src/builtins.cc - Issue 2131383002: [builtins] take slow path in IsConcatSpreadable if proxy in prototype

Side by Side Diff: src/builtins.cc

Issue 2131383002: [builtins] take slow path in IsConcatSpreadable if proxy in prototype (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master

Patch Set: Fix tests Created 4 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2012 the V8 project authors. All rights reserved.	1 // Copyright 2012 the V8 project authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "src/builtins.h"	5 #include "src/builtins.h"

6	6

7 #include "src/api-arguments.h"	7 #include "src/api-arguments.h"

8 #include "src/api-natives.h"	8 #include "src/api-natives.h"

9 #include "src/api.h"	9 #include "src/api.h"

10 #include "src/base/ieee754.h"	10 #include "src/base/ieee754.h"

(...skipping 1162 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1173 case FAST_STRING_WRAPPER_ELEMENTS:	1173 case FAST_STRING_WRAPPER_ELEMENTS:

1174 case SLOW_STRING_WRAPPER_ELEMENTS:	1174 case SLOW_STRING_WRAPPER_ELEMENTS:

1175 // \|array\| is guaranteed to be an array or typed array.	1175 // \|array\| is guaranteed to be an array or typed array.

1176 UNREACHABLE();	1176 UNREACHABLE();

1177 break;	1177 break;

1178 }	1178 }

1179 visitor->increase_index_offset(length);	1179 visitor->increase_index_offset(length);

1180 return true;	1180 return true;

1181 }	1181 }

1182	1182

	1183 static bool HasProxyInPrototype(Isolate* isolate, JSReceiver* receiver) {

	1184 DisallowHeapAllocation no_heap;

	1185 for (PrototypeIterator iter(isolate, receiver, kStartAtReceiver,

	1186 PrototypeIterator::END_AT_NON_HIDDEN);
	neis 2016/07/11 09:25:19 This must be END_AT_NULL. This must be END_AT_NULL. caitp 2016/07/11 11:12:08 I have no idea why it's not END_AT_NULL, I could h Show quoted text On 2016/07/11 09:25:19, neis wrote: > This must be END_AT_NULL. I have no idea why it's not END_AT_NULL, I could have sworn I didn't add this parameter o_O. Will fix in the next patch.
	1187 !iter.IsAtEnd(); iter.AdvanceIgnoringProxies()) {

	1188 if (iter.GetCurrent<Object>()->IsJSProxy()) return true;

	1189 }

	1190 return false;

	1191 }

	1192

1183 static Maybe<bool> IsConcatSpreadable(Isolate* isolate, Handle<Object> obj) {	1193 static Maybe<bool> IsConcatSpreadable(Isolate* isolate, Handle<Object> obj) {

1184 HandleScope handle_scope(isolate);	1194 HandleScope handle_scope(isolate);

1185 if (!obj->IsJSReceiver()) return Just(false);	1195 if (!obj->IsJSReceiver()) return Just(false);

1186 if (!isolate->IsIsConcatSpreadableLookupChainIntact()) {	1196 if (!isolate->IsIsConcatSpreadableLookupChainIntact() \|\|

	1197 HasProxyInPrototype(isolate, JSReceiver::cast(*obj))) {
	neis 2016/07/11 09:25:19 I think it makes sense to move the proxy check int I think it makes sense to move the proxy check into IsIsConcatSpreadableLookupChainIntact. caitp 2016/07/11 11:12:08 Acknowledged, however this would change the protot Show quoted text On 2016/07/11 09:25:19, neis wrote: > I think it makes sense to move the proxy check into > IsIsConcatSpreadableLookupChainIntact. > Acknowledged, however this would change the prototype of IsIsConcatSpreadableLookupChainIntact, which might get messy
1187 // Slow path if @@isConcatSpreadable has been used.	1198 // Slow path if @@isConcatSpreadable has been used.

1188 Handle<Symbol> key(isolate->factory()->is_concat_spreadable_symbol());	1199 Handle<Symbol> key(isolate->factory()->is_concat_spreadable_symbol());

1189 Handle<Object> value;	1200 Handle<Object> value;

1190 MaybeHandle<Object> maybeValue =	1201 MaybeHandle<Object> maybeValue =

1191 i::Runtime::GetObjectProperty(isolate, obj, key);	1202 i::Runtime::GetObjectProperty(isolate, obj, key);

1192 if (!maybeValue.ToHandle(&value)) return Nothing<bool>();	1203 if (!maybeValue.ToHandle(&value)) return Nothing<bool>();

1193 if (!value->IsUndefined(isolate)) return Just(value->BooleanValue());	1204 if (!value->IsUndefined(isolate)) return Just(value->BooleanValue());

1194 }	1205 }

1195 return Object::IsArray(obj);	1206 return Object::IsArray(obj);

1196 }	1207 }

(...skipping 5540 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
6737 BUILTIN_LIST_H(DEFINE_BUILTIN_ACCESSOR_H)	6748 BUILTIN_LIST_H(DEFINE_BUILTIN_ACCESSOR_H)

6738 BUILTIN_LIST_DEBUG_A(DEFINE_BUILTIN_ACCESSOR_A)	6749 BUILTIN_LIST_DEBUG_A(DEFINE_BUILTIN_ACCESSOR_A)

6739 #undef DEFINE_BUILTIN_ACCESSOR_C	6750 #undef DEFINE_BUILTIN_ACCESSOR_C

6740 #undef DEFINE_BUILTIN_ACCESSOR_A	6751 #undef DEFINE_BUILTIN_ACCESSOR_A

6741 #undef DEFINE_BUILTIN_ACCESSOR_T	6752 #undef DEFINE_BUILTIN_ACCESSOR_T

6742 #undef DEFINE_BUILTIN_ACCESSOR_S	6753 #undef DEFINE_BUILTIN_ACCESSOR_S

6743 #undef DEFINE_BUILTIN_ACCESSOR_H	6754 #undef DEFINE_BUILTIN_ACCESSOR_H

6744	6755

6745 } // namespace internal	6756 } // namespace internal

6746 } // namespace v8	6757 } // namespace v8

OLD	NEW

« no previous file with comments | « no previous file | test/mjsunit/es6/array-concat.js » ('j') | test/mjsunit/es6/array-concat.js » ('J')