Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(277)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/x64/macro-assembler-x64.cc

Issue 1228063004: Fix keyed element access wrt string wrappers (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/objects.cc ('k') | test/mjsunit/regress/regress-4296.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/v8.h" 5 #include "src/v8.h"
6 6
7 #if V8_TARGET_ARCH_X64 7 #if V8_TARGET_ARCH_X64
8 8
9 #include "src/base/bits.h" 9 #include "src/base/bits.h"
10 #include "src/base/division-by-constant.h" 10 #include "src/base/division-by-constant.h"
(...skipping 5026 matching lines...) Expand 10 before | Expand all | Expand 10 after
5037 5037
5038 5038
5039 void MacroAssembler::JumpIfDictionaryInPrototypeChain( 5039 void MacroAssembler::JumpIfDictionaryInPrototypeChain(
5040 Register object, 5040 Register object,
5041 Register scratch0, 5041 Register scratch0,
5042 Register scratch1, 5042 Register scratch1,
5043 Label* found) { 5043 Label* found) {
5044 DCHECK(!(scratch0.is(kScratchRegister) && scratch1.is(kScratchRegister))); 5044 DCHECK(!(scratch0.is(kScratchRegister) && scratch1.is(kScratchRegister)));
5045 DCHECK(!scratch1.is(scratch0)); 5045 DCHECK(!scratch1.is(scratch0));
5046 Register current = scratch0; 5046 Register current = scratch0;
5047 Label loop_again; 5047 Label loop_again, end;
5048 5048
5049 movp(current, object); 5049 movp(current, object);
5050 movp(current, FieldOperand(current, HeapObject::kMapOffset));
5051 movp(current, FieldOperand(current, Map::kPrototypeOffset));
5052 CompareRoot(current, Heap::kNullValueRootIndex);
5053 j(equal, &end);
5050 5054
5051 // Loop based on the map going up the prototype chain. 5055 // Loop based on the map going up the prototype chain.
5052 bind(&loop_again); 5056 bind(&loop_again);
5053 movp(current, FieldOperand(current, HeapObject::kMapOffset)); 5057 movp(current, FieldOperand(current, HeapObject::kMapOffset));
5058 STATIC_ASSERT(JS_PROXY_TYPE < JS_OBJECT_TYPE);
5059 STATIC_ASSERT(JS_VALUE_TYPE < JS_OBJECT_TYPE);
5060 CmpInstanceType(current, JS_OBJECT_TYPE);
5061 j(below, found);
5054 movp(scratch1, FieldOperand(current, Map::kBitField2Offset)); 5062 movp(scratch1, FieldOperand(current, Map::kBitField2Offset));
5055 DecodeField<Map::ElementsKindBits>(scratch1); 5063 DecodeField<Map::ElementsKindBits>(scratch1);
5056 cmpp(scratch1, Immediate(DICTIONARY_ELEMENTS)); 5064 cmpp(scratch1, Immediate(DICTIONARY_ELEMENTS));
5057 j(equal, found); 5065 j(equal, found);
5058 movp(current, FieldOperand(current, Map::kPrototypeOffset)); 5066 movp(current, FieldOperand(current, Map::kPrototypeOffset));
5059 CompareRoot(current, Heap::kNullValueRootIndex); 5067 CompareRoot(current, Heap::kNullValueRootIndex);
5060 j(not_equal, &loop_again); 5068 j(not_equal, &loop_again);
5069
5070 bind(&end);
5061 } 5071 }
5062 5072
5063 5073
5064 void MacroAssembler::TruncatingDiv(Register dividend, int32_t divisor) { 5074 void MacroAssembler::TruncatingDiv(Register dividend, int32_t divisor) {
5065 DCHECK(!dividend.is(rax)); 5075 DCHECK(!dividend.is(rax));
5066 DCHECK(!dividend.is(rdx)); 5076 DCHECK(!dividend.is(rdx));
5067 base::MagicNumbersForDivision<uint32_t> mag = 5077 base::MagicNumbersForDivision<uint32_t> mag =
5068 base::SignedDivisionByConstant(static_cast<uint32_t>(divisor)); 5078 base::SignedDivisionByConstant(static_cast<uint32_t>(divisor));
5069 movl(rax, Immediate(mag.multiplier)); 5079 movl(rax, Immediate(mag.multiplier));
5070 imull(dividend); 5080 imull(dividend);
5071 bool neg = (mag.multiplier & (static_cast<uint32_t>(1) << 31)) != 0; 5081 bool neg = (mag.multiplier & (static_cast<uint32_t>(1) << 31)) != 0;
5072 if (divisor > 0 && neg) addl(rdx, dividend); 5082 if (divisor > 0 && neg) addl(rdx, dividend);
5073 if (divisor < 0 && !neg && mag.multiplier > 0) subl(rdx, dividend); 5083 if (divisor < 0 && !neg && mag.multiplier > 0) subl(rdx, dividend);
5074 if (mag.shift > 0) sarl(rdx, Immediate(mag.shift)); 5084 if (mag.shift > 0) sarl(rdx, Immediate(mag.shift));
5075 movl(rax, dividend); 5085 movl(rax, dividend);
5076 shrl(rax, Immediate(31)); 5086 shrl(rax, Immediate(31));
5077 addl(rdx, rax); 5087 addl(rdx, rax);
5078 } 5088 }
5079 5089
5080 5090
5081 } // namespace internal 5091 } // namespace internal
5082 } // namespace v8 5092 } // namespace v8
5083 5093
5084 #endif // V8_TARGET_ARCH_X64 5094 #endif // V8_TARGET_ARCH_X64
OLDNEW
« no previous file with comments | « src/objects.cc ('k') | test/mjsunit/regress/regress-4296.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698