AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

Don't update ICs when the receiver has a deprecated map.

Browse Source 
R=ulan@chromium.org

Review URL: https://chromiumcodereview.appspot.com/23658047

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16712 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This commit is contained in:
verwaest@chromium.org 2013-09-13 11:14:02 +00:00
parent cb490c9995
commit 3824d596a7
1 changed files with 22 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
src/ic.cc
View File

@ -549,9 +549,11 @@ MaybeObject* CallICBase::LoadFunction(State state,
Code::ExtraICState extra_ic_state, Code::ExtraICState extra_ic_state,
Handle<Object> object, Handle<Object> object,
Handle<String> name) { Handle<String> name) {
bool use_ic = FLAG_use_ic;
if (object->IsJSObject()) { if (object->IsJSObject()) {
Handle<JSObject> receiver = Handle<JSObject>::cast(object); Handle<JSObject> receiver = Handle<JSObject>::cast(object);
if (receiver->map()->is_deprecated()) { if (receiver->map()->is_deprecated()) {
use_ic = false;
JSObject::MigrateInstance(receiver); JSObject::MigrateInstance(receiver);
} }
} }
@ -590,9 +592,7 @@ MaybeObject* CallICBase::LoadFunction(State state,
} }
// Lookup is valid: Update inline cache and stub cache. // Lookup is valid: Update inline cache and stub cache.
if (FLAG_use_ic) { if (use_ic) UpdateCaches(&lookup, state, extra_ic_state, object, name);
UpdateCaches(&lookup, state, extra_ic_state, object, name);
}
// Get the property. // Get the property.
PropertyAttributes attr; PropertyAttributes attr;
@ -819,9 +819,11 @@ MaybeObject* KeyedCallIC::LoadFunction(State state,
Handle<String>::cast(key)); Handle<String>::cast(key));
} }
bool use_ic = FLAG_use_ic && !object->IsAccessCheckNeeded();
if (object->IsJSObject()) { if (object->IsJSObject()) {
Handle<JSObject> receiver = Handle<JSObject>::cast(object); Handle<JSObject> receiver = Handle<JSObject>::cast(object);
if (receiver->map()->is_deprecated()) { if (receiver->map()->is_deprecated()) {
use_ic = false;
JSObject::MigrateInstance(receiver); JSObject::MigrateInstance(receiver);
} }
} }
@ -830,7 +832,6 @@ MaybeObject* KeyedCallIC::LoadFunction(State state,
return TypeError("non_object_property_call", object, key); return TypeError("non_object_property_call", object, key);
} }
bool use_ic = FLAG_use_ic && !object->IsAccessCheckNeeded();
ASSERT(!(use_ic && object->IsJSGlobalProxy())); ASSERT(!(use_ic && object->IsJSGlobalProxy()));
if (use_ic && state != MEGAMORPHIC) { if (use_ic && state != MEGAMORPHIC) {
@ -874,7 +875,9 @@ MaybeObject* LoadIC::Load(State state,
return TypeError("non_object_property_load", object, name); return TypeError("non_object_property_load", object, name);
} }
if (FLAG_use_ic) { bool use_ic = FLAG_use_ic;
if (use_ic) {
// Use specialized code for getting the length of strings and // Use specialized code for getting the length of strings and
// string wrapper objects. The length property of string wrapper // string wrapper objects. The length property of string wrapper
// objects is read-only and therefore always returns the length of // objects is read-only and therefore always returns the length of
@ -931,13 +934,14 @@ MaybeObject* LoadIC::Load(State state,
uint32_t index; uint32_t index;
if (kind() == Code::KEYED_LOAD_IC && name->AsArrayIndex(&index)) { if (kind() == Code::KEYED_LOAD_IC && name->AsArrayIndex(&index)) {
// Rewrite to the generic keyed load stub. // Rewrite to the generic keyed load stub.
if (FLAG_use_ic) set_target(*generic_stub()); if (use_ic) set_target(*generic_stub());
return Runtime::GetElementOrCharAtOrFail(isolate(), object, index); return Runtime::GetElementOrCharAtOrFail(isolate(), object, index);
} }
if (object->IsJSObject()) { if (object->IsJSObject()) {
Handle<JSObject> receiver = Handle<JSObject>::cast(object); Handle<JSObject> receiver = Handle<JSObject>::cast(object);
if (receiver->map()->is_deprecated()) { if (receiver->map()->is_deprecated()) {
use_ic = false;
JSObject::MigrateInstance(receiver); JSObject::MigrateInstance(receiver);
} }
} }
@ -955,7 +959,7 @@ MaybeObject* LoadIC::Load(State state,
} }
// Update inline cache and stub cache. // Update inline cache and stub cache.
if (FLAG_use_ic) UpdateCaches(&lookup, state, object, name); if (use_ic) UpdateCaches(&lookup, state, object, name);
PropertyAttributes attr; PropertyAttributes attr;
if (lookup.IsInterceptor() || lookup.IsHandler()) { if (lookup.IsInterceptor() || lookup.IsHandler()) {
@ -1503,6 +1507,7 @@ MaybeObject* KeyedLoadIC::Load(State state,
} else if (object->IsJSObject()) { } else if (object->IsJSObject()) {
Handle<JSObject> receiver = Handle<JSObject>::cast(object); Handle<JSObject> receiver = Handle<JSObject>::cast(object);
if (receiver->map()->is_deprecated()) { if (receiver->map()->is_deprecated()) {
use_ic = false;
JSObject::MigrateInstance(receiver); JSObject::MigrateInstance(receiver);
} }
@ -1519,9 +1524,11 @@ MaybeObject* KeyedLoadIC::Load(State state,
} else { } else {
TRACE_GENERIC_IC(isolate(), "KeyedLoadIC", "force generic"); TRACE_GENERIC_IC(isolate(), "KeyedLoadIC", "force generic");
} }
ASSERT(!stub.is_null()); if (use_ic) {
set_target(*stub); ASSERT(!stub.is_null());
TRACE_IC("KeyedLoadIC", key, state, target()); set_target(*stub);
TRACE_IC("KeyedLoadIC", key, state, target());
}
} }
@ -1685,7 +1692,9 @@ MaybeObject* StoreIC::Store(State state,
Handle<JSObject> receiver = Handle<JSObject>::cast(object); Handle<JSObject> receiver = Handle<JSObject>::cast(object);
bool use_ic = FLAG_use_ic;
if (receiver->map()->is_deprecated()) { if (receiver->map()->is_deprecated()) {
use_ic = false;
JSObject::MigrateInstance(receiver); JSObject::MigrateInstance(receiver);
} }
@ -1708,7 +1717,7 @@ MaybeObject* StoreIC::Store(State state,
// properties. Slow properties might indicate redefinition of the length // properties. Slow properties might indicate redefinition of the length
// property. Note that when redefined using Object.freeze, it's possible // property. Note that when redefined using Object.freeze, it's possible
// to have fast properties but a read-only length. // to have fast properties but a read-only length.
if (FLAG_use_ic && if (use_ic &&
receiver->IsJSArray() && receiver->IsJSArray() &&
name->Equals(isolate()->heap()->length_string()) && name->Equals(isolate()->heap()->length_string()) &&
Handle<JSArray>::cast(receiver)->AllowsSetElementsLength() && Handle<JSArray>::cast(receiver)->AllowsSetElementsLength() &&
@ -1723,7 +1732,7 @@ MaybeObject* StoreIC::Store(State state,
} }
if (receiver->IsJSGlobalProxy()) { if (receiver->IsJSGlobalProxy()) {
if (FLAG_use_ic && kind() != Code::KEYED_STORE_IC) { if (use_ic && kind() != Code::KEYED_STORE_IC) {
// Generate a generic stub that goes to the runtime when we see a global // Generate a generic stub that goes to the runtime when we see a global
// proxy as receiver. // proxy as receiver.
Handle<Code> stub = (strict_mode == kStrictMode) Handle<Code> stub = (strict_mode == kStrictMode)
@ -1745,7 +1754,7 @@ MaybeObject* StoreIC::Store(State state,
// Strict mode doesn't allow setting non-existent global property. // Strict mode doesn't allow setting non-existent global property.
return ReferenceError("not_defined", name); return ReferenceError("not_defined", name);
} }
if (FLAG_use_ic) { if (use_ic) {
if (state == UNINITIALIZED) { if (state == UNINITIALIZED) {
Handle<Code> stub = (strict_mode == kStrictMode) Handle<Code> stub = (strict_mode == kStrictMode)
? pre_monomorphic_stub_strict() ? pre_monomorphic_stub_strict()