[runtime] Make sure we don't internalize string-encoded indices on KeyedGetProperty

BUG=chromium:703226 Change-Id: I2232d4a721beb35478066b25143b9635bcc6b238 Reviewed-on: https://chromium-review.googlesource.com/458429Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#44073}

[runtime] Make sure we don't internalize string-encoded indices on KeyedGetProperty
BUG=chromium:703226 Change-Id: I2232d4a721beb35478066b25143b9635bcc6b238 Reviewed-on: https://chromium-review.googlesource.com/458429Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#44073}
20a803fd · Toon Verwaest · Commit Bot · a2687daa · 20a803fd
Commit 20a803fd authored Mar 23, 2017 by Toon Verwaest Committed by Commit Bot Mar 23, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 0 deletions

runtime-object.cc src/runtime/runtime-object.cc +7 -0

No files found.
--- a/src/runtime/runtime-object.cc
+++ b/src/runtime/runtime-object.cc
@@ -50,6 +50,13 @@ static MaybeHandle<Object> KeyedGetObjectProperty(Isolate* isolate,
  //
  // Additionally, we need to make sure that we do not cache results
  // for objects that require access checks.
+
+  // Convert string-index keys to their number variant to avoid internalization
+  // below; and speed up subsequent conversion to index.
+  uint32_t index;
+  if (key_obj->IsString() && String::cast(*key_obj)->AsArrayIndex(&index)) {
+    key_obj = isolate->factory()->NewNumberFromUint(index);
+  }
  if (receiver_obj->IsJSObject()) {
    if (!receiver_obj->IsJSGlobalProxy() &&
        !receiver_obj->IsAccessCheckNeeded() && key_obj->IsName()) {