Handle IC Store slow on GlobalObjects

The new Smi handler created to handle StoreIC_Slow and KeyedStoreIC_Slow can get incorrectly assigned to global Objects. Added an extra Check to avoid that. Bug: chromium:1002628 Change-Id: I370e617e791792c98fa7b0cbf89ee7458f4e4c68 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803659 Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Suraj Sharma <surshar@microsoft.com> Cr-Commit-Position: refs/heads/master@{#63813}
2019-09-13 15:09:34 -07:00 · 2019-09-13 15:09:34 -07:00 · 71ebd28db0
commit 71ebd28db0
parent 65a0f7578e
1 changed files with 8 additions and 2 deletions
--- a/src/ic/ic.cc
+++ b/src/ic/ic.cc
@ -1498,7 +1498,9 @@ void StoreIC::UpdateCaches(LookupIterator* lookup, Handle<Object> value,
  } else {
    set_slow_stub_reason("LookupForWrite said 'false'");
    // TODO(marja): change slow_stub to return MaybeObjectHandle.
-    handler = MaybeObjectHandle(StoreHandler::StoreSlow(isolate()));
+    handler = IsStoreGlobalIC()
+                  ? MaybeObjectHandle(slow_stub())
+                  : MaybeObjectHandle(StoreHandler::StoreSlow(isolate()));
  }

  PatchCache(lookup->name(), handler);
@ -1567,7 +1569,11 @@ MaybeObjectHandle StoreIC::ComputeHandler(LookupIterator* lookup) {
      if (!holder->HasFastProperties()) {
        set_slow_stub_reason("accessor on slow map");
        TRACE_HANDLER_STATS(isolate(), StoreIC_SlowStub);
-        return MaybeObjectHandle(slow_stub());
+        MaybeObjectHandle handler =
+            IsStoreGlobalIC()
+                ? MaybeObjectHandle(slow_stub())
+                : MaybeObjectHandle(StoreHandler::StoreSlow(isolate()));
+        return handler;
      }
      Handle<Object> accessors = lookup->GetAccessors();
      if (accessors->IsAccessorInfo()) {