Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(54)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/codegen-ia32.cc

Issue 113266: Push revision 1914 which fixes crash in generated code for instanceof.... (Closed) Base URL: http://v8.googlecode.com/svn/branches/1.1/
Patch Set: Created 11 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « src/api.cc ('k') | test/mjsunit/regress/regress-341.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2006-2009 the V8 project authors. All rights reserved. 1 // Copyright 2006-2009 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 7046 matching lines...) Expand 10 before | Expand all | Expand 10 after
7057 7057
7058 7058
7059 void InstanceofStub::Generate(MacroAssembler* masm) { 7059 void InstanceofStub::Generate(MacroAssembler* masm) {
7060 // Get the object - go slow case if it's a smi. 7060 // Get the object - go slow case if it's a smi.
7061 Label slow; 7061 Label slow;
7062 __ mov(eax, Operand(esp, 2 * kPointerSize)); // 2 ~ return address, function 7062 __ mov(eax, Operand(esp, 2 * kPointerSize)); // 2 ~ return address, function
7063 __ test(eax, Immediate(kSmiTagMask)); 7063 __ test(eax, Immediate(kSmiTagMask));
7064 __ j(zero, &slow, not_taken); 7064 __ j(zero, &slow, not_taken);
7065 7065
7066 // Check that the left hand is a JS object. 7066 // Check that the left hand is a JS object.
7067 __ mov(eax, FieldOperand(eax, HeapObject::kMapOffset)); // ebx - object map 7067 __ mov(eax, FieldOperand(eax, HeapObject::kMapOffset)); // eax - object map
7068 __ movzx_b(ecx, FieldOperand(eax, Map::kInstanceTypeOffset)); // ecx - type 7068 __ movzx_b(ecx, FieldOperand(eax, Map::kInstanceTypeOffset)); // ecx - type
7069 __ cmp(ecx, FIRST_JS_OBJECT_TYPE); 7069 __ cmp(ecx, FIRST_JS_OBJECT_TYPE);
7070 __ j(less, &slow, not_taken); 7070 __ j(less, &slow, not_taken);
7071 __ cmp(ecx, LAST_JS_OBJECT_TYPE); 7071 __ cmp(ecx, LAST_JS_OBJECT_TYPE);
7072 __ j(greater, &slow, not_taken); 7072 __ j(greater, &slow, not_taken);
7073 7073
7074 // Get the prototype of the function. 7074 // Get the prototype of the function.
7075 __ mov(edx, Operand(esp, 1 * kPointerSize)); // 1 ~ return address 7075 __ mov(edx, Operand(esp, 1 * kPointerSize)); // 1 ~ return address
7076 __ TryGetFunctionPrototype(edx, ebx, ecx, &slow); 7076 __ TryGetFunctionPrototype(edx, ebx, ecx, &slow);
7077 7077
7078 // Check that the function prototype is a JS object. 7078 // Check that the function prototype is a JS object.
7079 __ test(ebx, Immediate(kSmiTagMask));
7080 __ j(zero, &slow, not_taken);
7079 __ mov(ecx, FieldOperand(ebx, HeapObject::kMapOffset)); 7081 __ mov(ecx, FieldOperand(ebx, HeapObject::kMapOffset));
7080 __ movzx_b(ecx, FieldOperand(ecx, Map::kInstanceTypeOffset)); 7082 __ movzx_b(ecx, FieldOperand(ecx, Map::kInstanceTypeOffset));
7081 __ cmp(ecx, FIRST_JS_OBJECT_TYPE); 7083 __ cmp(ecx, FIRST_JS_OBJECT_TYPE);
7082 __ j(less, &slow, not_taken); 7084 __ j(less, &slow, not_taken);
7083 __ cmp(ecx, LAST_JS_OBJECT_TYPE); 7085 __ cmp(ecx, LAST_JS_OBJECT_TYPE);
7084 __ j(greater, &slow, not_taken); 7086 __ j(greater, &slow, not_taken);
7085 7087
7086 // Register mapping: eax is object map and ebx is function prototype. 7088 // Register mapping: eax is object map and ebx is function prototype.
7087 __ mov(ecx, FieldOperand(eax, Map::kPrototypeOffset)); 7089 __ mov(ecx, FieldOperand(eax, Map::kPrototypeOffset));
7088 7090
(...skipping 18 matching lines...) Expand all
7107 7109
7108 // Slow-case: Go through the JavaScript implementation. 7110 // Slow-case: Go through the JavaScript implementation.
7109 __ bind(&slow); 7111 __ bind(&slow);
7110 __ InvokeBuiltin(Builtins::INSTANCE_OF, JUMP_FUNCTION); 7112 __ InvokeBuiltin(Builtins::INSTANCE_OF, JUMP_FUNCTION);
7111 } 7113 }
7112 7114
7113 7115
7114 #undef __ 7116 #undef __
7115 7117
7116 } } // namespace v8::internal 7118 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « src/api.cc ('k') | test/mjsunit/regress/regress-341.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698