Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(527)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/ic.cc

Issue 35413006: Correct handling of arrays with callbacks in the prototype chain. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: REBASE (actually small fix to previous rebase) Created 7 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « src/ia32/ic-ia32.cc ('k') | src/objects.h » ('j') | test/mjsunit/getters-on-elements.js » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 1951 matching lines...) Expand 10 before | Expand all | Expand 10 after
1962 // expect to be able to trap element sets to objects with those maps in 1962 // expect to be able to trap element sets to objects with those maps in
1963 // the runtime to enable optimization of element hole access. 1963 // the runtime to enable optimization of element hole access.
1964 Handle<HeapObject> heap_object = Handle<HeapObject>::cast(object); 1964 Handle<HeapObject> heap_object = Handle<HeapObject>::cast(object);
1965 if (heap_object->map()->IsMapInArrayPrototypeChain()) use_ic = false; 1965 if (heap_object->map()->IsMapInArrayPrototypeChain()) use_ic = false;
1966 } 1966 }
1967 1967
1968 if (use_ic) { 1968 if (use_ic) {
1969 ASSERT(!object->IsJSGlobalProxy()); 1969 ASSERT(!object->IsJSGlobalProxy());
1970 1970
1971 if (miss_mode != MISS_FORCE_GENERIC) { 1971 if (miss_mode != MISS_FORCE_GENERIC) {
1972 if (object->IsJSObject()) { 1972 bool indexed_callbacks = false;
1973 Handle<JSObject> receiver = Handle<JSObject>::cast(object); 1973 if (object->IsJSReceiver()) {
1974 bool key_is_smi_like = key->IsSmi() || !key->ToSmi()->IsFailure(); 1974 Handle<JSReceiver> receiver = Handle<JSReceiver>::cast(object);
1975 if (receiver->elements()->map() == 1975 if (receiver->map()->has_element_callbacks() ||
1976 isolate()->heap()->non_strict_arguments_elements_map()) { 1976 receiver->MayHaveIndexedCallbacksInPrototypeChain()) {
1977 stub = non_strict_arguments_stub(); 1977 indexed_callbacks = true;
1978 } else if (key_is_smi_like &&
1979 (!target().is_identical_to(non_strict_arguments_stub()))) {
1980 KeyedAccessStoreMode store_mode =
1981 GetStoreMode(receiver, key, value);
1982 stub = StoreElementStub(receiver, store_mode);
1983 } 1978 }
1984 } 1979 }
1980
1981 if (!indexed_callbacks) {
1982 if (object->IsJSObject()) {
1983 Handle<JSObject> receiver = Handle<JSObject>::cast(object);
1984 bool key_is_smi_like = key->IsSmi() || !key->ToSmi()->IsFailure();
1985 if (receiver->elements()->map() ==
1986 isolate()->heap()->non_strict_arguments_elements_map()) {
1987 stub = non_strict_arguments_stub();
1988 } else if (key_is_smi_like &&
1989 !target().is_identical_to(non_strict_arguments_stub())) {
1990 KeyedAccessStoreMode store_mode = GetStoreMode(
1991 receiver, key, value);
1992 stub = StoreElementStub(receiver, store_mode);
1993 } else {
1994 TRACE_GENERIC_IC(isolate(), "KeyedStoreIC", "key not a number");
1995 }
1996 } else {
1997 TRACE_GENERIC_IC(isolate(), "KeyedStoreIC", "not an object");
1998 }
1999 } else {
2000 TRACE_GENERIC_IC(isolate(), "KeyedStoreIC",
2001 "indexed callbacks in prototype chain");
2002 }
1985 } 2003 }
1986 } 2004 }
1987 } 2005 }
1988 2006
1989 if (!is_target_set()) { 2007 if (!is_target_set()) {
1990 if (*stub == *generic_stub()) { 2008 if (*stub == *generic_stub()) {
1991 TRACE_GENERIC_IC(isolate(), "KeyedStoreIC", "set generic"); 2009 TRACE_GENERIC_IC(isolate(), "KeyedStoreIC", "set generic");
1992 } 2010 }
1993 ASSERT(!stub.is_null()); 2011 ASSERT(!stub.is_null());
1994 set_target(*stub); 2012 set_target(*stub);
(...skipping 268 matching lines...) Expand 10 before | Expand all | Expand 10 after
2263 ic.UpdateState(receiver, key); 2281 ic.UpdateState(receiver, key);
2264 return ic.Store(receiver, key, args.at<Object>(2), MISS_FORCE_GENERIC); 2282 return ic.Store(receiver, key, args.at<Object>(2), MISS_FORCE_GENERIC);
2265 } 2283 }
2266 2284
2267 2285
2268 RUNTIME_FUNCTION(MaybeObject*, ElementsTransitionAndStoreIC_Miss) { 2286 RUNTIME_FUNCTION(MaybeObject*, ElementsTransitionAndStoreIC_Miss) {
2269 HandleScope scope(isolate); 2287 HandleScope scope(isolate);
2270 ASSERT(args.length() == 4); 2288 ASSERT(args.length() == 4);
2271 KeyedStoreIC ic(IC::EXTRA_CALL_FRAME, isolate); 2289 KeyedStoreIC ic(IC::EXTRA_CALL_FRAME, isolate);
2272 Handle<Object> value = args.at<Object>(0); 2290 Handle<Object> value = args.at<Object>(0);
2291 Handle<Map> map = args.at<Map>(1);
2273 Handle<Object> key = args.at<Object>(2); 2292 Handle<Object> key = args.at<Object>(2);
2274 Handle<Object> object = args.at<Object>(3); 2293 Handle<Object> object = args.at<Object>(3);
2275 StrictModeFlag strict_mode = ic.strict_mode(); 2294 StrictModeFlag strict_mode = ic.strict_mode();
2295 if (object->IsJSObject()) {
2296 JSObject::TransitionElementsKind(Handle<JSObject>::cast(object),
2297 map->elements_kind());
2298 }
2276 return Runtime::SetObjectProperty(isolate, 2299 return Runtime::SetObjectProperty(isolate,
2277 object, 2300 object,
2278 key, 2301 key,
2279 value, 2302 value,
2280 NONE, 2303 NONE,
2281 strict_mode); 2304 strict_mode);
2282 } 2305 }
2283 2306
2284 2307
2285 const char* BinaryOpIC::GetName(TypeInfo type_info) { 2308 const char* BinaryOpIC::GetName(TypeInfo type_info) {
(...skipping 440 matching lines...) Expand 10 before | Expand all | Expand 10 after
2726 #undef ADDR 2749 #undef ADDR
2727 }; 2750 };
2728 2751
2729 2752
2730 Address IC::AddressFromUtilityId(IC::UtilityId id) { 2753 Address IC::AddressFromUtilityId(IC::UtilityId id) {
2731 return IC_utilities[id]; 2754 return IC_utilities[id];
2732 } 2755 }
2733 2756
2734 2757
2735 } } // namespace v8::internal 2758 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « src/ia32/ic-ia32.cc ('k') | src/objects.h » ('j') | test/mjsunit/getters-on-elements.js » ('J')

Powered by Google App Engine
This is Rietveld 408576698