| Index: src/objects.cc
|
| diff --git a/src/objects.cc b/src/objects.cc
|
| index 88e723455be07ab6cb4787d835ea8dd9fd4305c8..4cb46b99f17543bf25200a37db2b635fd2e91925 100644
|
| --- a/src/objects.cc
|
| +++ b/src/objects.cc
|
| @@ -3991,6 +3991,22 @@ static void SetPropertyToFieldWithAttributes(LookupResult* lookup,
|
| }
|
|
|
|
|
| +static void CheckGlobalReassignmentDependency(Handle<JSObject> object,
|
| + Handle<Name> key) {
|
| + if (object->IsJSGlobalObject() && key->IsString()) {
|
| + Isolate* isolate = object->GetIsolate();
|
| + Handle<JSGlobalObject> global = Handle<JSGlobalObject>::cast(object);
|
| + Handle<String> keyString = Handle<String>::cast(key);
|
| + // Deoptimize code that assumes the global Math object
|
| + // is not reassigned
|
| + if (keyString->IsOneByteEqualTo(STATIC_ASCII_VECTOR("Math"))) {
|
| + global->map()->dependent_code()->DeoptimizeDependentCodeGroup(isolate,
|
| + DependentCode::kMathConstantGroup);
|
| + }
|
| + }
|
| +}
|
| +
|
| +
|
| Handle<Object> JSObject::SetPropertyForResult(Handle<JSObject> object,
|
| LookupResult* lookup,
|
| Handle<Name> name,
|
| @@ -4028,6 +4044,8 @@ Handle<Object> JSObject::SetPropertyForResult(Handle<JSObject> object,
|
| lookup, name, value, attributes, strict_mode, store_mode);
|
| }
|
|
|
| + CheckGlobalReassignmentDependency(object, name);
|
| +
|
| ASSERT(!lookup->IsFound() || lookup->holder() == *object ||
|
| lookup->holder()->map()->is_hidden_prototype());
|
|
|
| @@ -4164,6 +4182,8 @@ Handle<Object> JSObject::SetLocalPropertyIgnoreAttributes(
|
| name, value, attributes, value_type, mode, extensibility_check);
|
| }
|
|
|
| + CheckGlobalReassignmentDependency(object, name);
|
| +
|
| if (lookup.IsFound() &&
|
| (lookup.type() == INTERCEPTOR || lookup.type() == CALLBACKS)) {
|
| object->LocalLookupRealNamedProperty(*name, &lookup);
|
| @@ -4890,6 +4910,9 @@ Handle<Object> JSObject::SetHiddenProperty(Handle<JSObject> object,
|
| ASSERT(proxy_parent->IsJSGlobalObject());
|
| return SetHiddenProperty(Handle<JSObject>::cast(proxy_parent), key, value);
|
| }
|
| +
|
| + CheckGlobalReassignmentDependency(object, key);
|
| +
|
| ASSERT(!object->IsJSGlobalProxy());
|
|
|
| Handle<Object> inline_value(object->GetHiddenPropertiesHashTable(), isolate);
|
| @@ -4929,6 +4952,8 @@ void JSObject::DeleteHiddenProperty(Handle<JSObject> object, Handle<Name> key) {
|
| return DeleteHiddenProperty(Handle<JSObject>::cast(proto), key);
|
| }
|
|
|
| + CheckGlobalReassignmentDependency(object, key);
|
| +
|
| Object* inline_value = object->GetHiddenPropertiesHashTable();
|
|
|
| // We never delete (inline-stored) identity hashes.
|
| @@ -5224,6 +5249,8 @@ Handle<Object> JSObject::DeleteProperty(Handle<JSObject> object,
|
| handle(JSGlobalObject::cast(proto)), name, mode);
|
| }
|
|
|
| + CheckGlobalReassignmentDependency(object, name);
|
| +
|
| uint32_t index = 0;
|
| if (name->AsArrayIndex(&index)) {
|
| return DeleteElement(object, index, mode);
|
| @@ -6328,6 +6355,8 @@ void JSObject::DefineAccessor(Handle<JSObject> object,
|
| return;
|
| }
|
|
|
| + CheckGlobalReassignmentDependency(object, name);
|
| +
|
| // Make sure that the top context does not change when doing callbacks or
|
| // interceptor calls.
|
| AssertNoContextChange ncc(isolate);
|
| @@ -6516,6 +6545,8 @@ Handle<Object> JSObject::SetAccessor(Handle<JSObject> object,
|
| return SetAccessor(Handle<JSObject>::cast(proto), info);
|
| }
|
|
|
| + CheckGlobalReassignmentDependency(object, name);
|
| +
|
| // Make sure that the top context does not change when doing callbacks or
|
| // interceptor calls.
|
| AssertNoContextChange ncc(isolate);
|
|
|
Chromium Code Reviews
Issue 198533007:
Inline mathematical constants (Closed)
Base URL: https://github.com/v8/v8.git@master