Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(133)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/ic.cc

Issue 59103005: Proper fix for the issue exposed by r17459 (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: fix ALL the casting confusion Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « src/ia32/stub-cache-ia32.cc ('k') | src/mips/stub-cache-mips.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 352 matching lines...) Expand 10 before | Expand all | Expand 10 after
363 if (index >= 0) { 363 if (index >= 0) {
364 map->RemoveFromCodeCache(*name, *handler, index); 364 map->RemoveFromCodeCache(*name, *handler, index);
365 return; 365 return;
366 } 366 }
367 } 367 }
368 } 368 }
369 369
370 370
371 void IC::UpdateState(Handle<Object> receiver, Handle<Object> name) { 371 void IC::UpdateState(Handle<Object> receiver, Handle<Object> name) {
372 if (!name->IsString()) return; 372 if (!name->IsString()) return;
373
374 // The builtins object is special. It only changes when JavaScript
375 // builtins are loaded lazily. It is important to keep inline
376 // caches for the builtins object monomorphic. Therefore, if we get
377 // an inline cache miss for the builtins object after lazily loading
378 // JavaScript builtins, we return uninitialized as the state to
379 // force the inline cache back to monomorphic state.
380 if (receiver->IsJSBuiltinsObject()) {
381 state_ = UNINITIALIZED;
382 return;
383 }
384
385 if (state() != MONOMORPHIC) { 373 if (state() != MONOMORPHIC) {
386 if (state() == POLYMORPHIC && receiver->IsHeapObject()) { 374 if (state() == POLYMORPHIC && receiver->IsHeapObject()) {
387 TryRemoveInvalidHandlers( 375 TryRemoveInvalidHandlers(
388 handle(Handle<HeapObject>::cast(receiver)->map()), 376 handle(Handle<HeapObject>::cast(receiver)->map()),
389 Handle<String>::cast(name)); 377 Handle<String>::cast(name));
390 } 378 }
391 return; 379 return;
392 } 380 }
393 if (receiver->IsUndefined() || receiver->IsNull()) return; 381 if (receiver->IsUndefined() || receiver->IsNull()) return;
394 382
395 // Remove the target from the code cache if it became invalid 383 // Remove the target from the code cache if it became invalid
396 // because of changes in the prototype chain to avoid hitting it 384 // because of changes in the prototype chain to avoid hitting it
397 // again. 385 // again.
398 if (TryRemoveInvalidPrototypeDependentStub( 386 if (TryRemoveInvalidPrototypeDependentStub(
399 receiver, Handle<String>::cast(name))) { 387 receiver, Handle<String>::cast(name))) {
400 return MarkMonomorphicPrototypeFailure(); 388 return MarkMonomorphicPrototypeFailure();
401 } 389 }
390
391 // The builtins object is special. It only changes when JavaScript
392 // builtins are loaded lazily. It is important to keep inline
393 // caches for the builtins object monomorphic. Therefore, if we get
394 // an inline cache miss for the builtins object after lazily loading
395 // JavaScript builtins, we return uninitialized as the state to
396 // force the inline cache back to monomorphic state.
397 if (receiver->IsJSBuiltinsObject()) state_ = UNINITIALIZED;
402 } 398 }
403 399
404 400
405 RelocInfo::Mode IC::ComputeMode() { 401 RelocInfo::Mode IC::ComputeMode() {
406 Address addr = address(); 402 Address addr = address();
407 Code* code = Code::cast(isolate()->FindCodeObject(addr)); 403 Code* code = Code::cast(isolate()->FindCodeObject(addr));
408 for (RelocIterator it(code, RelocInfo::kCodeTargetMask); 404 for (RelocIterator it(code, RelocInfo::kCodeTargetMask);
409 !it.done(); it.next()) { 405 !it.done(); it.next()) {
410 RelocInfo* info = it.rinfo(); 406 RelocInfo* info = it.rinfo();
411 if (info->pc() == addr) return info->rmode(); 407 if (info->pc() == addr) return info->rmode();
(...skipping 2318 matching lines...) Expand 10 before | Expand all | Expand 10 after
2730 #undef ADDR 2726 #undef ADDR
2731 }; 2727 };
2732 2728
2733 2729
2734 Address IC::AddressFromUtilityId(IC::UtilityId id) { 2730 Address IC::AddressFromUtilityId(IC::UtilityId id) {
2735 return IC_utilities[id]; 2731 return IC_utilities[id];
2736 } 2732 }
2737 2733
2738 2734
2739 } } // namespace v8::internal 2735 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « src/ia32/stub-cache-ia32.cc ('k') | src/mips/stub-cache-mips.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698