4 : '' #

Unified diffs Side-by-side diffs Delta from patch set Stats (+635 lines, -19 lines) Patch
M src/arm/codegen-arm.h View 3 chunks +6 lines, -4 lines 0 comments Download
M src/arm/codegen-arm.cc View 2 3 1 chunk +143 lines, -0 lines 0 comments Download
M src/arm/full-codegen-arm.cc View 1 chunk +20 lines, -0 lines 0 comments Download
M src/arm/macro-assembler-arm.h View 1 chunk +3 lines, -0 lines 0 comments Download
M src/arm/macro-assembler-arm.cc View 1 chunk +7 lines, -0 lines 0 comments Download
M src/bootstrapper.cc View 1 1 chunk +8 lines, -0 lines 0 comments Download
M src/codegen.h View 1 chunk +2 lines, -1 line 0 comments Download
M src/contexts.h View 2 chunks +2 lines, -0 lines 0 comments Download
M src/full-codegen.h View 1 chunk +2 lines, -0 lines 0 comments Download
M src/full-codegen.cc View 1 chunk +3 lines, -0 lines 0 comments Download
M src/ia32/codegen-ia32.h View 3 chunks +6 lines, -4 lines 0 comments Download
M src/ia32/codegen-ia32.cc View 1 2 chunks +138 lines, -1 line 0 comments Download
M src/ia32/full-codegen-ia32.cc View 1 1 chunk +19 lines, -0 lines 0 comments Download
M src/ia32/macro-assembler-ia32.cc View 1 chunk +2 lines, -2 lines 0 comments Download
M src/objects.h View 1 chunk +1 line, -0 lines 0 comments Download
M src/runtime.js View 2 chunks +2 lines, -2 lines 0 comments Download
M src/x64/codegen-x64.h View 3 chunks +6 lines, -4 lines 0 comments Download
M src/x64/codegen-x64.cc View 2 3 1 chunk +137 lines, -0 lines 0 comments Download
M src/x64/full-codegen-x64.cc View 1 chunk +19 lines, -0 lines 0 comments Download
M src/x64/macro-assembler-x64.h View 1 chunk +3 lines, -0 lines 0 comments Download
M src/x64/macro-assembler-x64.cc View 1 chunk +8 lines, -1 line 0 comments Download
A test/mjsunit/regress/regress-760-1.js View 1 1 chunk +49 lines, -0 lines 0 comments Download
A test/mjsunit/regress/regress-760-2.js View 1 1 chunk +49 lines, -0 lines 0 comments Download

Messages

Total messages: 5 (0 generated)
Søren Thygesen Gjesse
10 years, 4 months ago (2010-08-11 08:10:09 UTC) #1
Mads Ager (chromium)
LGTM http://codereview.chromium.org/3117006/diff/1/2 File src/bootstrapper.cc (right): http://codereview.chromium.org/3117006/diff/1/2#newcode1241 src/bootstrapper.cc:1241: HeapObject::cast(string_function->initial_map()->prototype())->map()); I guess this change will only work ...
10 years, 4 months ago (2010-08-11 11:26:41 UTC) #2
Søren Thygesen Gjesse
Addressed the comments and removed the performance counters. Please check the added x64 and ARM ...
10 years, 4 months ago (2010-08-12 13:08:33 UTC) #3
Mads Ager (chromium)
LGTM http://codereview.chromium.org/3117006/diff/15024/24002 File src/arm/codegen-arm.cc (right): http://codereview.chromium.org/3117006/diff/15024/24002#newcode4825 src/arm/codegen-arm.cc:4825: __ cmp(map_result_,ip); Space after comma. http://codereview.chromium.org/3117006/diff/15024/24002#newcode4882 src/arm/codegen-arm.cc:4882: Remove ...
10 years, 4 months ago (2010-08-12 13:33:51 UTC) #4
Søren Thygesen Gjesse
10 years, 4 months ago (2010-08-12 13:42:23 UTC) #5 
http://codereview.chromium.org/3117006/diff/15024/24002
File src/arm/codegen-arm.cc (right):

http://codereview.chromium.org/3117006/diff/15024/24002#newcode4825
src/arm/codegen-arm.cc:4825: __ cmp(map_result_,ip);
On 2010/08/12 13:33:51, Mads Ager wrote:
> Space after comma.

Done.

http://codereview.chromium.org/3117006/diff/15024/24002#newcode4882
src/arm/codegen-arm.cc:4882: 
On 2010/08/12 13:33:51, Mads Ager wrote:
> Remove these lines?

Done.

http://codereview.chromium.org/3117006/diff/15024/24002#newcode4893
src/arm/codegen-arm.cc:4893: // Set the bit in the map to indicate that it has
been checked safe for
On 2010/08/12 13:33:51, Mads Ager wrote:
> Add a line before this comment instead?

Done.

http://codereview.chromium.org/3117006/diff/15024/24018
File src/x64/codegen-x64.cc (right):

http://codereview.chromium.org/3117006/diff/15024/24018#newcode6086
src/x64/codegen-x64.cc:6086: Operand(map_result_, index.reg, index.scale,
FixedArray::kHeaderSize));
On 2010/08/12 13:33:51, Mads Ager wrote:
> Long line.

Done.

Powered by Google App Engine
This is Rietveld 408576698