AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
73,685 Commits 1 Branch 0 Tags 839 MiB
41024b433f
Commit Graph

5 Commits

Author SHA1 Message Date
Marja Hölttä
3773e46e3e [super ic] Fix receiver type 
With non-super loads (receiver == lookup_start_object), we don't hit
the code in AccessorAssembler::GenericPropertyLoad calling
CSA::TryGetOwnProperty if the receiver (the lookup_start_object) is a
SMI.

But with super property loads, if we set up lookup_start_object the
right way, we will hit this code.

The code was assuming receiver is a HeapObject, which is too
restrictive. The receiver is only used for the accessor call, so
it's ok to make the type more generic.

Bug: v8:9237, chromium:1139786
Change-Id: I3167ccfb54a49ac1c401040a6f02fc1f3b98d9d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2484366
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70647}
 2020-10-20 09:05:24 +00:00
Marja Hölttä
24fbcf8847 Try 2: [super ic] Fix more receiver vs lookup start object vs holder confusion 
The actual fix is in LoadIC::ComputeHandler (checking
lookup_start_object == holder instead of receiver == holder) + the
LookupIterator changes for preserving lookup_start_object.

The rest is renaming / refactoring.

Reland: not relying on the prototype validity cell after all

Previous version: https://chromium-review.googlesource.com/c/v8/v8/+/2414039

Bug: v8:9237, chromium:1127653
Change-Id: I1949442f8ddcecb776f0c5d2cf737cb75f80e313
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2428588
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70112}
 2020-09-24 11:45:18 +00:00
Marja Hölttä
8443390f71 Revert "[super ic] Fix more receiver vs lookup start object vs holder confusion" 
This reverts commit ab7e6df074.

Reason for revert: Several fuzz bugs: chromium:1131469, chromium:1131525, chromium:1131779

Original change's description:
> [super ic] Fix more receiver vs lookup start object vs holder confusion
>
> The actual fix is in LoadIC::ComputeHandler (checking
> lookup_start_object == holder instead of receiver == holder) + the
> LookupIterator changes for preserving lookup_start_object.
>
> The rest is renaming / refactoring.
>
> Bug: v8:9237, chromium:1127653
> Change-Id: Ieef46fb46ababa79623951c48639429c5b552d2d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2414039
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70045}

TBR=marja@chromium.org,ishell@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:9237
Bug: chromium:1127653, chromium:1131469, chromium:1131525, chromium:1131779
Change-Id: I1bad5ba1dcfe9a0de8ce775feac2d3bfd7264c8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2426620
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70107}
 2020-09-24 09:07:25 +00:00
Marja Hölttä
ab7e6df074 [super ic] Fix more receiver vs lookup start object vs holder confusion 
The actual fix is in LoadIC::ComputeHandler (checking
lookup_start_object == holder instead of receiver == holder) + the
LookupIterator changes for preserving lookup_start_object.

The rest is renaming / refactoring.

Bug: v8:9237, chromium:1127653
Change-Id: Ieef46fb46ababa79623951c48639429c5b552d2d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2414039
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70045}
 2020-09-22 11:03:50 +00:00
Marja Hölttä
3d40ec8d99 [super property speed] Add an IC for super property loads 
Bug: v8:9237
Change-Id: I06d7e74ba0360334e6fa65c19f24548e220e4c69
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2349297
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69735}
 2020-09-08 12:28:05 +00:00