src/codegen-ia32.cc - Issue 6579: Make sure to check that the function prototype is a ... - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(67)

My Issues | Starred Open | Closed | All

Unified Diff: src/codegen-ia32.cc

Issue 6579: Make sure to check that the function prototype is a ... (Closed) Base URL: http://v8.googlecode.com/svn/branches/bleeding_edge/

Patch Set: Created 12 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « no previous file | src/stub-cache-ia32.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: src/codegen-ia32.cc

===================================================================

--- src/codegen-ia32.cc (revision 470)

+++ src/codegen-ia32.cc (working copy)

@@ -5304,6 +5304,14 @@

__ mov(edx, Operand(esp, 1 * kPointerSize)); // 1 ~ return address

__ TryGetFunctionPrototype(edx, ebx, ecx, &slow);

+ // Check that the function prototype is a JS object.

+ __ mov(ecx, FieldOperand(ebx, HeapObject::kMapOffset));

+ __ movzx_b(ecx, FieldOperand(ecx, Map::kInstanceTypeOffset));

+ __ cmp(ecx, FIRST_JS_OBJECT_TYPE);

+ __ j(less, &slow, not_taken);

+ __ cmp(ecx, LAST_JS_OBJECT_TYPE);

+ __ j(greater, &slow, not_taken);

+

// Register mapping: eax is object map and ebx is function prototype.

__ mov(ecx, FieldOperand(eax, Map::kPrototypeOffset));

« no previous file with comments | « no previous file | src/stub-cache-ia32.cc » ('j') | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698