Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1106)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/ic.cc

Issue 48343004: Restore intended LoadIC behavior for JSBuiltinsObject (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 352 matching lines...) Expand 10 before | Expand all | Expand 10 after
363 if (index >= 0) { 363 if (index >= 0) {
364 map->RemoveFromCodeCache(*name, *handler, index); 364 map->RemoveFromCodeCache(*name, *handler, index);
365 return; 365 return;
366 } 366 }
367 } 367 }
368 } 368 }
369 369
370 370
371 void IC::UpdateState(Handle<Object> receiver, Handle<Object> name) { 371 void IC::UpdateState(Handle<Object> receiver, Handle<Object> name) {
372 if (!name->IsString()) return; 372 if (!name->IsString()) return;
373
374 // The builtins object is special. It only changes when JavaScript
375 // builtins are loaded lazily. It is important to keep inline
376 // caches for the builtins object monomorphic. Therefore, if we get
377 // an inline cache miss for the builtins object after lazily loading
378 // JavaScript builtins, we return uninitialized as the state to
379 // force the inline cache back to monomorphic state.
380 if (receiver->IsJSBuiltinsObject()) {
381 state_ = UNINITIALIZED;
382 return;
383 }
384
373 if (state() != MONOMORPHIC) { 385 if (state() != MONOMORPHIC) {
374 if (state() == POLYMORPHIC && receiver->IsHeapObject()) { 386 if (state() == POLYMORPHIC && receiver->IsHeapObject()) {
375 TryRemoveInvalidHandlers( 387 TryRemoveInvalidHandlers(
376 handle(Handle<HeapObject>::cast(receiver)->map()), 388 handle(Handle<HeapObject>::cast(receiver)->map()),
377 Handle<String>::cast(name)); 389 Handle<String>::cast(name));
378 } 390 }
379 return; 391 return;
380 } 392 }
381 if (receiver->IsUndefined() || receiver->IsNull()) return; 393 if (receiver->IsUndefined() || receiver->IsNull()) return;
382 394
383 // Remove the target from the code cache if it became invalid 395 // Remove the target from the code cache if it became invalid
384 // because of changes in the prototype chain to avoid hitting it 396 // because of changes in the prototype chain to avoid hitting it
385 // again. 397 // again.
386 if (TryRemoveInvalidPrototypeDependentStub( 398 if (TryRemoveInvalidPrototypeDependentStub(
387 receiver, Handle<String>::cast(name))) { 399 receiver, Handle<String>::cast(name))) {
388 return MarkMonomorphicPrototypeFailure(); 400 return MarkMonomorphicPrototypeFailure();
389 } 401 }
390
391 // The builtins object is special. It only changes when JavaScript
392 // builtins are loaded lazily. It is important to keep inline
393 // caches for the builtins object monomorphic. Therefore, if we get
394 // an inline cache miss for the builtins object after lazily loading
395 // JavaScript builtins, we return uninitialized as the state to
396 // force the inline cache back to monomorphic state.
397 if (receiver->IsJSBuiltinsObject()) state_ = UNINITIALIZED;
398 } 402 }
399 403
400 404
401 RelocInfo::Mode IC::ComputeMode() { 405 RelocInfo::Mode IC::ComputeMode() {
402 Address addr = address(); 406 Address addr = address();
403 Code* code = Code::cast(isolate()->FindCodeObject(addr)); 407 Code* code = Code::cast(isolate()->FindCodeObject(addr));
404 for (RelocIterator it(code, RelocInfo::kCodeTargetMask); 408 for (RelocIterator it(code, RelocInfo::kCodeTargetMask);
405 !it.done(); it.next()) { 409 !it.done(); it.next()) {
406 RelocInfo* info = it.rinfo(); 410 RelocInfo* info = it.rinfo();
407 if (info->pc() == addr) return info->rmode(); 411 if (info->pc() == addr) return info->rmode();
(...skipping 2318 matching lines...) Expand 10 before | Expand all | Expand 10 after
2726 #undef ADDR 2730 #undef ADDR
2727 }; 2731 };
2728 2732
2729 2733
2730 Address IC::AddressFromUtilityId(IC::UtilityId id) { 2734 Address IC::AddressFromUtilityId(IC::UtilityId id) {
2731 return IC_utilities[id]; 2735 return IC_utilities[id];
2732 } 2736 }
2733 2737
2734 2738
2735 } } // namespace v8::internal 2739 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698