summaryrefslogtreecommitdiff
path: root/deps
diff options
context:
space:
mode:
authorMichaël Zasso <targos@protonmail.com>2019-11-27 15:35:23 +0100
committerMichaël Zasso <targos@protonmail.com>2019-11-29 16:06:18 +0100
commitb7b39e0b77d4ad16583ecd56ef5c35b081c9cde4 (patch)
tree211082ee4dc90836b021d32aa32abe5346cb2837 /deps
parent58850f6bb4f57d6970d04b23bd2c75a37937564d (diff)
downloadandroid-node-v8-b7b39e0b77d4ad16583ecd56ef5c35b081c9cde4.tar.gz
android-node-v8-b7b39e0b77d4ad16583ecd56ef5c35b081c9cde4.tar.bz2
android-node-v8-b7b39e0b77d4ad16583ecd56ef5c35b081c9cde4.zip
deps: V8: backport 93f189f19a03
Original commit message: [ic] Fix non-GlobalIC store to interceptor on the global object We possibly need to load the global object from the global proxy as the holder of the named interceptor. Change-Id: I0f9f2e448630608ae853588f6751b55574a9efd9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930903 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#65119} Refs: https://github.com/v8/v8/commit/93f189f19a030d5de6c5173711dca120ad76e5cd Fixes: https://github.com/nodejs/node/issues/30586 PR-URL: https://github.com/nodejs/node/pull/30681 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
Diffstat (limited to 'deps')
-rw-r--r--deps/v8/src/ic/accessor-assembler.cc17
-rw-r--r--deps/v8/src/ic/ic.cc22
2 files changed, 11 insertions, 28 deletions
diff --git a/deps/v8/src/ic/accessor-assembler.cc b/deps/v8/src/ic/accessor-assembler.cc
index 99cbd3c3c8..c9f86ed328 100644
--- a/deps/v8/src/ic/accessor-assembler.cc
+++ b/deps/v8/src/ic/accessor-assembler.cc
@@ -1053,8 +1053,7 @@ void AccessorAssembler::HandleStoreICHandlerCase(
{
Comment("store_interceptor");
TailCallRuntime(Runtime::kStorePropertyWithInterceptor, p->context(),
- p->value(), p->slot(), p->vector(), p->receiver(),
- p->name());
+ p->value(), p->receiver(), p->name());
}
BIND(&if_slow);
@@ -1516,8 +1515,7 @@ void AccessorAssembler::HandleStoreICProtoHandler(
{
Label if_add_normal(this), if_store_global_proxy(this), if_api_setter(this),
- if_accessor(this), if_native_data_property(this), if_slow(this),
- if_interceptor(this);
+ if_accessor(this), if_native_data_property(this), if_slow(this);
CSA_ASSERT(this, TaggedIsSmi(smi_handler));
TNode<Int32T> handler_word = SmiToInt32(CAST(smi_handler));
@@ -1547,9 +1545,6 @@ void AccessorAssembler::HandleStoreICProtoHandler(
GotoIf(Word32Equal(handler_kind, Int32Constant(StoreHandler::kSlow)),
&if_slow);
- GotoIf(Word32Equal(handler_kind, Int32Constant(StoreHandler::kInterceptor)),
- &if_interceptor);
-
GotoIf(
Word32Equal(handler_kind,
Int32Constant(StoreHandler::kApiSetterHolderIsPrototype)),
@@ -1574,14 +1569,6 @@ void AccessorAssembler::HandleStoreICProtoHandler(
}
}
- BIND(&if_interceptor);
- {
- Comment("store_interceptor");
- TailCallRuntime(Runtime::kStorePropertyWithInterceptor, p->context(),
- p->value(), p->slot(), p->vector(), p->receiver(),
- p->name());
- }
-
BIND(&if_add_normal);
{
// This is a case of "transitioning store" to a dictionary mode object
diff --git a/deps/v8/src/ic/ic.cc b/deps/v8/src/ic/ic.cc
index 4ac5fd7abe..1b481cd817 100644
--- a/deps/v8/src/ic/ic.cc
+++ b/deps/v8/src/ic/ic.cc
@@ -1308,8 +1308,7 @@ bool StoreIC::LookupForWrite(LookupIterator* it, Handle<Object> value,
case LookupIterator::INTERCEPTOR: {
Handle<JSObject> holder = it->GetHolder<JSObject>();
InterceptorInfo info = holder->GetNamedInterceptor();
- if ((it->HolderIsReceiverOrHiddenPrototype() &&
- !info.non_masking()) ||
+ if (it->HolderIsReceiverOrHiddenPrototype() ||
!info.getter().IsUndefined(isolate()) ||
!info.query().IsUndefined(isolate())) {
return true;
@@ -2718,23 +2717,20 @@ RUNTIME_FUNCTION(Runtime_LoadPropertyWithInterceptor) {
RUNTIME_FUNCTION(Runtime_StorePropertyWithInterceptor) {
HandleScope scope(isolate);
- DCHECK_EQ(5, args.length());
+ DCHECK_EQ(3, args.length());
// Runtime functions don't follow the IC's calling convention.
Handle<Object> value = args.at(0);
- Handle<Smi> slot = args.at<Smi>(1);
- Handle<FeedbackVector> vector = args.at<FeedbackVector>(2);
- Handle<JSObject> receiver = args.at<JSObject>(3);
- Handle<Name> name = args.at<Name>(4);
- FeedbackSlot vector_slot = FeedbackVector::ToSlot(slot->value());
+ Handle<JSObject> receiver = args.at<JSObject>(1);
+ Handle<Name> name = args.at<Name>(2);
// TODO(ishell): Cache interceptor_holder in the store handler like we do
// for LoadHandler::kInterceptor case.
Handle<JSObject> interceptor_holder = receiver;
- if (receiver->IsJSGlobalProxy()) {
- FeedbackSlotKind kind = vector->GetKind(vector_slot);
- if (IsStoreGlobalICKind(kind)) {
- interceptor_holder = Handle<JSObject>::cast(isolate->global_object());
- }
+ if (receiver->IsJSGlobalProxy() &&
+ (!receiver->HasNamedInterceptor() ||
+ receiver->GetNamedInterceptor().non_masking())) {
+ interceptor_holder =
+ handle(JSObject::cast(receiver->map().prototype()), isolate);
}
DCHECK(interceptor_holder->HasNamedInterceptor());
Handle<InterceptorInfo> interceptor(interceptor_holder->GetNamedInterceptor(),