| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/v8.h" | 5 #include "src/v8.h" |
| 6 | 6 |
| 7 #if V8_TARGET_ARCH_X64 | 7 #if V8_TARGET_ARCH_X64 |
| 8 | 8 |
| 9 #include "src/codegen.h" | 9 #include "src/codegen.h" |
| 10 #include "src/ic/ic.h" | 10 #include "src/ic/ic.h" |
| (...skipping 523 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 534 // The generic stub does not perform map checks or handle observed objects. | 534 // The generic stub does not perform map checks or handle observed objects. |
| 535 __ testb(FieldOperand(r9, Map::kBitFieldOffset), | 535 __ testb(FieldOperand(r9, Map::kBitFieldOffset), |
| 536 Immediate(1 << Map::kIsAccessCheckNeeded | 1 << Map::kIsObserved)); | 536 Immediate(1 << Map::kIsAccessCheckNeeded | 1 << Map::kIsObserved)); |
| 537 __ j(not_zero, &slow_with_tagged_index); | 537 __ j(not_zero, &slow_with_tagged_index); |
| 538 // Check that the key is a smi. | 538 // Check that the key is a smi. |
| 539 __ JumpIfNotSmi(key, &maybe_name_key); | 539 __ JumpIfNotSmi(key, &maybe_name_key); |
| 540 __ SmiToInteger32(key, key); | 540 __ SmiToInteger32(key, key); |
| 541 | 541 |
| 542 __ CmpInstanceType(r9, JS_ARRAY_TYPE); | 542 __ CmpInstanceType(r9, JS_ARRAY_TYPE); |
| 543 __ j(equal, &array); | 543 __ j(equal, &array); |
| 544 // Check that the object is some kind of JSObject. | 544 // Check that the object is some kind of JS object EXCEPT JS Value type. In |
| 545 __ CmpInstanceType(r9, FIRST_JS_OBJECT_TYPE); | 545 // the case that the object is a value-wrapper object, we enter the runtime |
| 546 // system to make sure that indexing into string objects works as intended. |
| 547 STATIC_ASSERT(JS_VALUE_TYPE < JS_OBJECT_TYPE); |
| 548 __ CmpInstanceType(r9, JS_OBJECT_TYPE); |
| 546 __ j(below, &slow); | 549 __ j(below, &slow); |
| 547 | 550 |
| 548 // Object case: Check key against length in the elements array. | 551 // Object case: Check key against length in the elements array. |
| 549 __ movp(rbx, FieldOperand(receiver, JSObject::kElementsOffset)); | 552 __ movp(rbx, FieldOperand(receiver, JSObject::kElementsOffset)); |
| 550 // Check array bounds. | 553 // Check array bounds. |
| 551 __ SmiCompareInteger32(FieldOperand(rbx, FixedArray::kLengthOffset), key); | 554 __ SmiCompareInteger32(FieldOperand(rbx, FixedArray::kLengthOffset), key); |
| 552 // rbx: FixedArray | 555 // rbx: FixedArray |
| 553 __ j(above, &fast_object); | 556 __ j(above, &fast_object); |
| 554 | 557 |
| 555 // Slow case: call runtime. | 558 // Slow case: call runtime. |
| (...skipping 318 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 874 Condition cc = | 877 Condition cc = |
| 875 (check == ENABLE_INLINED_SMI_CHECK) | 878 (check == ENABLE_INLINED_SMI_CHECK) |
| 876 ? (*jmp_address == Assembler::kJncShortOpcode ? not_zero : zero) | 879 ? (*jmp_address == Assembler::kJncShortOpcode ? not_zero : zero) |
| 877 : (*jmp_address == Assembler::kJnzShortOpcode ? not_carry : carry); | 880 : (*jmp_address == Assembler::kJnzShortOpcode ? not_carry : carry); |
| 878 *jmp_address = static_cast<byte>(Assembler::kJccShortPrefix | cc); | 881 *jmp_address = static_cast<byte>(Assembler::kJccShortPrefix | cc); |
| 879 } | 882 } |
| 880 } // namespace internal | 883 } // namespace internal |
| 881 } // namespace v8 | 884 } // namespace v8 |
| 882 | 885 |
| 883 #endif // V8_TARGET_ARCH_X64 | 886 #endif // V8_TARGET_ARCH_X64 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1228063004:
Fix keyed element access wrt string wrappers (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master