Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(529)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/ia32/code-stubs-ia32.cc

Issue 1521953002: [proxies] fix access issue when having proxies on the prototype-chain of global objects. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: ppc code mess Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/deoptimizer.h ('k') | src/isolate.cc » ('j') | src/prototype.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #if V8_TARGET_ARCH_IA32 5 #if V8_TARGET_ARCH_IA32
6 6
7 #include "src/base/bits.h" 7 #include "src/base/bits.h"
8 #include "src/bootstrapper.h" 8 #include "src/bootstrapper.h"
9 #include "src/code-stubs.h" 9 #include "src/code-stubs.h"
10 #include "src/codegen.h" 10 #include "src/codegen.h"
(...skipping 2546 matching lines...) Expand 10 before | Expand all | Expand 10 after
2557 __ bind(&function_prototype_valid); 2557 __ bind(&function_prototype_valid);
2558 __ AssertNotSmi(function_prototype); 2558 __ AssertNotSmi(function_prototype);
2559 2559
2560 // Update the global instanceof cache with the current {object} map and 2560 // Update the global instanceof cache with the current {object} map and
2561 // {function}. The cached answer will be set when it is known below. 2561 // {function}. The cached answer will be set when it is known below.
2562 __ StoreRoot(function, scratch, Heap::kInstanceofCacheFunctionRootIndex); 2562 __ StoreRoot(function, scratch, Heap::kInstanceofCacheFunctionRootIndex);
2563 __ StoreRoot(object_map, scratch, Heap::kInstanceofCacheMapRootIndex); 2563 __ StoreRoot(object_map, scratch, Heap::kInstanceofCacheMapRootIndex);
2564 2564
2565 // Loop through the prototype chain looking for the {function} prototype. 2565 // Loop through the prototype chain looking for the {function} prototype.
2566 // Assume true, and change to false if not found. 2566 // Assume true, and change to false if not found.
2567 Label done, loop, proxy_case; 2567 Label done, loop, fast_runtime_fallback;
2568 __ mov(eax, isolate()->factory()->true_value()); 2568 __ mov(eax, isolate()->factory()->true_value());
2569 __ bind(&loop); 2569 __ bind(&loop);
2570
2571 // Check if the object needs to be access checked.
2572 __ test_b(FieldOperand(object_map, Map::kBitFieldOffset),
2573 1 << Map::kIsAccessCheckNeeded);
2574 __ j(not_zero, &fast_runtime_fallback, Label::kNear);
2575 // Check if the current object is a Proxy.
2570 __ CmpInstanceType(object_map, JS_PROXY_TYPE); 2576 __ CmpInstanceType(object_map, JS_PROXY_TYPE);
2571 __ j(equal, &proxy_case, Label::kNear); 2577 __ j(equal, &fast_runtime_fallback, Label::kNear);
2578
2572 __ mov(object, FieldOperand(object_map, Map::kPrototypeOffset)); 2579 __ mov(object, FieldOperand(object_map, Map::kPrototypeOffset));
2573 __ cmp(object, function_prototype); 2580 __ cmp(object, function_prototype);
2574 __ j(equal, &done, Label::kNear); 2581 __ j(equal, &done, Label::kNear);
2582 __ mov(object_map, FieldOperand(object, HeapObject::kMapOffset));
2575 __ cmp(object, isolate()->factory()->null_value()); 2583 __ cmp(object, isolate()->factory()->null_value());
2576 __ mov(object_map, FieldOperand(object, HeapObject::kMapOffset));
2577 __ j(not_equal, &loop); 2584 __ j(not_equal, &loop);
2578 __ mov(eax, isolate()->factory()->false_value()); 2585 __ mov(eax, isolate()->factory()->false_value());
2586
2579 __ bind(&done); 2587 __ bind(&done);
2580 __ StoreRoot(eax, scratch, Heap::kInstanceofCacheAnswerRootIndex); 2588 __ StoreRoot(eax, scratch, Heap::kInstanceofCacheAnswerRootIndex);
2581 __ ret(0); 2589 __ ret(0);
2582 2590
2583 // Proxy-case: Call the %HasInPrototypeChain runtime function. 2591 // Found Proxy or access check needed: Call the runtime.
2584 __ bind(&proxy_case); 2592 __ bind(&fast_runtime_fallback);
2585 __ PopReturnAddressTo(scratch); 2593 __ PopReturnAddressTo(scratch);
2586 __ Push(object); 2594 __ Push(object);
2587 __ Push(function_prototype); 2595 __ Push(function_prototype);
2588 __ PushReturnAddressFrom(scratch); 2596 __ PushReturnAddressFrom(scratch);
2589 // Invalidate the instanceof cache. 2597 // Invalidate the instanceof cache.
2590 __ Move(eax, Immediate(Smi::FromInt(0))); 2598 __ Move(eax, Immediate(Smi::FromInt(0)));
2591 __ StoreRoot(eax, scratch, Heap::kInstanceofCacheFunctionRootIndex); 2599 __ StoreRoot(eax, scratch, Heap::kInstanceofCacheFunctionRootIndex);
2592 __ TailCallRuntime(Runtime::kHasInPrototypeChain, 2, 1); 2600 __ TailCallRuntime(Runtime::kHasInPrototypeChain, 2, 1);
2593 2601
2594 // Slow-case: Call the %InstanceOf runtime function. 2602 // Slow-case: Call the %InstanceOf runtime function.
(...skipping 3049 matching lines...) Expand 10 before | Expand all | Expand 10 after
5644 Operand(ebp, 7 * kPointerSize), NULL); 5652 Operand(ebp, 7 * kPointerSize), NULL);
5645 } 5653 }
5646 5654
5647 5655
5648 #undef __ 5656 #undef __
5649 5657
5650 } // namespace internal 5658 } // namespace internal
5651 } // namespace v8 5659 } // namespace v8
5652 5660
5653 #endif // V8_TARGET_ARCH_IA32 5661 #endif // V8_TARGET_ARCH_IA32
OLDNEW
« no previous file with comments | « src/deoptimizer.h ('k') | src/isolate.cc » ('j') | src/prototype.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698