| OLD | NEW |
|---|
| 1 // Copyright 2013 the V8 project authors. All rights reserved. | 1 // Copyright 2013 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/v8.h" | 5 #include "src/v8.h" |
| 6 | 6 |
| 7 #if V8_TARGET_ARCH_ARM64 | 7 #if V8_TARGET_ARCH_ARM64 |
| 8 | 8 |
| 9 #include "src/codegen.h" | 9 #include "src/codegen.h" |
| 10 #include "src/ic/ic.h" | 10 #include "src/ic/ic.h" |
| (...skipping 639 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 650 // Check that the receiver does not require access checks and is not observed. | 650 // Check that the receiver does not require access checks and is not observed. |
| 651 // The generic stub does not perform map checks or handle observed objects. | 651 // The generic stub does not perform map checks or handle observed objects. |
| 652 __ Ldrb(x10, FieldMemOperand(receiver_map, Map::kBitFieldOffset)); | 652 __ Ldrb(x10, FieldMemOperand(receiver_map, Map::kBitFieldOffset)); |
| 653 __ TestAndBranchIfAnySet( | 653 __ TestAndBranchIfAnySet( |
| 654 x10, (1 << Map::kIsAccessCheckNeeded) | (1 << Map::kIsObserved), &slow); | 654 x10, (1 << Map::kIsAccessCheckNeeded) | (1 << Map::kIsObserved), &slow); |
| 655 | 655 |
| 656 // Check if the object is a JS array or not. | 656 // Check if the object is a JS array or not. |
| 657 Register instance_type = x10; | 657 Register instance_type = x10; |
| 658 __ CompareInstanceType(receiver_map, instance_type, JS_ARRAY_TYPE); | 658 __ CompareInstanceType(receiver_map, instance_type, JS_ARRAY_TYPE); |
| 659 __ B(eq, &array); | 659 __ B(eq, &array); |
| 660 // Check that the object is some kind of JSObject. | 660 // Check that the object is some kind of JS object EXCEPT JS Value type. In |
| 661 __ Cmp(instance_type, FIRST_JS_OBJECT_TYPE); | 661 // the case that the object is a value-wrapper object, we enter the runtime |
| 662 __ B(lt, &slow); | 662 // system to make sure that indexing into string objects works as intended. |
| 663 STATIC_ASSERT(JS_VALUE_TYPE < JS_OBJECT_TYPE); |
| 664 __ Cmp(instance_type, JS_OBJECT_TYPE); |
| 665 __ B(lo, &slow); |
| 663 | 666 |
| 664 // Object case: Check key against length in the elements array. | 667 // Object case: Check key against length in the elements array. |
| 665 __ Ldr(elements, FieldMemOperand(receiver, JSObject::kElementsOffset)); | 668 __ Ldr(elements, FieldMemOperand(receiver, JSObject::kElementsOffset)); |
| 666 // Check array bounds. Both the key and the length of FixedArray are smis. | 669 // Check array bounds. Both the key and the length of FixedArray are smis. |
| 667 __ Ldrsw(x10, UntagSmiFieldMemOperand(elements, FixedArray::kLengthOffset)); | 670 __ Ldrsw(x10, UntagSmiFieldMemOperand(elements, FixedArray::kLengthOffset)); |
| 668 __ Cmp(x10, Operand::UntagSmi(key)); | 671 __ Cmp(x10, Operand::UntagSmi(key)); |
| 669 __ B(hi, &fast_object); | 672 __ B(hi, &fast_object); |
| 670 | 673 |
| 671 | 674 |
| 672 __ Bind(&slow); | 675 __ Bind(&slow); |
| (...skipping 208 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 881 } else { | 884 } else { |
| 882 DCHECK(to_patch->Mask(TestBranchMask) == TBNZ); | 885 DCHECK(to_patch->Mask(TestBranchMask) == TBNZ); |
| 883 // This is JumpIfSmi(smi_reg, branch_imm). | 886 // This is JumpIfSmi(smi_reg, branch_imm). |
| 884 patcher.tbz(smi_reg, 0, branch_imm); | 887 patcher.tbz(smi_reg, 0, branch_imm); |
| 885 } | 888 } |
| 886 } | 889 } |
| 887 } // namespace internal | 890 } // namespace internal |
| 888 } // namespace v8 | 891 } // namespace v8 |
| 889 | 892 |
| 890 #endif // V8_TARGET_ARCH_ARM64 | 893 #endif // V8_TARGET_ARCH_ARM64 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1228063004:
Fix keyed element access wrt string wrappers (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master