Fetch global object from jsproxy prototype instead of embedding it in StoreGlobal.

BUG=v8:3629 LOG=N Review URL: https://codereview.chromium.org/892213003 Cr-Commit-Position: refs/heads/master@{#26385}

Fetch global object from jsproxy prototype instead of embedding it in StoreGlobal.
BUG=v8:3629 LOG=N Review URL: https://codereview.chromium.org/892213003 Cr-Commit-Position: refs/heads/master@{#26385}
34b72eca · ulan · Commit bot · 6019cbf9 · 34b72eca · 34b72eca
Commit 34b72eca authored Feb 02, 2015 by ulan Committed by Commit bot Feb 02, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 18 additions and 7 deletions

code-stubs-hydrogen.cc src/code-stubs-hydrogen.cc +14 -5

code-stubs.h src/code-stubs.h +2 -2

ic.cc src/ic/ic.cc +2 -0

No files found.
--- a/src/code-stubs-hydrogen.cc
+++ b/src/code-stubs-hydrogen.cc
@@ -1313,16 +1313,25 @@ HValue* CodeStubGraphBuilder<StoreGlobalStub>::BuildCodeInitializedStub() {
  Handle<Object> placeholer_value(Smi::FromInt(0), isolate());
  Handle<PropertyCell> placeholder_cell =
      isolate()->factory()->NewPropertyCell(placeholer_value);
-
  HParameter* value = GetParameter(StoreDescriptor::kValueIndex);
-
  if (stub->check_global()) {
    // Check that the map of the global has not changed: use a placeholder map
    // that will be replaced later with the global object's map.
+    HParameter* proxy = GetParameter(StoreDescriptor::kReceiverIndex);
+    HValue* proxy_map =
+        Add<HLoadNamedField>(proxy, nullptr, HObjectAccess::ForMap());
+    HValue* global =
+        Add<HLoadNamedField>(proxy_map, nullptr, HObjectAccess::ForPrototype());
    Handle<Map> placeholder_map = isolate()->factory()->meta_map();
-    HValue* global = Add<HConstant>(
-        StoreGlobalStub::global_placeholder(isolate()));
-    Add<HCheckMaps>(global, placeholder_map);
+    HValue* cell = Add<HConstant>(Map::WeakCellForMap(placeholder_map));
+    HValue* expected_map =
+        Add<HLoadNamedField>(cell, nullptr, HObjectAccess::ForWeakCellValue());
+    HValue* map =
+        Add<HLoadNamedField>(global, nullptr, HObjectAccess::ForMap());
+    IfBuilder map_check(this);
+    map_check.IfNot<HCompareObjectEqAndBranch>(expected_map, map);
+    map_check.ThenDeopt("Unknown map");
+    map_check.End();
  }

  HValue* cell = Add<HConstant>(placeholder_cell);

--- a/src/code-stubs.h
+++ b/src/code-stubs.h
@@ -1092,8 +1092,8 @@ class StoreGlobalStub : public HandlerStub {
                                       Handle<PropertyCell> cell) {
    if (check_global()) {
      Code::FindAndReplacePattern pattern;
-      pattern.Add(Handle<Map>(global_placeholder(isolate())->map()), global);
-      pattern.Add(isolate()->factory()->meta_map(), Handle<Map>(global->map()));
+      pattern.Add(isolate()->factory()->meta_map(),
+                  Map::WeakCellForMap(Handle<Map>(global->map())));
      pattern.Add(isolate()->factory()->global_property_cell_map(), cell);
      return CodeStub::GetCodeCopy(pattern);
    } else {

--- a/src/ic/ic.cc
+++ b/src/ic/ic.cc
@@ -1747,6 +1747,8 @@ Handle<Code> StoreIC::CompileHandler(LookupIterator* lookup,
        if (holder->IsGlobalObject()) {
          Handle<PropertyCell> cell = lookup->GetPropertyCell();
          Handle<HeapType> union_type = PropertyCell::UpdatedType(cell, value);
+          DCHECK(holder.is_identical_to(receiver) ||
+                 receiver->map()->prototype() == *holder);
          StoreGlobalStub stub(isolate(), union_type->IsConstant(),
                               receiver->IsJSGlobalProxy());
          Handle<Code> code = stub.GetCodeCopyFromTemplate(