src/x64/stub-cache-x64.cc - Issue 12810006: Change LookupForWrite to always do a full lookup and check the result.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/x64/stub-cache-x64.cc

Issue 12810006: Change LookupForWrite to always do a full lookup and check the result. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge

Patch Set: Check callbacks in the prototype chain before looking for transitions. Fix !IsReadOnly Created 7 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/x64/stub-cache-x64.cc

diff --git a/src/x64/stub-cache-x64.cc b/src/x64/stub-cache-x64.cc

index 69d7a91b2dcf6265affd0a86490c07b5c02aa70a..93fcc6745881dfba6368578fd300e1b84141f542 100644

--- a/src/x64/stub-cache-x64.cc

+++ b/src/x64/stub-cache-x64.cc

@@ -716,7 +716,7 @@ void BaseStoreStubCompiler::GenerateRestoreName(MacroAssembler* masm,

// but may be destroyed if store is successful.

void StubCompiler::GenerateStoreField(MacroAssembler* masm,

Handle<JSObject> object,

- int index,

+ LookupResult* lookup,

Handle<Map> transition,

Handle<Name> name,

@@ -726,16 +726,6 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm,

Label* miss_label,

Label* miss_restore_name) {

- LookupResult lookup(masm->isolate());

- object->Lookup(*name, &lookup);

- if (lookup.IsFound() && (lookup.IsReadOnly() || !lookup.IsCacheable())) {

- // In sloppy mode, we could just return the value and be done. However, we

- // might be in strict mode, where we have to throw. Since we cannot tell,

- // go into slow case unconditionally.

- __ jmp(miss_label);

- return;

- }

// Check that the map of the object hasn't changed.

CompareMapMode mode = transition.is_null() ? ALLOW_ELEMENT_TRANSITION_MAPS

: REQUIRE_EXACT_MAP;

@@ -750,8 +740,8 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm,

// Check that we are allowed to write this.

if (!transition.is_null() && object->GetPrototype()->IsJSObject()) {

JSObject* holder;

- if (lookup.IsFound()) {

- holder = lookup.holder();

+ if (lookup->IsFound()) {

+ holder = lookup->holder();

} else {

// Find the top object.

holder = *object;

@@ -784,6 +774,7 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm,

return;

}

+ int index;

if (!transition.is_null()) {

// Update the map of the object.

__ Move(scratch1, transition);

@@ -798,6 +789,10 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm,

kDontSaveFPRegs,

OMIT_REMEMBERED_SET,

OMIT_SMI_CHECK);

+ index = transition->instance_descriptors()->GetFieldIndex(

+ transition->LastAdded());

+ } else {

+ index = lookup->GetFieldIndex().field_index();

}

// Adjust for the number of properties stored in the object. Even in the

« src/ic.cc ('K') | « src/stub-cache.cc ('k') | test/mjsunit/regress/readonly1.js » ('j') | test/mjsunit/regress/readonly1.js » ('J')