| Index: src/ia32/code-stubs-ia32.cc
|
| ===================================================================
|
| --- src/ia32/code-stubs-ia32.cc (revision 6179)
|
| +++ src/ia32/code-stubs-ia32.cc (working copy)
|
| @@ -5164,14 +5164,31 @@
|
|
|
| // Slow-case: Go through the JavaScript implementation.
|
| __ bind(&slow);
|
| - if (HasArgsInRegisters()) {
|
| - // Push arguments below return address.
|
| - __ pop(scratch);
|
| + if (!ReturnTrueFalseObject()) {
|
| + // Tail call the builtin which returns 0 or 1.
|
| + if (HasArgsInRegisters()) {
|
| + // Push arguments below return address.
|
| + __ pop(scratch);
|
| + __ push(object);
|
| + __ push(function);
|
| + __ push(scratch);
|
| + }
|
| + __ InvokeBuiltin(Builtins::INSTANCE_OF, JUMP_FUNCTION);
|
| + } else {
|
| + // Call the builtin and convert 0/1 to true/false.
|
| __ push(object);
|
| __ push(function);
|
| - __ push(scratch);
|
| + __ InvokeBuiltin(Builtins::INSTANCE_OF, CALL_FUNCTION);
|
| + NearLabel true_value, done;
|
| + __ test(eax, Operand(eax));
|
| + __ j(zero, &true_value);
|
| + __ mov(eax, Factory::false_value());
|
| + __ jmp(&done);
|
| + __ bind(&true_value);
|
| + __ mov(eax, Factory::true_value());
|
| + __ bind(&done);
|
| + __ ret((HasArgsInRegisters() ? 0 : 2) * kPointerSize);
|
| }
|
| - __ InvokeBuiltin(Builtins::INSTANCE_OF, JUMP_FUNCTION);
|
| }
|
|
|
|
|
|
|
Chromium Code Reviews
Issue 6014013:
Fix bug in instanceof stub... (Closed)
Base URL: http://v8.googlecode.com/svn/branches/bleeding_edge/