Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(80)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/ia32/stub-cache-ia32.cc

Issue 9691038: Ensure there is a smi check of the receiver for global load and call ICs. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « src/arm/stub-cache-arm.cc ('k') | src/mips/stub-cache-mips.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 1227 matching lines...) Expand 10 before | Expand all | Expand 10 after
1238 Handle<String> name, 1238 Handle<String> name,
1239 Label* miss) { 1239 Label* miss) {
1240 ASSERT(holder->IsGlobalObject()); 1240 ASSERT(holder->IsGlobalObject());
1241 1241
1242 // Get the number of arguments. 1242 // Get the number of arguments.
1243 const int argc = arguments().immediate(); 1243 const int argc = arguments().immediate();
1244 1244
1245 // Get the receiver from the stack. 1245 // Get the receiver from the stack.
1246 __ mov(edx, Operand(esp, (argc + 1) * kPointerSize)); 1246 __ mov(edx, Operand(esp, (argc + 1) * kPointerSize));
1247 1247
1248 // If the object is the holder then we know that it's a global
1249 // object which can only happen for contextual calls. In this case,
1250 // the receiver cannot be a smi.
1251 if (!object.is_identical_to(holder)) {
1252 __ JumpIfSmi(edx, miss);
1253 }
1254 1248
1255 // Check that the maps haven't changed. 1249 // Check that the maps haven't changed.
1250 __ JumpIfSmi(edx, miss);
1256 CheckPrototypes(object, edx, holder, ebx, eax, edi, name, miss); 1251 CheckPrototypes(object, edx, holder, ebx, eax, edi, name, miss);
1257 } 1252 }
1258 1253
1259 1254
1260 void CallStubCompiler::GenerateLoadFunctionFromCell( 1255 void CallStubCompiler::GenerateLoadFunctionFromCell(
1261 Handle<JSGlobalPropertyCell> cell, 1256 Handle<JSGlobalPropertyCell> cell,
1262 Handle<JSFunction> function, 1257 Handle<JSFunction> function,
1263 Label* miss) { 1258 Label* miss) {
1264 // Get the value from the cell. 1259 // Get the value from the cell.
1265 if (Serializer::enabled()) { 1260 if (Serializer::enabled()) {
(...skipping 1556 matching lines...) Expand 10 before | Expand all | Expand 10 after
2822 Handle<JSGlobalPropertyCell> cell, 2817 Handle<JSGlobalPropertyCell> cell,
2823 Handle<String> name, 2818 Handle<String> name,
2824 bool is_dont_delete) { 2819 bool is_dont_delete) {
2825 // ----------- S t a t e ------------- 2820 // ----------- S t a t e -------------
2826 // -- eax : receiver 2821 // -- eax : receiver
2827 // -- ecx : name 2822 // -- ecx : name
2828 // -- esp[0] : return address 2823 // -- esp[0] : return address
2829 // ----------------------------------- 2824 // -----------------------------------
2830 Label miss; 2825 Label miss;
2831 2826
2832 // If the object is the holder then we know that it's a global
2833 // object which can only happen for contextual loads. In this case,
2834 // the receiver cannot be a smi.
2835 if (!object.is_identical_to(holder)) {
2836 __ JumpIfSmi(eax, &miss);
2837 }
2838
2839 // Check that the maps haven't changed. 2827 // Check that the maps haven't changed.
2828 __ JumpIfSmi(eax, &miss);
2840 CheckPrototypes(object, eax, holder, ebx, edx, edi, name, &miss); 2829 CheckPrototypes(object, eax, holder, ebx, edx, edi, name, &miss);
2841 2830
2842 // Get the value from the cell. 2831 // Get the value from the cell.
2843 if (Serializer::enabled()) { 2832 if (Serializer::enabled()) {
2844 __ mov(ebx, Immediate(cell)); 2833 __ mov(ebx, Immediate(cell));
2845 __ mov(ebx, FieldOperand(ebx, JSGlobalPropertyCell::kValueOffset)); 2834 __ mov(ebx, FieldOperand(ebx, JSGlobalPropertyCell::kValueOffset));
2846 } else { 2835 } else {
2847 __ mov(ebx, Operand::Cell(cell)); 2836 __ mov(ebx, Operand::Cell(cell));
2848 } 2837 }
2849 2838
(...skipping 1197 matching lines...) Expand 10 before | Expand all | Expand 10 after
4047 __ jmp(ic_slow, RelocInfo::CODE_TARGET); 4036 __ jmp(ic_slow, RelocInfo::CODE_TARGET);
4048 } 4037 }
4049 } 4038 }
4050 4039
4051 4040
4052 #undef __ 4041 #undef __
4053 4042
4054 } } // namespace v8::internal 4043 } } // namespace v8::internal
4055 4044
4056 #endif // V8_TARGET_ARCH_IA32 4045 #endif // V8_TARGET_ARCH_IA32
OLDNEW
« no previous file with comments | « src/arm/stub-cache-arm.cc ('k') | src/mips/stub-cache-mips.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698