fix nonmasking interceptor ic with interceptor on receiver

TBR=verwaest@chromium.org BUG= Review URL: https://codereview.chromium.org/1036843002 Cr-Commit-Position: refs/heads/master@{#27436}

fix nonmasking interceptor ic with interceptor on receiver
TBR=verwaest@chromium.org BUG= Review URL: https://codereview.chromium.org/1036843002 Cr-Commit-Position: refs/heads/master@{#27436}
637f96b8 · dcarney · Commit bot · d1478f4e · 637f96b8 · 637f96b8
Commit 637f96b8 authored Mar 25, 2015 by dcarney Committed by Commit bot Mar 25, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 70 additions and 3 deletions

handler-compiler.cc src/ic/handler-compiler.cc +7 -3

test-api-interceptors.cc test/cctest/test-api-interceptors.cc +63 -0

No files found.
--- a/src/ic/handler-compiler.cc
+++ b/src/ic/handler-compiler.cc
@@ -332,9 +332,13 @@ Handle<Code> NamedLoadHandlerCompiler::CompileLoadInterceptor(
  // Reset the holder so further calculations are correct.
  set_holder(holder_orig);
  if (lost_holder_register) {
-    // Reload lost holder register.
-    auto cell = isolate()->factory()->NewWeakCell(holder());
-    __ LoadWeakValue(reg, cell, &miss);
+    if (*it->GetReceiver() == *holder()) {
+      reg = receiver();
+    } else {
+      // Reload lost holder register.
+      auto cell = isolate()->factory()->NewWeakCell(holder());
+      __ LoadWeakValue(reg, cell, &miss);
+    }
  }
  FrontendFooter(it->name(), &miss);
  InterceptorVectorSlotPop(reg);

--- a/test/cctest/test-api-interceptors.cc
+++ b/test/cctest/test-api-interceptors.cc
@@ -3247,3 +3247,66 @@ THREADED_TEST(NonMaskingInterceptorPrototypePropertyIC) {
  ExpectInt32("f(obj)", 239);
  ExpectInt32("f(outer)", 4);
 }
+
+
+namespace {
+
+void DatabaseGetter(Local<Name> name,
+                    const v8::PropertyCallbackInfo<Value>& info) {
+  ApiTestFuzzer::Fuzz();
+  auto context = info.GetIsolate()->GetCurrentContext();
+  Local<v8::Object> db = info.Holder()
+                             ->GetRealNamedProperty(context, v8_str("db"))
+                             .ToLocalChecked()
+                             .As<v8::Object>();
+  if (!db->Has(context, name).FromJust()) return;
+  info.GetReturnValue().Set(db->Get(context, name).ToLocalChecked());
+}
+
+
+void DatabaseSetter(Local<Name> name, Local<Value> value,
+                    const v8::PropertyCallbackInfo<Value>& info) {
+  ApiTestFuzzer::Fuzz();
+  auto context = info.GetIsolate()->GetCurrentContext();
+  if (name->Equals(v8_str("db"))) return;
+  Local<v8::Object> db = info.Holder()
+                             ->GetRealNamedProperty(context, v8_str("db"))
+                             .ToLocalChecked()
+                             .As<v8::Object>();
+  db->Set(context, name, value).FromJust();
+  info.GetReturnValue().Set(value);
+}
+}
+
+
+THREADED_TEST(NonMaskingInterceptorGlobalEvalRegression) {
+  auto isolate = CcTest::isolate();
+  v8::HandleScope handle_scope(isolate);
+  LocalContext context;
+
+  auto interceptor_templ = v8::ObjectTemplate::New(isolate);
+  v8::NamedPropertyHandlerConfiguration conf(DatabaseGetter, DatabaseSetter);
+  conf.flags = v8::PropertyHandlerFlags::kNonMasking;
+  interceptor_templ->SetHandler(conf);
+
+  context->Global()->Set(v8_str("intercepted_1"),
+                         interceptor_templ->NewInstance());
+  context->Global()->Set(v8_str("intercepted_2"),
+                         interceptor_templ->NewInstance());
+
+  // Init dbs.
+  CompileRun(
+      "intercepted_1.db = {};"
+      "intercepted_2.db = {};");
+
+  ExpectInt32(
+      "var obj = intercepted_1;"
+      "obj.x = 4;"
+      "eval('obj.x');"
+      "eval('obj.x');"
+      "eval('obj.x');"
+      "obj = intercepted_2;"
+      "obj.x = 9;"
+      "eval('obj.x');",
+      9);
+}