| OLD | NEW |
|---|
| 1 // Copyright 2013 the V8 project authors. All rights reserved. | 1 // Copyright 2013 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #if V8_TARGET_ARCH_ARM64 | 5 #if V8_TARGET_ARCH_ARM64 |
| 6 | 6 |
| 7 #include "src/bootstrapper.h" | 7 #include "src/bootstrapper.h" |
| 8 #include "src/code-stubs.h" | 8 #include "src/code-stubs.h" |
| 9 #include "src/codegen.h" | 9 #include "src/codegen.h" |
| 10 #include "src/ic/handler-compiler.h" | 10 #include "src/ic/handler-compiler.h" |
| (...skipping 1568 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1579 __ AssertNotSmi(function_prototype); | 1579 __ AssertNotSmi(function_prototype); |
| 1580 | 1580 |
| 1581 // Update the global instanceof cache with the current {object} map and | 1581 // Update the global instanceof cache with the current {object} map and |
| 1582 // {function}. The cached answer will be set when it is known below. | 1582 // {function}. The cached answer will be set when it is known below. |
| 1583 __ StoreRoot(function, Heap::kInstanceofCacheFunctionRootIndex); | 1583 __ StoreRoot(function, Heap::kInstanceofCacheFunctionRootIndex); |
| 1584 __ StoreRoot(object_map, Heap::kInstanceofCacheMapRootIndex); | 1584 __ StoreRoot(object_map, Heap::kInstanceofCacheMapRootIndex); |
| 1585 | 1585 |
| 1586 // Loop through the prototype chain looking for the {function} prototype. | 1586 // Loop through the prototype chain looking for the {function} prototype. |
| 1587 // Assume true, and change to false if not found. | 1587 // Assume true, and change to false if not found. |
| 1588 Register const object_instance_type = function_map; | 1588 Register const object_instance_type = function_map; |
| 1589 Register const map_bit_field = function_map; |
| 1589 Register const null = scratch; | 1590 Register const null = scratch; |
| 1590 Register const result = x0; | 1591 Register const result = x0; |
| 1591 Label done, loop, proxy_case; | 1592 |
| 1593 Label done, loop, fast_runtime_fallback; |
| 1592 __ LoadRoot(result, Heap::kTrueValueRootIndex); | 1594 __ LoadRoot(result, Heap::kTrueValueRootIndex); |
| 1593 __ LoadRoot(null, Heap::kNullValueRootIndex); | 1595 __ LoadRoot(null, Heap::kNullValueRootIndex); |
| 1594 __ Bind(&loop); | 1596 __ Bind(&loop); |
| 1597 |
| 1598 // Check if the object needs to be access checked. |
| 1599 __ Ldrb(map_bit_field, FieldMemOperand(object_map, Map::kBitFieldOffset)); |
| 1600 __ TestAndBranchIfAnySet(map_bit_field, 1 << Map::kIsAccessCheckNeeded, |
| 1601 &fast_runtime_fallback); |
| 1602 // Check if the current object is a Proxy. |
| 1595 __ CompareInstanceType(object_map, object_instance_type, JS_PROXY_TYPE); | 1603 __ CompareInstanceType(object_map, object_instance_type, JS_PROXY_TYPE); |
| 1596 __ B(eq, &proxy_case); | 1604 __ B(eq, &fast_runtime_fallback); |
| 1605 |
| 1597 __ Ldr(object, FieldMemOperand(object_map, Map::kPrototypeOffset)); | 1606 __ Ldr(object, FieldMemOperand(object_map, Map::kPrototypeOffset)); |
| 1598 __ Cmp(object, function_prototype); | 1607 __ Cmp(object, function_prototype); |
| 1599 __ B(eq, &done); | 1608 __ B(eq, &done); |
| 1600 __ Cmp(object, null); | 1609 __ Cmp(object, null); |
| 1601 __ Ldr(object_map, FieldMemOperand(object, HeapObject::kMapOffset)); | 1610 __ Ldr(object_map, FieldMemOperand(object, HeapObject::kMapOffset)); |
| 1602 __ B(ne, &loop); | 1611 __ B(ne, &loop); |
| 1603 __ LoadRoot(result, Heap::kFalseValueRootIndex); | 1612 __ LoadRoot(result, Heap::kFalseValueRootIndex); |
| 1604 __ Bind(&done); | 1613 __ Bind(&done); |
| 1605 __ StoreRoot(result, Heap::kInstanceofCacheAnswerRootIndex); | 1614 __ StoreRoot(result, Heap::kInstanceofCacheAnswerRootIndex); |
| 1606 __ Ret(); | 1615 __ Ret(); |
| 1607 | 1616 |
| 1608 // Proxy-case: Call the %HasInPrototypeChain runtime function. | 1617 // Found Proxy or access check needed: Call the runtime |
| 1609 __ Bind(&proxy_case); | 1618 __ Bind(&fast_runtime_fallback); |
| 1610 __ Push(object, function_prototype); | 1619 __ Push(object, function_prototype); |
| 1611 // Invalidate the instanceof cache. | 1620 // Invalidate the instanceof cache. |
| 1612 __ Move(scratch, Smi::FromInt(0)); | 1621 __ Move(scratch, Smi::FromInt(0)); |
| 1613 __ StoreRoot(scratch, Heap::kInstanceofCacheFunctionRootIndex); | 1622 __ StoreRoot(scratch, Heap::kInstanceofCacheFunctionRootIndex); |
| 1614 __ TailCallRuntime(Runtime::kHasInPrototypeChain, 2, 1); | 1623 __ TailCallRuntime(Runtime::kHasInPrototypeChain, 2, 1); |
| 1615 | 1624 |
| 1616 // Slow-case: Call the %InstanceOf runtime function. | 1625 // Slow-case: Call the %InstanceOf runtime function. |
| 1617 __ bind(&slow_case); | 1626 __ bind(&slow_case); |
| 1618 __ Push(object, function); | 1627 __ Push(object, function); |
| 1619 __ TailCallRuntime(Runtime::kInstanceOf, 2, 1); | 1628 __ TailCallRuntime(Runtime::kInstanceOf, 2, 1); |
| (...skipping 4172 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5792 MemOperand(fp, 6 * kPointerSize), NULL); | 5801 MemOperand(fp, 6 * kPointerSize), NULL); |
| 5793 } | 5802 } |
| 5794 | 5803 |
| 5795 | 5804 |
| 5796 #undef __ | 5805 #undef __ |
| 5797 | 5806 |
| 5798 } // namespace internal | 5807 } // namespace internal |
| 5799 } // namespace v8 | 5808 } // namespace v8 |
| 5800 | 5809 |
| 5801 #endif // V8_TARGET_ARCH_ARM64 | 5810 #endif // V8_TARGET_ARCH_ARM64 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1521953002:
[proxies] fix access issue when having proxies on the prototype-chain of global objects. (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master