From b7b39e0b77d4ad16583ecd56ef5c35b081c9cde4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= Date: Wed, 27 Nov 2019 15:35:23 +0100 Subject: [PATCH] deps: V8: backport 93f189f19a03 Original commit message: [ic] Fix non-GlobalIC store to interceptor on the global object We possibly need to load the global object from the global proxy as the holder of the named interceptor. Change-Id: I0f9f2e448630608ae853588f6751b55574a9efd9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930903 Commit-Queue: Igor Sheludko Reviewed-by: Igor Sheludko Cr-Commit-Position: refs/heads/master@{#65119} Refs: https://github.com/v8/v8/commit/93f189f19a030d5de6c5173711dca120ad76e5cd Fixes: https://github.com/nodejs/node/issues/30586 PR-URL: https://github.com/nodejs/node/pull/30681 Reviewed-By: Colin Ihrig Reviewed-By: Anna Henningsen --- common.gypi | 2 +- deps/v8/src/ic/accessor-assembler.cc | 17 ++--------------- deps/v8/src/ic/ic.cc | 22 +++++++++------------- 3 files changed, 12 insertions(+), 29 deletions(-) diff --git a/common.gypi b/common.gypi index 4fd333a45de84b..e063139a7d4662 100644 --- a/common.gypi +++ b/common.gypi @@ -39,7 +39,7 @@ # Reset this number to 0 on major V8 upgrades. # Increment by one for each non-official patch applied to deps/v8. - 'v8_embedder_string': '-node.21', + 'v8_embedder_string': '-node.22', ##### V8 defaults for Node.js ##### diff --git a/deps/v8/src/ic/accessor-assembler.cc b/deps/v8/src/ic/accessor-assembler.cc index 99cbd3c3c892b1..c9f86ed3282fbe 100644 --- a/deps/v8/src/ic/accessor-assembler.cc +++ b/deps/v8/src/ic/accessor-assembler.cc @@ -1053,8 +1053,7 @@ void AccessorAssembler::HandleStoreICHandlerCase( { Comment("store_interceptor"); TailCallRuntime(Runtime::kStorePropertyWithInterceptor, p->context(), - p->value(), p->slot(), p->vector(), p->receiver(), - p->name()); + p->value(), p->receiver(), p->name()); } BIND(&if_slow); @@ -1516,8 +1515,7 @@ void AccessorAssembler::HandleStoreICProtoHandler( { Label if_add_normal(this), if_store_global_proxy(this), if_api_setter(this), - if_accessor(this), if_native_data_property(this), if_slow(this), - if_interceptor(this); + if_accessor(this), if_native_data_property(this), if_slow(this); CSA_ASSERT(this, TaggedIsSmi(smi_handler)); TNode handler_word = SmiToInt32(CAST(smi_handler)); @@ -1547,9 +1545,6 @@ void AccessorAssembler::HandleStoreICProtoHandler( GotoIf(Word32Equal(handler_kind, Int32Constant(StoreHandler::kSlow)), &if_slow); - GotoIf(Word32Equal(handler_kind, Int32Constant(StoreHandler::kInterceptor)), - &if_interceptor); - GotoIf( Word32Equal(handler_kind, Int32Constant(StoreHandler::kApiSetterHolderIsPrototype)), @@ -1574,14 +1569,6 @@ void AccessorAssembler::HandleStoreICProtoHandler( } } - BIND(&if_interceptor); - { - Comment("store_interceptor"); - TailCallRuntime(Runtime::kStorePropertyWithInterceptor, p->context(), - p->value(), p->slot(), p->vector(), p->receiver(), - p->name()); - } - BIND(&if_add_normal); { // This is a case of "transitioning store" to a dictionary mode object diff --git a/deps/v8/src/ic/ic.cc b/deps/v8/src/ic/ic.cc index 4ac5fd7abefaa7..1b481cd8172b6e 100644 --- a/deps/v8/src/ic/ic.cc +++ b/deps/v8/src/ic/ic.cc @@ -1308,8 +1308,7 @@ bool StoreIC::LookupForWrite(LookupIterator* it, Handle value, case LookupIterator::INTERCEPTOR: { Handle holder = it->GetHolder(); InterceptorInfo info = holder->GetNamedInterceptor(); - if ((it->HolderIsReceiverOrHiddenPrototype() && - !info.non_masking()) || + if (it->HolderIsReceiverOrHiddenPrototype() || !info.getter().IsUndefined(isolate()) || !info.query().IsUndefined(isolate())) { return true; @@ -2718,23 +2717,20 @@ RUNTIME_FUNCTION(Runtime_LoadPropertyWithInterceptor) { RUNTIME_FUNCTION(Runtime_StorePropertyWithInterceptor) { HandleScope scope(isolate); - DCHECK_EQ(5, args.length()); + DCHECK_EQ(3, args.length()); // Runtime functions don't follow the IC's calling convention. Handle value = args.at(0); - Handle slot = args.at(1); - Handle vector = args.at(2); - Handle receiver = args.at(3); - Handle name = args.at(4); - FeedbackSlot vector_slot = FeedbackVector::ToSlot(slot->value()); + Handle receiver = args.at(1); + Handle name = args.at(2); // TODO(ishell): Cache interceptor_holder in the store handler like we do // for LoadHandler::kInterceptor case. Handle interceptor_holder = receiver; - if (receiver->IsJSGlobalProxy()) { - FeedbackSlotKind kind = vector->GetKind(vector_slot); - if (IsStoreGlobalICKind(kind)) { - interceptor_holder = Handle::cast(isolate->global_object()); - } + if (receiver->IsJSGlobalProxy() && + (!receiver->HasNamedInterceptor() || + receiver->GetNamedInterceptor().non_masking())) { + interceptor_holder = + handle(JSObject::cast(receiver->map().prototype()), isolate); } DCHECK(interceptor_holder->HasNamedInterceptor()); Handle interceptor(interceptor_holder->GetNamedInterceptor(),