[ic] Fix non-GlobalIC store to interceptor on the global object

We possibly need to load the global object from the global proxy as the holder of the named interceptor. Change-Id: I0f9f2e448630608ae853588f6751b55574a9efd9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930903 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#65119}

[ic] Fix non-GlobalIC store to interceptor on the global object
We possibly need to load the global object from the global proxy as the holder of the named interceptor. Change-Id: I0f9f2e448630608ae853588f6751b55574a9efd9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930903 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#65119}
93f189f1 · Toon Verwaest · Commit Bot · d8cb3b3f · 93f189f1 · 93f189f1
Commit 93f189f1 authored Nov 22, 2019 by Toon Verwaest Committed by Commit Bot Nov 22, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 28 deletions

accessor-assembler.cc src/ic/accessor-assembler.cc +2 -15

ic.cc src/ic/ic.cc +9 -13

No files found.
--- a/src/ic/accessor-assembler.cc
+++ b/src/ic/accessor-assembler.cc
@@ -1094,8 +1094,7 @@ void AccessorAssembler::HandleStoreICHandlerCase(
    {
      Comment("store_interceptor");
      TailCallRuntime(Runtime::kStorePropertyWithInterceptor, p->context(),
-                      p->value(), p->slot(), p->vector(), p->receiver(),
-                      p->name());
+                      p->value(), p->receiver(), p->name());
    }

    BIND(&if_slow);
@@ -1558,8 +1557,7 @@ void AccessorAssembler::HandleStoreICProtoHandler(

  {
    Label if_add_normal(this), if_store_global_proxy(this), if_api_setter(this),
-        if_accessor(this), if_native_data_property(this), if_slow(this),
-        if_interceptor(this);
+        if_accessor(this), if_native_data_property(this), if_slow(this);

    CSA_ASSERT(this, TaggedIsSmi(smi_handler));
    TNode<Int32T> handler_word = SmiToInt32(CAST(smi_handler));
@@ -1589,9 +1587,6 @@ void AccessorAssembler::HandleStoreICProtoHandler(
    GotoIf(Word32Equal(handler_kind, Int32Constant(StoreHandler::kApiSetter)),
           &if_api_setter);

-    GotoIf(Word32Equal(handler_kind, Int32Constant(StoreHandler::kInterceptor)),
-           &if_interceptor);
-
    GotoIf(
        Word32Equal(handler_kind,
                    Int32Constant(StoreHandler::kApiSetterHolderIsPrototype)),
@@ -1616,14 +1611,6 @@ void AccessorAssembler::HandleStoreICProtoHandler(
      }
    }

-    BIND(&if_interceptor);
-    {
-      Comment("store_interceptor");
-      TailCallRuntime(Runtime::kStorePropertyWithInterceptor, p->context(),
-                      p->value(), p->slot(), p->vector(), p->receiver(),
-                      p->name());
-    }
-
    BIND(&if_add_normal);
    {
      // This is a case of "transitioning store" to a dictionary mode object

--- a/src/ic/ic.cc
+++ b/src/ic/ic.cc
@@ -1363,8 +1363,7 @@ bool StoreIC::LookupForWrite(LookupIterator* it, Handle<Object> value,
        case LookupIterator::INTERCEPTOR: {
          Handle<JSObject> holder = it->GetHolder<JSObject>();
          InterceptorInfo info = holder->GetNamedInterceptor();
-          if ((it->HolderIsReceiverOrHiddenPrototype() &&
-               !info.non_masking()) ||
+          if (it->HolderIsReceiverOrHiddenPrototype() ||
              !info.getter().IsUndefined(isolate()) ||
              !info.query().IsUndefined(isolate())) {
            return true;
@@ -2757,23 +2756,20 @@ RUNTIME_FUNCTION(Runtime_LoadPropertyWithInterceptor) {

 RUNTIME_FUNCTION(Runtime_StorePropertyWithInterceptor) {
  HandleScope scope(isolate);
-  DCHECK_EQ(5, args.length());
+  DCHECK_EQ(3, args.length());
  // Runtime functions don't follow the IC's calling convention.
  Handle<Object> value = args.at(0);
-  Handle<Smi> slot = args.at<Smi>(1);
-  Handle<FeedbackVector> vector = args.at<FeedbackVector>(2);
-  Handle<JSObject> receiver = args.at<JSObject>(3);
-  Handle<Name> name = args.at<Name>(4);
-  FeedbackSlot vector_slot = FeedbackVector::ToSlot(slot->value());
+  Handle<JSObject> receiver = args.at<JSObject>(1);
+  Handle<Name> name = args.at<Name>(2);

  // TODO(ishell): Cache interceptor_holder in the store handler like we do
  // for LoadHandler::kInterceptor case.
  Handle<JSObject> interceptor_holder = receiver;
-  if (receiver->IsJSGlobalProxy()) {
-    FeedbackSlotKind kind = vector->GetKind(vector_slot);
-    if (IsStoreGlobalICKind(kind)) {
-      interceptor_holder = Handle<JSObject>::cast(isolate->global_object());
-    }
+  if (receiver->IsJSGlobalProxy() &&
+      (!receiver->HasNamedInterceptor() ||
+       receiver->GetNamedInterceptor().non_masking())) {
+    interceptor_holder =
+        handle(JSObject::cast(receiver->map().prototype()), isolate);
  }
  DCHECK(interceptor_holder->HasNamedInterceptor());
  Handle<InterceptorInfo> interceptor(interceptor_holder->GetNamedInterceptor(),