| Index: src/ic/handler-compiler.cc
|
| diff --git a/src/ic/handler-compiler.cc b/src/ic/handler-compiler.cc
|
| index f103f8daf1013746e003f0dc92e3d1e0d3d73e92..bd3f0a566bfadbf22990fa1048c6e0c5c9257bdb 100644
|
| --- a/src/ic/handler-compiler.cc
|
| +++ b/src/ic/handler-compiler.cc
|
| @@ -87,7 +87,8 @@ Handle<Code> PropertyHandlerCompiler::GetCode(Code::Kind kind,
|
|
|
| Register NamedLoadHandlerCompiler::FrontendHeader(Register object_reg,
|
| Handle<Name> name,
|
| - Label* miss) {
|
| + Label* miss,
|
| + ReturnHolder return_what) {
|
| PrototypeCheckType check_type = CHECK_ALL_MAPS;
|
| int function_index = -1;
|
| if (map()->instance_type() < FIRST_NONSTRING_TYPE) {
|
| @@ -114,7 +115,7 @@ Register NamedLoadHandlerCompiler::FrontendHeader(Register object_reg,
|
|
|
| // Check that the maps starting from the prototype haven't changed.
|
| return CheckPrototypes(object_reg, scratch1(), scratch2(), scratch3(), name,
|
| - miss, check_type);
|
| + miss, check_type, return_what);
|
| }
|
|
|
|
|
| @@ -122,9 +123,10 @@ Register NamedLoadHandlerCompiler::FrontendHeader(Register object_reg,
|
| // miss.
|
| Register NamedStoreHandlerCompiler::FrontendHeader(Register object_reg,
|
| Handle<Name> name,
|
| - Label* miss) {
|
| + Label* miss,
|
| + ReturnHolder return_what) {
|
| return CheckPrototypes(object_reg, this->name(), scratch1(), scratch2(), name,
|
| - miss, SKIP_RECEIVER);
|
| + miss, SKIP_RECEIVER, return_what);
|
| }
|
|
|
|
|
| @@ -133,7 +135,7 @@ Register PropertyHandlerCompiler::Frontend(Handle<Name> name) {
|
| if (IC::ICUseVector(kind())) {
|
| PushVectorAndSlot();
|
| }
|
| - Register reg = FrontendHeader(receiver(), name, &miss);
|
| + Register reg = FrontendHeader(receiver(), name, &miss, RETURN_HOLDER);
|
| FrontendFooter(name, &miss);
|
| // The footer consumes the vector and slot from the stack if miss occurs.
|
| if (IC::ICUseVector(kind())) {
|
| @@ -156,8 +158,13 @@ void PropertyHandlerCompiler::NonexistentFrontendHeader(Handle<Name> name,
|
| // Handle<JSObject>::null().
|
| DCHECK(last_map->prototype() == isolate()->heap()->null_value());
|
| } else {
|
| - holder_reg = FrontendHeader(receiver(), name, miss);
|
| last_map = handle(holder()->map());
|
| + // This condition matches the branches below.
|
| + bool need_holder =
|
| + last_map->is_dictionary_map() && !last_map->IsJSGlobalObjectMap();
|
| + holder_reg =
|
| + FrontendHeader(receiver(), name, miss,
|
| + need_holder ? RETURN_HOLDER : DONT_RETURN_ANYTHING);
|
| }
|
|
|
| if (last_map->is_dictionary_map()) {
|
| @@ -328,7 +335,7 @@ Handle<Code> NamedLoadHandlerCompiler::CompileLoadInterceptor(
|
| auto last_handle = handle(last);
|
| set_holder(last_handle);
|
| }
|
| - Register reg = FrontendHeader(receiver(), it->name(), &miss);
|
| + Register reg = FrontendHeader(receiver(), it->name(), &miss, RETURN_HOLDER);
|
| // Reset the holder so further calculations are correct.
|
| set_holder(holder_orig);
|
| if (lost_holder_register) {
|
| @@ -363,7 +370,8 @@ void NamedLoadHandlerCompiler::GenerateLoadPostInterceptor(
|
|
|
| Label miss;
|
| InterceptorVectorSlotPush(interceptor_reg);
|
| - Register reg = FrontendHeader(interceptor_reg, it->name(), &miss);
|
| + Register reg =
|
| + FrontendHeader(interceptor_reg, it->name(), &miss, RETURN_HOLDER);
|
| FrontendFooter(it->name(), &miss);
|
| // We discard the vector and slot now because we don't miss below this point.
|
| InterceptorVectorSlotPop(reg, DISCARD);
|
| @@ -428,7 +436,7 @@ Handle<Code> NamedStoreHandlerCompiler::CompileStoreTransition(
|
| if (!last.is_null()) set_holder(last);
|
| NonexistentFrontendHeader(name, &miss, scratch1(), scratch2());
|
| } else {
|
| - FrontendHeader(receiver(), name, &miss);
|
| + FrontendHeader(receiver(), name, &miss, DONT_RETURN_ANYTHING);
|
| DCHECK(holder()->HasFastProperties());
|
| }
|
|
|
|
|
Chromium Code Reviews
Issue 908213002:
Use Cells to check prototype chain validity (disabled by default). (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master