src/ic/ic.cc - Issue 2534613002: [ic] Use validity cells to protect keyed element stores against object's prototype chain modificati…

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/ic/ic.cc

Issue 2534613002: [ic] Use validity cells to protect keyed element stores against object's prototype chain modificati… (Closed)

Patch Set: The fix Created 4 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/ic/ic.cc

diff --git a/src/ic/ic.cc b/src/ic/ic.cc

index 38fe3314b0630eaf0d8e244c2e190108b6ac65b4..feef309d7ab07174bd97a8a4976d15f1840fa309 100644

--- a/src/ic/ic.cc

+++ b/src/ic/ic.cc

@@ -603,10 +603,9 @@ void IC::ConfigureVectorState(Handle<Name> name, MapHandleList* maps,

OnTypeFeedbackChanged(isolate(), get_host());

}

void IC::ConfigureVectorState(MapHandleList* maps,

MapHandleList* transitioned_maps,

- CodeHandleList* handlers) {

+ List<Handle<Object>>* handlers) {

DCHECK(UseVector());

DCHECK(kind() == Code::KEYED_STORE_IC);

KeyedStoreICNexus* nexus = casted_nexus<KeyedStoreICNexus>();

@@ -2208,7 +2207,7 @@ void KeyedStoreIC::UpdateStoreElement(Handle<Map> receiver_map,

Handle<Map> monomorphic_map =

ComputeTransitionedMap(receiver_map, store_mode);

store_mode = GetNonTransitioningStoreMode(store_mode);

- Handle<Code> handler =

+ Handle<Object> handler =

PropertyICCompiler::ComputeKeyedStoreMonomorphicHandler(monomorphic_map,

store_mode);

return ConfigureVectorState(Handle<Name>(), monomorphic_map, handler);

@@ -2242,7 +2241,7 @@ void KeyedStoreIC::UpdateStoreElement(Handle<Map> receiver_map,

// if they at least come from the same origin for a transitioning store,

// stay MONOMORPHIC and use the map for the most generic ElementsKind.

store_mode = GetNonTransitioningStoreMode(store_mode);

- Handle<Code> handler =

+ Handle<Object> handler =

PropertyICCompiler::ComputeKeyedStoreMonomorphicHandler(

transitioned_receiver_map, store_mode);

ConfigureVectorState(Handle<Name>(), transitioned_receiver_map, handler);

@@ -2256,7 +2255,7 @@ void KeyedStoreIC::UpdateStoreElement(Handle<Map> receiver_map,

// A "normal" IC that handles stores can switch to a version that can

// grow at the end of the array, handle OOB accesses or copy COW arrays

// and still stay MONOMORPHIC.

- Handle<Code> handler =

+ Handle<Object> handler =

PropertyICCompiler::ComputeKeyedStoreMonomorphicHandler(receiver_map,

store_mode);

return ConfigureVectorState(Handle<Name>(), receiver_map, handler);

@@ -2317,7 +2316,7 @@ void KeyedStoreIC::UpdateStoreElement(Handle<Map> receiver_map,

}

MapHandleList transitioned_maps(target_receiver_maps.length());

- CodeHandleList handlers(target_receiver_maps.length());

+ List<Handle<Object>> handlers(target_receiver_maps.length());

PropertyICCompiler::ComputeKeyedStorePolymorphicHandlers(

&target_receiver_maps, &transitioned_maps, &handlers, store_mode);

ConfigureVectorState(&target_receiver_maps, &transitioned_maps, &handlers);

« src/ic/accessor-assembler.cc ('K') | « src/ic/ic.h ('k') | src/ic/ic-compiler.h » ('j') | no next file with comments »