| Index: src/ic/accessor-assembler.cc
|
| diff --git a/src/ic/accessor-assembler.cc b/src/ic/accessor-assembler.cc
|
| index 024fba4038ec2e876bcb297d3bed319c15c6ae09..db59ed00e585a8935df2dd5e24a78916fe95972b 100644
|
| --- a/src/ic/accessor-assembler.cc
|
| +++ b/src/ic/accessor-assembler.cc
|
| @@ -472,13 +472,13 @@
|
| miss, kOnlyProperties);
|
| }
|
|
|
| -void AccessorAssemblerImpl::HandleStoreICHandlerCase(
|
| - const StoreICParameters* p, Node* handler, Label* miss,
|
| - ElementSupport support_elements) {
|
| - Label if_smi_handler(this), if_nonsmi_handler(this);
|
| - Label if_proto_handler(this), if_element_handler(this), call_handler(this);
|
| -
|
| - Branch(TaggedIsSmi(handler), &if_smi_handler, &if_nonsmi_handler);
|
| +void AccessorAssemblerImpl::HandleStoreICHandlerCase(const StoreICParameters* p,
|
| + Node* handler,
|
| + Label* miss) {
|
| + Label if_smi_handler(this);
|
| + Label try_proto_handler(this), call_handler(this);
|
| +
|
| + Branch(TaggedIsSmi(handler), &if_smi_handler, &try_proto_handler);
|
|
|
| // |handler| is a Smi, encoding what to do. See SmiHandler methods
|
| // for the encoding format.
|
| @@ -491,22 +491,9 @@
|
| HandleStoreICSmiHandlerCase(handler_word, holder, p->value, nullptr, miss);
|
| }
|
|
|
| - Bind(&if_nonsmi_handler);
|
| - {
|
| - Node* handler_map = LoadMap(handler);
|
| - if (support_elements == kSupportElements) {
|
| - GotoIf(IsTuple2Map(handler_map), &if_element_handler);
|
| - }
|
| - Branch(IsCodeMap(handler_map), &call_handler, &if_proto_handler);
|
| - }
|
| -
|
| - if (support_elements == kSupportElements) {
|
| - Bind(&if_element_handler);
|
| - { HandleStoreICElementHandlerCase(p, handler, miss); }
|
| - }
|
| -
|
| - Bind(&if_proto_handler);
|
| - {
|
| + Bind(&try_proto_handler);
|
| + {
|
| + GotoIf(IsCodeMap(LoadMap(handler)), &call_handler);
|
| HandleStoreICProtoHandler(p, handler, miss);
|
| }
|
|
|
| @@ -517,23 +504,6 @@
|
| TailCallStub(descriptor, handler, p->context, p->receiver, p->name,
|
| p->value, p->slot, p->vector);
|
| }
|
| -}
|
| -
|
| -void AccessorAssemblerImpl::HandleStoreICElementHandlerCase(
|
| - const StoreICParameters* p, Node* handler, Label* miss) {
|
| - Comment("HandleStoreICElementHandlerCase");
|
| - Node* validity_cell = LoadObjectField(handler, Tuple2::kValue1Offset);
|
| - Node* cell_value = LoadObjectField(validity_cell, Cell::kValueOffset);
|
| - GotoIf(WordNotEqual(cell_value,
|
| - SmiConstant(Smi::FromInt(Map::kPrototypeChainValid))),
|
| - miss);
|
| -
|
| - Node* code_handler = LoadObjectField(handler, Tuple2::kValue2Offset);
|
| - CSA_ASSERT(this, IsCodeMap(LoadMap(code_handler)));
|
| -
|
| - StoreWithVectorDescriptor descriptor(isolate());
|
| - TailCallStub(descriptor, code_handler, p->context, p->receiver, p->name,
|
| - p->value, p->slot, p->vector);
|
| }
|
|
|
| void AccessorAssemblerImpl::HandleStoreICProtoHandler(
|
| @@ -1536,7 +1506,7 @@
|
| Bind(&if_handler);
|
| {
|
| Comment("KeyedStoreIC_if_handler");
|
| - HandleStoreICHandlerCase(p, var_handler.value(), &miss, kSupportElements);
|
| + HandleStoreICHandlerCase(p, var_handler.value(), &miss);
|
| }
|
|
|
| Bind(&try_polymorphic);
|
| @@ -1553,26 +1523,11 @@
|
| &var_transition_map_cell, &miss);
|
| Bind(&if_transition_handler);
|
| Comment("KeyedStoreIC_polymorphic_transition");
|
| - {
|
| - Node* handler = var_handler.value();
|
| - CSA_ASSERT(this, IsTuple2Map(LoadMap(handler)));
|
| -
|
| - // Check validity cell.
|
| - Node* validity_cell = LoadObjectField(handler, Tuple2::kValue1Offset);
|
| - Node* cell_value = LoadObjectField(validity_cell, Cell::kValueOffset);
|
| - GotoIf(WordNotEqual(cell_value,
|
| - SmiConstant(Smi::FromInt(Map::kPrototypeChainValid))),
|
| - &miss);
|
| -
|
| - Node* code_handler = LoadObjectField(handler, Tuple2::kValue2Offset);
|
| - CSA_ASSERT(this, IsCodeMap(LoadMap(code_handler)));
|
| -
|
| - Node* transition_map =
|
| - LoadWeakCellValue(var_transition_map_cell.value(), &miss);
|
| - StoreTransitionDescriptor descriptor(isolate());
|
| - TailCallStub(descriptor, code_handler, p->context, p->receiver, p->name,
|
| - transition_map, p->value, p->slot, p->vector);
|
| - }
|
| + Node* transition_map =
|
| + LoadWeakCellValue(var_transition_map_cell.value(), &miss);
|
| + StoreTransitionDescriptor descriptor(isolate());
|
| + TailCallStub(descriptor, var_handler.value(), p->context, p->receiver,
|
| + p->name, transition_map, p->value, p->slot, p->vector);
|
| }
|
|
|
| Bind(&try_megamorphic);
|
|
|
Chromium Code Reviews
Issue 2538693002:
Revert of [ic] Use validity cells to protect keyed element stores against object's prototype chain… (Closed)
