src/compiler/js-native-context-specialization.cc - Issue 1416493007: [turbofan] Implement the implicit ToObject for property access.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/compiler/js-native-context-specialization.cc

Issue 1416493007: [turbofan] Implement the implicit ToObject for property access. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master

Patch Set: Created 5 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/compiler/js-native-context-specialization.cc

diff --git a/src/compiler/js-native-context-specialization.cc b/src/compiler/js-native-context-specialization.cc

index 38735e1dc7fea22737b15c85145837ad7522a41c..06e09dd6ab12226c719fcfb15918880717380cec 100644

--- a/src/compiler/js-native-context-specialization.cc

+++ b/src/compiler/js-native-context-specialization.cc

@@ -34,6 +34,7 @@ JSNativeContextSpecialization::JSNativeContextSpecialization(

jsgraph_(jsgraph),

flags_(flags),

global_object_(global_object),

+ native_context_(global_object->native_context(), isolate()),

dependencies_(dependencies),

zone_(zone) {}

@@ -435,8 +436,17 @@ bool JSNativeContextSpecialization::ComputePropertyAccessInfo(

// Walk up the prototype chain.

if (!map->prototype()->IsJSObject()) {

- // TODO(bmeurer): Handle the not found case if the prototype is null.

- break;

+ // Perform the implicit ToObject for primitives here.

+ // Implemented according to ES6 section 7.3.2 GetV (V, P).

+ Handle<JSFunction> constructor;

+ if (Map::GetConstructorFunction(map, native_context())

+ .ToHandle(&constructor)) {

+ map = handle(constructor->initial_map(), isolate());

+ DCHECK(map->prototype()->IsJSObject());

+ } else {

+ // TODO(bmeurer): Handle the not found case if the prototype is null.

+ break;

+ }

}

Handle<JSObject> map_prototype(JSObject::cast(map->prototype()), isolate());

if (map_prototype->map()->is_deprecated()) {

@@ -893,7 +903,14 @@ void JSNativeContextSpecialization::AssumePrototypesStable(

Type* receiver_type, Handle<JSObject> holder) {

// Determine actual holder and perform prototype chain checks.

for (auto i = receiver_type->Classes(); !i.Done(); i.Advance()) {

- Handle<Map> const map = i.Current();

+ Handle<Map> map = i.Current();

+ // Perform the implicit ToObject for primitives here.

+ // Implemented according to ES6 section 7.3.2 GetV (V, P).

+ Handle<JSFunction> constructor;

+ if (Map::GetConstructorFunction(map, native_context())

+ .ToHandle(&constructor)) {

+ map = handle(constructor->initial_map(), isolate());

+ }

for (PrototypeIterator j(map);; j.Advance()) {

// Check that the {prototype} still has the same map. All prototype

// maps are guaranteed to be stable, so it's sufficient to add a

« no previous file with comments | « src/compiler/js-native-context-specialization.h ('k') | src/crankshaft/hydrogen.cc » ('j') | no next file with comments »