Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(121)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/ic/ic.cc

Issue 2548753003: [ic] Ensure state of load/store ICs always progresses. (Closed)
Patch Set: Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/counters.h ('k') | test/mjsunit/regress/regress-v8-5697.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/ic/ic.h" 5 #include "src/ic/ic.h"
6 6
7 #include <iostream> 7 #include <iostream>
8 8
9 #include "src/accessors.h" 9 #include "src/accessors.h"
10 #include "src/api-arguments-inl.h" 10 #include "src/api-arguments-inl.h"
(...skipping 603 matching lines...) Expand 10 before | Expand all | Expand 10 after
614 614
615 vector_set_ = true; 615 vector_set_ = true;
616 OnTypeFeedbackChanged(isolate(), get_host()); 616 OnTypeFeedbackChanged(isolate(), get_host());
617 } 617 }
618 618
619 619
620 MaybeHandle<Object> LoadIC::Load(Handle<Object> object, Handle<Name> name) { 620 MaybeHandle<Object> LoadIC::Load(Handle<Object> object, Handle<Name> name) {
621 // If the object is undefined or null it's illegal to try to get any 621 // If the object is undefined or null it's illegal to try to get any
622 // of its properties; throw a TypeError in that case. 622 // of its properties; throw a TypeError in that case.
623 if (object->IsUndefined(isolate()) || object->IsNull(isolate())) { 623 if (object->IsUndefined(isolate()) || object->IsNull(isolate())) {
624 if (FLAG_use_ic && state() != UNINITIALIZED && state() != PREMONOMORPHIC) {
625 // Ensure the IC state progresses.
626 TRACE_HANDLER_STATS(isolate(), LoadIC_NonReceiver);
627 update_receiver_map(object);
628 PatchCache(name, slow_stub());
629 TRACE_IC("LoadIC", name);
630 }
624 return TypeError(MessageTemplate::kNonObjectPropertyLoad, object, name); 631 return TypeError(MessageTemplate::kNonObjectPropertyLoad, object, name);
625 } 632 }
626 633
627 bool use_ic = MigrateDeprecated(object) ? false : FLAG_use_ic; 634 bool use_ic = MigrateDeprecated(object) ? false : FLAG_use_ic;
628 635
629 if (state() != UNINITIALIZED) { 636 if (state() != UNINITIALIZED) {
630 JSObject::MakePrototypesFast(object, kStartAtReceiver, isolate()); 637 JSObject::MakePrototypesFast(object, kStartAtReceiver, isolate());
631 update_receiver_map(object); 638 update_receiver_map(object);
632 } 639 }
633 // Named lookup in the object. 640 // Named lookup in the object.
(...skipping 1180 matching lines...) Expand 10 before | Expand all | Expand 10 after
1814 Handle<Object> result; 1821 Handle<Object> result;
1815 ASSIGN_RETURN_ON_EXCEPTION( 1822 ASSIGN_RETURN_ON_EXCEPTION(
1816 isolate(), result, 1823 isolate(), result,
1817 Object::SetProperty(object, name, value, language_mode()), Object); 1824 Object::SetProperty(object, name, value, language_mode()), Object);
1818 return result; 1825 return result;
1819 } 1826 }
1820 1827
1821 // If the object is undefined or null it's illegal to try to set any 1828 // If the object is undefined or null it's illegal to try to set any
1822 // properties on it; throw a TypeError in that case. 1829 // properties on it; throw a TypeError in that case.
1823 if (object->IsUndefined(isolate()) || object->IsNull(isolate())) { 1830 if (object->IsUndefined(isolate()) || object->IsNull(isolate())) {
1831 if (FLAG_use_ic && state() != UNINITIALIZED && state() != PREMONOMORPHIC) {
1832 // Ensure the IC state progresses.
1833 TRACE_HANDLER_STATS(isolate(), StoreIC_NonReceiver);
1834 update_receiver_map(object);
1835 PatchCache(name, slow_stub());
1836 TRACE_IC("StoreIC", name);
1837 }
1824 return TypeError(MessageTemplate::kNonObjectPropertyStore, object, name); 1838 return TypeError(MessageTemplate::kNonObjectPropertyStore, object, name);
1825 } 1839 }
1826 1840
1827 if (state() != UNINITIALIZED) { 1841 if (state() != UNINITIALIZED) {
1828 JSObject::MakePrototypesFast(object, kStartAtPrototype, isolate()); 1842 JSObject::MakePrototypesFast(object, kStartAtPrototype, isolate());
1829 } 1843 }
1830 LookupIterator it(object, name); 1844 LookupIterator it(object, name);
1831 if (FLAG_use_ic) UpdateCaches(&it, value, store_mode); 1845 if (FLAG_use_ic) UpdateCaches(&it, value, store_mode);
1832 1846
1833 MAYBE_RETURN_NULL( 1847 MAYBE_RETURN_NULL(
(...skipping 1390 matching lines...) Expand 10 before | Expand all | Expand 10 after
3224 DCHECK_EQ(LookupIterator::INTERCEPTOR, it.state()); 3238 DCHECK_EQ(LookupIterator::INTERCEPTOR, it.state());
3225 it.Next(); 3239 it.Next();
3226 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result, 3240 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result,
3227 Object::GetProperty(&it)); 3241 Object::GetProperty(&it));
3228 } 3242 }
3229 3243
3230 return *result; 3244 return *result;
3231 } 3245 }
3232 } // namespace internal 3246 } // namespace internal
3233 } // namespace v8 3247 } // namespace v8
OLDNEW
« no previous file with comments | « src/counters.h ('k') | test/mjsunit/regress/regress-v8-5697.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698