Ensure slow properties for simple {__proto__:null} literals.

src/ast/ast.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/ast/ast.h"
 
 #include <cmath>  // For isfinite.
 
 #include "src/ast/compile-time-value.h"
 #include "src/ast/prettyprinter.h"
@@ skipping 472 matching lines @@
           property->SetSlot(spec->AddStoreICSlot(language_mode));
         }
         break;
     }
   }
 
   for (; property_index < properties()->length(); property_index++) {
     ObjectLiteral::Property* property = properties()->at(property_index);
 
     Expression* value = property->value();
-    if (property->kind() != ObjectLiteral::Property::PROTOTYPE) {
+    if (!property->IsPrototype()) {
       if (FunctionLiteral::NeedsHomeObject(value)) {
         property->SetSlot(spec->AddStoreICSlot(language_mode));
       }
     }
     property->SetStoreDataPropertySlot(
         spec->AddStoreDataPropertyInLiteralICSlot());
   }
 }
 
 
 void ObjectLiteral::CalculateEmitStore(Zone* zone) {
   const auto GETTER = ObjectLiteral::Property::GETTER;
   const auto SETTER = ObjectLiteral::Property::SETTER;
 
   ZoneAllocationPolicy allocator(zone);
 
   CustomMatcherZoneHashMap table(
       Literal::Match, ZoneHashMap::kDefaultHashMapCapacity, allocator);
   for (int i = properties()->length() - 1; i >= 0; i--) {
     ObjectLiteral::Property* property = properties()->at(i);
     if (property->is_computed_name()) continue;
-    if (property->kind() == ObjectLiteral::Property::PROTOTYPE) continue;
+    if (property->IsPrototype()) continue;
     Literal* literal = property->key()->AsLiteral();
     DCHECK(!literal->IsNullLiteral());
 
     // If there is an existing entry do not emit a store unless the previous
     // entry was also an accessor.
     uint32_t hash = literal->Hash();
     ZoneHashMap::Entry* entry = table.LookupOrInsert(literal, hash, allocator);
     if (entry->value != NULL) {
       auto previous_kind =
           static_cast<ObjectLiteral::Property*>(entry->value)->kind();
       if (!((property->kind() == GETTER && previous_kind == SETTER) ||
             (property->kind() == SETTER && previous_kind == GETTER))) {
         property->set_emit_store(false);
       }
     }
     entry->value = property;
   }
 }
 
-
-bool ObjectLiteral::IsBoilerplateProperty(ObjectLiteral::Property* property) {
-  return property != NULL &&
-         property->kind() != ObjectLiteral::Property::PROTOTYPE;
+void ObjectLiteral::InitFlagsForPendingNullPrototype(int i) {
+  // We still check for __proto__:null after computed property names.
+  for (; i < properties()->length(); i++) {
+    if (properties()->at(i)->IsNullPrototype()) {
+      set_has_null_protoype(true);
+      break;
+    }
+  }
 }
 
 void ObjectLiteral::InitDepthAndFlags() {
-  if (depth_ > 0) return;
-
-  int position = 0;
-  // Accumulate the value in local variables and store it at the end.
+  if (is_initialized()) return;
   bool is_simple = true;
+  bool has_seen_prototype = false;
   int depth_acc = 1;
+  uint32_t nof_properties = 0;
+  uint32_t elements = 0;
   uint32_t max_element_index = 0;
-  uint32_t elements = 0;
   for (int i = 0; i < properties()->length(); i++) {
     ObjectLiteral::Property* property = properties()->at(i);
-    if (!IsBoilerplateProperty(property)) {
+    if (property->IsPrototype()) {
+      has_seen_prototype = true;
+      // __proto__:null has no side-effects and is set directly on the
+      // boilerplate.
+      if (property->IsNullPrototype()) {
+        set_has_null_protoype(true);
+        continue;
+      }
+      DCHECK(!has_null_prototype());
       is_simple = false;
       continue;
     }
-
-    if (static_cast<uint32_t>(position) == boilerplate_properties_ * 2) {
+    if (nof_properties == boilerplate_properties_) {
       DCHECK(property->is_computed_name());
       is_simple = false;
+      if (!has_seen_prototype) InitFlagsForPendingNullPrototype(i);
       break;
     }
     DCHECK(!property->is_computed_name());
 
     MaterializedLiteral* m_literal = property->value()->AsMaterializedLiteral();
     if (m_literal != NULL) {
       m_literal->InitDepthAndFlags();
       if (m_literal->depth() >= depth_acc) depth_acc = m_literal->depth() + 1;
     }
 
@@ skipping 19 matching lines @@
     // literal with fast elements will be a waste of space.
     uint32_t element_index = 0;
     if (key->IsString() && key->AsString()->AsArrayIndex(&element_index)) {
       max_element_index = Max(element_index, max_element_index);
       elements++;
     } else if (key->ToUint32(&element_index) && element_index != kMaxUInt32) {
       max_element_index = Max(element_index, max_element_index);
       elements++;
     }
 
-    // Increment the position for the key and the value.
-    position += 2;
+    nof_properties++;
   }
 
-  bit_field_ = FastElementsField::update(
-      bit_field_,
-      (max_element_index <= 32) || ((2 * elements) >= max_element_index));
-  bit_field_ = HasElementsField::update(bit_field_, elements > 0);
-
+  set_fast_elements((max_element_index <= 32) ||
+                    ((2 * elements) >= max_element_index));
+  set_has_elements(elements > 0);
   set_is_simple(is_simple);
   set_depth(depth_acc);
 }
 
 void ObjectLiteral::BuildConstantProperties(Isolate* isolate) {
   if (!constant_properties_.is_null()) return;
 
   int index_keys = 0;
   bool has_seen_proto = false;
   for (int i = 0; i < properties()->length(); i++) {
     ObjectLiteral::Property* property = properties()->at(i);
-    if (!IsBoilerplateProperty(property)) {
+    if (property->IsPrototype()) {
       has_seen_proto = true;
       continue;
     }
     if (property->is_computed_name()) {
       continue;
     }
 
     Handle<Object> key = property->key()->AsLiteral()->value();
 
     uint32_t element_index = 0;
     if (key->ToArrayIndex(&element_index) ||
         (key->IsString() && String::cast(*key)->AsArrayIndex(&element_index))) {
       index_keys++;
     }
   }
 
   Handle<BoilerplateDescription> constant_properties =
       isolate->factory()->NewBoilerplateDescription(boilerplate_properties_,
                                                     properties()->length(),
                                                     index_keys, has_seen_proto);
 
   int position = 0;
   for (int i = 0; i < properties()->length(); i++) {
     ObjectLiteral::Property* property = properties()->at(i);
-    if (!IsBoilerplateProperty(property)) {
-      continue;
-    }
+    if (property->IsPrototype()) continue;
 
     if (static_cast<uint32_t>(position) == boilerplate_properties_ * 2) {
       DCHECK(property->is_computed_name());
       break;
     }
     DCHECK(!property->is_computed_name());
 
     MaterializedLiteral* m_literal = property->value()->AsMaterializedLiteral();
     if (m_literal != NULL) {
       m_literal->BuildConstants(isolate);
@@ skipping 29 matching lines @@
              ConstructorBuiltins::kMaximumClonedShallowObjectProperties;
 }
 
 ElementsKind ArrayLiteral::constant_elements_kind() const {
   return static_cast<ElementsKind>(constant_elements()->elements_kind());
 }
 
 void ArrayLiteral::InitDepthAndFlags() {
   DCHECK_LT(first_spread_index_, 0);
 
-  if (depth_ > 0) return;
+  if (is_initialized()) return;
 
   int constants_length = values()->length();
 
   // Fill in the literals.
   bool is_simple = true;
   int depth_acc = 1;
   int array_index = 0;
   for (; array_index < constants_length; array_index++) {
     Expression* element = values()->at(array_index);
     DCHECK(!element->IsSpread());
@@ skipping 428 matching lines @@
 #ifdef DEBUG
   return is_jsruntime() ? NameForNativeContextIntrinsicIndex(context_index_)
                         : function_->name;
 #else
   return is_jsruntime() ? "(context function)" : function_->name;
 #endif  // DEBUG
 }
 
 }  // namespace internal
 }  // namespace v8