diff options
| author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2020-10-12 14:27:29 +0200 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2020-10-13 09:35:20 +0000 |
| commit | c30a6232df03e1efbd9f3b226777b07e087a1122 (patch) | |
| tree | e992f45784689f373bcc38d1b79a239ebe17ee23 /chromium/v8/src/ic/ic.cc | |
| parent | 7b5b123ac58f58ffde0f4f6e488bcd09aa4decd3 (diff) | |
BASELINE: Update Chromium to 85.0.4183.14085-based
Change-Id: Iaa42f4680837c57725b1344f108c0196741f6057
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'chromium/v8/src/ic/ic.cc')
| -rw-r--r-- | chromium/v8/src/ic/ic.cc | 28 |
1 files changed, 24 insertions, 4 deletions
diff --git a/chromium/v8/src/ic/ic.cc b/chromium/v8/src/ic/ic.cc index 452275d13f2..9251d772ddc 100644 --- a/chromium/v8/src/ic/ic.cc +++ b/chromium/v8/src/ic/ic.cc @@ -8,6 +8,7 @@ #include "src/api/api.h" #include "src/ast/ast.h" #include "src/base/bits.h" +#include "src/base/logging.h" #include "src/builtins/accessors.h" #include "src/codegen/code-factory.h" #include "src/execution/arguments-inl.h" @@ -947,7 +948,9 @@ Handle<Object> LoadIC::ComputeHandler(LookupIterator* lookup) { TRACE_HANDLER_STATS(isolate(), LoadIC_LoadNormalDH); if (receiver_is_holder) return smi_handler; TRACE_HANDLER_STATS(isolate(), LoadIC_LoadNormalFromPrototypeDH); - + } else if (lookup->IsElement(*holder)) { + TRACE_HANDLER_STATS(isolate(), LoadIC_SlowStub); + return LoadHandler::LoadSlow(isolate()); } else { DCHECK_EQ(kField, lookup->property_details().location()); FieldIndex field = lookup->GetFieldIndex(); @@ -1769,6 +1772,12 @@ MaybeObjectHandle StoreIC::ComputeHandler(LookupIterator* lookup) { return MaybeObjectHandle(StoreHandler::StoreNormal(isolate())); } + // -------------- Elements (for TypedArrays) ------------- + if (lookup->IsElement(*holder)) { + TRACE_HANDLER_STATS(isolate(), StoreIC_SlowStub); + return MaybeObjectHandle(StoreHandler::StoreSlow(isolate())); + } + // -------------- Fields -------------- if (lookup->property_details().location() == kField) { TRACE_HANDLER_STATS(isolate(), StoreIC_StoreFieldDH); @@ -1856,6 +1865,12 @@ void KeyedStoreIC::UpdateStoreElement(Handle<Map> receiver_map, if (receiver_map.is_identical_to(previous_receiver_map) && new_receiver_map.is_identical_to(receiver_map) && old_store_mode == STANDARD_STORE && store_mode != STANDARD_STORE) { + if (receiver_map->IsJSArrayMap() && + JSArray::MayHaveReadOnlyLength(*receiver_map)) { + set_slow_stub_reason( + "can't generalize store mode (potentially read-only length)"); + return; + } // A "normal" IC that handles stores can switch to a version that can // grow at the end of the array, handle OOB accesses or copy COW arrays // and still stay MONOMORPHIC. @@ -1900,13 +1915,18 @@ void KeyedStoreIC::UpdateStoreElement(Handle<Map> receiver_map, } // If the store mode isn't the standard mode, make sure that all polymorphic - // receivers are either external arrays, or all "normal" arrays. Otherwise, - // use the megamorphic stub. + // receivers are either external arrays, or all "normal" arrays with writable + // length. Otherwise, use the megamorphic stub. if (store_mode != STANDARD_STORE) { size_t external_arrays = 0; for (MapAndHandler map_and_handler : target_maps_and_handlers) { Handle<Map> map = map_and_handler.first; - if (map->has_typed_array_elements()) { + if (map->IsJSArrayMap() && JSArray::MayHaveReadOnlyLength(*map)) { + set_slow_stub_reason( + "unsupported combination of arrays (potentially read-only length)"); + return; + + } else if (map->has_typed_array_elements()) { DCHECK(!IsStoreInArrayLiteralICKind(kind())); external_arrays++; } |