[ic] Make sure we don't use a smi-handler for FunctionTemplate getters

BUG=chromium:704110,v8:5561 Change-Id: Ie57bccd2f9da714b179f69c14242bcf056d3065f Reviewed-on: https://chromium-review.googlesource.com/459476 Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#44091}
2017-03-24 10:36:42 +01:00 · 2017-03-24 10:36:42 +01:00 · 810e859300
commit 810e859300
parent b7ac3668ea
2 changed files with 32 additions and 12 deletions
--- a/src/counters.h
+++ b/src/counters.h
@ -774,6 +774,8 @@ class RuntimeCallTimer final {
  V(KeyedStoreIC_StoreElementStub)               \
  V(LoadIC_FunctionPrototypeStub)                \
  V(LoadIC_HandlerCacheHit_Accessor)             \
+  V(LoadIC_LoadAccessorDH)                       \
+  V(LoadIC_LoadAccessorFromPrototypeDH)          \
  V(LoadIC_LoadApiGetterDH)                      \
  V(LoadIC_LoadApiGetterFromPrototypeDH)         \
  V(LoadIC_LoadCallback)                         \
--- a/src/ic/ic.cc
+++ b/src/ic/ic.cc
@ -1154,28 +1154,46 @@ Handle<Object> LoadIC::GetMapIndependentHandler(LookupIterator* lookup) {
          return slow_stub();
        }

+        CallOptimization call_optimization(getter);
+        if (call_optimization.is_simple_api_call()) {
+          if (!call_optimization.IsCompatibleReceiverMap(map, holder) ||
+              !holder->HasFastProperties()) {
+            TRACE_HANDLER_STATS(isolate(), LoadIC_SlowStub);
+            return slow_stub();
+          }
+          break;
+        }
+
+        // FunctionTemplate isn't yet supported as smi-handler.
+        if (getter->IsFunctionTemplateInfo()) {
+          if (!holder->HasFastProperties()) {
+            TRACE_HANDLER_STATS(isolate(), LoadIC_SlowStub);
+            return slow_stub();
+          }
+          break;
+        }
+
        Handle<Smi> smi_handler;
        if (holder->HasFastProperties()) {
-          CallOptimization call_optimization(getter);
-          if (call_optimization.is_simple_api_call()) {
-            if (!call_optimization.IsCompatibleReceiverMap(map, holder)) {
-              return slow_stub();
-            }
-            break;
-          }
          smi_handler =
              LoadHandler::LoadAccessor(isolate(), lookup->GetAccessorIndex());

-          if (receiver_is_holder) return smi_handler;
-        } else if (receiver_is_holder && !holder->IsJSGlobalObject()) {
-          TRACE_HANDLER_STATS(isolate(), LoadIC_LoadNormalDH);
-          return LoadHandler::LoadNormal(isolate());
+          if (receiver_is_holder) {
+            TRACE_HANDLER_STATS(isolate(), LoadIC_LoadAccessorDH);
+            return smi_handler;
+          }
+          TRACE_HANDLER_STATS(isolate(), LoadIC_LoadAccessorFromPrototypeDH);
        } else if (holder->IsJSGlobalObject()) {
          TRACE_HANDLER_STATS(isolate(), LoadIC_LoadGlobalFromPrototypeDH);
          smi_handler = LoadHandler::LoadGlobal(isolate());
        } else {
-          TRACE_HANDLER_STATS(isolate(), LoadIC_LoadNormalFromPrototypeDH);
          smi_handler = LoadHandler::LoadNormal(isolate());
+
+          if (receiver_is_holder) {
+            TRACE_HANDLER_STATS(isolate(), LoadIC_LoadNormalDH);
+            return smi_handler;
+          }
+          TRACE_HANDLER_STATS(isolate(), LoadIC_LoadNormalFromPrototypeDH);
        }

        return LoadFromPrototype(map, holder, lookup->name(), smi_handler);