Version 3.12.8
Implemented TypedArray.set and ArrayBuffer.slice in d8.
Performance and stability improvements on all platforms.
git-svn-id: http://v8.googlecode.com/svn/trunk@11988 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
diff --git a/src/arm/stub-cache-arm.cc b/src/arm/stub-cache-arm.cc
index 54114db..14d0bfd 100644
--- a/src/arm/stub-cache-arm.cc
+++ b/src/arm/stub-cache-arm.cc
@@ -2671,9 +2671,10 @@
Handle<Code> StoreStubCompiler::CompileStoreViaSetter(
+ Handle<String> name,
Handle<JSObject> receiver,
- Handle<JSFunction> setter,
- Handle<String> name) {
+ Handle<JSObject> holder,
+ Handle<JSFunction> setter) {
// ----------- S t a t e -------------
// -- r0 : value
// -- r1 : receiver
@@ -2682,9 +2683,9 @@
// -----------------------------------
Label miss;
- // Check that the map of the object hasn't changed.
- __ CheckMap(r1, r3, Handle<Map>(receiver->map()), &miss, DO_SMI_CHECK,
- ALLOW_ELEMENT_TRANSITION_MAPS);
+ // Check that the maps haven't changed.
+ __ JumpIfSmi(r1, &miss);
+ CheckPrototypes(receiver, r1, holder, r3, r4, r5, name, &miss);
{
FrameScope scope(masm(), StackFrame::INTERNAL);
@@ -2692,7 +2693,7 @@
// Save value register, so we can restore it later.
__ push(r0);
- // Call the JavaScript getter with the receiver and the value on the stack.
+ // Call the JavaScript setter with the receiver and the value on the stack.
__ Push(r1, r0);
ParameterCount actual(1);
__ InvokeFunction(setter, actual, CALL_FUNCTION, NullCallWrapper(),
diff --git a/src/contexts.cc b/src/contexts.cc
index 76784bd..7e67125 100644
--- a/src/contexts.cc
+++ b/src/contexts.cc
@@ -243,10 +243,12 @@
void Context::AddOptimizedFunction(JSFunction* function) {
ASSERT(IsGlobalContext());
#ifdef DEBUG
- Object* element = get(OPTIMIZED_FUNCTIONS_LIST);
- while (!element->IsUndefined()) {
- CHECK(element != function);
- element = JSFunction::cast(element)->next_function_link();
+ if (FLAG_enable_slow_asserts) {
+ Object* element = get(OPTIMIZED_FUNCTIONS_LIST);
+ while (!element->IsUndefined()) {
+ CHECK(element != function);
+ element = JSFunction::cast(element)->next_function_link();
+ }
}
CHECK(function->next_function_link()->IsUndefined());
diff --git a/src/d8.cc b/src/d8.cc
index 976510c..fb90c94 100644
--- a/src/d8.cc
+++ b/src/d8.cc
@@ -324,6 +324,8 @@
}
+// TODO(rossberg): should replace these by proper uses of HasInstance,
+// once we figure out a good way to make the templates global.
const char kArrayBufferMarkerPropName[] = "d8::_is_array_buffer_";
const char kArrayMarkerPropName[] = "d8::_is_typed_array_";
@@ -337,7 +339,7 @@
}
uint8_t* data = new uint8_t[length];
if (data == NULL) {
- return ThrowException(String::New("Memory allocation failed."));
+ return ThrowException(String::New("Memory allocation failed"));
}
memset(data, 0, length);
@@ -366,11 +368,11 @@
if (args.Length() == 0) {
return ThrowException(
- String::New("ArrayBuffer constructor must have one parameter."));
+ String::New("ArrayBuffer constructor must have one argument"));
}
TryCatch try_catch;
int32_t length = convertToUint(args[0], &try_catch);
- if (try_catch.HasCaught()) return try_catch.Exception();
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
return CreateExternalArrayBuffer(args.This(), length);
}
@@ -432,7 +434,7 @@
bool init_from_array = false;
if (args.Length() == 0) {
return ThrowException(
- String::New("Array constructor must have at least one parameter."));
+ String::New("Array constructor must have at least one argument"));
}
if (args[0]->IsObject() &&
!args[0]->ToObject()->GetHiddenValue(
@@ -441,19 +443,19 @@
buffer = args[0]->ToObject();
int32_t bufferLength =
convertToUint(buffer->Get(String::New("byteLength")), &try_catch);
- if (try_catch.HasCaught()) return try_catch.Exception();
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
if (args.Length() < 2 || args[1]->IsUndefined()) {
byteOffset = 0;
} else {
byteOffset = convertToUint(args[1], &try_catch);
- if (try_catch.HasCaught()) return try_catch.Exception();
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
if (byteOffset > bufferLength) {
return ThrowException(String::New("byteOffset out of bounds"));
}
if (byteOffset % element_size != 0) {
return ThrowException(
- String::New("byteOffset must be multiple of element_size"));
+ String::New("byteOffset must be multiple of element size"));
}
}
@@ -462,11 +464,11 @@
length = byteLength / element_size;
if (byteLength % element_size != 0) {
return ThrowException(
- String::New("buffer size must be multiple of element_size"));
+ String::New("buffer size must be multiple of element size"));
}
} else {
length = convertToUint(args[2], &try_catch);
- if (try_catch.HasCaught()) return try_catch.Exception();
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
byteLength = length * element_size;
if (byteOffset + byteLength > bufferLength) {
return ThrowException(String::New("length out of bounds"));
@@ -478,12 +480,12 @@
// Construct from array.
length = convertToUint(
args[0]->ToObject()->Get(String::New("length")), &try_catch);
- if (try_catch.HasCaught()) return try_catch.Exception();
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
init_from_array = true;
} else {
// Construct from size.
length = convertToUint(args[0], &try_catch);
- if (try_catch.HasCaught()) return try_catch.Exception();
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
}
byteLength = length * element_size;
byteOffset = 0;
@@ -510,39 +512,32 @@
}
-Handle<Value> Shell::SubArray(const Arguments& args) {
+Handle<Value> Shell::ArrayBufferSlice(const Arguments& args) {
TryCatch try_catch;
if (!args.This()->IsObject()) {
return ThrowException(
- String::New("subarray invoked on non-object receiver."));
+ String::New("'slice' invoked on non-object receiver"));
}
Local<Object> self = args.This();
- Local<Value> marker = self->GetHiddenValue(String::New(kArrayMarkerPropName));
+ Local<Value> marker =
+ self->GetHiddenValue(String::New(kArrayBufferMarkerPropName));
if (marker.IsEmpty()) {
return ThrowException(
- String::New("subarray invoked on wrong receiver type."));
+ String::New("'slice' invoked on wrong receiver type"));
}
- Handle<Object> buffer = self->Get(String::New("buffer"))->ToObject();
- if (try_catch.HasCaught()) return try_catch.Exception();
int32_t length =
- convertToUint(self->Get(String::New("length")), &try_catch);
- if (try_catch.HasCaught()) return try_catch.Exception();
- int32_t byteOffset =
- convertToUint(self->Get(String::New("byteOffset")), &try_catch);
- if (try_catch.HasCaught()) return try_catch.Exception();
- int32_t element_size =
- convertToUint(self->Get(String::New("BYTES_PER_ELEMENT")), &try_catch);
- if (try_catch.HasCaught()) return try_catch.Exception();
+ convertToUint(self->Get(String::New("byteLength")), &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
if (args.Length() == 0) {
return ThrowException(
- String::New("subarray must have at least one parameter."));
+ String::New("'slice' must have at least one argument"));
}
int32_t begin = convertToInt(args[0], &try_catch);
- if (try_catch.HasCaught()) return try_catch.Exception();
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
if (begin < 0) begin += length;
if (begin < 0) begin = 0;
if (begin > length) begin = length;
@@ -552,7 +547,71 @@
end = length;
} else {
end = convertToInt(args[1], &try_catch);
- if (try_catch.HasCaught()) return try_catch.Exception();
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ if (end < 0) end += length;
+ if (end < 0) end = 0;
+ if (end > length) end = length;
+ if (end < begin) end = begin;
+ }
+
+ Local<Function> constructor = Local<Function>::Cast(self->GetConstructor());
+ Handle<Value> new_args[] = { Uint32::New(end - begin) };
+ Handle<Value> result = constructor->NewInstance(1, new_args);
+ if (try_catch.HasCaught()) return result;
+ Handle<Object> buffer = result->ToObject();
+ uint8_t* dest =
+ static_cast<uint8_t*>(buffer->GetIndexedPropertiesExternalArrayData());
+ uint8_t* src = begin + static_cast<uint8_t*>(
+ self->GetIndexedPropertiesExternalArrayData());
+ memcpy(dest, src, end - begin);
+
+ return buffer;
+}
+
+
+Handle<Value> Shell::ArraySubArray(const Arguments& args) {
+ TryCatch try_catch;
+
+ if (!args.This()->IsObject()) {
+ return ThrowException(
+ String::New("'subarray' invoked on non-object receiver"));
+ }
+
+ Local<Object> self = args.This();
+ Local<Value> marker = self->GetHiddenValue(String::New(kArrayMarkerPropName));
+ if (marker.IsEmpty()) {
+ return ThrowException(
+ String::New("'subarray' invoked on wrong receiver type"));
+ }
+
+ Handle<Object> buffer = self->Get(String::New("buffer"))->ToObject();
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ int32_t length =
+ convertToUint(self->Get(String::New("length")), &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ int32_t byteOffset =
+ convertToUint(self->Get(String::New("byteOffset")), &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ int32_t element_size =
+ convertToUint(self->Get(String::New("BYTES_PER_ELEMENT")), &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+
+ if (args.Length() == 0) {
+ return ThrowException(
+ String::New("'subarray' must have at least one argument"));
+ }
+ int32_t begin = convertToInt(args[0], &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ if (begin < 0) begin += length;
+ if (begin < 0) begin = 0;
+ if (begin > length) begin = length;
+
+ int32_t end;
+ if (args.Length() < 2 || args[1]->IsUndefined()) {
+ end = length;
+ } else {
+ end = convertToInt(args[1], &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
if (end < 0) end += length;
if (end < 0) end = 0;
if (end > length) end = length;
@@ -570,6 +629,147 @@
}
+Handle<Value> Shell::ArraySet(const Arguments& args) {
+ TryCatch try_catch;
+
+ if (!args.This()->IsObject()) {
+ return ThrowException(
+ String::New("'set' invoked on non-object receiver"));
+ }
+
+ Local<Object> self = args.This();
+ Local<Value> marker = self->GetHiddenValue(String::New(kArrayMarkerPropName));
+ if (marker.IsEmpty()) {
+ return ThrowException(
+ String::New("'set' invoked on wrong receiver type"));
+ }
+ int32_t length =
+ convertToUint(self->Get(String::New("length")), &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ int32_t element_size =
+ convertToUint(self->Get(String::New("BYTES_PER_ELEMENT")), &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+
+ if (args.Length() == 0) {
+ return ThrowException(
+ String::New("'set' must have at least one argument"));
+ }
+ if (!args[0]->IsObject() ||
+ !args[0]->ToObject()->Has(String::New("length"))) {
+ return ThrowException(
+ String::New("'set' invoked with non-array argument"));
+ }
+ Handle<Object> source = args[0]->ToObject();
+ int32_t source_length =
+ convertToUint(source->Get(String::New("length")), &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+
+ int32_t offset;
+ if (args.Length() < 2 || args[1]->IsUndefined()) {
+ offset = 0;
+ } else {
+ offset = convertToUint(args[1], &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ }
+ if (offset + source_length > length) {
+ return ThrowException(String::New("offset or source length out of bounds"));
+ }
+
+ int32_t source_element_size;
+ if (source->GetHiddenValue(String::New(kArrayMarkerPropName)).IsEmpty()) {
+ source_element_size = 0;
+ } else {
+ source_element_size =
+ convertToUint(source->Get(String::New("BYTES_PER_ELEMENT")), &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ }
+
+ if (element_size == source_element_size &&
+ self->GetConstructor()->StrictEquals(source->GetConstructor())) {
+ // Use memmove on the array buffers.
+ Handle<Object> buffer = self->Get(String::New("buffer"))->ToObject();
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ Handle<Object> source_buffer =
+ source->Get(String::New("buffer"))->ToObject();
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ int32_t byteOffset =
+ convertToUint(self->Get(String::New("byteOffset")), &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ int32_t source_byteOffset =
+ convertToUint(source->Get(String::New("byteOffset")), &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+
+ uint8_t* dest = byteOffset + offset * element_size + static_cast<uint8_t*>(
+ buffer->GetIndexedPropertiesExternalArrayData());
+ uint8_t* src = source_byteOffset + static_cast<uint8_t*>(
+ source_buffer->GetIndexedPropertiesExternalArrayData());
+ memmove(dest, src, source_length * element_size);
+ } else if (source_element_size == 0) {
+ // Source is not a typed array, copy element-wise sequentially.
+ for (int i = 0; i < source_length; ++i) {
+ self->Set(offset + i, source->Get(i));
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ }
+ } else {
+ // Need to copy element-wise to make the right conversions.
+ Handle<Object> buffer = self->Get(String::New("buffer"))->ToObject();
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ Handle<Object> source_buffer =
+ source->Get(String::New("buffer"))->ToObject();
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+
+ if (buffer->StrictEquals(source_buffer)) {
+ // Same backing store, need to handle overlap correctly.
+ // This gets a bit tricky in the case of different element sizes
+ // (which, of course, is extremely unlikely to ever occur in practice).
+ int32_t byteOffset =
+ convertToUint(self->Get(String::New("byteOffset")), &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ int32_t source_byteOffset =
+ convertToUint(source->Get(String::New("byteOffset")), &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+
+ // Copy as much as we can from left to right.
+ int i = 0;
+ int32_t next_dest_offset = byteOffset + (offset + 1) * element_size;
+ int32_t next_src_offset = source_byteOffset + source_element_size;
+ while (i < length && next_dest_offset <= next_src_offset) {
+ self->Set(offset + i, source->Get(i));
+ ++i;
+ next_dest_offset += element_size;
+ next_src_offset += source_element_size;
+ }
+ // Of what's left, copy as much as we can from right to left.
+ int j = length - 1;
+ int32_t dest_offset = byteOffset + (offset + j) * element_size;
+ int32_t src_offset = source_byteOffset + j * source_element_size;
+ while (j >= i && dest_offset >= src_offset) {
+ self->Set(offset + j, source->Get(j));
+ --j;
+ dest_offset -= element_size;
+ src_offset -= source_element_size;
+ }
+ // There can be at most 8 entries left in the middle that need buffering
+ // (because the largest element_size is 8 times the smallest).
+ ASSERT(j+1 - i <= 8);
+ Handle<Value> temp[8];
+ for (int k = i; k <= j; ++k) {
+ temp[k - i] = source->Get(k);
+ }
+ for (int k = i; k <= j; ++k) {
+ self->Set(offset + k, temp[k - i]);
+ }
+ } else {
+ // Different backing stores, safe to copy element-wise sequentially.
+ for (int i = 0; i < source_length; ++i)
+ self->Set(offset + i, source->Get(i));
+ }
+ }
+
+ return Undefined();
+}
+
+
void Shell::ExternalArrayWeakCallback(Persistent<Value> object, void* data) {
HandleScope scope;
int32_t length =
@@ -919,10 +1119,22 @@
#endif
+Handle<FunctionTemplate> Shell::CreateArrayBufferTemplate(
+ InvocationCallback fun) {
+ Handle<FunctionTemplate> buffer_template = FunctionTemplate::New(fun);
+ Local<Template> proto_template = buffer_template->PrototypeTemplate();
+ proto_template->Set(String::New("slice"),
+ FunctionTemplate::New(ArrayBufferSlice));
+ return buffer_template;
+}
+
+
Handle<FunctionTemplate> Shell::CreateArrayTemplate(InvocationCallback fun) {
Handle<FunctionTemplate> array_template = FunctionTemplate::New(fun);
Local<Template> proto_template = array_template->PrototypeTemplate();
- proto_template->Set(String::New("subarray"), FunctionTemplate::New(SubArray));
+ proto_template->Set(String::New("set"), FunctionTemplate::New(ArraySet));
+ proto_template->Set(String::New("subarray"),
+ FunctionTemplate::New(ArraySubArray));
return array_template;
}
@@ -948,7 +1160,7 @@
PropertyAttribute attr =
static_cast<PropertyAttribute>(ReadOnly | DontDelete);
global_template->Set(String::New("ArrayBuffer"),
- CreateArrayTemplate(ArrayBuffer), attr);
+ CreateArrayBufferTemplate(ArrayBuffer), attr);
global_template->Set(String::New("Int8Array"),
CreateArrayTemplate(Int8Array), attr);
global_template->Set(String::New("Uint8Array"),
diff --git a/src/d8.h b/src/d8.h
index 3410f16..be53f99 100644
--- a/src/d8.h
+++ b/src/d8.h
@@ -323,7 +323,9 @@
static Handle<Value> Float32Array(const Arguments& args);
static Handle<Value> Float64Array(const Arguments& args);
static Handle<Value> Uint8ClampedArray(const Arguments& args);
- static Handle<Value> SubArray(const Arguments& args);
+ static Handle<Value> ArrayBufferSlice(const Arguments& args);
+ static Handle<Value> ArraySubArray(const Arguments& args);
+ static Handle<Value> ArraySet(const Arguments& args);
// The OS object on the global object contains methods for performing
// operating system calls:
//
@@ -384,6 +386,7 @@
static void RunShell();
static bool SetOptions(int argc, char* argv[]);
static Handle<ObjectTemplate> CreateGlobalTemplate();
+ static Handle<FunctionTemplate> CreateArrayBufferTemplate(InvocationCallback);
static Handle<FunctionTemplate> CreateArrayTemplate(InvocationCallback);
static Handle<Value> CreateExternalArrayBuffer(Handle<Object> buffer,
int32_t size);
diff --git a/src/debug.cc b/src/debug.cc
index 1f5164f..777e23d 100644
--- a/src/debug.cc
+++ b/src/debug.cc
@@ -1027,8 +1027,8 @@
} else if (it.frame()->fp() != thread_local_.last_fp_) {
// We crawled over last_fp_, without getting a match.
Handle<String> stack = isolate_->StackTraceString();
- char buffer[2048];
- String::WriteToFlat(*stack, buffer, 0, 2047);
+ char buffer[8192];
+ String::WriteToFlat(*stack, buffer, 0, 8191);
PutValuesOnStackAndDie(0xDEEEEEEE,
frame->fp(),
thread_local_.last_fp_,
diff --git a/src/hydrogen.cc b/src/hydrogen.cc
index ee3d6b5..2d67183 100644
--- a/src/hydrogen.cc
+++ b/src/hydrogen.cc
@@ -568,9 +568,9 @@
HConstant* HGraph::GetConstant(SetOncePointer<HConstant>* pointer,
- Object* value) {
+ Handle<Object> value) {
if (!pointer->is_set()) {
- HConstant* constant = new(zone()) HConstant(Handle<Object>(value),
+ HConstant* constant = new(zone()) HConstant(value,
Representation::Tagged());
constant->InsertAfter(GetConstantUndefined());
pointer->set(constant);
@@ -580,27 +580,27 @@
HConstant* HGraph::GetConstant1() {
- return GetConstant(&constant_1_, Smi::FromInt(1));
+ return GetConstant(&constant_1_, Handle<Smi>(Smi::FromInt(1)));
}
HConstant* HGraph::GetConstantMinus1() {
- return GetConstant(&constant_minus1_, Smi::FromInt(-1));
+ return GetConstant(&constant_minus1_, Handle<Smi>(Smi::FromInt(-1)));
}
HConstant* HGraph::GetConstantTrue() {
- return GetConstant(&constant_true_, isolate()->heap()->true_value());
+ return GetConstant(&constant_true_, isolate()->factory()->true_value());
}
HConstant* HGraph::GetConstantFalse() {
- return GetConstant(&constant_false_, isolate()->heap()->false_value());
+ return GetConstant(&constant_false_, isolate()->factory()->false_value());
}
HConstant* HGraph::GetConstantHole() {
- return GetConstant(&constant_hole_, isolate()->heap()->the_hole_value());
+ return GetConstant(&constant_hole_, isolate()->factory()->the_hole_value());
}
diff --git a/src/hydrogen.h b/src/hydrogen.h
index b9f2300..907279a 100644
--- a/src/hydrogen.h
+++ b/src/hydrogen.h
@@ -347,7 +347,7 @@
private:
HConstant* GetConstant(SetOncePointer<HConstant>* pointer,
- Object* value);
+ Handle<Object> value);
void MarkAsDeoptimizingRecursively(HBasicBlock* block);
void InsertTypeConversions(HInstruction* instr);
diff --git a/src/ia32/stub-cache-ia32.cc b/src/ia32/stub-cache-ia32.cc
index 78a5b68..c1a5c39 100644
--- a/src/ia32/stub-cache-ia32.cc
+++ b/src/ia32/stub-cache-ia32.cc
@@ -2590,9 +2590,10 @@
Handle<Code> StoreStubCompiler::CompileStoreViaSetter(
+ Handle<String> name,
Handle<JSObject> receiver,
- Handle<JSFunction> setter,
- Handle<String> name) {
+ Handle<JSObject> holder,
+ Handle<JSFunction> setter) {
// ----------- S t a t e -------------
// -- eax : value
// -- ecx : name
@@ -2601,9 +2602,11 @@
// -----------------------------------
Label miss;
- // Check that the map of the object hasn't changed.
- __ CheckMap(edx, Handle<Map>(receiver->map()), &miss, DO_SMI_CHECK,
- ALLOW_ELEMENT_TRANSITION_MAPS);
+ // Check that the maps haven't changed, preserving the name register.
+ __ push(ecx);
+ __ JumpIfSmi(edx, &miss);
+ CheckPrototypes(receiver, edx, holder, ebx, ecx, edi, name, &miss);
+ __ pop(ecx);
{
FrameScope scope(masm(), StackFrame::INTERNAL);
@@ -2611,7 +2614,7 @@
// Save value register, so we can restore it later.
__ push(eax);
- // Call the JavaScript getter with the receiver and the value on the stack.
+ // Call the JavaScript setter with the receiver and the value on the stack.
__ push(edx);
__ push(eax);
ParameterCount actual(1);
@@ -2627,6 +2630,7 @@
__ ret(0);
__ bind(&miss);
+ __ pop(ecx);
Handle<Code> ic = isolate()->builtins()->StoreIC_Miss();
__ jmp(ic, RelocInfo::CODE_TARGET);
diff --git a/src/ic.cc b/src/ic.cc
index 1f0070b..e3663c0 100644
--- a/src/ic.cc
+++ b/src/ic.cc
@@ -1315,7 +1315,15 @@
LookupResult* lookup) {
receiver->LocalLookup(*name, lookup);
if (!StoreICableLookup(lookup)) {
- return false;
+ // 2nd chance: There can be accessors somewhere in the prototype chain, but
+ // for compatibility reasons we have to hide this behind a flag. Note that
+ // we explicitly exclude native accessors for now, because the stubs are not
+ // yet prepared for this scenario.
+ if (!FLAG_es5_readonly) return false;
+ receiver->Lookup(*name, lookup);
+ if (!lookup->IsCallbacks()) return false;
+ Handle<Object> callback(lookup->GetCallbackObject());
+ return callback->IsAccessorPair() && StoreICableLookup(lookup);
}
if (lookup->IsInterceptor() &&
@@ -1494,7 +1502,8 @@
if (holder->IsGlobalObject()) return;
if (!receiver->HasFastProperties()) return;
code = isolate()->stub_cache()->ComputeStoreViaSetter(
- name, receiver, Handle<JSFunction>::cast(setter), strict_mode);
+ name, receiver, holder, Handle<JSFunction>::cast(setter),
+ strict_mode);
} else {
ASSERT(callback->IsForeign());
// No IC support for old-style native accessors.
diff --git a/src/mips/stub-cache-mips.cc b/src/mips/stub-cache-mips.cc
index d4d4de0..cf6ba81 100644
--- a/src/mips/stub-cache-mips.cc
+++ b/src/mips/stub-cache-mips.cc
@@ -2675,9 +2675,10 @@
Handle<Code> StoreStubCompiler::CompileStoreViaSetter(
+ Handle<String> name,
Handle<JSObject> receiver,
- Handle<JSFunction> setter,
- Handle<String> name) {
+ Handle<JSObject> holder,
+ Handle<JSFunction> setter) {
// ----------- S t a t e -------------
// -- a0 : value
// -- a1 : receiver
@@ -2686,9 +2687,9 @@
// -----------------------------------
Label miss;
- // Check that the map of the object hasn't changed.
- __ CheckMap(a1, a3, Handle<Map>(receiver->map()), &miss, DO_SMI_CHECK,
- ALLOW_ELEMENT_TRANSITION_MAPS);
+ // Check that the maps haven't changed.
+ __ JumpIfSmi(a1, &miss);
+ CheckPrototypes(receiver, a1, holder, a3, t0, t1, name, &miss);
{
FrameScope scope(masm(), StackFrame::INTERNAL);
@@ -2696,7 +2697,7 @@
// Save value register, so we can restore it later.
__ push(a0);
- // Call the JavaScript getter with the receiver and the value on the stack.
+ // Call the JavaScript setter with the receiver and the value on the stack.
__ push(a1);
__ push(a0);
ParameterCount actual(1);
diff --git a/src/stub-cache.cc b/src/stub-cache.cc
index c5ae175..9adf3cb 100644
--- a/src/stub-cache.cc
+++ b/src/stub-cache.cc
@@ -523,6 +523,7 @@
Handle<Code> StubCache::ComputeStoreViaSetter(Handle<String> name,
Handle<JSObject> receiver,
+ Handle<JSObject> holder,
Handle<JSFunction> setter,
StrictModeFlag strict_mode) {
Code::Flags flags = Code::ComputeMonomorphicFlags(
@@ -531,7 +532,8 @@
if (probe->IsCode()) return Handle<Code>::cast(probe);
StoreStubCompiler compiler(isolate_, strict_mode);
- Handle<Code> code = compiler.CompileStoreViaSetter(receiver, setter, name);
+ Handle<Code> code =
+ compiler.CompileStoreViaSetter(name, receiver, holder, setter);
PROFILE(isolate_, CodeCreateEvent(Logger::STORE_IC_TAG, *code, *name));
GDBJIT(AddCode(GDBJITInterface::STORE_IC, *name, *code));
JSObject::UpdateMapCodeCache(receiver, name, code);
diff --git a/src/stub-cache.h b/src/stub-cache.h
index e274c82..be13fdd 100644
--- a/src/stub-cache.h
+++ b/src/stub-cache.h
@@ -164,6 +164,7 @@
Handle<Code> ComputeStoreViaSetter(Handle<String> name,
Handle<JSObject> receiver,
+ Handle<JSObject> holder,
Handle<JSFunction> setter,
StrictModeFlag strict_mode);
@@ -697,9 +698,10 @@
Handle<AccessorInfo> callback,
Handle<String> name);
- Handle<Code> CompileStoreViaSetter(Handle<JSObject> receiver,
- Handle<JSFunction> setter,
- Handle<String> name);
+ Handle<Code> CompileStoreViaSetter(Handle<String> name,
+ Handle<JSObject> receiver,
+ Handle<JSObject> holder,
+ Handle<JSFunction> setter);
Handle<Code> CompileStoreInterceptor(Handle<JSObject> object,
Handle<String> name);
diff --git a/src/version.cc b/src/version.cc
index 4f42c99..fa7a163 100644
--- a/src/version.cc
+++ b/src/version.cc
@@ -34,7 +34,7 @@
// cannot be changed without changing the SCons build script.
#define MAJOR_VERSION 3
#define MINOR_VERSION 12
-#define BUILD_NUMBER 7
+#define BUILD_NUMBER 8
#define PATCH_LEVEL 0
// Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.)
diff --git a/src/x64/stub-cache-x64.cc b/src/x64/stub-cache-x64.cc
index a2adf06..df6b5d5 100644
--- a/src/x64/stub-cache-x64.cc
+++ b/src/x64/stub-cache-x64.cc
@@ -2427,9 +2427,10 @@
Handle<Code> StoreStubCompiler::CompileStoreViaSetter(
+ Handle<String> name,
Handle<JSObject> receiver,
- Handle<JSFunction> setter,
- Handle<String> name) {
+ Handle<JSObject> holder,
+ Handle<JSFunction> setter) {
// ----------- S t a t e -------------
// -- rax : value
// -- rcx : name
@@ -2438,9 +2439,9 @@
// -----------------------------------
Label miss;
- // Check that the map of the object hasn't changed.
- __ CheckMap(rdx, Handle<Map>(receiver->map()), &miss, DO_SMI_CHECK,
- ALLOW_ELEMENT_TRANSITION_MAPS);
+ // Check that the maps haven't changed.
+ __ JumpIfSmi(rdx, &miss);
+ CheckPrototypes(receiver, rdx, holder, rbx, r8, rdi, name, &miss);
{
FrameScope scope(masm(), StackFrame::INTERNAL);
@@ -2448,7 +2449,7 @@
// Save value register, so we can restore it later.
__ push(rax);
- // Call the JavaScript getter with the receiver and the value on the stack.
+ // Call the JavaScript setter with the receiver and the value on the stack.
__ push(rdx);
__ push(rax);
ParameterCount actual(1);