[ic] Use validity cells to protect keyed element stores against object's prototype chain modificati…

[ic] Use validity cells to protect keyed element stores against object's prototype chain modifications.

... instead of clearing of all the KeyedStoreICs which didn't always work.

BUG=chromium:662907, chromium:669411, v8:5561
TBR=verwaest@chromium.org, bmeurer@chromium.org

Committed: https://crrev.com/a39522f44f7e0be4686831688917e9675255dcaf
Committed: https://crrev.com/39e6f2ca4a2bdc39bd0291db944f0728bd527c5c
Cr-Original-Commit-Position: refs/heads/master@{#41332}
Cr-Commit-Position: refs/heads/master@{#41449}

[Igor Sheludko, 2016-11-25 15:00:09]

Description was changed from

==========
[ic] Use validity cells to protect keyed element stores against object's
prototype chain modifications.

... instead of clearing of all the KeyedStoreICs which didn't work well.

BUG=chromium:662907, v8:5561
==========

to

==========
[ic] Use validity cells to protect keyed element stores against object's
prototype chain modifications.

... instead of clearing of all the KeyedStoreICs which didn't always work.

BUG=chromium:662907, v8:5561
==========

[Igor Sheludko, 2016-11-25 15:09:09]

The CQ bit was checked by ishell@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-11-25 15:09:17]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-11-25 15:10:48]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-11-25 15:10:49]

Dry run: Try jobs failed on following builders:
  v8_android_arm_compile_rel on master.tryserver.v8 (JOB_FAILED,
http://build.chromium.org/p/tryserver.v8/builders/v8_android_arm_compile_rel/...)
  v8_linux64_asan_rel_ng on master.tryserver.v8 (JOB_FAILED,
http://build.chromium.org/p/tryserver.v8/builders/v8_linux64_asan_rel_ng/buil...)
  v8_linux64_avx2_rel_ng on master.tryserver.v8 (JOB_FAILED,
http://build.chromium.org/p/tryserver.v8/builders/v8_linux64_avx2_rel_ng/buil...)
  v8_linux64_gyp_rel_ng on master.tryserver.v8 (JOB_FAILED,
http://build.chromium.org/p/tryserver.v8/builders/v8_linux64_gyp_rel_ng/build...)
  v8_linux64_rel_ng on master.tryserver.v8 (JOB_FAILED,
http://build.chromium.org/p/tryserver.v8/builders/v8_linux64_rel_ng/builds/16871)
  v8_linux_arm64_rel_ng on master.tryserver.v8 (JOB_FAILED,
http://build.chromium.org/p/tryserver.v8/builders/v8_linux_arm64_rel_ng/build...)
  v8_linux_arm_rel_ng on master.tryserver.v8 (JOB_FAILED,
http://build.chromium.org/p/tryserver.v8/builders/v8_linux_arm_rel_ng/builds/...)
  v8_linux_dbg_ng on master.tryserver.v8 (JOB_FAILED,
http://build.chromium.org/p/tryserver.v8/builders/v8_linux_dbg_ng/builds/16921)
  v8_linux_mips64el_compile_rel on master.tryserver.v8 (JOB_FAILED,
http://build.chromium.org/p/tryserver.v8/builders/v8_linux_mips64el_compile_r...)
  v8_linux_mipsel_compile_rel on master.tryserver.v8 (JOB_FAILED,
http://build.chromium.org/p/tryserver.v8/builders/v8_linux_mipsel_compile_rel...)
  v8_linux_nodcheck_rel_ng on master.tryserver.v8 (JOB_FAILED,
http://build.chromium.org/p/tryserver.v8/builders/v8_linux_nodcheck_rel_ng/bu...)
  v8_linux_rel_ng on master.tryserver.v8 (JOB_FAILED,
http://build.chromium.org/p/tryserver.v8/builders/v8_linux_rel_ng/builds/16829)
  v8_presubmit on master.tryserver.v8 (JOB_FAILED,
http://build.chromium.org/p/tryserver.v8/builders/v8_presubmit/builds/29397)

[Igor Sheludko, 2016-11-25 15:29:19]

Patchset #1 (id:1) has been deleted

[Igor Sheludko, 2016-11-25 15:29:24]

The CQ bit was checked by ishell@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-11-25 15:29:28]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-11-25 15:57:55]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-11-25 15:57:56]

Dry run: This issue passed the CQ dry run.

[Igor Sheludko, 2016-11-28 11:04:01]

ishell@chromium.org changed reviewers:
+ jkummerow@chromium.org

[Igor Sheludko, 2016-11-28 11:04:01]

PTAL

[Jakob Kummerow, 2016-11-28 18:48:05]

LGTM with two nits and an appreciation :-)

https://codereview.chromium.org/2534613002/diff/20001/src/ic/accessor-assembl...
File src/ic/accessor-assembler.cc (right):

https://codereview.chromium.org/2534613002/diff/20001/src/ic/accessor-assembl...
src/ic/accessor-assembler.cc:1561: // HandleStoreICElementHandlerCase(p,
handler, miss);
leftover?

https://codereview.chromium.org/2534613002/diff/20001/src/objects.cc
File src/objects.cc (right):

https://codereview.chromium.org/2534613002/diff/20001/src/objects.cc#newcode6156
src/objects.cc:6156: // TODO(verwaest): Remove this hack.
I think you're addressing this TODO :-)

https://codereview.chromium.org/2534613002/diff/20001/src/type-feedback-vecto...
File src/type-feedback-vector.cc (left):

https://codereview.chromium.org/2534613002/diff/20001/src/type-feedback-vecto...
src/type-feedback-vector.cc:330: void
TypeFeedbackVector::ClearAllKeyedStoreICs(Isolate* isolate) {
\o/

[Igor Sheludko, 2016-11-28 22:25:54]

https://codereview.chromium.org/2534613002/diff/20001/src/ic/accessor-assembl...
File src/ic/accessor-assembler.cc (right):

https://codereview.chromium.org/2534613002/diff/20001/src/ic/accessor-assembl...
src/ic/accessor-assembler.cc:1561: // HandleStoreICElementHandlerCase(p,
handler, miss);
On 2016/11/28 18:48:05, Jakob Kummerow wrote:
> leftover?

Done.

https://codereview.chromium.org/2534613002/diff/20001/src/objects.cc
File src/objects.cc (right):

https://codereview.chromium.org/2534613002/diff/20001/src/objects.cc#newcode6156
src/objects.cc:6156: // TODO(verwaest): Remove this hack.
On 2016/11/28 18:48:05, Jakob Kummerow wrote:
> I think you're addressing this TODO :-)

Done.

https://codereview.chromium.org/2534613002/diff/20001/src/type-feedback-vecto...
File src/type-feedback-vector.cc (left):

https://codereview.chromium.org/2534613002/diff/20001/src/type-feedback-vecto...
src/type-feedback-vector.cc:330: void
TypeFeedbackVector::ClearAllKeyedStoreICs(Isolate* isolate) {
On 2016/11/28 18:48:05, Jakob Kummerow wrote:
> \o/

:)

[Igor Sheludko, 2016-11-28 22:26:05]

The CQ bit was checked by ishell@chromium.org

[Igor Sheludko, 2016-11-28 22:26:07]

The patchset sent to the CQ was uploaded after l-g-t-m from
jkummerow@chromium.org
Link to the patchset: https://codereview.chromium.org/2534613002/#ps40001
(title: "Addressing comments")

[commit-bot: I haz the power, 2016-11-28 22:26:08]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-11-28 22:29:17]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-11-28 22:29:18]

Try jobs failed on following builders:
  v8_presubmit on master.tryserver.v8 (JOB_FAILED,
http://build.chromium.org/p/tryserver.v8/builders/v8_presubmit/builds/29514)

[Igor Sheludko, 2016-11-28 22:33:02]

Description was changed from

==========
[ic] Use validity cells to protect keyed element stores against object's
prototype chain modifications.

... instead of clearing of all the KeyedStoreICs which didn't always work.

BUG=chromium:662907, v8:5561
==========

to

==========
[ic] Use validity cells to protect keyed element stores against object's
prototype chain modifications.

... instead of clearing of all the KeyedStoreICs which didn't always work.

BUG=chromium:662907, v8:5561
TBR=verwaest@chromium.org, bmeurer@chromium.org
==========

[Igor Sheludko, 2016-11-28 22:33:06]

The CQ bit was checked by ishell@chromium.org

[commit-bot: I haz the power, 2016-11-28 22:33:16]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-11-28 22:56:36]

CQ is committing da patch.

Bot data: {"patchset_id": 40001, "attempt_start_ts": 1480372386829300,
"parent_rev": "69851fa822e5906c87282702e1965c4b6a83a847", "commit_rev":
"b2f9d36d447082da445b052b156468c97b72ea23"}

[commit-bot: I haz the power, 2016-11-28 22:56:39]

Description was changed from

==========
[ic] Use validity cells to protect keyed element stores against object's
prototype chain modifications.

... instead of clearing of all the KeyedStoreICs which didn't always work.

BUG=chromium:662907, v8:5561
TBR=verwaest@chromium.org, bmeurer@chromium.org
==========

to

==========
[ic] Use validity cells to protect keyed element stores against object's
prototype chain modifications.

... instead of clearing of all the KeyedStoreICs which didn't always work.

BUG=chromium:662907, v8:5561
TBR=verwaest@chromium.org, bmeurer@chromium.org
==========

[commit-bot: I haz the power, 2016-11-28 22:56:40]

Committed patchset #2 (id:40001)

[commit-bot: I haz the power, 2016-11-28 22:57:01]

Description was changed from

==========
[ic] Use validity cells to protect keyed element stores against object's
prototype chain modifications.

... instead of clearing of all the KeyedStoreICs which didn't always work.

BUG=chromium:662907, v8:5561
TBR=verwaest@chromium.org, bmeurer@chromium.org
==========

to

==========
[ic] Use validity cells to protect keyed element stores against object's
prototype chain modifications.

... instead of clearing of all the KeyedStoreICs which didn't always work.

BUG=chromium:662907, v8:5561
TBR=verwaest@chromium.org, bmeurer@chromium.org

Committed: https://crrev.com/a39522f44f7e0be4686831688917e9675255dcaf
Cr-Commit-Position: refs/heads/master@{#41332}
==========

[commit-bot: I haz the power, 2016-11-28 22:57:01]

Patchset 2 (id:??) landed as
https://crrev.com/a39522f44f7e0be4686831688917e9675255dcaf
Cr-Commit-Position: refs/heads/master@{#41332}

[Michael Achenbach, 2016-11-29 08:49:00]

A revert of this CL (patchset #2 id:40001) has been created in
https://codereview.chromium.org/2538693002/ by machenbach@chromium.org.

The reason for reverting is: Layout test crashes:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/bui....

[mvstanton, 2016-11-30 13:44:21]

mvstanton@chromium.org changed reviewers:
+ mvstanton@chromium.org

[mvstanton, 2016-11-30 13:44:21]

Huge thanks on this one! :D Good luck on the layout test issue... :p

[Igor Sheludko, 2016-11-30 15:42:06]

Description was changed from

==========
[ic] Use validity cells to protect keyed element stores against object's
prototype chain modifications.

... instead of clearing of all the KeyedStoreICs which didn't always work.

BUG=chromium:662907, v8:5561
TBR=verwaest@chromium.org, bmeurer@chromium.org

Committed: https://crrev.com/a39522f44f7e0be4686831688917e9675255dcaf
Cr-Commit-Position: refs/heads/master@{#41332}
==========

to

==========
[ic] Use validity cells to protect keyed element stores against object's
prototype chain modifications.

... instead of clearing of all the KeyedStoreICs which didn't always work.

BUG=chromium:662907, v8:5561
TBR=verwaest@chromium.org, bmeurer@chromium.org

Committed: https://crrev.com/a39522f44f7e0be4686831688917e9675255dcaf
Cr-Commit-Position: refs/heads/master@{#41332}
==========

[Igor Sheludko, 2016-12-01 23:43:56]

Patchset #3 (id:60001) has been deleted

[Igor Sheludko, 2016-12-01 23:58:07]

Description was changed from

==========
[ic] Use validity cells to protect keyed element stores against object's
prototype chain modifications.

... instead of clearing of all the KeyedStoreICs which didn't always work.

BUG=chromium:662907, v8:5561
TBR=verwaest@chromium.org, bmeurer@chromium.org

Committed: https://crrev.com/a39522f44f7e0be4686831688917e9675255dcaf
Cr-Commit-Position: refs/heads/master@{#41332}
==========

to

==========
[ic] Use validity cells to protect keyed element stores against object's
prototype chain modifications.

... instead of clearing of all the KeyedStoreICs which didn't always work.

BUG=chromium:662907, chromium:669411, v8:5561
TBR=verwaest@chromium.org, bmeurer@chromium.org

Committed: https://crrev.com/a39522f44f7e0be4686831688917e9675255dcaf
Cr-Commit-Position: refs/heads/master@{#41332}
==========

[Igor Sheludko, 2016-12-01 23:59:45]

The CQ bit was checked by ishell@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-12-01 23:59:52]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Igor Sheludko, 2016-12-02 00:05:07]

The CQ bit was unchecked by ishell@chromium.org

[Igor Sheludko, 2016-12-02 09:32:36]

PTAL again.

https://codereview.chromium.org/2534613002/diff/100001/src/ic/accessor-assemb...
File src/ic/accessor-assembler.cc (right):

https://codereview.chromium.org/2534613002/diff/100001/src/ic/accessor-assemb...
src/ic/accessor-assembler.cc:498: Branch(IsCodeMap(handler_map), &call_handler,
&if_proto_handler);
StoreIC still supports code handlers if IsTuple2() check fails.

[Jakob Kummerow, 2016-12-02 09:59:54]

Patch set 4 LGTM.

[Igor Sheludko, 2016-12-02 10:00:18]

The CQ bit was checked by ishell@chromium.org

[commit-bot: I haz the power, 2016-12-02 10:00:32]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-12-02 10:03:19]

CQ is committing da patch.

Bot data: {"patchset_id": 100001, "attempt_start_ts": 1480672818944080,
"parent_rev": "9e9ee9c6891159d1e18af14c3775e564760b34e7", "commit_rev":
"59553f78b386d965c3b5512d26881f85e9a5055e"}

[commit-bot: I haz the power, 2016-12-02 10:03:22]

Description was changed from

==========
[ic] Use validity cells to protect keyed element stores against object's
prototype chain modifications.

... instead of clearing of all the KeyedStoreICs which didn't always work.

BUG=chromium:662907, chromium:669411, v8:5561
TBR=verwaest@chromium.org, bmeurer@chromium.org

Committed: https://crrev.com/a39522f44f7e0be4686831688917e9675255dcaf
Cr-Commit-Position: refs/heads/master@{#41332}
==========

to

==========
[ic] Use validity cells to protect keyed element stores against object's
prototype chain modifications.

... instead of clearing of all the KeyedStoreICs which didn't always work.

BUG=chromium:662907, chromium:669411, v8:5561
TBR=verwaest@chromium.org, bmeurer@chromium.org

Committed: https://crrev.com/a39522f44f7e0be4686831688917e9675255dcaf
Cr-Commit-Position: refs/heads/master@{#41332}
==========

[commit-bot: I haz the power, 2016-12-02 10:03:24]

Committed patchset #4 (id:100001)

[commit-bot: I haz the power, 2016-12-02 10:03:38]

Description was changed from

==========
[ic] Use validity cells to protect keyed element stores against object's
prototype chain modifications.

... instead of clearing of all the KeyedStoreICs which didn't always work.

BUG=chromium:662907, chromium:669411, v8:5561
TBR=verwaest@chromium.org, bmeurer@chromium.org

Committed: https://crrev.com/a39522f44f7e0be4686831688917e9675255dcaf
Cr-Commit-Position: refs/heads/master@{#41332}
==========

to

==========
[ic] Use validity cells to protect keyed element stores against object's
prototype chain modifications.

... instead of clearing of all the KeyedStoreICs which didn't always work.

BUG=chromium:662907, chromium:669411, v8:5561
TBR=verwaest@chromium.org, bmeurer@chromium.org

Committed: https://crrev.com/a39522f44f7e0be4686831688917e9675255dcaf
Committed: https://crrev.com/39e6f2ca4a2bdc39bd0291db944f0728bd527c5c
Cr-Original-Commit-Position: refs/heads/master@{#41332}
Cr-Commit-Position: refs/heads/master@{#41449}
==========

[commit-bot: I haz the power, 2016-12-02 10:03:39]

Patchset 4 (id:??) landed as
https://crrev.com/39e6f2ca4a2bdc39bd0291db944f0728bd527c5c
Cr-Commit-Position: refs/heads/master@{#41449}