Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(737)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/ia32/codegen-ia32.cc

Issue 115236: Fix for issue 341. In the stub for instanceof, we could try to read... (Closed) Base URL: http://v8.googlecode.com/svn/branches/bleeding_edge/
Patch Set: Created 11 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | test/mjsunit/regress/regress-341.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2006-2009 the V8 project authors. All rights reserved. 1 // Copyright 2006-2009 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 7168 matching lines...) Expand 10 before | Expand all | Expand 10 after
7179 7179
7180 7180
7181 void InstanceofStub::Generate(MacroAssembler* masm) { 7181 void InstanceofStub::Generate(MacroAssembler* masm) {
7182 // Get the object - go slow case if it's a smi. 7182 // Get the object - go slow case if it's a smi.
7183 Label slow; 7183 Label slow;
7184 __ mov(eax, Operand(esp, 2 * kPointerSize)); // 2 ~ return address, function 7184 __ mov(eax, Operand(esp, 2 * kPointerSize)); // 2 ~ return address, function
7185 __ test(eax, Immediate(kSmiTagMask)); 7185 __ test(eax, Immediate(kSmiTagMask));
7186 __ j(zero, &slow, not_taken); 7186 __ j(zero, &slow, not_taken);
7187 7187
7188 // Check that the left hand is a JS object. 7188 // Check that the left hand is a JS object.
7189 __ mov(eax, FieldOperand(eax, HeapObject::kMapOffset)); // ebx - object map 7189 __ mov(eax, FieldOperand(eax, HeapObject::kMapOffset)); // ebx - object map
Kasper Lund 2009/05/12 11:32:12 Why does this say ebx - object map?
Kevin Millikin (Chromium) 2009/05/12 11:39:46 Weird.
7190 __ movzx_b(ecx, FieldOperand(eax, Map::kInstanceTypeOffset)); // ecx - type 7190 __ movzx_b(ecx, FieldOperand(eax, Map::kInstanceTypeOffset)); // ecx - type
7191 __ cmp(ecx, FIRST_JS_OBJECT_TYPE); 7191 __ cmp(ecx, FIRST_JS_OBJECT_TYPE);
7192 __ j(less, &slow, not_taken); 7192 __ j(less, &slow, not_taken);
7193 __ cmp(ecx, LAST_JS_OBJECT_TYPE); 7193 __ cmp(ecx, LAST_JS_OBJECT_TYPE);
7194 __ j(greater, &slow, not_taken); 7194 __ j(greater, &slow, not_taken);
7195 7195
7196 // Get the prototype of the function. 7196 // Get the prototype of the function.
7197 __ mov(edx, Operand(esp, 1 * kPointerSize)); // 1 ~ return address 7197 __ mov(edx, Operand(esp, 1 * kPointerSize)); // 1 ~ return address
7198 __ TryGetFunctionPrototype(edx, ebx, ecx, &slow); 7198 __ TryGetFunctionPrototype(edx, ebx, ecx, &slow);
7199 7199
7200 // Check that the function prototype is a JS object. 7200 // Check that the function prototype is a JS object.
7201 __ test(ebx, Immediate(kSmiTagMask));
7202 __ j(zero, &slow, not_taken);
7201 __ mov(ecx, FieldOperand(ebx, HeapObject::kMapOffset)); 7203 __ mov(ecx, FieldOperand(ebx, HeapObject::kMapOffset));
7202 __ movzx_b(ecx, FieldOperand(ecx, Map::kInstanceTypeOffset)); 7204 __ movzx_b(ecx, FieldOperand(ecx, Map::kInstanceTypeOffset));
7203 __ cmp(ecx, FIRST_JS_OBJECT_TYPE); 7205 __ cmp(ecx, FIRST_JS_OBJECT_TYPE);
7204 __ j(less, &slow, not_taken); 7206 __ j(less, &slow, not_taken);
7205 __ cmp(ecx, LAST_JS_OBJECT_TYPE); 7207 __ cmp(ecx, LAST_JS_OBJECT_TYPE);
7206 __ j(greater, &slow, not_taken); 7208 __ j(greater, &slow, not_taken);
7207 7209
7208 // Register mapping: eax is object map and ebx is function prototype. 7210 // Register mapping: eax is object map and ebx is function prototype.
7209 __ mov(ecx, FieldOperand(eax, Map::kPrototypeOffset)); 7211 __ mov(ecx, FieldOperand(eax, Map::kPrototypeOffset));
7210 7212
(...skipping 18 matching lines...) Expand all
7229 7231
7230 // Slow-case: Go through the JavaScript implementation. 7232 // Slow-case: Go through the JavaScript implementation.
7231 __ bind(&slow); 7233 __ bind(&slow);
7232 __ InvokeBuiltin(Builtins::INSTANCE_OF, JUMP_FUNCTION); 7234 __ InvokeBuiltin(Builtins::INSTANCE_OF, JUMP_FUNCTION);
7233 } 7235 }
7234 7236
7235 7237
7236 #undef __ 7238 #undef __
7237 7239
7238 } } // namespace v8::internal 7240 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « no previous file | test/mjsunit/regress/regress-341.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698