| OLD | NEW |
|---|
| 1 // Copyright 2010 the V8 project authors. All rights reserved. | 1 // Copyright 2010 the V8 project authors. All rights reserved. |
| 2 // Redistribution and use in source and binary forms, with or without | 2 // Redistribution and use in source and binary forms, with or without |
| 3 // modification, are permitted provided that the following conditions are | 3 // modification, are permitted provided that the following conditions are |
| 4 // met: | 4 // met: |
| 5 // | 5 // |
| 6 // * Redistributions of source code must retain the above copyright | 6 // * Redistributions of source code must retain the above copyright |
| 7 // notice, this list of conditions and the following disclaimer. | 7 // notice, this list of conditions and the following disclaimer. |
| 8 // * Redistributions in binary form must reproduce the above | 8 // * Redistributions in binary form must reproduce the above |
| 9 // copyright notice, this list of conditions and the following | 9 // copyright notice, this list of conditions and the following |
| 10 // disclaimer in the documentation and/or other materials provided | 10 // disclaimer in the documentation and/or other materials provided |
| (...skipping 3090 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3101 __ j(not_equal, &slow_case); | 3101 __ j(not_equal, &slow_case); |
| 3102 | 3102 |
| 3103 // Check that both indices are smis. | 3103 // Check that both indices are smis. |
| 3104 __ mov(index_1, Operand(esp, 1 * kPointerSize)); | 3104 __ mov(index_1, Operand(esp, 1 * kPointerSize)); |
| 3105 __ mov(index_2, Operand(esp, 0)); | 3105 __ mov(index_2, Operand(esp, 0)); |
| 3106 __ mov(temp, index_1); | 3106 __ mov(temp, index_1); |
| 3107 __ or_(temp, Operand(index_2)); | 3107 __ or_(temp, Operand(index_2)); |
| 3108 __ test(temp, Immediate(kSmiTagMask)); | 3108 __ test(temp, Immediate(kSmiTagMask)); |
| 3109 __ j(not_zero, &slow_case); | 3109 __ j(not_zero, &slow_case); |
| 3110 | 3110 |
| 3111 // Check that both indices are valid. |
| 3112 __ mov(temp, FieldOperand(object, JSArray::kLengthOffset)); |
| 3113 __ cmp(temp, Operand(index_1)); |
| 3114 __ j(below_equal, &slow_case); |
| 3115 __ cmp(temp, Operand(index_2)); |
| 3116 __ j(below_equal, &slow_case); |
| 3117 |
| 3111 // Bring addresses into index1 and index2. | 3118 // Bring addresses into index1 and index2. |
| 3112 __ lea(index_1, CodeGenerator::FixedArrayElementOperand(elements, index_1)); | 3119 __ lea(index_1, CodeGenerator::FixedArrayElementOperand(elements, index_1)); |
| 3113 __ lea(index_2, CodeGenerator::FixedArrayElementOperand(elements, index_2)); | 3120 __ lea(index_2, CodeGenerator::FixedArrayElementOperand(elements, index_2)); |
| 3114 | 3121 |
| 3115 // Swap elements. Use object and temp as scratch registers. | 3122 // Swap elements. Use object and temp as scratch registers. |
| 3116 __ mov(object, Operand(index_1, 0)); | 3123 __ mov(object, Operand(index_1, 0)); |
| 3117 __ mov(temp, Operand(index_2, 0)); | 3124 __ mov(temp, Operand(index_2, 0)); |
| 3118 __ mov(Operand(index_2, 0), object); | 3125 __ mov(Operand(index_2, 0), object); |
| 3119 __ mov(Operand(index_1, 0), temp); | 3126 __ mov(Operand(index_1, 0), temp); |
| 3120 | 3127 |
| (...skipping 1053 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4174 // And return. | 4181 // And return. |
| 4175 __ ret(0); | 4182 __ ret(0); |
| 4176 } | 4183 } |
| 4177 | 4184 |
| 4178 | 4185 |
| 4179 #undef __ | 4186 #undef __ |
| 4180 | 4187 |
| 4181 } } // namespace v8::internal | 4188 } } // namespace v8::internal |
| 4182 | 4189 |
| 4183 #endif // V8_TARGET_ARCH_IA32 | 4190 #endif // V8_TARGET_ARCH_IA32 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 5686006:
Add array bound checks to code generated for SwapElements. This fixes a bug t... (Closed)
Base URL: http://v8.googlecode.com/svn/branches/bleeding_edge/