| OLD | NEW |
|---|
| 1 // Copyright 2015 the V8 project authors. All rights reserved. | 1 // Copyright 2015 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/objects.h" | 5 #include "src/objects.h" |
| 6 | 6 |
| 7 #include <cmath> | 7 #include <cmath> |
| 8 #include <iomanip> | 8 #include <iomanip> |
| 9 #include <sstream> | 9 #include <sstream> |
| 10 | 10 |
| (...skipping 13109 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 13120 if (new_target->IsJSFunction()) { | 13120 if (new_target->IsJSFunction()) { |
| 13121 Handle<JSFunction> function = Handle<JSFunction>::cast(new_target); | 13121 Handle<JSFunction> function = Handle<JSFunction>::cast(new_target); |
| 13122 // Make sure the new.target.prototype is cached. | 13122 // Make sure the new.target.prototype is cached. |
| 13123 EnsureHasInitialMap(function); | 13123 EnsureHasInitialMap(function); |
| 13124 prototype = handle(function->prototype(), isolate); | 13124 prototype = handle(function->prototype(), isolate); |
| 13125 } else { | 13125 } else { |
| 13126 Handle<String> prototype_string = isolate->factory()->prototype_string(); | 13126 Handle<String> prototype_string = isolate->factory()->prototype_string(); |
| 13127 ASSIGN_RETURN_ON_EXCEPTION( | 13127 ASSIGN_RETURN_ON_EXCEPTION( |
| 13128 isolate, prototype, | 13128 isolate, prototype, |
| 13129 JSReceiver::GetProperty(new_target, prototype_string), Map); | 13129 JSReceiver::GetProperty(new_target, prototype_string), Map); |
| 13130 // The above prototype lookup might change the constructor and its |
| 13131 // prototype, hence we have to reload the initial map. |
| 13132 EnsureHasInitialMap(constructor); |
| 13133 constructor_initial_map = handle(constructor->initial_map(), isolate); |
| 13130 } | 13134 } |
| 13131 | 13135 |
| 13132 // If prototype is not a JSReceiver, fetch the intrinsicDefaultProto from the | 13136 // If prototype is not a JSReceiver, fetch the intrinsicDefaultProto from the |
| 13133 // correct realm. Rather than directly fetching the .prototype, we fetch the | 13137 // correct realm. Rather than directly fetching the .prototype, we fetch the |
| 13134 // constructor that points to the .prototype. This relies on | 13138 // constructor that points to the .prototype. This relies on |
| 13135 // constructor.prototype being FROZEN for those constructors. | 13139 // constructor.prototype being FROZEN for those constructors. |
| 13136 if (!prototype->IsJSReceiver()) { | 13140 if (!prototype->IsJSReceiver()) { |
| 13137 Handle<Context> context; | 13141 Handle<Context> context; |
| 13138 ASSIGN_RETURN_ON_EXCEPTION(isolate, context, | 13142 ASSIGN_RETURN_ON_EXCEPTION(isolate, context, |
| 13139 JSReceiver::GetFunctionRealm(new_target), Map); | 13143 JSReceiver::GetFunctionRealm(new_target), Map); |
| (...skipping 6525 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 19665 if (cell->value() != *new_value) { | 19669 if (cell->value() != *new_value) { |
| 19666 cell->set_value(*new_value); | 19670 cell->set_value(*new_value); |
| 19667 Isolate* isolate = cell->GetIsolate(); | 19671 Isolate* isolate = cell->GetIsolate(); |
| 19668 cell->dependent_code()->DeoptimizeDependentCodeGroup( | 19672 cell->dependent_code()->DeoptimizeDependentCodeGroup( |
| 19669 isolate, DependentCode::kPropertyCellChangedGroup); | 19673 isolate, DependentCode::kPropertyCellChangedGroup); |
| 19670 } | 19674 } |
| 19671 } | 19675 } |
| 19672 | 19676 |
| 19673 } // namespace internal | 19677 } // namespace internal |
| 19674 } // namespace v8 | 19678 } // namespace v8 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1586203003:
[proxy] Reload the initial map after prototype lookup on constructable (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master