review.tizen.org Git - platform/upstream/v8.git/commit

author	bmeurer <bmeurer@chromium.org>
	Wed, 23 Sep 2015 13:49:09 +0000 (06:49 -0700)
committer	Commit bot <commit-bot@chromium.org>
	Wed, 23 Sep 2015 13:49:21 +0000 (13:49 +0000)
commit	17f598782d7db06dbd06c29c96ac9316a1a27aab
tree	2aa9d9f4e5d63792350e41a6923e64f9f2263022	tree \| snapshot
parent	3e58db33e3726cf10f60361ef70839e6bed733af	commit \| diff

[builtins] Re-add similar String wrapper optimization for StringAdd.

For string wrappers (JSValue instances with [[StringData]] internal
fields), we can shortcirciut the ToPrimitive if

  (a) the {input} map matches the initial map of the String function,
  (b) the {input} [[Prototype]] is the unmodified %StringPrototype% (i.e.
      no one monkey-patched toString, @@toPrimitive or valueOf), and
  (c) the %ObjectPrototype% (i.e. the [[Prototype]] of the
      %StringPrototype%) is also unmodified, that is no one sneaked a
      @@toPrimitive into the %ObjectPrototype%.

If all these assumptions hold, we can just take the [[StringData]] value
and return it.

This just repairs a regression introduced by removing the
weird (and broken) intrinsic %_IsStringWrapperSafeForDefaultValue, which
was intendend to something similar to this, although less efficient and
wrong in the presence of @@toPrimitive. Long-term we might want to move
into the direction of having a ToPrimitiveStub that can do common cases
while staying in JavaScript land (i.e. not going to C++).

R=jarin@chromium.org
BUG=chromium:532524
LOG=n

Review URL: https://codereview.chromium.org/1366563002

Cr-Commit-Position: refs/heads/master@{#30890}

src/bootstrapper.cc		diff \| blob \| history
src/code-stubs-hydrogen.cc		diff \| blob \| history
src/contexts.h		diff \| blob \| history