Representation of interceptor / handler properties are tagged.

Otherwise store ICs will never be initialized, due to lookup->CanHoldValue(value);

BUG=chromium:256330
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/23533012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16471 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/property.h

@@ -225,14 +225,14 @@ class LookupResult BASE_EMBEDDED {
   void HandlerResult(JSProxy* proxy) {
     lookup_type_ = HANDLER_TYPE;
     holder_ = proxy;
-    details_ = PropertyDetails(NONE, HANDLER, Representation::None());
+    details_ = PropertyDetails(NONE, HANDLER, Representation::Tagged());
     cacheable_ = false;
   }
 
   void InterceptorResult(JSObject* holder) {
     lookup_type_ = INTERCEPTOR_TYPE;
     holder_ = holder;
-    details_ = PropertyDetails(NONE, INTERCEPTOR, Representation::None());
+    details_ = PropertyDetails(NONE, INTERCEPTOR, Representation::Tagged());
   }
 
   void NotFound() {

test/cctest/test-api.cc

@@ -20309,4 +20309,20 @@ TEST(AccessCheckThrows) {
   v8::V8::SetFailedAccessCheckCallbackFunction(NULL);
 }
 
+
+THREADED_TEST(Regress256330) {
+  i::FLAG_allow_natives_syntax = true;
+  LocalContext context;
+  v8::HandleScope scope(context->GetIsolate());
+  Handle<FunctionTemplate> templ = FunctionTemplate::New();
+  AddInterceptor(templ, EmptyInterceptorGetter, EmptyInterceptorSetter);
+  context->Global()->Set(v8_str("Bug"), templ->GetFunction());
+  CompileRun("\"use strict\"; var o = new Bug;"
+             "function f(o) { o.x = 10; };"
+             "f(o); f(o); f(o);"
+             "%OptimizeFunctionOnNextCall(f);"
+             "f(o);");
+  ExpectBoolean("%GetOptimizationStatus(f) != 2", true);
+}
+
 #endif  // V8_OS_POSIX