Chromium Code Reviews Chromium Code Reviews
Issue 7062007:
Avoid calling ToObject on JSFunction receiver arguments for Function.call and Function.apply. (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge| OLD | NEW |
|---|---|
| 1 // Copyright 2011 the V8 project authors. All rights reserved. | 1 // Copyright 2011 the V8 project authors. All rights reserved. |
| 2 // Redistribution and use in source and binary forms, with or without | 2 // Redistribution and use in source and binary forms, with or without |
| 3 // modification, are permitted provided that the following conditions are | 3 // modification, are permitted provided that the following conditions are |
| 4 // met: | 4 // met: |
| 5 // | 5 // |
| 6 // * Redistributions of source code must retain the above copyright | 6 // * Redistributions of source code must retain the above copyright |
| 7 // notice, this list of conditions and the following disclaimer. | 7 // notice, this list of conditions and the following disclaimer. |
| 8 // * Redistributions in binary form must reproduce the above | 8 // * Redistributions in binary form must reproduce the above |
| 9 // copyright notice, this list of conditions and the following | 9 // copyright notice, this list of conditions and the following |
| 10 // disclaimer in the documentation and/or other materials provided | 10 // disclaimer in the documentation and/or other materials provided |
| (...skipping 588 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 599 1 << SharedFunctionInfo::kStrictModeBitWithinByte); | 599 1 << SharedFunctionInfo::kStrictModeBitWithinByte); |
| 600 __ j(not_equal, &shift_arguments); | 600 __ j(not_equal, &shift_arguments); |
| 601 | 601 |
| 602 // Do not transform the receiver for natives (shared already in ebx). | 602 // Do not transform the receiver for natives (shared already in ebx). |
| 603 __ test_b(FieldOperand(ebx, SharedFunctionInfo::kES5NativeByteOffset), | 603 __ test_b(FieldOperand(ebx, SharedFunctionInfo::kES5NativeByteOffset), |
| 604 1 << SharedFunctionInfo::kES5NativeBitWithinByte); | 604 1 << SharedFunctionInfo::kES5NativeBitWithinByte); |
| 605 __ j(not_equal, &shift_arguments); | 605 __ j(not_equal, &shift_arguments); |
| 606 | 606 |
| 607 // Compute the receiver in non-strict mode. | 607 // Compute the receiver in non-strict mode. |
| 608 __ mov(ebx, Operand(esp, eax, times_4, 0)); // First argument. | 608 __ mov(ebx, Operand(esp, eax, times_4, 0)); // First argument. |
| 609 | |
| 610 // Call ToObject on the receiver if it is not an object, or use the | |
| 611 // global object if it is null or undefined. | |
| 609 __ test(ebx, Immediate(kSmiTagMask)); | 612 __ test(ebx, Immediate(kSmiTagMask)); |
| 610 __ j(zero, &convert_to_object); | 613 __ j(zero, &convert_to_object); |
| 611 | |
| 612 __ cmp(ebx, factory->null_value()); | 614 __ cmp(ebx, factory->null_value()); |
| 613 __ j(equal, &use_global_receiver); | 615 __ j(equal, &use_global_receiver); |
| 614 __ cmp(ebx, factory->undefined_value()); | 616 __ cmp(ebx, factory->undefined_value()); |
| 615 __ j(equal, &use_global_receiver); | 617 __ j(equal, &use_global_receiver); |
| 616 | 618 __ CmpObjectType(ebx, FIRST_JS_OBJECT_TYPE, ecx); |
|
Vyacheslav Egorov (Chromium)
2011/05/23 14:58:01
add an assertion that LAST_TYPE == JS_FUNCTION_TYP
| |
| 617 // We don't use IsObjectJSObjectType here because we jump on success. | 619 __ j(above_equal, &shift_arguments); |
| 618 __ mov(ecx, FieldOperand(ebx, HeapObject::kMapOffset)); | |
| 619 __ movzx_b(ecx, FieldOperand(ecx, Map::kInstanceTypeOffset)); | |
| 620 __ sub(Operand(ecx), Immediate(FIRST_JS_OBJECT_TYPE)); | |
| 621 __ cmp(ecx, LAST_JS_OBJECT_TYPE - FIRST_JS_OBJECT_TYPE); | |
| 622 __ j(below_equal, &shift_arguments); | |
| 623 | 620 |
| 624 __ bind(&convert_to_object); | 621 __ bind(&convert_to_object); |
| 625 __ EnterInternalFrame(); // In order to preserve argument count. | 622 __ EnterInternalFrame(); // In order to preserve argument count. |
| 626 __ SmiTag(eax); | 623 __ SmiTag(eax); |
| 627 __ push(eax); | 624 __ push(eax); |
| 628 | 625 |
| 629 __ push(ebx); | 626 __ push(ebx); |
| 630 __ InvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION); | 627 __ InvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION); |
| 631 __ mov(ebx, eax); | 628 __ mov(ebx, eax); |
| 632 | 629 |
| (...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 761 __ j(not_equal, &push_receiver); | 758 __ j(not_equal, &push_receiver); |
| 762 | 759 |
| 763 Factory* factory = masm->isolate()->factory(); | 760 Factory* factory = masm->isolate()->factory(); |
| 764 | 761 |
| 765 // Do not transform the receiver for natives (shared already in ecx). | 762 // Do not transform the receiver for natives (shared already in ecx). |
| 766 __ test_b(FieldOperand(ecx, SharedFunctionInfo::kES5NativeByteOffset), | 763 __ test_b(FieldOperand(ecx, SharedFunctionInfo::kES5NativeByteOffset), |
| 767 1 << SharedFunctionInfo::kES5NativeBitWithinByte); | 764 1 << SharedFunctionInfo::kES5NativeBitWithinByte); |
| 768 __ j(not_equal, &push_receiver); | 765 __ j(not_equal, &push_receiver); |
| 769 | 766 |
| 770 // Compute the receiver in non-strict mode. | 767 // Compute the receiver in non-strict mode. |
| 768 // Call ToObject on the receiver if it is not an object, or use the | |
| 769 // global object if it is null or undefined. | |
| 771 __ test(ebx, Immediate(kSmiTagMask)); | 770 __ test(ebx, Immediate(kSmiTagMask)); |
| 772 __ j(zero, &call_to_object); | 771 __ j(zero, &call_to_object); |
| 773 __ cmp(ebx, factory->null_value()); | 772 __ cmp(ebx, factory->null_value()); |
| 774 __ j(equal, &use_global_receiver); | 773 __ j(equal, &use_global_receiver); |
| 775 __ cmp(ebx, factory->undefined_value()); | 774 __ cmp(ebx, factory->undefined_value()); |
| 776 __ j(equal, &use_global_receiver); | 775 __ j(equal, &use_global_receiver); |
| 776 __ CmpObjectType(ebx, FIRST_JS_OBJECT_TYPE, ecx); | |
| 777 __ j(above_equal, &push_receiver); | |
| 777 | 778 |
| 778 // If given receiver is already a JavaScript object then there's no | |
| 779 // reason for converting it. | |
| 780 // We don't use IsObjectJSObjectType here because we jump on success. | |
| 781 __ mov(ecx, FieldOperand(ebx, HeapObject::kMapOffset)); | |
| 782 __ movzx_b(ecx, FieldOperand(ecx, Map::kInstanceTypeOffset)); | |
| 783 __ sub(Operand(ecx), Immediate(FIRST_JS_OBJECT_TYPE)); | |
| 784 __ cmp(ecx, LAST_JS_OBJECT_TYPE - FIRST_JS_OBJECT_TYPE); | |
| 785 __ j(below_equal, &push_receiver); | |
| 786 | |
| 787 // Convert the receiver to an object. | |
| 788 __ bind(&call_to_object); | 779 __ bind(&call_to_object); |
| 789 __ push(ebx); | 780 __ push(ebx); |
| 790 __ InvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION); | 781 __ InvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION); |
| 791 __ mov(ebx, Operand(eax)); | 782 __ mov(ebx, Operand(eax)); |
| 792 __ jmp(&push_receiver); | 783 __ jmp(&push_receiver); |
| 793 | 784 |
| 794 // Use the current global receiver object as the receiver. | 785 // Use the current global receiver object as the receiver. |
| 795 __ bind(&use_global_receiver); | 786 __ bind(&use_global_receiver); |
| 796 const int kGlobalOffset = | 787 const int kGlobalOffset = |
| 797 Context::kHeaderSize + Context::GLOBAL_INDEX * kPointerSize; | 788 Context::kHeaderSize + Context::GLOBAL_INDEX * kPointerSize; |
| (...skipping 800 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1598 Deoptimizer::EntryGenerator generator(masm, Deoptimizer::OSR); | 1589 Deoptimizer::EntryGenerator generator(masm, Deoptimizer::OSR); |
| 1599 generator.Generate(); | 1590 generator.Generate(); |
| 1600 } | 1591 } |
| 1601 | 1592 |
| 1602 | 1593 |
| 1603 #undef __ | 1594 #undef __ |
| 1604 } | 1595 } |
| 1605 } // namespace v8::internal | 1596 } // namespace v8::internal |
| 1606 | 1597 |
| 1607 #endif // V8_TARGET_ARCH_IA32 | 1598 #endif // V8_TARGET_ARCH_IA32 |
| OLD | NEW |
