Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(473)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/ic/ic.cc

Issue 1221433010: Move compatible receiver check from CompileHandler to UpdateCaches (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: updates Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | test/cctest/test-api.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/ic/ic.cc
diff --git a/src/ic/ic.cc b/src/ic/ic.cc
index 52c4732e81ee7866bd2d49550a55cf330d79c123..9f75af8eb3c27be29f79626fe66718d4ad1e5fb0 100644
--- a/src/ic/ic.cc
+++ b/src/ic/ic.cc
@@ -1035,7 +1035,39 @@ void LoadIC::UpdateCaches(LookupIterator* lookup) {
code = slow_stub();
}
} else {
- code = ComputeHandler(lookup);
+ if (lookup->state() == LookupIterator::ACCESSOR) {
+ Handle<Object> accessors = lookup->GetAccessors();
+ Handle<Map> map = receiver_map();
+ if (accessors->IsExecutableAccessorInfo()) {
+ Handle<ExecutableAccessorInfo> info =
+ Handle<ExecutableAccessorInfo>::cast(accessors);
+ if ((v8::ToCData<Address>(info->getter()) != 0) &&
+ !ExecutableAccessorInfo::IsCompatibleReceiverMap(isolate(), info,
+ map)) {
+ TRACE_GENERIC_IC(isolate(), "LoadIC", "incompatible receiver type");
+ code = slow_stub();
+ }
+ } else if (accessors->IsAccessorPair()) {
+ Handle<Object> getter(Handle<AccessorPair>::cast(accessors)->getter(),
+ isolate());
+ Handle<JSObject> holder = lookup->GetHolder<JSObject>();
+ Handle<Object> receiver = lookup->GetReceiver();
+ if (getter->IsJSFunction() && holder->HasFastProperties()) {
+ Handle<JSFunction> function = Handle<JSFunction>::cast(getter);
+ if (receiver->IsJSObject() || function->IsBuiltin() ||
+ !is_sloppy(function->shared()->language_mode())) {
+ CallOptimization call_optimization(function);
+ if (call_optimization.is_simple_api_call() &&
+ !call_optimization.IsCompatibleReceiver(receiver, holder)) {
+ TRACE_GENERIC_IC(isolate(), "LoadIC",
+ "incompatible receiver type");
+ code = slow_stub();
+ }
+ }
+ }
+ }
+ }
+ if (code.is_null()) code = ComputeHandler(lookup);
}
PatchCache(lookup->name(), code);
@@ -1165,6 +1197,8 @@ Handle<Code> LoadIC::CompileHandler(LookupIterator* lookup,
if (v8::ToCData<Address>(info->getter()) == 0) break;
if (!ExecutableAccessorInfo::IsCompatibleReceiverMap(isolate(), info,
map)) {
+ // This case should be already handled in LoadIC::UpdateCaches.
+ UNREACHABLE();
break;
}
if (!holder->HasFastProperties()) break;
@@ -1185,10 +1219,14 @@ Handle<Code> LoadIC::CompileHandler(LookupIterator* lookup,
}
CallOptimization call_optimization(function);
NamedLoadHandlerCompiler compiler(isolate(), map, holder, cache_holder);
- if (call_optimization.is_simple_api_call() &&
- call_optimization.IsCompatibleReceiver(receiver, holder)) {
- return compiler.CompileLoadCallback(lookup->name(), call_optimization,
- lookup->GetAccessorIndex());
+ if (call_optimization.is_simple_api_call()) {
+ if (call_optimization.IsCompatibleReceiver(receiver, holder)) {
+ return compiler.CompileLoadCallback(
+ lookup->name(), call_optimization, lookup->GetAccessorIndex());
+ } else {
+ // This case should be already handled in LoadIC::UpdateCaches.
+ UNREACHABLE();
+ }
}
int expected_arguments =
function->shared()->internal_formal_parameter_count();
« no previous file with comments | « no previous file | test/cctest/test-api.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698