src/code-stub-assembler.cc - Issue 2568943002: [stubs] Fix negative index lookup in hasOwnProperty

Side by Side Diff: src/code-stub-assembler.cc

Issue 2568943002: [stubs] Fix negative index lookup in hasOwnProperty (Closed)

Patch Set: add test Created 4 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright 2016 the V8 project authors. All rights reserved.	1 // Copyright 2016 the V8 project authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4 #include "src/code-stub-assembler.h"	4 #include "src/code-stub-assembler.h"

5 #include "src/code-factory.h"	5 #include "src/code-factory.h"

6 #include "src/frames-inl.h"	6 #include "src/frames-inl.h"

7 #include "src/frames.h"	7 #include "src/frames.h"

8	8

9 namespace v8 {	9 namespace v8 {

10 namespace internal {	10 namespace internal {

(...skipping 5066 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
5077	5077

5078 GotoUnless(UintPtrLessThan(intptr_index, length), &if_oob);	5078 GotoUnless(UintPtrLessThan(intptr_index, length), &if_oob);

5079	5079

5080 // Check if the element is a double hole, but don't load it.	5080 // Check if the element is a double hole, but don't load it.

5081 LoadFixedDoubleArrayElement(elements, intptr_index, MachineType::None(), 0,	5081 LoadFixedDoubleArrayElement(elements, intptr_index, MachineType::None(), 0,

5082 INTPTR_PARAMETERS, if_not_found);	5082 INTPTR_PARAMETERS, if_not_found);

5083 Goto(if_found);	5083 Goto(if_found);

5084 }	5084 }

5085 Bind(&if_isdictionary);	5085 Bind(&if_isdictionary);

5086 {	5086 {

	5087 // Negative keys must be converted to property names.

	5088 GotoIf(IntPtrLessThan(intptr_index, IntPtrConstant(0)), if_bailout);

	5089

5087 Variable var_entry(this, MachineType::PointerRepresentation());	5090 Variable var_entry(this, MachineType::PointerRepresentation());

5088 Node* elements = LoadElements(object);	5091 Node* elements = LoadElements(object);

5089 NumberDictionaryLookup<SeededNumberDictionary>(	5092 NumberDictionaryLookup<SeededNumberDictionary>(

5090 elements, intptr_index, if_found, &var_entry, if_not_found);	5093 elements, intptr_index, if_found, &var_entry, if_not_found);

5091 }	5094 }

5092 Bind(&if_isfaststringwrapper);	5095 Bind(&if_isfaststringwrapper);

5093 {	5096 {

5094 CSA_ASSERT(this, HasInstanceType(object, JS_VALUE_TYPE));	5097 CSA_ASSERT(this, HasInstanceType(object, JS_VALUE_TYPE));

5095 Node* string = LoadJSValueValue(object);	5098 Node* string = LoadJSValueValue(object);

5096 CSA_ASSERT(this, IsStringInstanceType(LoadInstanceType(string)));	5099 CSA_ASSERT(this, IsStringInstanceType(LoadInstanceType(string)));

(...skipping 3117 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
8214 Node* CodeStubAssembler::IsPromiseHookEnabled() {	8217 Node* CodeStubAssembler::IsPromiseHookEnabled() {

8215 Node* const is_promisehook_enabled =	8218 Node* const is_promisehook_enabled =

8216 Load(MachineType::Uint8(),	8219 Load(MachineType::Uint8(),

8217 ExternalConstant(	8220 ExternalConstant(

8218 ExternalReference::is_promisehook_enabled_address(isolate())));	8221 ExternalReference::is_promisehook_enabled_address(isolate())));

8219 return WordNotEqual(is_promisehook_enabled, Int32Constant(0));	8222 return WordNotEqual(is_promisehook_enabled, Int32Constant(0));

8220 }	8223 }

8221	8224

8222 } // namespace internal	8225 } // namespace internal

8223 } // namespace v8	8226 } // namespace v8

OLD	NEW

« no previous file with comments | « src/builtins/builtins-object.cc ('k') | test/mjsunit/regress/regress-crbug-673008.js » ('j') | no next file with comments »