| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/builtins.h" | 5 #include "src/builtins.h" |
| 6 | 6 |
| 7 #include "src/api-arguments.h" | 7 #include "src/api-arguments.h" |
| 8 #include "src/api-natives.h" | 8 #include "src/api-natives.h" |
| 9 #include "src/api.h" | 9 #include "src/api.h" |
| 10 #include "src/base/once.h" | 10 #include "src/base/once.h" |
| (...skipping 680 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 691 int relative_start = 0; | 691 int relative_start = 0; |
| 692 int relative_end = 0; | 692 int relative_end = 0; |
| 693 | 693 |
| 694 if (receiver->IsJSArray()) { | 694 if (receiver->IsJSArray()) { |
| 695 DisallowHeapAllocation no_gc; | 695 DisallowHeapAllocation no_gc; |
| 696 JSArray* array = JSArray::cast(*receiver); | 696 JSArray* array = JSArray::cast(*receiver); |
| 697 if (!array->HasFastElements() || | 697 if (!array->HasFastElements() || |
| 698 !IsJSArrayFastElementMovingAllowed(isolate, array) || | 698 !IsJSArrayFastElementMovingAllowed(isolate, array) || |
| 699 !isolate->IsArraySpeciesLookupChainIntact() || | 699 !isolate->IsArraySpeciesLookupChainIntact() || |
| 700 // If this is a subclass of Array, then call out to JS | 700 // If this is a subclass of Array, then call out to JS |
| 701 !array->map()->new_target_is_base()) { | 701 !array->HasArrayPrototype(isolate)) { |
| 702 AllowHeapAllocation allow_allocation; | 702 AllowHeapAllocation allow_allocation; |
| 703 return CallJsIntrinsic(isolate, isolate->array_slice(), args); | 703 return CallJsIntrinsic(isolate, isolate->array_slice(), args); |
| 704 } | 704 } |
| 705 len = Smi::cast(array->length())->value(); | 705 len = Smi::cast(array->length())->value(); |
| 706 } else if (receiver->IsJSObject() && | 706 } else if (receiver->IsJSObject() && |
| 707 GetSloppyArgumentsLength(isolate, Handle<JSObject>::cast(receiver), | 707 GetSloppyArgumentsLength(isolate, Handle<JSObject>::cast(receiver), |
| 708 &len)) { | 708 &len)) { |
| 709 // Array.prototype.slice.call(arguments, ...) is quite a common idiom | 709 // Array.prototype.slice.call(arguments, ...) is quite a common idiom |
| 710 // (notably more than 50% of invocations in Web apps). | 710 // (notably more than 50% of invocations in Web apps). |
| 711 // Treat it in C++ as well. | 711 // Treat it in C++ as well. |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 752 ElementsAccessor* accessor = object->GetElementsAccessor(); | 752 ElementsAccessor* accessor = object->GetElementsAccessor(); |
| 753 return *accessor->Slice(object, actual_start, actual_end); | 753 return *accessor->Slice(object, actual_start, actual_end); |
| 754 } | 754 } |
| 755 | 755 |
| 756 | 756 |
| 757 BUILTIN(ArraySplice) { | 757 BUILTIN(ArraySplice) { |
| 758 HandleScope scope(isolate); | 758 HandleScope scope(isolate); |
| 759 Handle<Object> receiver = args.receiver(); | 759 Handle<Object> receiver = args.receiver(); |
| 760 if (!EnsureJSArrayWithWritableFastElements(isolate, receiver, &args, 3) || | 760 if (!EnsureJSArrayWithWritableFastElements(isolate, receiver, &args, 3) || |
| 761 // If this is a subclass of Array, then call out to JS. | 761 // If this is a subclass of Array, then call out to JS. |
| 762 !JSArray::cast(*receiver)->map()->new_target_is_base() || | 762 !Handle<JSArray>::cast(receiver)->HasArrayPrototype(isolate) || |
| 763 // If anything with @@species has been messed with, call out to JS. | 763 // If anything with @@species has been messed with, call out to JS. |
| 764 !isolate->IsArraySpeciesLookupChainIntact()) { | 764 !isolate->IsArraySpeciesLookupChainIntact()) { |
| 765 return CallJsIntrinsic(isolate, isolate->array_splice(), args); | 765 return CallJsIntrinsic(isolate, isolate->array_splice(), args); |
| 766 } | 766 } |
| 767 Handle<JSArray> array = Handle<JSArray>::cast(receiver); | 767 Handle<JSArray> array = Handle<JSArray>::cast(receiver); |
| 768 | 768 |
| 769 int argument_count = args.length() - 1; | 769 int argument_count = args.length() - 1; |
| 770 int relative_start = 0; | 770 int relative_start = 0; |
| 771 if (argument_count > 0) { | 771 if (argument_count > 0) { |
| 772 DisallowHeapAllocation no_gc; | 772 DisallowHeapAllocation no_gc; |
| (...skipping 4767 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5540 BUILTIN_LIST_T(DEFINE_BUILTIN_ACCESSOR_T) | 5540 BUILTIN_LIST_T(DEFINE_BUILTIN_ACCESSOR_T) |
| 5541 BUILTIN_LIST_H(DEFINE_BUILTIN_ACCESSOR_H) | 5541 BUILTIN_LIST_H(DEFINE_BUILTIN_ACCESSOR_H) |
| 5542 BUILTIN_LIST_DEBUG_A(DEFINE_BUILTIN_ACCESSOR_A) | 5542 BUILTIN_LIST_DEBUG_A(DEFINE_BUILTIN_ACCESSOR_A) |
| 5543 #undef DEFINE_BUILTIN_ACCESSOR_C | 5543 #undef DEFINE_BUILTIN_ACCESSOR_C |
| 5544 #undef DEFINE_BUILTIN_ACCESSOR_A | 5544 #undef DEFINE_BUILTIN_ACCESSOR_A |
| 5545 #undef DEFINE_BUILTIN_ACCESSOR_T | 5545 #undef DEFINE_BUILTIN_ACCESSOR_T |
| 5546 #undef DEFINE_BUILTIN_ACCESSOR_H | 5546 #undef DEFINE_BUILTIN_ACCESSOR_H |
| 5547 | 5547 |
| 5548 } // namespace internal | 5548 } // namespace internal |
| 5549 } // namespace v8 | 5549 } // namespace v8 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1936393002:
Make array __proto__ manipulations not disturb the species protector (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master