Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/ic/ic.cc

Issue 2058063002: Fix stale IC::receiver_map_ after prototype fastification (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | test/mjsunit/regress/regress-crbug-618845.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/ic/ic.h" 5 #include "src/ic/ic.h"
6 6
7 #include "src/accessors.h" 7 #include "src/accessors.h"
8 #include "src/api-arguments-inl.h" 8 #include "src/api-arguments-inl.h"
9 #include "src/api.h" 9 #include "src/api.h"
10 #include "src/arguments.h" 10 #include "src/arguments.h"
(...skipping 633 matching lines...) Expand 10 before | Expand all | Expand 10 after
644 TRACE_HANDLER_STATS(isolate(), LoadIC_LoadScriptContextFieldStub); 644 TRACE_HANDLER_STATS(isolate(), LoadIC_LoadScriptContextFieldStub);
645 LoadScriptContextFieldStub stub(isolate(), &lookup_result); 645 LoadScriptContextFieldStub stub(isolate(), &lookup_result);
646 PatchCache(name, stub.GetCode()); 646 PatchCache(name, stub.GetCode());
647 } 647 }
648 return result; 648 return result;
649 } 649 }
650 } 650 }
651 651
652 if (state() != UNINITIALIZED) { 652 if (state() != UNINITIALIZED) {
653 JSObject::MakePrototypesFast(object, kStartAtReceiver, isolate()); 653 JSObject::MakePrototypesFast(object, kStartAtReceiver, isolate());
654 update_receiver_map(object);
654 } 655 }
655 // Named lookup in the object. 656 // Named lookup in the object.
656 LookupIterator it(object, name); 657 LookupIterator it(object, name);
657 LookupForRead(&it); 658 LookupForRead(&it);
658 659
659 if (it.IsFound() || !ShouldThrowReferenceError(object)) { 660 if (it.IsFound() || !ShouldThrowReferenceError(object)) {
660 // Update inline cache and stub cache. 661 // Update inline cache and stub cache.
661 if (use_ic) UpdateCaches(&it); 662 if (use_ic) UpdateCaches(&it);
662 663
663 // Get the property. 664 // Get the property.
(...skipping 2286 matching lines...) Expand 10 before | Expand all | Expand 10 after
2950 DCHECK_EQ(FeedbackVectorSlotKind::KEYED_LOAD_IC, 2951 DCHECK_EQ(FeedbackVectorSlotKind::KEYED_LOAD_IC,
2951 vector->GetKind(vector_slot)); 2952 vector->GetKind(vector_slot));
2952 KeyedLoadICNexus nexus(vector, vector_slot); 2953 KeyedLoadICNexus nexus(vector, vector_slot);
2953 KeyedLoadIC ic(IC::EXTRA_CALL_FRAME, isolate, &nexus); 2954 KeyedLoadIC ic(IC::EXTRA_CALL_FRAME, isolate, &nexus);
2954 ic.UpdateState(receiver, key); 2955 ic.UpdateState(receiver, key);
2955 RETURN_RESULT_OR_FAILURE(isolate, ic.Load(receiver, key)); 2956 RETURN_RESULT_OR_FAILURE(isolate, ic.Load(receiver, key));
2956 } 2957 }
2957 } 2958 }
2958 } // namespace internal 2959 } // namespace internal
2959 } // namespace v8 2960 } // namespace v8
OLDNEW
« no previous file with comments | « no previous file | test/mjsunit/regress/regress-crbug-618845.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698