src/ic/ic.cc - Issue 2482913002: [ic] Resurrect access checks for primitive and global proxy receivers.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/ic/ic.cc

Issue 2482913002: [ic] Resurrect access checks for primitive and global proxy receivers. (Closed)

Patch Set: Addressing comments Created 4 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/ic/ic.cc

diff --git a/src/ic/ic.cc b/src/ic/ic.cc

index 59b1a652a2fae50264d37b9c02db9a2e58192b58..ac0a11f9dd78124700e156cf0527a091aa25d423 100644

--- a/src/ic/ic.cc

+++ b/src/ic/ic.cc

@@ -868,6 +868,21 @@ int InitPrototypeChecks(Isolate* isolate, Handle<Map> receiver_map,

HandleScope scope(isolate);

int checks_count = 0;

+ if (receiver_map->IsPrimitiveMap() || receiver_map->IsJSGlobalProxyMap()) {

+ // The validity cell check for primitive and global proxy receivers does

+ // not guarantee that certain native context ever had access to other

+ // native context. However, a handler created for one native context could

+ // be used in other native context through the megamorphic stub cache.

+ // So we record the original native context to which this handler

+ // corresponds.

+ if (fill_array) {

+ Handle<Context> native_context = isolate->native_context();

+ array->set(LoadHandler::kFirstPrototypeIndex + checks_count,

+ native_context->self_weak_cell());

+ }

+ checks_count++;

+ }

// Create/count entries for each global or dictionary prototype appeared in

// the prototype chain contains from receiver till holder.

for (PrototypeIterator iter(receiver_map); !iter.IsAtEnd(); iter.Advance()) {

@@ -917,9 +932,13 @@ Handle<Object> LoadIC::LoadFromPrototype(Handle<Map> receiver_map,

Handle<Object> smi_handler) {

int checks_count = GetPrototypeCheckCount(receiver_map, holder);

DCHECK_LE(0, checks_count);

+ DCHECK(!receiver_map->IsJSGlobalObjectMap());

- if (receiver_map->IsJSGlobalObjectMap()) {

- UNREACHABLE();

+ if (receiver_map->IsPrimitiveMap() || receiver_map->IsJSGlobalProxyMap()) {

+ DCHECK(!receiver_map->is_dictionary_map());

+ DCHECK_LE(1, checks_count); // For native context.

+ smi_handler =

+ LoadHandler::EnableAccessCheckOnReceiver(isolate(), smi_handler);

} else if (receiver_map->is_dictionary_map()) {

smi_handler =

LoadHandler::EnableNegativeLookupOnReceiver(isolate(), smi_handler);

@@ -956,6 +975,13 @@ Handle<Object> LoadIC::LoadNonExistent(Handle<Map> receiver_map,

Handle<Object> smi_handler = LoadHandler::LoadNonExistent(

isolate(), receiver_map->is_dictionary_map());

+ if (receiver_map->IsPrimitiveMap() || receiver_map->IsJSGlobalProxyMap()) {

+ DCHECK(!receiver_map->is_dictionary_map());

+ DCHECK_LE(1, checks_count); // For native context.

+ smi_handler =

+ LoadHandler::EnableAccessCheckOnReceiver(isolate(), smi_handler);

+ }

Handle<Object> validity_cell =

Map::GetOrCreatePrototypeChainValidityCell(receiver_map, isolate());

if (validity_cell.is_null()) {

« no previous file with comments | « src/ic/ia32/handler-compiler-ia32.cc ('k') | src/ic/mips/handler-compiler-mips.cc » ('j') | no next file with comments »