[ic] Properly handle kApiGetter case with null prototype.

Bug: chromium:808845 Change-Id: I406ca472e74b8fce5f79bc389bd40aec7dcebb84 Reviewed-on: https://chromium-review.googlesource.com/943261Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#51661}

[ic] Properly handle kApiGetter case with null prototype.
Bug: chromium:808845 Change-Id: I406ca472e74b8fce5f79bc389bd40aec7dcebb84 Reviewed-on: https://chromium-review.googlesource.com/943261Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#51661}
16a3a4e9 · Igor Sheludko · Commit Bot · 15e207b3 · 16a3a4e9 · 16a3a4e9
Commit 16a3a4e9 authored Mar 01, 2018 by Igor Sheludko Committed by Commit Bot Mar 01, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 61 additions and 26 deletions

handler-configuration.cc src/ic/handler-configuration.cc +8 -2

test-accessors.cc test/cctest/test-accessors.cc +53 -24

No files found.
--- a/src/ic/handler-configuration.cc
+++ b/src/ic/handler-configuration.cc
@@ -121,9 +121,15 @@ Handle<Object> LoadHandler::LoadFromPrototype(Isolate* isolate,
  int checks_count = GetPrototypeCheckCount<LoadHandler>(
      isolate, &smi_handler, receiver_map, holder, data1, maybe_data2);

-  Handle<Cell> validity_cell =
+  Handle<Object> validity_cell =
      Map::GetOrCreatePrototypeChainValidityCell(receiver_map, isolate);
-  DCHECK(!validity_cell.is_null());
+  if (validity_cell.is_null()) {
+    // Although in case of kApiGetter we load from receiver we still have to
+    // use the "prototype" shape of a handler in order to provide additional
+    // data to the dispatcher.
+    DCHECK_EQ(kApiGetter, GetHandlerKind(*smi_handler));
+    validity_cell = handle(Smi::kZero, isolate);
+  }

  int data_count = 1 + checks_count;
  Handle<LoadHandler> handler = isolate->factory()->NewLoadHandler(data_count);

--- a/test/cctest/test-accessors.cc
+++ b/test/cctest/test-accessors.cc
@@ -84,36 +84,65 @@ THREADED_TEST(PropertyHandler) {
  Local<Script> setter;
  // check function instance accessors
  getter = v8_compile("var obj = new Fun(); obj.instance_foo;");
-  CHECK_EQ(900, getter->Run(env.local())
-                    .ToLocalChecked()
-                    ->Int32Value(env.local())
-                    .FromJust());
+  for (int i = 0; i < 4; i++) {
+    CHECK_EQ(900, getter->Run(env.local())
+                      .ToLocalChecked()
+                      ->Int32Value(env.local())
+                      .FromJust());
+  }
  setter = v8_compile("obj.instance_foo = 901;");
-  CHECK_EQ(901, setter->Run(env.local())
-                    .ToLocalChecked()
-                    ->Int32Value(env.local())
-                    .FromJust());
+  for (int i = 0; i < 4; i++) {
+    CHECK_EQ(901, setter->Run(env.local())
+                      .ToLocalChecked()
+                      ->Int32Value(env.local())
+                      .FromJust());
+  }
  getter = v8_compile("obj.bar;");
-  CHECK_EQ(907, getter->Run(env.local())
-                    .ToLocalChecked()
-                    ->Int32Value(env.local())
-                    .FromJust());
+  for (int i = 0; i < 4; i++) {
+    CHECK_EQ(907, getter->Run(env.local())
+                      .ToLocalChecked()
+                      ->Int32Value(env.local())
+                      .FromJust());
+  }
  setter = v8_compile("obj.bar = 908;");
-  CHECK_EQ(908, setter->Run(env.local())
-                    .ToLocalChecked()
-                    ->Int32Value(env.local())
-                    .FromJust());
+  for (int i = 0; i < 4; i++) {
+    CHECK_EQ(908, setter->Run(env.local())
+                      .ToLocalChecked()
+                      ->Int32Value(env.local())
+                      .FromJust());
+  }
  // check function static accessors
  getter = v8_compile("Fun.object_foo;");
-  CHECK_EQ(902, getter->Run(env.local())
-                    .ToLocalChecked()
-                    ->Int32Value(env.local())
-                    .FromJust());
+  for (int i = 0; i < 4; i++) {
+    CHECK_EQ(902, getter->Run(env.local())
+                      .ToLocalChecked()
+                      ->Int32Value(env.local())
+                      .FromJust());
+  }
  setter = v8_compile("Fun.object_foo = 903;");
-  CHECK_EQ(903, setter->Run(env.local())
-                    .ToLocalChecked()
-                    ->Int32Value(env.local())
-                    .FromJust());
+  for (int i = 0; i < 4; i++) {
+    CHECK_EQ(903, setter->Run(env.local())
+                      .ToLocalChecked()
+                      ->Int32Value(env.local())
+                      .FromJust());
+  }
+
+  // And now with null prototype.
+  CompileRun(env.local(), "obj.__proto__ = null;");
+  getter = v8_compile("obj.bar;");
+  for (int i = 0; i < 4; i++) {
+    CHECK_EQ(907, getter->Run(env.local())
+                      .ToLocalChecked()
+                      ->Int32Value(env.local())
+                      .FromJust());
+  }
+  setter = v8_compile("obj.bar = 908;");
+  for (int i = 0; i < 4; i++) {
+    CHECK_EQ(908, setter->Run(env.local())
+                      .ToLocalChecked()
+                      ->Int32Value(env.local())
+                      .FromJust());
+  }
 }