AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

[ic] Add support for StoreSlow() in Global Dispatcher

Browse Source 
Global Objects now use the Smi handler StoreSlow() to perform
StoreGlobalIC_Slow.

Bug: chromium:1004037
Change-Id: I365ab918383525278590ca4369a4b1b0d9636d29
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1812657
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Suraj Sharma <surshar@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#63912}
This commit is contained in:
Suraj Sharma 2019-09-18 20:48:57 -07:00 committed by Commit Bot
parent f25edf22e7
commit 99188fc477
4 changed files with 61 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/ic/accessor-assembler.cc
View File

@ -1033,8 +1033,13 @@ void AccessorAssembler::HandleStoreICHandlerCase(
// The slow case calls into the runtime to complete the store without
// causing an IC miss that would otherwise cause a transition to the
// generic stub.
TailCallRuntime(Runtime::kKeyedStoreIC_Slow, p->context(), p->value(),
p->receiver(), p->name());
if (ic_mode == ICMode::kGlobalIC) {
TailCallRuntime(Runtime::kStoreGlobalIC_Slow, p->context(), p->value(),
p->slot(), p->vector(), p->receiver(), p->name());
} else {
TailCallRuntime(Runtime::kKeyedStoreIC_Slow, p->context(), p->value(),
p->receiver(), p->name());
}
}
}
@ -1530,8 +1535,13 @@ void AccessorAssembler::HandleStoreICProtoHandler(
// The slow case calls into the runtime to complete the store without
// causing an IC miss that would otherwise cause a transition to the
// generic stub.
TailCallRuntime(Runtime::kKeyedStoreIC_Slow, p->context(), p->value(),
p->receiver(), p->name());
if (ic_mode == ICMode::kGlobalIC) {
TailCallRuntime(Runtime::kStoreGlobalIC_Slow, p->context(), p->value(),
p->slot(), p->vector(), p->receiver(), p->name());
} else {
TailCallRuntime(Runtime::kKeyedStoreIC_Slow, p->context(), p->value(),
p->receiver(), p->name());
}
}
BIND(&if_interceptor);

8
src/ic/ic.cc
View File

@ -1499,9 +1499,7 @@ void StoreIC::UpdateCaches(LookupIterator* lookup, Handle<Object> value,
} else {
set_slow_stub_reason("LookupForWrite said 'false'");
// TODO(marja): change slow_stub to return MaybeObjectHandle.
handler = IsStoreGlobalIC()
? MaybeObjectHandle(slow_stub())
: MaybeObjectHandle(StoreHandler::StoreSlow(isolate()));
handler = MaybeObjectHandle(StoreHandler::StoreSlow(isolate()));
}
PatchCache(lookup->name(), handler);
@ -1575,9 +1573,7 @@ MaybeObjectHandle StoreIC::ComputeHandler(LookupIterator* lookup) {
set_slow_stub_reason("accessor on slow map");
TRACE_HANDLER_STATS(isolate(), StoreIC_SlowStub);
MaybeObjectHandle handler =
IsStoreGlobalIC()
? MaybeObjectHandle(slow_stub())
: MaybeObjectHandle(StoreHandler::StoreSlow(isolate()));
MaybeObjectHandle(StoreHandler::StoreSlow(isolate()));
return handler;
}
Handle<Object> accessors = lookup->GetAccessors();

22
test/mjsunit/regress/regress-crbug-1002628.js Normal file
View File

@ -0,0 +1,22 @@
// Copyright 2019 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --always-opt
"use strict";
var __v_0 = {};
try {
__v_0 = this;
Object.freeze(__v_0);
}
catch (e) {
}
function f() {
x = { [Symbol.toPrimitive]: () => FAIL };
}
try {
f()
} catch (e) { }
assertThrows(() => f(), ReferenceError);

23
test/mjsunit/regress/regress-crbug-1004037.js Normal file
View File

@ -0,0 +1,23 @@
// Copyright 2019 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --always-opt
__v_1 = {};
__v_1.__defineGetter__('x', function () { });
__proto__ = __v_1;
function __f_4() {
__v_1 = {};
}
function __f_3() {
'use strict';
x = 42;
}
__f_4()
try {
__f_3();
} catch (e) { }
__proto__ = __v_1;
assertThrows(() => __f_3(), ReferenceError);