Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/x64/stub-cache-x64.cc

Issue 542087: Ensure correct boxing of values when calling functions on them... (Closed) Base URL: http://v8.googlecode.com/svn/branches/bleeding_edge/
Patch Set: '' Created 10 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « src/x64/fast-codegen-x64.cc ('k') | test/mjsunit/bugs/bug-223.js » ('j') | test/mjsunit/value-wrapper.js » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2009 the V8 project authors. All rights reserved. 1 // Copyright 2009 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 703 matching lines...) Expand 10 before | Expand all | Expand 10 after
714 714
715 // Patch the receiver on the stack with the global proxy if 715 // Patch the receiver on the stack with the global proxy if
716 // necessary. 716 // necessary.
717 if (object->IsGlobalObject()) { 717 if (object->IsGlobalObject()) {
718 __ movq(rdx, FieldOperand(rdx, GlobalObject::kGlobalReceiverOffset)); 718 __ movq(rdx, FieldOperand(rdx, GlobalObject::kGlobalReceiverOffset));
719 __ movq(Operand(rsp, (argc + 1) * kPointerSize), rdx); 719 __ movq(Operand(rsp, (argc + 1) * kPointerSize), rdx);
720 } 720 }
721 break; 721 break;
722 722
723 case STRING_CHECK: 723 case STRING_CHECK:
724 // Check that the object is a two-byte string or a symbol. 724 if (!function->IsBuiltin()) {
725 __ CmpObjectType(rdx, FIRST_NONSTRING_TYPE, rcx); 725 // Calling non-builtins with a value as receiver requires boxing.
726 __ j(above_equal, &miss); 726 __ jmp(&miss);
727 // Check that the maps starting from the prototype haven't changed. 727 } else {
728 GenerateLoadGlobalFunctionPrototype(masm(), 728 // Check that the object is a two-byte string or a symbol.
729 Context::STRING_FUNCTION_INDEX, 729 __ CmpObjectType(rdx, FIRST_NONSTRING_TYPE, rcx);
730 rcx); 730 __ j(above_equal, &miss);
731 CheckPrototypes(JSObject::cast(object->GetPrototype()), rcx, holder, 731 // Check that the maps starting from the prototype haven't changed.
732 rbx, rdx, name, &miss); 732 GenerateLoadGlobalFunctionPrototype(masm(),
733 Context::STRING_FUNCTION_INDEX,
734 rcx);
735 CheckPrototypes(JSObject::cast(object->GetPrototype()), rcx, holder,
736 rbx, rdx, name, &miss);
737 }
733 break; 738 break;
734 739
735 case NUMBER_CHECK: { 740 case NUMBER_CHECK: {
736 Label fast; 741 if (!function->IsBuiltin()) {
737 // Check that the object is a smi or a heap number. 742 // Calling non-builtins with a value as receiver requires boxing.
738 __ JumpIfSmi(rdx, &fast); 743 __ jmp(&miss);
739 __ CmpObjectType(rdx, HEAP_NUMBER_TYPE, rcx); 744 } else {
740 __ j(not_equal, &miss); 745 Label fast;
741 __ bind(&fast); 746 // Check that the object is a smi or a heap number.
742 // Check that the maps starting from the prototype haven't changed. 747 __ JumpIfSmi(rdx, &fast);
743 GenerateLoadGlobalFunctionPrototype(masm(), 748 __ CmpObjectType(rdx, HEAP_NUMBER_TYPE, rcx);
744 Context::NUMBER_FUNCTION_INDEX, 749 __ j(not_equal, &miss);
745 rcx); 750 __ bind(&fast);
746 CheckPrototypes(JSObject::cast(object->GetPrototype()), rcx, holder, 751 // Check that the maps starting from the prototype haven't changed.
747 rbx, rdx, name, &miss); 752 GenerateLoadGlobalFunctionPrototype(masm(),
753 Context::NUMBER_FUNCTION_INDEX,
754 rcx);
755 CheckPrototypes(JSObject::cast(object->GetPrototype()), rcx, holder,
756 rbx, rdx, name, &miss);
757 }
748 break; 758 break;
749 } 759 }
750 760
751 case BOOLEAN_CHECK: { 761 case BOOLEAN_CHECK: {
752 Label fast; 762 if (!function->IsBuiltin()) {
753 // Check that the object is a boolean. 763 // Calling non-builtins with a value as receiver requires boxing.
754 __ CompareRoot(rdx, Heap::kTrueValueRootIndex); 764 __ jmp(&miss);
755 __ j(equal, &fast); 765 } else {
756 __ CompareRoot(rdx, Heap::kFalseValueRootIndex); 766 Label fast;
757 __ j(not_equal, &miss); 767 // Check that the object is a boolean.
758 __ bind(&fast); 768 __ CompareRoot(rdx, Heap::kTrueValueRootIndex);
759 // Check that the maps starting from the prototype haven't changed. 769 __ j(equal, &fast);
760 GenerateLoadGlobalFunctionPrototype(masm(), 770 __ CompareRoot(rdx, Heap::kFalseValueRootIndex);
761 Context::BOOLEAN_FUNCTION_INDEX, 771 __ j(not_equal, &miss);
762 rcx); 772 __ bind(&fast);
763 CheckPrototypes(JSObject::cast(object->GetPrototype()), rcx, holder, 773 // Check that the maps starting from the prototype haven't changed.
764 rbx, rdx, name, &miss); 774 GenerateLoadGlobalFunctionPrototype(masm(),
775 Context::BOOLEAN_FUNCTION_INDEX,
776 rcx);
777 CheckPrototypes(JSObject::cast(object->GetPrototype()), rcx, holder,
778 rbx, rdx, name, &miss);
779 }
765 break; 780 break;
766 } 781 }
767 782
768 case JSARRAY_HAS_FAST_ELEMENTS_CHECK: 783 case JSARRAY_HAS_FAST_ELEMENTS_CHECK:
769 CheckPrototypes(JSObject::cast(object), rdx, holder, 784 CheckPrototypes(JSObject::cast(object), rdx, holder,
770 rbx, rcx, name, &miss); 785 rbx, rcx, name, &miss);
771 // Make sure object->HasFastElements(). 786 // Make sure object->HasFastElements().
772 // Get the elements array of the object. 787 // Get the elements array of the object.
773 __ movq(rbx, FieldOperand(rdx, JSObject::kElementsOffset)); 788 __ movq(rbx, FieldOperand(rdx, JSObject::kElementsOffset));
774 // Check that the object is in fast mode (not dictionary). 789 // Check that the object is in fast mode (not dictionary).
(...skipping 1100 matching lines...) Expand 10 before | Expand all | Expand 10 after
1875 __ Jump(generic_construct_stub, RelocInfo::CODE_TARGET); 1890 __ Jump(generic_construct_stub, RelocInfo::CODE_TARGET);
1876 1891
1877 // Return the generated code. 1892 // Return the generated code.
1878 return GetCode(); 1893 return GetCode();
1879 } 1894 }
1880 1895
1881 1896
1882 #undef __ 1897 #undef __
1883 1898
1884 } } // namespace v8::internal 1899 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « src/x64/fast-codegen-x64.cc ('k') | test/mjsunit/bugs/bug-223.js » ('j') | test/mjsunit/value-wrapper.js » ('J')

Powered by Google App Engine
This is Rietveld 408576698