src/ia32/builtins-ia32.cc - Issue 1593553002: [runtime] Throw exception for derived constructors in correct context.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/ia32/builtins-ia32.cc

Issue 1593553002: [runtime] Throw exception for derived constructors in correct context. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master

Patch Set: disable regression test for ignition Created 4 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/ia32/builtins-ia32.cc

diff --git a/src/ia32/builtins-ia32.cc b/src/ia32/builtins-ia32.cc

index a2aec741621587eb201d6880572eb9147fb2d1c4..d979525701080897975606e8a12154fc92b0051d 100644

--- a/src/ia32/builtins-ia32.cc

+++ b/src/ia32/builtins-ia32.cc

@@ -118,7 +118,8 @@ void Builtins::Generate_InOptimizationQueue(MacroAssembler* masm) {

static void Generate_JSConstructStubHelper(MacroAssembler* masm,

bool is_api_function,

- bool create_implicit_receiver) {

+ bool create_implicit_receiver,

+ bool check_derived_construct) {

// ----------- S t a t e -------------

// -- eax: number of arguments

// -- edi: constructor function

@@ -331,8 +332,7 @@ static void Generate_JSConstructStubHelper(MacroAssembler* masm,

if (create_implicit_receiver) {

// If the result is an object (in the ECMA sense), we should get rid

- // of the receiver and use the result; see ECMA-262 section 13.2.2-7

- // on page 74.

+ // of the receiver and use the result.

Label use_receiver, exit;

// If the result is a smi, it is *not* an object in the ECMA sense.

@@ -359,6 +359,19 @@ static void Generate_JSConstructStubHelper(MacroAssembler* masm,

// Leave construct frame.

}

+ // ES6 9.2.2. Step 13+

+ // Check that the result is not a Smi, indicating that the constructor result

+ // from a derived class is neither undefined nor an Object.

+ if (check_derived_construct) {

+ Label dont_throw;

+ __ JumpIfNotSmi(eax, &dont_throw);

+ {

+ FrameScope scope(masm, StackFrame::INTERNAL);

+ __ CallRuntime(Runtime::kThrowDerivedConstructorReturnedNonObject);

+ }

+ __ bind(&dont_throw);

+ }

// Remove caller arguments from the stack and return.

STATIC_ASSERT(kSmiTagSize == 1 && kSmiTag == 0);

__ pop(ecx);

@@ -372,17 +385,23 @@ static void Generate_JSConstructStubHelper(MacroAssembler* masm,

void Builtins::Generate_JSConstructStubGeneric(MacroAssembler* masm) {

- Generate_JSConstructStubHelper(masm, false, true);

+ Generate_JSConstructStubHelper(masm, false, true, false);

}

void Builtins::Generate_JSConstructStubApi(MacroAssembler* masm) {

- Generate_JSConstructStubHelper(masm, true, true);

+ Generate_JSConstructStubHelper(masm, true, true, false);

}

void Builtins::Generate_JSBuiltinsConstructStub(MacroAssembler* masm) {

- Generate_JSConstructStubHelper(masm, false, false);

+ Generate_JSConstructStubHelper(masm, false, false, false);

+void Builtins::Generate_JSBuiltinsConstructStubForDerived(

+ MacroAssembler* masm) {

+ Generate_JSConstructStubHelper(masm, false, false, true);

}

« no previous file with comments | « src/builtins.h ('k') | src/mips/builtins-mips.cc » ('j') | no next file with comments »