Commit 56e1b13e authored by bmeurer's avatar bmeurer Committed by Commit bot

[runtime] Make sure %ForInPrepare returns the correct length.

In case the receiver map has an enum cache, %ForInPrepare returns the
length of the actual enum cache, which might include properties that
are further down the transition tree tho.

R=jarin@chromium.org
BUG=v8:3650
LOG=n

Review URL: https://codereview.chromium.org/1619353002

Cr-Commit-Position: refs/heads/master@{#33469}
parent 9b859a88
...@@ -31,16 +31,13 @@ RUNTIME_FUNCTION_RETURN_TRIPLE(Runtime_ForInPrepare) { ...@@ -31,16 +31,13 @@ RUNTIME_FUNCTION_RETURN_TRIPLE(Runtime_ForInPrepare) {
Handle<FixedArray> cache_array; Handle<FixedArray> cache_array;
int cache_length; int cache_length;
Handle<Map> receiver_map = handle(receiver->map(), isolate);
if (cache_type->IsMap()) { if (cache_type->IsMap()) {
Handle<Map> cache_type_map = Handle<Map> cache_type_map = Handle<Map>::cast(cache_type);
handle(Handle<Map>::cast(cache_type)->map(), isolate); int const enum_length = cache_type_map->EnumLength();
DCHECK(cache_type_map.is_identical_to(isolate->factory()->meta_map())); DescriptorArray* descriptors = cache_type_map->instance_descriptors();
int enum_length = cache_type_map->EnumLength(); if (enum_length && descriptors->HasEnumCache()) {
DescriptorArray* descriptors = receiver_map->instance_descriptors();
if (enum_length > 0 && descriptors->HasEnumCache()) {
cache_array = handle(descriptors->GetEnumCache(), isolate); cache_array = handle(descriptors->GetEnumCache(), isolate);
cache_length = cache_array->length(); cache_length = enum_length;
} else { } else {
cache_array = isolate->factory()->empty_fixed_array(); cache_array = isolate->factory()->empty_fixed_array();
cache_length = 0; cache_length = 0;
......
// Copyright 2016 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --allow-natives-syntax
var a = {}
var b = {}
a.x = 1;
a.y = 1;
b.x = 1;
function foo(c) {
var s = 0;
for (var p in c) { s++; }
return s;
}
assertEquals(2, foo(a));
assertEquals(1, foo(b));
%OptimizeFunctionOnNextCall(foo);
assertEquals(2, foo(a));
assertEquals(1, foo(b));
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment