Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(63)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/ia32/stub-cache-ia32.cc

Issue 542087: Ensure correct boxing of values when calling functions on them... (Closed) Base URL: http://v8.googlecode.com/svn/branches/bleeding_edge/
Patch Set: '' Created 10 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « src/ia32/fast-codegen-ia32.cc ('k') | src/ic.h » ('j') | test/mjsunit/value-wrapper.js » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2006-2009 the V8 project authors. All rights reserved. 1 // Copyright 2006-2009 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 979 matching lines...) Expand 10 before | Expand all | Expand 10 after
990 990
991 // Patch the receiver on the stack with the global proxy if 991 // Patch the receiver on the stack with the global proxy if
992 // necessary. 992 // necessary.
993 if (object->IsGlobalObject()) { 993 if (object->IsGlobalObject()) {
994 __ mov(edx, FieldOperand(edx, GlobalObject::kGlobalReceiverOffset)); 994 __ mov(edx, FieldOperand(edx, GlobalObject::kGlobalReceiverOffset));
995 __ mov(Operand(esp, (argc + 1) * kPointerSize), edx); 995 __ mov(Operand(esp, (argc + 1) * kPointerSize), edx);
996 } 996 }
997 break; 997 break;
998 998
999 case STRING_CHECK: 999 case STRING_CHECK:
1000 // Check that the object is a two-byte string or a symbol. 1000 if (!function->IsBuiltin()) {
1001 __ mov(eax, FieldOperand(edx, HeapObject::kMapOffset)); 1001 // Calling non-builtins with a value as receiver requires boxing.
1002 __ movzx_b(eax, FieldOperand(eax, Map::kInstanceTypeOffset)); 1002 __ jmp(&miss);
1003 __ cmp(eax, FIRST_NONSTRING_TYPE); 1003 } else {
1004 __ j(above_equal, &miss, not_taken); 1004 // Check that the object is a string or a symbol.
1005 // Check that the maps starting from the prototype haven't changed. 1005 __ mov(eax, FieldOperand(edx, HeapObject::kMapOffset));
1006 GenerateLoadGlobalFunctionPrototype(masm(), 1006 __ movzx_b(eax, FieldOperand(eax, Map::kInstanceTypeOffset));
1007 Context::STRING_FUNCTION_INDEX, 1007 __ cmp(eax, FIRST_NONSTRING_TYPE);
1008 eax); 1008 __ j(above_equal, &miss, not_taken);
1009 CheckPrototypes(JSObject::cast(object->GetPrototype()), eax, holder, 1009 // Check that the maps starting from the prototype haven't changed.
1010 ebx, edx, name, &miss); 1010 GenerateLoadGlobalFunctionPrototype(masm(),
1011 Context::STRING_FUNCTION_INDEX,
1012 eax);
1013 CheckPrototypes(JSObject::cast(object->GetPrototype()), eax, holder,
1014 ebx, edx, name, &miss);
1015 }
1011 break; 1016 break;
1012 1017
1013 case NUMBER_CHECK: { 1018 case NUMBER_CHECK: {
1014 Label fast; 1019 if (!function->IsBuiltin()) {
1015 // Check that the object is a smi or a heap number. 1020 // Calling non-builtins with a value as receiver requires boxing.
1016 __ test(edx, Immediate(kSmiTagMask)); 1021 __ jmp(&miss);
1017 __ j(zero, &fast, taken); 1022 } else {
1018 __ CmpObjectType(edx, HEAP_NUMBER_TYPE, eax); 1023 Label fast;
1019 __ j(not_equal, &miss, not_taken); 1024 // Check that the object is a smi or a heap number.
1020 __ bind(&fast); 1025 __ test(edx, Immediate(kSmiTagMask));
1021 // Check that the maps starting from the prototype haven't changed. 1026 __ j(zero, &fast, taken);
1022 GenerateLoadGlobalFunctionPrototype(masm(), 1027 __ CmpObjectType(edx, HEAP_NUMBER_TYPE, eax);
1023 Context::NUMBER_FUNCTION_INDEX, 1028 __ j(not_equal, &miss, not_taken);
1024 eax); 1029 __ bind(&fast);
1025 CheckPrototypes(JSObject::cast(object->GetPrototype()), eax, holder, 1030 // Check that the maps starting from the prototype haven't changed.
1026 ebx, edx, name, &miss); 1031 GenerateLoadGlobalFunctionPrototype(masm(),
1032 Context::NUMBER_FUNCTION_INDEX,
1033 eax);
1034 CheckPrototypes(JSObject::cast(object->GetPrototype()), eax, holder,
1035 ebx, edx, name, &miss);
1036 }
1027 break; 1037 break;
1028 } 1038 }
1029 1039
1030 case BOOLEAN_CHECK: { 1040 case BOOLEAN_CHECK: {
1031 Label fast; 1041 if (!function->IsBuiltin()) {
1032 // Check that the object is a boolean. 1042 // Calling non-builtins with a value as receiver requires boxing.
1033 __ cmp(edx, Factory::true_value()); 1043 __ jmp(&miss);
1034 __ j(equal, &fast, taken); 1044 } else {
1035 __ cmp(edx, Factory::false_value()); 1045 Label fast;
1036 __ j(not_equal, &miss, not_taken); 1046 // Check that the object is a boolean.
1037 __ bind(&fast); 1047 __ cmp(edx, Factory::true_value());
1038 // Check that the maps starting from the prototype haven't changed. 1048 __ j(equal, &fast, taken);
1039 GenerateLoadGlobalFunctionPrototype(masm(), 1049 __ cmp(edx, Factory::false_value());
1040 Context::BOOLEAN_FUNCTION_INDEX, 1050 __ j(not_equal, &miss, not_taken);
1041 eax); 1051 __ bind(&fast);
1042 CheckPrototypes(JSObject::cast(object->GetPrototype()), eax, holder, 1052 // Check that the maps starting from the prototype haven't changed.
1043 ebx, edx, name, &miss); 1053 GenerateLoadGlobalFunctionPrototype(masm(),
1054 Context::BOOLEAN_FUNCTION_INDEX,
1055 eax);
1056 CheckPrototypes(JSObject::cast(object->GetPrototype()), eax, holder,
1057 ebx, edx, name, &miss);
1058 }
1044 break; 1059 break;
1045 } 1060 }
1046 1061
1047 case JSARRAY_HAS_FAST_ELEMENTS_CHECK: 1062 case JSARRAY_HAS_FAST_ELEMENTS_CHECK:
1048 CheckPrototypes(JSObject::cast(object), edx, holder, 1063 CheckPrototypes(JSObject::cast(object), edx, holder,
1049 ebx, eax, name, &miss); 1064 ebx, eax, name, &miss);
1050 // Make sure object->HasFastElements(). 1065 // Make sure object->HasFastElements().
1051 // Get the elements array of the object. 1066 // Get the elements array of the object.
1052 __ mov(ebx, FieldOperand(edx, JSObject::kElementsOffset)); 1067 __ mov(ebx, FieldOperand(edx, JSObject::kElementsOffset));
1053 // Check that the object is in fast mode (not dictionary). 1068 // Check that the object is in fast mode (not dictionary).
(...skipping 898 matching lines...) Expand 10 before | Expand all | Expand 10 after
1952 __ jmp(generic_construct_stub, RelocInfo::CODE_TARGET); 1967 __ jmp(generic_construct_stub, RelocInfo::CODE_TARGET);
1953 1968
1954 // Return the generated code. 1969 // Return the generated code.
1955 return GetCode(); 1970 return GetCode();
1956 } 1971 }
1957 1972
1958 1973
1959 #undef __ 1974 #undef __
1960 1975
1961 } } // namespace v8::internal 1976 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « src/ia32/fast-codegen-ia32.cc ('k') | src/ic.h » ('j') | test/mjsunit/value-wrapper.js » ('J')

Powered by Google App Engine
This is Rietveld 408576698