From a831949799ac459dd6889132b1de9dadabe8863b Mon Sep 17 00:00:00 2001
From: Andrey Efremov <efremov.andrey@huawei-partners.com>
Date: Mon, 24 Apr 2023 16:25:35 +0300
Subject: [PATCH] Fix IC for objects without prototype

Signed-off-by: Andrey Efremov <efremov.andrey@huawei-partners.com>
---
 runtime/compiler/ecmascript_runtime_interface.cpp |  4 ++++
 runtime/ic/ic_runtime_stub-inl.h                  |  4 ++++
 runtime/js_method.cpp                             | 11 ++++++++++-
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/runtime/compiler/ecmascript_runtime_interface.cpp b/runtime/compiler/ecmascript_runtime_interface.cpp
index 0bcce5312..903f0bbdf 100644
--- a/runtime/compiler/ecmascript_runtime_interface.cpp
+++ b/runtime/compiler/ecmascript_runtime_interface.cpp
@@ -430,6 +430,10 @@ bool EcmaRuntimeInterface::AddProfileInfo(PandaRuntimeInterface::MethodPtr m,
     if (handler.IsPrototypeHandler()) {
         PrototypeHandler *prototype_handler = PrototypeHandler::Cast(handler.GetTaggedObject());
         auto cell_value = prototype_handler->GetProtoCell();
+        if (cell_value.IsFalse()) {
+            // For access to undefined property of object without prototype tagged false is stored to proto cell
+            return false;
+        }
         ASSERT(cell_value.IsProtoChangeMarker());
         ProtoChangeMarker *cell = ProtoChangeMarker::Cast(cell_value.GetHeapObject());
         if (cell->GetHasChanged()) {
diff --git a/runtime/ic/ic_runtime_stub-inl.h b/runtime/ic/ic_runtime_stub-inl.h
index 9f5b0ab4c..b59f8a53e 100644
--- a/runtime/ic/ic_runtime_stub-inl.h
+++ b/runtime/ic/ic_runtime_stub-inl.h
@@ -421,6 +421,10 @@ JSTaggedValue ICRuntimeStub::LoadPrototype(JSThread *thread, JSTaggedValue recei
     ASSERT(handler.IsPrototypeHandler());
     PrototypeHandler *prototype_handler = PrototypeHandler::Cast(handler.GetTaggedObject());
     auto cell_value = prototype_handler->GetProtoCell();
+    if (cell_value.IsFalse()) {
+        // property was not found and object has no prototype
+        return JSTaggedValue::Hole();
+    }
     ASSERT(cell_value.IsProtoChangeMarker());
     ProtoChangeMarker *cell = ProtoChangeMarker::Cast(cell_value.GetHeapObject());
     if (cell->GetHasChanged()) {
diff --git a/runtime/js_method.cpp b/runtime/js_method.cpp
index 855b67fad..2acf2ac6f 100644
--- a/runtime/js_method.cpp
+++ b/runtime/js_method.cpp
@@ -16,6 +16,8 @@
 #include "js_method.h"
 #include "plugins/ecmascript/runtime/js_tagged_value-inl.h"
 #include "libpandafile/method_data_accessor-inl.h"
+#include "compiler/compiler_options.h"
+#include "runtime/include/profiling_gen.h"
 
 namespace panda::ecmascript {
 JSMethod::~JSMethod()
@@ -60,7 +62,14 @@ void JSMethod::InitProfileVector()
     panda_file::File::EntityId field_id = GetFileId();
     panda_file::MethodDataAccessor mda(*panda_file, field_id);
     auto prof_size = mda.GetProfileSize();
-    if (prof_size) {
+    bool method_too_big = bytecode_array_size_ > compiler::OPTIONS.GetCompilerMaxBytecodeSize();
+#ifndef NDEBUG
+    auto max_inst_prof_size = profiling::GetOrderedProfileSizes().back();
+    auto max_prof_size = bytecode_array_size_ * max_inst_prof_size;
+    LOG_IF(!method_too_big && !prof_size && max_prof_size > panda_file::MethodItem::MAX_PROFILE_SIZE, WARNING, RUNTIME)
+        << "Method may be compiled but not profiled because profiling size exceeds limit";
+#endif
+    if (prof_size && !method_too_big) {
         profile_size_ = prof_size.value();
         size_t size = RoundUp(prof_size.value(), BITS_PER_INTPTR);
         // NOLINTNEXTLINE(modernize-avoid-c-arrays)
-- 
Gitee