Chromium Code Reviews Chromium Code Reviews
Issue 7062007:
Avoid calling ToObject on JSFunction receiver arguments for Function.call and Function.apply. (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge| OLD | NEW |
|---|---|
| 1 // Copyright 2011 the V8 project authors. All rights reserved. | 1 // Copyright 2011 the V8 project authors. All rights reserved. |
| 2 // Redistribution and use in source and binary forms, with or without | 2 // Redistribution and use in source and binary forms, with or without |
| 3 // modification, are permitted provided that the following conditions are | 3 // modification, are permitted provided that the following conditions are |
| 4 // met: | 4 // met: |
| 5 // | 5 // |
| 6 // * Redistributions of source code must retain the above copyright | 6 // * Redistributions of source code must retain the above copyright |
| 7 // notice, this list of conditions and the following disclaimer. | 7 // notice, this list of conditions and the following disclaimer. |
| 8 // * Redistributions in binary form must reproduce the above | 8 // * Redistributions in binary form must reproduce the above |
| 9 // copyright notice, this list of conditions and the following | 9 // copyright notice, this list of conditions and the following |
| 10 // disclaimer in the documentation and/or other materials provided | 10 // disclaimer in the documentation and/or other materials provided |
| (...skipping 1205 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1216 // a1: function | 1216 // a1: function |
| 1217 // a2: first argument | 1217 // a2: first argument |
| 1218 __ JumpIfSmi(a2, &convert_to_object, t2); | 1218 __ JumpIfSmi(a2, &convert_to_object, t2); |
| 1219 | 1219 |
| 1220 __ LoadRoot(a3, Heap::kUndefinedValueRootIndex); | 1220 __ LoadRoot(a3, Heap::kUndefinedValueRootIndex); |
| 1221 __ Branch(&use_global_receiver, eq, a2, Operand(a3)); | 1221 __ Branch(&use_global_receiver, eq, a2, Operand(a3)); |
| 1222 __ LoadRoot(a3, Heap::kNullValueRootIndex); | 1222 __ LoadRoot(a3, Heap::kNullValueRootIndex); |
| 1223 __ Branch(&use_global_receiver, eq, a2, Operand(a3)); | 1223 __ Branch(&use_global_receiver, eq, a2, Operand(a3)); |
| 1224 | 1224 |
| 1225 __ GetObjectType(a2, a3, a3); | 1225 __ GetObjectType(a2, a3, a3); |
| 1226 __ Branch(&convert_to_object, lt, a3, Operand(FIRST_JS_OBJECT_TYPE)); | 1226 __ Branch(&shift_arguments, ge, a3, Operand(FIRST_JS_OBJECT_TYPE)); |
|
Vyacheslav Egorov (Chromium)
2011/05/23 14:58:01
add an assertion that LAST_TYPE == JS_FUNCTION_TYP
| |
| 1227 __ Branch(&shift_arguments, le, a3, Operand(LAST_JS_OBJECT_TYPE)); | |
| 1228 | 1227 |
| 1229 __ bind(&convert_to_object); | 1228 __ bind(&convert_to_object); |
| 1230 __ EnterInternalFrame(); // In order to preserve argument count. | 1229 __ EnterInternalFrame(); // In order to preserve argument count. |
| 1231 __ sll(a0, a0, kSmiTagSize); // Smi tagged. | 1230 __ sll(a0, a0, kSmiTagSize); // Smi tagged. |
| 1232 __ push(a0); | 1231 __ push(a0); |
| 1233 | 1232 |
| 1234 __ push(a2); | 1233 __ push(a2); |
| 1235 __ InvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION); | 1234 __ InvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION); |
| 1236 __ mov(a2, v0); | 1235 __ mov(a2, v0); |
| 1237 | 1236 |
| (...skipping 157 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1395 __ And(t0, a0, Operand(kSmiTagMask)); | 1394 __ And(t0, a0, Operand(kSmiTagMask)); |
| 1396 __ Branch(&call_to_object, eq, t0, Operand(zero_reg)); | 1395 __ Branch(&call_to_object, eq, t0, Operand(zero_reg)); |
| 1397 __ LoadRoot(a1, Heap::kNullValueRootIndex); | 1396 __ LoadRoot(a1, Heap::kNullValueRootIndex); |
| 1398 __ Branch(&use_global_receiver, eq, a0, Operand(a1)); | 1397 __ Branch(&use_global_receiver, eq, a0, Operand(a1)); |
| 1399 __ LoadRoot(a2, Heap::kUndefinedValueRootIndex); | 1398 __ LoadRoot(a2, Heap::kUndefinedValueRootIndex); |
| 1400 __ Branch(&use_global_receiver, eq, a0, Operand(a2)); | 1399 __ Branch(&use_global_receiver, eq, a0, Operand(a2)); |
| 1401 | 1400 |
| 1402 // Check if the receiver is already a JavaScript object. | 1401 // Check if the receiver is already a JavaScript object. |
| 1403 // a0: receiver | 1402 // a0: receiver |
| 1404 __ GetObjectType(a0, a1, a1); | 1403 __ GetObjectType(a0, a1, a1); |
| 1405 __ Branch(&call_to_object, lt, a1, Operand(FIRST_JS_OBJECT_TYPE)); | 1404 __ Branch(&push_receiver, ge, a1, Operand(FIRST_JS_OBJECT_TYPE)); |
| 1406 __ Branch(&push_receiver, le, a1, Operand(LAST_JS_OBJECT_TYPE)); | |
| 1407 | 1405 |
| 1408 // Convert the receiver to a regular object. | 1406 // Convert the receiver to a regular object. |
| 1409 // a0: receiver | 1407 // a0: receiver |
| 1410 __ bind(&call_to_object); | 1408 __ bind(&call_to_object); |
| 1411 __ push(a0); | 1409 __ push(a0); |
| 1412 __ InvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION); | 1410 __ InvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION); |
| 1413 __ mov(a0, v0); // Put object in a0 to match other paths to push_receiver. | 1411 __ mov(a0, v0); // Put object in a0 to match other paths to push_receiver. |
| 1414 __ Branch(&push_receiver); | 1412 __ Branch(&push_receiver); |
| 1415 | 1413 |
| 1416 // Use the current global receiver object as the receiver. | 1414 // Use the current global receiver object as the receiver. |
| (...skipping 186 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1603 __ bind(&dont_adapt_arguments); | 1601 __ bind(&dont_adapt_arguments); |
| 1604 __ Jump(a3); | 1602 __ Jump(a3); |
| 1605 } | 1603 } |
| 1606 | 1604 |
| 1607 | 1605 |
| 1608 #undef __ | 1606 #undef __ |
| 1609 | 1607 |
| 1610 } } // namespace v8::internal | 1608 } } // namespace v8::internal |
| 1611 | 1609 |
| 1612 #endif // V8_TARGET_ARCH_MIPS | 1610 #endif // V8_TARGET_ARCH_MIPS |
| OLD | NEW |
