src/ic.cc - Issue 194623005: 350884: KeyedStoreIC miss didn't handle a transitioning case.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/ic.cc

Issue 194623005: 350884: KeyedStoreIC miss didn't handle a transitioning case. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge

Patch Set: Created 6 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/ic.cc

diff --git a/src/ic.cc b/src/ic.cc

index 033246fa075229266e3a6c332109f1bb8ac48fdf..d78651ef05f8243d6ea2759e15ee43f880d64b47 100644

--- a/src/ic.cc

+++ b/src/ic.cc

@@ -1435,19 +1435,19 @@ Handle<Code> KeyedStoreIC::StoreElementStub(Handle<JSObject> receiver,

KeyedStoreIC::GetKeyedAccessStoreMode(target()->extra_ic_state());

Handle<Map> previous_receiver_map = target_receiver_maps.at(0);

if (state() == MONOMORPHIC) {

- // If the "old" and "new" maps are in the same elements map family, stay

- // MONOMORPHIC and use the map for the most generic ElementsKind.

- Handle<Map> transitioned_receiver_map = receiver_map;

if (IsTransitionStoreMode(store_mode)) {

- transitioned_receiver_map =

+ // If the "old" and "new" maps are in the same elements map family, or

+ // if they at least come from the same origin for a transitioning store,

+ // stay MONOMORPHIC and use the map for the most generic ElementsKind.

+ Handle<Map> transitioned_receiver_map =

ComputeTransitionedMap(receiver, store_mode);

- }

- if (IsTransitionOfMonomorphicTarget(

- MapToType<HeapType>(transitioned_receiver_map, isolate()))) {

- // Element family is the same, use the "worst" case map.

- store_mode = GetNonTransitioningStoreMode(store_mode);

- return isolate()->stub_cache()->ComputeKeyedStoreElement(

- transitioned_receiver_map, strict_mode(), store_mode);

+ if (*previous_receiver_map == receiver->map() ||

+ IsTransitionOfMonomorphicTarget(

+ MapToType<HeapType>(transitioned_receiver_map, isolate()))) {

+ store_mode = GetNonTransitioningStoreMode(store_mode);

+ return isolate()->stub_cache()->ComputeKeyedStoreElement(

+ transitioned_receiver_map, strict_mode(), store_mode);

+ }

} else if (*previous_receiver_map == receiver->map() &&

old_store_mode == STANDARD_STORE &&

(IsGrowStoreMode(store_mode) ||

« no previous file with comments | « no previous file | test/mjsunit/regress/regress-350884.js » ('j') | no next file with comments »