Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(807)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/x87/code-stubs-x87.cc

Issue 1521953002: [proxies] fix access issue when having proxies on the prototype-chain of global objects. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: ppc code mess Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« src/prototype.h ('K') | « src/x64/code-stubs-x64.cc ('k') | test/mjsunit/cross-realm-global-prototype.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #if V8_TARGET_ARCH_X87 5 #if V8_TARGET_ARCH_X87
6 6
7 #include "src/base/bits.h" 7 #include "src/base/bits.h"
8 #include "src/bootstrapper.h" 8 #include "src/bootstrapper.h"
9 #include "src/code-stubs.h" 9 #include "src/code-stubs.h"
10 #include "src/codegen.h" 10 #include "src/codegen.h"
(...skipping 2258 matching lines...) Expand 10 before | Expand all | Expand 10 after
2269 __ bind(&function_prototype_valid); 2269 __ bind(&function_prototype_valid);
2270 __ AssertNotSmi(function_prototype); 2270 __ AssertNotSmi(function_prototype);
2271 2271
2272 // Update the global instanceof cache with the current {object} map and 2272 // Update the global instanceof cache with the current {object} map and
2273 // {function}. The cached answer will be set when it is known below. 2273 // {function}. The cached answer will be set when it is known below.
2274 __ StoreRoot(function, scratch, Heap::kInstanceofCacheFunctionRootIndex); 2274 __ StoreRoot(function, scratch, Heap::kInstanceofCacheFunctionRootIndex);
2275 __ StoreRoot(object_map, scratch, Heap::kInstanceofCacheMapRootIndex); 2275 __ StoreRoot(object_map, scratch, Heap::kInstanceofCacheMapRootIndex);
2276 2276
2277 // Loop through the prototype chain looking for the {function} prototype. 2277 // Loop through the prototype chain looking for the {function} prototype.
2278 // Assume true, and change to false if not found. 2278 // Assume true, and change to false if not found.
2279 Label done, loop, proxy_case; 2279 Label done, loop, fast_runtime_fallback;
2280 __ mov(eax, isolate()->factory()->true_value()); 2280 __ mov(eax, isolate()->factory()->true_value());
2281 __ bind(&loop); 2281 __ bind(&loop);
2282
2283 __ test_b(FieldOperand(object_map, Map::kBitFieldOffset),
2284 1 << Map::kIsAccessCheckNeeded);
2285 __ j(not_zero, &fast_runtime_fallback, Label::kNear);
2282 __ CmpInstanceType(object_map, JS_PROXY_TYPE); 2286 __ CmpInstanceType(object_map, JS_PROXY_TYPE);
2283 __ j(equal, &proxy_case, Label::kNear); 2287 __ j(equal, &fast_runtime_fallback, Label::kNear);
2288
2284 __ mov(object, FieldOperand(object_map, Map::kPrototypeOffset)); 2289 __ mov(object, FieldOperand(object_map, Map::kPrototypeOffset));
2285 __ cmp(object, function_prototype); 2290 __ cmp(object, function_prototype);
2286 __ j(equal, &done, Label::kNear); 2291 __ j(equal, &done, Label::kNear);
2287 __ cmp(object, isolate()->factory()->null_value()); 2292 __ cmp(object, isolate()->factory()->null_value());
2288 __ mov(object_map, FieldOperand(object, HeapObject::kMapOffset)); 2293 __ mov(object_map, FieldOperand(object, HeapObject::kMapOffset));
2289 __ j(not_equal, &loop); 2294 __ j(not_equal, &loop);
2290 __ mov(eax, isolate()->factory()->false_value()); 2295 __ mov(eax, isolate()->factory()->false_value());
2291 __ bind(&done); 2296 __ bind(&done);
2292 __ StoreRoot(eax, scratch, Heap::kInstanceofCacheAnswerRootIndex); 2297 __ StoreRoot(eax, scratch, Heap::kInstanceofCacheAnswerRootIndex);
2293 __ ret(0); 2298 __ ret(0);
2294 2299
2295 // Proxy-case: Call the %HasInPrototypeChain runtime function. 2300 // Found Proxy or access check needed: Call the runtime.
2296 __ bind(&proxy_case); 2301 __ bind(&fast_runtime_fallback);
2297 __ PopReturnAddressTo(scratch); 2302 __ PopReturnAddressTo(scratch);
2298 __ Push(object); 2303 __ Push(object);
2299 __ Push(function_prototype); 2304 __ Push(function_prototype);
2300 __ PushReturnAddressFrom(scratch); 2305 __ PushReturnAddressFrom(scratch);
2301 // Invalidate the instanceof cache. 2306 // Invalidate the instanceof cache.
2302 __ Move(eax, Immediate(Smi::FromInt(0))); 2307 __ Move(eax, Immediate(Smi::FromInt(0)));
2303 __ StoreRoot(eax, scratch, Heap::kInstanceofCacheFunctionRootIndex); 2308 __ StoreRoot(eax, scratch, Heap::kInstanceofCacheFunctionRootIndex);
2304 __ TailCallRuntime(Runtime::kHasInPrototypeChain, 2, 1); 2309 __ TailCallRuntime(Runtime::kHasInPrototypeChain, 2, 1);
2305 2310
2306 // Slow-case: Call the %InstanceOf runtime function. 2311 // Slow-case: Call the %InstanceOf runtime function.
(...skipping 3019 matching lines...) Expand 10 before | Expand all | Expand 10 after
5326 Operand(ebp, 7 * kPointerSize), NULL); 5331 Operand(ebp, 7 * kPointerSize), NULL);
5327 } 5332 }
5328 5333
5329 5334
5330 #undef __ 5335 #undef __
5331 5336
5332 } // namespace internal 5337 } // namespace internal
5333 } // namespace v8 5338 } // namespace v8
5334 5339
5335 #endif // V8_TARGET_ARCH_X87 5340 #endif // V8_TARGET_ARCH_X87
OLDNEW
« src/prototype.h ('K') | « src/x64/code-stubs-x64.cc ('k') | test/mjsunit/cross-realm-global-prototype.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698