| OLD | NEW |
|---|
| 1 // Copyright 2016 the V8 project authors. All rights reserved. | 1 // Copyright 2016 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/builtins/builtins.h" | 5 #include "src/builtins/builtins.h" |
| 6 #include "src/builtins/builtins-utils.h" | 6 #include "src/builtins/builtins-utils.h" |
| 7 | 7 |
| 8 #include "src/code-factory.h" | 8 #include "src/code-factory.h" |
| 9 #include "src/code-stub-assembler.h" | 9 #include "src/code-stub-assembler.h" |
| 10 #include "src/contexts.h" | 10 #include "src/contexts.h" |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 49 Map* map = object->map(); | 49 Map* map = object->map(); |
| 50 if (map != context->sloppy_arguments_map() && | 50 if (map != context->sloppy_arguments_map() && |
| 51 map != context->strict_arguments_map() && | 51 map != context->strict_arguments_map() && |
| 52 map != context->fast_aliased_arguments_map()) { | 52 map != context->fast_aliased_arguments_map()) { |
| 53 return false; | 53 return false; |
| 54 } | 54 } |
| 55 DCHECK(object->HasFastElements() || object->HasFastArgumentsElements()); | 55 DCHECK(object->HasFastElements() || object->HasFastArgumentsElements()); |
| 56 Object* len_obj = object->InObjectPropertyAt(JSArgumentsObject::kLengthIndex); | 56 Object* len_obj = object->InObjectPropertyAt(JSArgumentsObject::kLengthIndex); |
| 57 if (!len_obj->IsSmi()) return false; | 57 if (!len_obj->IsSmi()) return false; |
| 58 *out = Max(0, Smi::cast(len_obj)->value()); | 58 *out = Max(0, Smi::cast(len_obj)->value()); |
| 59 return *out <= object->elements()->length(); | 59 |
| 60 FixedArray* parameters = FixedArray::cast(object->elements()); |
| 61 if (object->HasSloppyArgumentsElements()) { |
| 62 FixedArray* arguments = FixedArray::cast(parameters->get(1)); |
| 63 return *out <= arguments->length(); |
| 64 } |
| 65 return *out <= parameters->length(); |
| 60 } | 66 } |
| 61 | 67 |
| 62 inline bool IsJSArrayFastElementMovingAllowed(Isolate* isolate, | 68 inline bool IsJSArrayFastElementMovingAllowed(Isolate* isolate, |
| 63 JSArray* receiver) { | 69 JSArray* receiver) { |
| 64 return JSObject::PrototypeHasNoElements(isolate, receiver); | 70 return JSObject::PrototypeHasNoElements(isolate, receiver); |
| 65 } | 71 } |
| 66 | 72 |
| 67 inline bool HasSimpleElements(JSObject* current) { | 73 inline bool HasSimpleElements(JSObject* current) { |
| 68 return current->map()->instance_type() > LAST_CUSTOM_ELEMENTS_RECEIVER && | 74 return current->map()->instance_type() > LAST_CUSTOM_ELEMENTS_RECEIVER && |
| 69 !current->GetElementsAccessor()->HasAccessors(current); | 75 !current->GetElementsAccessor()->HasAccessors(current); |
| (...skipping 2681 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2751 Runtime::kThrowIncompatibleMethodReceiver, context, | 2757 Runtime::kThrowIncompatibleMethodReceiver, context, |
| 2752 assembler.HeapConstant(assembler.factory()->NewStringFromAsciiChecked( | 2758 assembler.HeapConstant(assembler.factory()->NewStringFromAsciiChecked( |
| 2753 "Array Iterator.prototype.next", TENURED)), | 2759 "Array Iterator.prototype.next", TENURED)), |
| 2754 iterator); | 2760 iterator); |
| 2755 assembler.Return(result); | 2761 assembler.Return(result); |
| 2756 } | 2762 } |
| 2757 } | 2763 } |
| 2758 | 2764 |
| 2759 } // namespace internal | 2765 } // namespace internal |
| 2760 } // namespace v8 | 2766 } // namespace v8 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2579983002:
[builtins] Compare sloppy arguments length with the correct backing store length (Closed)
