Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(403)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/ia32/codegen-ia32.cc

Issue 149003: Fix instance type check in apply optimization.... (Closed) Base URL: http://v8.googlecode.com/svn/branches/bleeding_edge/
Patch Set: Created 11 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | test/mjsunit/arguments-apply.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2006-2009 the V8 project authors. All rights reserved. 1 // Copyright 2006-2009 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 2167 matching lines...) Expand 10 before | Expand all | Expand 10 after
2178 // about to call a function. 2178 // about to call a function.
2179 frame_->SyncRange(0, frame_->element_count() - 1); 2179 frame_->SyncRange(0, frame_->element_count() - 1);
2180 2180
2181 // Check that the receiver really is a JavaScript object. 2181 // Check that the receiver really is a JavaScript object.
2182 { frame_->PushElementAt(0); 2182 { frame_->PushElementAt(0);
2183 Result receiver = frame_->Pop(); 2183 Result receiver = frame_->Pop();
2184 receiver.ToRegister(); 2184 receiver.ToRegister();
2185 __ test(receiver.reg(), Immediate(kSmiTagMask)); 2185 __ test(receiver.reg(), Immediate(kSmiTagMask));
2186 build_args.Branch(zero); 2186 build_args.Branch(zero);
2187 Result tmp = allocator_->Allocate(); 2187 Result tmp = allocator_->Allocate();
2188 // We allow all JSObjects including JSFunctions. As long as
2189 // JS_FUNCTION_TYPE is the last instance type and it is right
2190 // after LAST_JS_OBJECT_TYPE, we do not have to check the upper
2191 // bound.
2192 ASSERT(LAST_TYPE == JS_FUNCTION_TYPE);
2193 ASSERT(JS_FUNCTION_TYPE == LAST_JS_OBJECT_TYPE + 1);
2188 __ CmpObjectType(receiver.reg(), FIRST_JS_OBJECT_TYPE, tmp.reg()); 2194 __ CmpObjectType(receiver.reg(), FIRST_JS_OBJECT_TYPE, tmp.reg());
2189 build_args.Branch(less); 2195 build_args.Branch(less);
2190 __ cmp(tmp.reg(), LAST_JS_OBJECT_TYPE);
2191 build_args.Branch(greater);
2192 } 2196 }
2193 2197
2194 // Verify that we're invoking Function.prototype.apply. 2198 // Verify that we're invoking Function.prototype.apply.
2195 { frame_->PushElementAt(1); 2199 { frame_->PushElementAt(1);
2196 Result apply = frame_->Pop(); 2200 Result apply = frame_->Pop();
2197 apply.ToRegister(); 2201 apply.ToRegister();
2198 __ test(apply.reg(), Immediate(kSmiTagMask)); 2202 __ test(apply.reg(), Immediate(kSmiTagMask));
2199 build_args.Branch(zero); 2203 build_args.Branch(zero);
2200 Result tmp = allocator_->Allocate(); 2204 Result tmp = allocator_->Allocate();
2201 __ CmpObjectType(apply.reg(), JS_FUNCTION_TYPE, tmp.reg()); 2205 __ CmpObjectType(apply.reg(), JS_FUNCTION_TYPE, tmp.reg());
(...skipping 5600 matching lines...) Expand 10 before | Expand all | Expand 10 after
7802 7806
7803 // Slow-case: Go through the JavaScript implementation. 7807 // Slow-case: Go through the JavaScript implementation.
7804 __ bind(&slow); 7808 __ bind(&slow);
7805 __ InvokeBuiltin(Builtins::INSTANCE_OF, JUMP_FUNCTION); 7809 __ InvokeBuiltin(Builtins::INSTANCE_OF, JUMP_FUNCTION);
7806 } 7810 }
7807 7811
7808 7812
7809 #undef __ 7813 #undef __
7810 7814
7811 } } // namespace v8::internal 7815 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « no previous file | test/mjsunit/arguments-apply.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698