Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(351)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/hydrogen.cc

Issue 16944006: HCheckFunction is needed to protect new array constructors in (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Created 7 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | test/mjsunit/allocation-site-info.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 8901 matching lines...) Expand 10 before | Expand all | Expand 10 after
8912 receiver->DeleteAndReplaceWith(NULL); 8912 receiver->DeleteAndReplaceWith(NULL);
8913 check->DeleteAndReplaceWith(NULL); 8913 check->DeleteAndReplaceWith(NULL);
8914 environment()->SetExpressionStackAt(receiver_index, function); 8914 environment()->SetExpressionStackAt(receiver_index, function);
8915 HInstruction* call = PreProcessCall( 8915 HInstruction* call = PreProcessCall(
8916 new(zone()) HCallNew(context, function, argument_count)); 8916 new(zone()) HCallNew(context, function, argument_count));
8917 call->set_position(expr->position()); 8917 call->set_position(expr->position());
8918 return ast_context()->ReturnInstruction(call, expr->id()); 8918 return ast_context()->ReturnInstruction(call, expr->id());
8919 } else { 8919 } else {
8920 // The constructor function is both an operand to the instruction and an 8920 // The constructor function is both an operand to the instruction and an
8921 // argument to the construct call. 8921 // argument to the construct call.
8922 Handle<JSFunction> array_function =
8923 Handle<JSFunction>(isolate()->global_context()->array_function(),
8924 isolate());
8922 bool use_call_new_array = FLAG_optimize_constructed_arrays && 8925 bool use_call_new_array = FLAG_optimize_constructed_arrays &&
8923 !(expr->target().is_null()) && 8926 expr->target().is_identical_to(array_function);
8924 *(expr->target()) == isolate()->global_context()->array_function();
8925 8927
8926 CHECK_ALIVE(VisitArgument(expr->expression())); 8928 CHECK_ALIVE(VisitArgument(expr->expression()));
8927 HValue* constructor = HPushArgument::cast(Top())->argument(); 8929 HValue* constructor = HPushArgument::cast(Top())->argument();
8928 CHECK_ALIVE(VisitArgumentList(expr->arguments())); 8930 CHECK_ALIVE(VisitArgumentList(expr->arguments()));
8929 HCallNew* call; 8931 HCallNew* call;
8930 if (use_call_new_array) { 8932 if (use_call_new_array) {
8931 Handle<Cell> cell = expr->allocation_info_cell(); 8933 Handle<Cell> cell = expr->allocation_info_cell();
8934 AddInstruction(new(zone()) HCheckFunction(constructor, array_function));
8932 call = new(zone()) HCallNewArray(context, constructor, argument_count, 8935 call = new(zone()) HCallNewArray(context, constructor, argument_count,
8933 cell); 8936 cell);
8934 } else { 8937 } else {
8935 call = new(zone()) HCallNew(context, constructor, argument_count); 8938 call = new(zone()) HCallNew(context, constructor, argument_count);
8936 } 8939 }
8937 Drop(argument_count); 8940 Drop(argument_count);
8938 call->set_position(expr->position()); 8941 call->set_position(expr->position());
8939 return ast_context()->ReturnInstruction(call, expr->id()); 8942 return ast_context()->ReturnInstruction(call, expr->id());
8940 } 8943 }
8941 } 8944 }
(...skipping 2672 matching lines...) Expand 10 before | Expand all | Expand 10 after
11614 } 11617 }
11615 } 11618 }
11616 11619
11617 #ifdef DEBUG 11620 #ifdef DEBUG
11618 if (graph_ != NULL) graph_->Verify(false); // No full verify. 11621 if (graph_ != NULL) graph_->Verify(false); // No full verify.
11619 if (allocator_ != NULL) allocator_->Verify(); 11622 if (allocator_ != NULL) allocator_->Verify();
11620 #endif 11623 #endif
11621 } 11624 }
11622 11625
11623 } } // namespace v8::internal 11626 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « no previous file | test/mjsunit/allocation-site-info.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698