diff --git a/chromium/v8/src/objects/map-updater.cc b/chromium/v8/src/objects/map-updater.cc index 047750ebbd45..1c0cb772dc0e 100644 --- a/chromium/v8/src/objects/map-updater.cc +++ b/chromium/v8/src/objects/map-updater.cc @@ -135,11 +135,20 @@ Handle MapUpdater::ReconfigureToDataField(InternalIndex descriptor, if (old_details.constness() == PropertyConstness::kConst && old_details.location() == kField && old_details.attributes() != new_attributes_) { + // Ensure we'll be updating constness of the up-to-date version of old_map_. + Handle old_map = Map::Update(isolate_, old_map_); + PropertyDetails details = + old_map->instance_descriptors().GetDetails(descriptor); Handle field_type( - old_descriptors_->GetFieldType(modified_descriptor_), isolate_); - Map::GeneralizeField(isolate_, old_map_, descriptor, - PropertyConstness::kMutable, - old_details.representation(), field_type); + old_map->instance_descriptors().GetFieldType(descriptor), + isolate_); + Map::GeneralizeField(isolate_, old_map, descriptor, + PropertyConstness::kMutable, details.representation(), + field_type); + DCHECK_EQ(PropertyConstness::kMutable, + old_map->instance_descriptors() + .GetDetails(descriptor) + .constness()); // The old_map_'s property must become mutable. // Note, that the {old_map_} and {old_descriptors_} are not expected to be // updated by the generalization if the map is already deprecated. diff --git a/chromium/v8/src/runtime/runtime-object.cc b/chromium/v8/src/runtime/runtime-object.cc index 41dea0fe443f..b4ca17e92a4a 100644 --- a/chromium/v8/src/runtime/runtime-object.cc +++ b/chromium/v8/src/runtime/runtime-object.cc @@ -357,6 +357,34 @@ RUNTIME_FUNCTION(Runtime_ObjectHasOwnProperty) { return ReadOnlyRoots(isolate).false_value(); } +RUNTIME_FUNCTION(Runtime_HasOwnConstDataProperty) { + HandleScope scope(isolate); + DCHECK_EQ(2, args.length()); + CONVERT_ARG_HANDLE_CHECKED(Object, object, 0); + CONVERT_ARG_HANDLE_CHECKED(Object, property, 1); + + bool success; + LookupIterator::Key key(isolate, property, &success); + if (!success) return ReadOnlyRoots(isolate).undefined_value(); + + if (object->IsJSObject()) { + Handle js_obj = Handle::cast(object); + LookupIterator it(isolate, js_obj, key, js_obj, LookupIterator::OWN); + + switch (it.state()) { + case LookupIterator::NOT_FOUND: + return isolate->heap()->ToBoolean(false); + case LookupIterator::DATA: + return isolate->heap()->ToBoolean(it.constness() == + PropertyConstness::kConst); + default: + return ReadOnlyRoots(isolate).undefined_value(); + } + } + + return ReadOnlyRoots(isolate).undefined_value(); +} + RUNTIME_FUNCTION(Runtime_AddDictionaryProperty) { HandleScope scope(isolate); Handle receiver = args.at(0); diff --git a/chromium/v8/src/runtime/runtime.h b/chromium/v8/src/runtime/runtime.h index 667b1f0045d8..1cf0e02ac137 100644 --- a/chromium/v8/src/runtime/runtime.h +++ b/chromium/v8/src/runtime/runtime.h @@ -487,6 +487,7 @@ namespace internal { F(HasElementsInALargeObjectSpace, 1, 1) \ F(HasFastElements, 1, 1) \ F(HasFastProperties, 1, 1) \ + F(HasOwnConstDataProperty, 2, 1) \ F(HasFixedBigInt64Elements, 1, 1) \ F(HasFixedBigUint64Elements, 1, 1) \ F(HasFixedFloat32Elements, 1, 1) \