Don't compile code for LoadICs if the receiver is primitive

BUG=chromium:609134 R=verwaest@chromium.org Review-Url: https://codereview.chromium.org/1966853004 Cr-Commit-Position: refs/heads/master@{#36168}

Don't compile code for LoadICs if the receiver is primitive
BUG=chromium:609134 R=verwaest@chromium.org Review-Url: https://codereview.chromium.org/1966853004 Cr-Commit-Position: refs/heads/master@{#36168}
ced492a6 · jochen · Commit bot · 9c5d12e5 · ced492a6 · ced492a6
Commit ced492a6 authored May 11, 2016 by jochen Committed by Commit bot May 11, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletion

ic.cc src/ic/ic.cc +2 -0

test-accessors.cc test/cctest/test-accessors.cc +2 -1

No files found.
--- a/src/ic/ic.cc
+++ b/src/ic/ic.cc
@@ -1075,6 +1075,7 @@ Handle<Code> LoadIC::CompileHandler(LookupIterator* lookup,
            LoadApiGetterStub stub(isolate(), true, index);
            return stub.GetCode();
          }
+          if (info->is_sloppy() && !receiver->IsJSReceiver()) break;
          NamedLoadHandlerCompiler compiler(isolate(), map, holder,
                                            cache_holder);
          return compiler.CompileLoadCallback(lookup->name(), info);
@@ -1551,6 +1552,7 @@ Handle<Code> StoreIC::CompileHandler(LookupIterator* lookup,
          TRACE_GENERIC_IC(isolate(), "StoreIC", "incompatible receiver type");
          break;
        }
+        if (info->is_sloppy() && !receiver->IsJSReceiver()) break;
        NamedStoreHandlerCompiler compiler(isolate(), receiver_map(), holder);
        return compiler.CompileStoreCallback(receiver, lookup->name(), info,
                                             language_mode());

--- a/test/cctest/test-accessors.cc
+++ b/test/cctest/test-accessors.cc
@@ -797,5 +797,6 @@ TEST(Regress609134) {
  CompileRun(
      "var f = new Fun();"
      "Number.prototype.__proto__ = f;"
-      "[42][0].foo");
+      "var a = 42;"
+      "for (var i = 0; i<3; i++) { a.foo; }");
 }