Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(655)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/x64/ic-x64.cc

Issue 7259015: Fix receiver check in arguments ICs. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Address comments. Created 9 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « src/ia32/ic-ia32.cc ('k') | test/mjsunit/regress/regress-crbug-87478.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2011 the V8 project authors. All rights reserved. 1 // Copyright 2011 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 1190 matching lines...) Expand 10 before | Expand all | Expand 10 after
1201 static Operand GenerateMappedArgumentsLookup(MacroAssembler* masm, 1201 static Operand GenerateMappedArgumentsLookup(MacroAssembler* masm,
1202 Register object, 1202 Register object,
1203 Register key, 1203 Register key,
1204 Register scratch1, 1204 Register scratch1,
1205 Register scratch2, 1205 Register scratch2,
1206 Register scratch3, 1206 Register scratch3,
1207 Label* unmapped_case, 1207 Label* unmapped_case,
1208 Label* slow_case) { 1208 Label* slow_case) {
1209 Heap* heap = masm->isolate()->heap(); 1209 Heap* heap = masm->isolate()->heap();
1210 1210
1211 // Check that the receiver isn't a smi. 1211 // Check that the receiver is a JSObject. Because of the elements
1212 // map check later, we do not need to check for interceptors or
1213 // whether it requires access checks.
1212 __ JumpIfSmi(object, slow_case); 1214 __ JumpIfSmi(object, slow_case);
1215 // Check that the object is some kind of JSObject.
1216 __ CmpObjectType(object, FIRST_JS_RECEIVER_TYPE, scratch1);
1217 __ j(below, slow_case);
1213 1218
1214 // Check that the key is a positive smi. 1219 // Check that the key is a positive smi.
1215 Condition check = masm->CheckNonNegativeSmi(key); 1220 Condition check = masm->CheckNonNegativeSmi(key);
1216 __ j(NegateCondition(check), slow_case); 1221 __ j(NegateCondition(check), slow_case);
1217 1222
1218 // Load the elements into scratch1 and check its map. If not, jump 1223 // Load the elements into scratch1 and check its map. If not, jump
1219 // to the unmapped lookup with the parameter map in scratch1. 1224 // to the unmapped lookup with the parameter map in scratch1.
1220 Handle<Map> arguments_map(heap->non_strict_arguments_elements_map()); 1225 Handle<Map> arguments_map(heap->non_strict_arguments_elements_map());
1221 __ movq(scratch1, FieldOperand(object, JSObject::kElementsOffset)); 1226 __ movq(scratch1, FieldOperand(object, JSObject::kElementsOffset));
1222 __ CheckMap(scratch1, arguments_map, slow_case, DONT_DO_SMI_CHECK); 1227 __ CheckMap(scratch1, arguments_map, slow_case, DONT_DO_SMI_CHECK);
(...skipping 536 matching lines...) Expand 10 before | Expand all | Expand 10 after
1759 Condition cc = *jmp_address == Assembler::kJncShortOpcode 1764 Condition cc = *jmp_address == Assembler::kJncShortOpcode
1760 ? not_zero 1765 ? not_zero
1761 : zero; 1766 : zero;
1762 *jmp_address = static_cast<byte>(Assembler::kJccShortPrefix | cc); 1767 *jmp_address = static_cast<byte>(Assembler::kJccShortPrefix | cc);
1763 } 1768 }
1764 1769
1765 1770
1766 } } // namespace v8::internal 1771 } } // namespace v8::internal
1767 1772
1768 #endif // V8_TARGET_ARCH_X64 1773 #endif // V8_TARGET_ARCH_X64
OLDNEW
« no previous file with comments | « src/ia32/ic-ia32.cc ('k') | test/mjsunit/regress/regress-crbug-87478.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698