Chromium Code Reviews Chromium Code Reviews
Issue 35413006:
Correct handling of arrays with callbacks in the prototype chain. (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge| Index: src/ia32/macro-assembler-ia32.cc |
| diff --git a/src/ia32/macro-assembler-ia32.cc b/src/ia32/macro-assembler-ia32.cc |
| index ed69fd07686f8d1df9287782fc9f40459744a420..bc8ecead5adcec24527ea1a69532d2f013f4419e 100644 |
| --- a/src/ia32/macro-assembler-ia32.cc |
| +++ b/src/ia32/macro-assembler-ia32.cc |
| @@ -3550,6 +3550,36 @@ void MacroAssembler::TestJSArrayForAllocationMemento( |
| } |
| +void MacroAssembler::HasElementCallbacksInPrototypeChain( |
| + Register object, |
| + Register elements, |
| + Label* found) { |
| + Factory* factory = isolate()->factory(); |
| + Register scratch = elements; |
| + Label loop, not_found; |
| + |
| + // ebx contained elements pointer. |
|
danno
2013/10/30 12:17:45
nit: comment is wrong above (no explicit register
mvstanton
2013/10/30 18:22:28
Done.
|
| + mov(scratch, FieldOperand(object, HeapObject::kMapOffset)); |
|
danno
2013/10/30 12:17:45
If you move object into scratch before entering th
mvstanton
2013/10/30 18:22:28
Done.
|
| + |
| + // Loop based on the map going up the prototype chain. |
| + bind(&loop); |
| + test(FieldOperand(scratch, Map::kBitField4Offset), |
| + Immediate(Smi::FromInt(Map::HasElementCallbacks::kMask))); |
| + j(not_zero, found); |
| + |
| + // Next map |
| + mov(scratch, FieldOperand(scratch, Map::kPrototypeOffset)); |
| + cmp(scratch, Immediate(factory->null_value())); |
| + j(equal, ¬_found); |
| + mov(scratch, FieldOperand(scratch, HeapObject::kMapOffset)); |
| + jmp(&loop); |
| + |
| + // Restore ebx |
| + bind(¬_found); |
| + mov(elements, FieldOperand(object, JSObject::kElementsOffset)); |
| +} |
| + |
| + |
| } } // namespace v8::internal |
| #endif // V8_TARGET_ARCH_IA32 |
