diff options
| author | Michaël Zasso <targos@protonmail.com> | 2019-11-27 15:35:23 +0100 |
|---|---|---|
| committer | Michaël Zasso <targos@protonmail.com> | 2019-11-29 16:06:18 +0100 |
| commit | b7b39e0b77d4ad16583ecd56ef5c35b081c9cde4 (patch) | |
| tree | 211082ee4dc90836b021d32aa32abe5346cb2837 /deps/v8/src/ic/ic.cc | |
| parent | 58850f6bb4f57d6970d04b23bd2c75a37937564d (diff) | |
| download | node-new-b7b39e0b77d4ad16583ecd56ef5c35b081c9cde4.tar.gz | |
deps: V8: backport 93f189f19a03
Original commit message:
[ic] Fix non-GlobalIC store to interceptor on the global object
We possibly need to load the global object from the global proxy as the holder
of the named interceptor.
Change-Id: I0f9f2e448630608ae853588f6751b55574a9efd9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930903
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65119}
Refs: https://github.com/v8/v8/commit/93f189f19a030d5de6c5173711dca120ad76e5cd
Fixes: https://github.com/nodejs/node/issues/30586
PR-URL: https://github.com/nodejs/node/pull/30681
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Diffstat (limited to 'deps/v8/src/ic/ic.cc')
| -rw-r--r-- | deps/v8/src/ic/ic.cc | 22 |
1 files changed, 9 insertions, 13 deletions
diff --git a/deps/v8/src/ic/ic.cc b/deps/v8/src/ic/ic.cc index 4ac5fd7abe..1b481cd817 100644 --- a/deps/v8/src/ic/ic.cc +++ b/deps/v8/src/ic/ic.cc @@ -1308,8 +1308,7 @@ bool StoreIC::LookupForWrite(LookupIterator* it, Handle<Object> value, case LookupIterator::INTERCEPTOR: { Handle<JSObject> holder = it->GetHolder<JSObject>(); InterceptorInfo info = holder->GetNamedInterceptor(); - if ((it->HolderIsReceiverOrHiddenPrototype() && - !info.non_masking()) || + if (it->HolderIsReceiverOrHiddenPrototype() || !info.getter().IsUndefined(isolate()) || !info.query().IsUndefined(isolate())) { return true; @@ -2718,23 +2717,20 @@ RUNTIME_FUNCTION(Runtime_LoadPropertyWithInterceptor) { RUNTIME_FUNCTION(Runtime_StorePropertyWithInterceptor) { HandleScope scope(isolate); - DCHECK_EQ(5, args.length()); + DCHECK_EQ(3, args.length()); // Runtime functions don't follow the IC's calling convention. Handle<Object> value = args.at(0); - Handle<Smi> slot = args.at<Smi>(1); - Handle<FeedbackVector> vector = args.at<FeedbackVector>(2); - Handle<JSObject> receiver = args.at<JSObject>(3); - Handle<Name> name = args.at<Name>(4); - FeedbackSlot vector_slot = FeedbackVector::ToSlot(slot->value()); + Handle<JSObject> receiver = args.at<JSObject>(1); + Handle<Name> name = args.at<Name>(2); // TODO(ishell): Cache interceptor_holder in the store handler like we do // for LoadHandler::kInterceptor case. Handle<JSObject> interceptor_holder = receiver; - if (receiver->IsJSGlobalProxy()) { - FeedbackSlotKind kind = vector->GetKind(vector_slot); - if (IsStoreGlobalICKind(kind)) { - interceptor_holder = Handle<JSObject>::cast(isolate->global_object()); - } + if (receiver->IsJSGlobalProxy() && + (!receiver->HasNamedInterceptor() || + receiver->GetNamedInterceptor().non_masking())) { + interceptor_holder = + handle(JSObject::cast(receiver->map().prototype()), isolate); } DCHECK(interceptor_holder->HasNamedInterceptor()); Handle<InterceptorInfo> interceptor(interceptor_holder->GetNamedInterceptor(), |