| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #if V8_TARGET_ARCH_ARM | 5 #if V8_TARGET_ARCH_ARM |
| 6 | 6 |
| 7 #include "src/base/bits.h" | 7 #include "src/base/bits.h" |
| 8 #include "src/bootstrapper.h" | 8 #include "src/bootstrapper.h" |
| 9 #include "src/code-stubs.h" | 9 #include "src/code-stubs.h" |
| 10 #include "src/codegen.h" | 10 #include "src/codegen.h" |
| (...skipping 1363 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1374 __ AssertNotSmi(function_prototype); | 1374 __ AssertNotSmi(function_prototype); |
| 1375 | 1375 |
| 1376 // Update the global instanceof cache with the current {object} map and | 1376 // Update the global instanceof cache with the current {object} map and |
| 1377 // {function}. The cached answer will be set when it is known below. | 1377 // {function}. The cached answer will be set when it is known below. |
| 1378 __ StoreRoot(function, Heap::kInstanceofCacheFunctionRootIndex); | 1378 __ StoreRoot(function, Heap::kInstanceofCacheFunctionRootIndex); |
| 1379 __ StoreRoot(object_map, Heap::kInstanceofCacheMapRootIndex); | 1379 __ StoreRoot(object_map, Heap::kInstanceofCacheMapRootIndex); |
| 1380 | 1380 |
| 1381 // Loop through the prototype chain looking for the {function} prototype. | 1381 // Loop through the prototype chain looking for the {function} prototype. |
| 1382 // Assume true, and change to false if not found. | 1382 // Assume true, and change to false if not found. |
| 1383 Register const object_instance_type = function_map; | 1383 Register const object_instance_type = function_map; |
| 1384 Register const map_bit_field = function_map; |
| 1384 Register const null = scratch; | 1385 Register const null = scratch; |
| 1385 Register const result = r0; | 1386 Register const result = r0; |
| 1386 Label done, loop, proxy_case; | 1387 |
| 1388 Label done, loop, fast_runtime_fallback; |
| 1387 __ LoadRoot(result, Heap::kTrueValueRootIndex); | 1389 __ LoadRoot(result, Heap::kTrueValueRootIndex); |
| 1388 __ LoadRoot(null, Heap::kNullValueRootIndex); | 1390 __ LoadRoot(null, Heap::kNullValueRootIndex); |
| 1389 __ bind(&loop); | 1391 __ bind(&loop); |
| 1392 |
| 1393 // Check if the object needs to be access checked. |
| 1394 __ ldrb(map_bit_field, FieldMemOperand(object_map, Map::kBitFieldOffset)); |
| 1395 __ tst(map_bit_field, Operand(1 << Map::kIsAccessCheckNeeded)); |
| 1396 __ b(ne, &fast_runtime_fallback); |
| 1397 // Check if the current object is a Proxy. |
| 1390 __ CompareInstanceType(object_map, object_instance_type, JS_PROXY_TYPE); | 1398 __ CompareInstanceType(object_map, object_instance_type, JS_PROXY_TYPE); |
| 1391 __ b(eq, &proxy_case); | 1399 __ b(eq, &fast_runtime_fallback); |
| 1400 |
| 1392 __ ldr(object, FieldMemOperand(object_map, Map::kPrototypeOffset)); | 1401 __ ldr(object, FieldMemOperand(object_map, Map::kPrototypeOffset)); |
| 1393 __ cmp(object, function_prototype); | 1402 __ cmp(object, function_prototype); |
| 1394 __ b(eq, &done); | 1403 __ b(eq, &done); |
| 1395 __ cmp(object, null); | 1404 __ cmp(object, null); |
| 1396 __ ldr(object_map, FieldMemOperand(object, HeapObject::kMapOffset)); | 1405 __ ldr(object_map, FieldMemOperand(object, HeapObject::kMapOffset)); |
| 1397 __ b(ne, &loop); | 1406 __ b(ne, &loop); |
| 1398 __ LoadRoot(result, Heap::kFalseValueRootIndex); | 1407 __ LoadRoot(result, Heap::kFalseValueRootIndex); |
| 1399 __ bind(&done); | 1408 __ bind(&done); |
| 1400 __ StoreRoot(result, Heap::kInstanceofCacheAnswerRootIndex); | 1409 __ StoreRoot(result, Heap::kInstanceofCacheAnswerRootIndex); |
| 1401 __ Ret(); | 1410 __ Ret(); |
| 1402 | 1411 |
| 1403 // Proxy-case: Call the %HasInPrototypeChain runtime function. | 1412 // Found Proxy or access check needed: Call the runtime |
| 1404 __ bind(&proxy_case); | 1413 __ bind(&fast_runtime_fallback); |
| 1405 __ Push(object, function_prototype); | 1414 __ Push(object, function_prototype); |
| 1406 // Invalidate the instanceof cache. | 1415 // Invalidate the instanceof cache. |
| 1407 __ Move(scratch, Smi::FromInt(0)); | 1416 __ Move(scratch, Smi::FromInt(0)); |
| 1408 __ StoreRoot(scratch, Heap::kInstanceofCacheFunctionRootIndex); | 1417 __ StoreRoot(scratch, Heap::kInstanceofCacheFunctionRootIndex); |
| 1409 __ TailCallRuntime(Runtime::kHasInPrototypeChain, 2, 1); | 1418 __ TailCallRuntime(Runtime::kHasInPrototypeChain, 2, 1); |
| 1410 | 1419 |
| 1411 // Slow-case: Call the %InstanceOf runtime function. | 1420 // Slow-case: Call the %InstanceOf runtime function. |
| 1412 __ bind(&slow_case); | 1421 __ bind(&slow_case); |
| 1413 __ Push(object, function); | 1422 __ Push(object, function); |
| 1414 __ TailCallRuntime(Runtime::kInstanceOf, 2, 1); | 1423 __ TailCallRuntime(Runtime::kInstanceOf, 2, 1); |
| (...skipping 3951 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5366 MemOperand(fp, 6 * kPointerSize), NULL); | 5375 MemOperand(fp, 6 * kPointerSize), NULL); |
| 5367 } | 5376 } |
| 5368 | 5377 |
| 5369 | 5378 |
| 5370 #undef __ | 5379 #undef __ |
| 5371 | 5380 |
| 5372 } // namespace internal | 5381 } // namespace internal |
| 5373 } // namespace v8 | 5382 } // namespace v8 |
| 5374 | 5383 |
| 5375 #endif // V8_TARGET_ARCH_ARM | 5384 #endif // V8_TARGET_ARCH_ARM |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1521953002:
[proxies] fix access issue when having proxies on the prototype-chain of global objects. (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master