Make KeyedLoadIC::generic_stub go into slow case if receiver has an indexed interceptor.

BUG=589,27967. Review URL: http://codereview.chromium.org/555048 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3680 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Make KeyedLoadIC::generic_stub go into slow case if receiver has an indexed interceptor.
BUG=589,27967. Review URL: http://codereview.chromium.org/555048 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3680 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
c7445d92 · antonm@chromium.org · 40fd97c8 · c7445d92 · c7445d92 · c7445d92
Commit c7445d92 authored Jan 22, 2010 by antonm@chromium.org
Showing with 67 additions and 33 deletions

ic-arm.cc src/arm/ic-arm.cc +3 -4

ic-ia32.cc src/ia32/ic-ia32.cc +3 -4

ic.h src/ic.h +7 -0

ic-x64.cc src/x64/ic-x64.cc +3 -4

test-api.cc test/cctest/test-api.cc +51 -21

No files found.
--- a/src/arm/ic-arm.cc
+++ b/src/arm/ic-arm.cc
@@ -569,11 +569,10 @@ void KeyedLoadIC::GenerateGeneric(MacroAssembler* masm) {

  // Get the map of the receiver.
  __ ldr(r2, FieldMemOperand(r1, HeapObject::kMapOffset));
-  // Check that the receiver does not require access checks.  We need
-  // to check this explicitly since this generic stub does not perform
-  // map checks.
+
+  // Check bit field.
  __ ldrb(r3, FieldMemOperand(r2, Map::kBitFieldOffset));
-  __ tst(r3, Operand(1 << Map::kIsAccessCheckNeeded));
+  __ tst(r3, Operand(kSlowCaseBitFieldMask));
  __ b(ne, &slow);
  // Check that the object is some kind of JS object EXCEPT JS Value type.
  // In the case that the object is a value-wrapper object,

--- a/src/ia32/ic-ia32.cc
+++ b/src/ia32/ic-ia32.cc
@@ -244,11 +244,10 @@ void KeyedLoadIC::GenerateGeneric(MacroAssembler* masm) {

  // Get the map of the receiver.
  __ mov(edx, FieldOperand(ecx, HeapObject::kMapOffset));
-  // Check that the receiver does not require access checks.  We need
-  // to check this explicitly since this generic stub does not perform
-  // map checks.
+
+  // Check bit field.
  __ movzx_b(ebx, FieldOperand(edx, Map::kBitFieldOffset));
-  __ test(ebx, Immediate(1 << Map::kIsAccessCheckNeeded));
+  __ test(ebx, Immediate(kSlowCaseBitFieldMask));
  __ j(not_zero, &slow, not_taken);
  // Check that the object is some kind of JS object EXCEPT JS Value type.
  // In the case that the object is a value-wrapper object,

--- a/src/ic.h
+++ b/src/ic.h
@@ -295,6 +295,13 @@ class KeyedLoadIC: public IC {
  static void ClearInlinedVersion(Address address);

 private:
+  // Bit mask to be tested against bit field for the cases when
+  // generic stub should go into slow case.
+  // Access check is necessary explicitly since generic stub does not perform
+  // map checks.
+  static const int kSlowCaseBitFieldMask =
+      (1 << Map::kIsAccessCheckNeeded) | (1 << Map::kHasIndexedInterceptor);
+
  static void Generate(MacroAssembler* masm, const ExternalReference& f);

  // Update the inline cache.

--- a/src/x64/ic-x64.cc
+++ b/src/x64/ic-x64.cc
@@ -271,11 +271,10 @@ void KeyedLoadIC::GenerateGeneric(MacroAssembler* masm) {
  ASSERT(JS_OBJECT_TYPE > JS_VALUE_TYPE);
  __ CmpObjectType(rcx, JS_OBJECT_TYPE, rdx);
  __ j(below, &slow);
-  // Check that the receiver does not require access checks.  We need
-  // to check this explicitly since this generic stub does not perform
-  // map checks.  The map is already in rdx.
+
+  // Check bit field.
  __ testb(FieldOperand(rdx, Map::kBitFieldOffset),
-           Immediate(1 << Map::kIsAccessCheckNeeded));
+           Immediate(kSlowCaseBitFieldMask));
  __ j(not_zero, &slow);

  // Check that the key is a smi.

--- a/test/cctest/test-api.cc
+++ b/test/cctest/test-api.cc
@@ -61,6 +61,27 @@ using ::v8::Extension;
 namespace i = ::v8::internal;


+static void ExpectString(const char* code, const char* expected) {
+  Local<Value> result = CompileRun(code);
+  CHECK(result->IsString());
+  String::AsciiValue ascii(result);
+  CHECK_EQ(expected, *ascii);
+}
+
+
+static void ExpectBoolean(const char* code, bool expected) {
+  Local<Value> result = CompileRun(code);
+  CHECK(result->IsBoolean());
+  CHECK_EQ(expected, result->BooleanValue());
+}
+
+
+static void ExpectObject(const char* code, Local<Value> expected) {
+  Local<Value> result = CompileRun(code);
+  CHECK(result->Equals(expected));
+}
+
+
 static int signature_callback_count;
 static v8::Handle<Value> IncrementingSignatureCallback(
    const v8::Arguments& args) {
@@ -2381,6 +2402,36 @@ THREADED_TEST(IndexedInterceptorWithIndexedAccessor) {
 }


+static v8::Handle<Value> IdentityIndexedPropertyGetter(
+    uint32_t index,
+    const AccessorInfo& info) {
+  return v8::Integer::New(index);
+}
+
+
+THREADED_TEST(IndexedInterceptorWithNoSetter) {
+  v8::HandleScope scope;
+  Local<ObjectTemplate> templ = ObjectTemplate::New();
+  templ->SetIndexedPropertyHandler(IdentityIndexedPropertyGetter);
+
+  LocalContext context;
+  context->Global()->Set(v8_str("obj"), templ->NewInstance());
+
+  const char* code =
+      "try {"
+      "  obj[0] = 239;"
+      "  for (var i = 0; i < 100; i++) {"
+      "    var v = obj[0];"
+      "    if (v != 0) throw 'Wrong value ' + v + ' at iteration ' + i;"
+      "  }"
+      "  'PASSED'"
+      "} catch(e) {"
+      "  e"
+      "}";
+  ExpectString(code, "PASSED");
+}
+
+
 THREADED_TEST(MultiContexts) {
  v8::HandleScope scope;
  v8::Handle<ObjectTemplate> templ = ObjectTemplate::New();
@@ -2467,27 +2518,6 @@ THREADED_TEST(Regress892105) {
 }


-static void ExpectString(const char* code, const char* expected) {
-  Local<Value> result = CompileRun(code);
-  CHECK(result->IsString());
-  String::AsciiValue ascii(result);
-  CHECK_EQ(0, strcmp(*ascii, expected));
-}
-
-
-static void ExpectBoolean(const char* code, bool expected) {
-  Local<Value> result = CompileRun(code);
-  CHECK(result->IsBoolean());
-  CHECK_EQ(expected, result->BooleanValue());
-}
-
-
-static void ExpectObject(const char* code, Local<Value> expected) {
-  Local<Value> result = CompileRun(code);
-  CHECK(result->Equals(expected));
-}
-
-
 THREADED_TEST(UndetectableObject) {
  v8::HandleScope scope;
  LocalContext env;