Draft of ES5 fix to Function.prototype.call and apply

src/ia32/builtins-ia32.cc

 // Copyright 2010 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 564 matching lines @@
   // 2. Get the function to call (passed as receiver) from the stack, check
   //    if it is a function.
   Label non_function;
   // 1 ~ return address.
   __ mov(edi, Operand(esp, eax, times_4, 1 * kPointerSize));
   __ test(edi, Immediate(kSmiTagMask));
   __ j(zero, &non_function, not_taken);
   __ CmpObjectType(edi, JS_FUNCTION_TYPE, ecx);
   __ j(not_equal, &non_function, not_taken);
 
+  // Change context eagerly in case we need the global receiver.
+  __ mov(esi, FieldOperand(edi, JSFunction::kContextOffset));
 
-  // 3a. Patch the first argument if necessary when calling a function.
   Label shift_arguments;
-  { Label convert_to_object, use_global_receiver, patch_receiver;
-    // Change context eagerly in case we need the global receiver.
-    __ mov(esi, FieldOperand(edi, JSFunction::kContextOffset));
+  __ jmp(&shift_arguments);
 
-    __ mov(ebx, Operand(esp, eax, times_4, 0));  // First argument.
-    __ test(ebx, Immediate(kSmiTagMask));
-    __ j(zero, &convert_to_object);
-
-    __ cmp(ebx, Factory::null_value());
-    __ j(equal, &use_global_receiver);
-    __ cmp(ebx, Factory::undefined_value());
-    __ j(equal, &use_global_receiver);
-
-    // We don't use IsObjectJSObjectType here because we jump on success.
-    __ mov(ecx, FieldOperand(ebx, HeapObject::kMapOffset));
-    __ movzx_b(ecx, FieldOperand(ecx, Map::kInstanceTypeOffset));
-    __ sub(Operand(ecx), Immediate(FIRST_JS_OBJECT_TYPE));
-    __ cmp(ecx, LAST_JS_OBJECT_TYPE - FIRST_JS_OBJECT_TYPE);
-    __ j(below_equal, &shift_arguments);
-
-    __ bind(&convert_to_object);
-    __ EnterInternalFrame();  // In order to preserve argument count.
-    __ SmiTag(eax);
-    __ push(eax);
-
-    __ push(ebx);
-    __ InvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION);
-    __ mov(ebx, eax);
-
-    __ pop(eax);
-    __ SmiUntag(eax);
-    __ LeaveInternalFrame();
-    // Restore the function to edi.
-    __ mov(edi, Operand(esp, eax, times_4, 1 * kPointerSize));
-    __ jmp(&patch_receiver);
-
-    // Use the global receiver object from the called function as the
-    // receiver.
-    __ bind(&use_global_receiver);
-    const int kGlobalIndex =
-        Context::kHeaderSize + Context::GLOBAL_INDEX * kPointerSize;
-    __ mov(ebx, FieldOperand(esi, kGlobalIndex));
-    __ mov(ebx, FieldOperand(ebx, GlobalObject::kGlobalContextOffset));
-    __ mov(ebx, FieldOperand(ebx, kGlobalIndex));
-    __ mov(ebx, FieldOperand(ebx, GlobalObject::kGlobalReceiverOffset));
-
-    __ bind(&patch_receiver);
-    __ mov(Operand(esp, eax, times_4, 0), ebx);
-
-    __ jmp(&shift_arguments);
-  }
-
-  // 3b. Patch the first argument when calling a non-function.  The
-  //     CALL_NON_FUNCTION builtin expects the non-function callee as
-  //     receiver, so overwrite the first argument which will ultimately
-  //     become the receiver.
+  // 3. Patch the first argument when calling a non-function.  The
+  //    CALL_NON_FUNCTION builtin expects the non-function callee as
+  //    receiver, so overwrite the first argument which will ultimately
+  //    become the receiver.
   __ bind(&non_function);
   __ mov(Operand(esp, eax, times_4, 0), edi);
   // Clear edi to indicate a non-function being called.
   __ Set(edi, Immediate(0));
 
   // 4. Shift arguments and return address one slot down on the stack
   //    (overwriting the original receiver).  Adjust argument count to make
   //    the original first argument the new receiver.
   __ bind(&shift_arguments);
   { Label loop;
@@ skipping 72 matching lines @@
       StandardFrameConstants::kExpressionsOffset - 1 * kPointerSize;
   const int kIndexOffset = kLimitOffset - 1 * kPointerSize;
   __ push(eax);  // limit
   __ push(Immediate(0));  // index
 
   // Change context eagerly to get the right global object if
   // necessary.
   __ mov(edi, Operand(ebp, 4 * kPointerSize));
   __ mov(esi, FieldOperand(edi, JSFunction::kContextOffset));
 
-  // Compute the receiver.
-  Label call_to_object, use_global_receiver, push_receiver;
+  // Push the receiver.
   __ mov(ebx, Operand(ebp, 3 * kPointerSize));
-  __ test(ebx, Immediate(kSmiTagMask));
-  __ j(zero, &call_to_object);
-  __ cmp(ebx, Factory::null_value());
-  __ j(equal, &use_global_receiver);
-  __ cmp(ebx, Factory::undefined_value());
-  __ j(equal, &use_global_receiver);
-
-  // If given receiver is already a JavaScript object then there's no
-  // reason for converting it.
-  // We don't use IsObjectJSObjectType here because we jump on success.
-  __ mov(ecx, FieldOperand(ebx, HeapObject::kMapOffset));
-  __ movzx_b(ecx, FieldOperand(ecx, Map::kInstanceTypeOffset));
-  __ sub(Operand(ecx), Immediate(FIRST_JS_OBJECT_TYPE));
-  __ cmp(ecx, LAST_JS_OBJECT_TYPE - FIRST_JS_OBJECT_TYPE);
-  __ j(below_equal, &push_receiver);
-
-  // Convert the receiver to an object.
-  __ bind(&call_to_object);
-  __ push(ebx);
-  __ InvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION);
-  __ mov(ebx, Operand(eax));
-  __ jmp(&push_receiver);
-
-  // Use the current global receiver object as the receiver.
-  __ bind(&use_global_receiver);
-  const int kGlobalOffset =
-      Context::kHeaderSize + Context::GLOBAL_INDEX * kPointerSize;
-  __ mov(ebx, FieldOperand(esi, kGlobalOffset));
-  __ mov(ebx, FieldOperand(ebx, GlobalObject::kGlobalContextOffset));
-  __ mov(ebx, FieldOperand(ebx, kGlobalOffset));
-  __ mov(ebx, FieldOperand(ebx, GlobalObject::kGlobalReceiverOffset));
-
-  // Push the receiver.
-  __ bind(&push_receiver);
   __ push(ebx);
 
   // Copy all arguments from the array to the stack.
   Label entry, loop;
   __ mov(eax, Operand(ebp, kIndexOffset));
   __ jmp(&entry);
   __ bind(&loop);
   __ mov(edx, Operand(ebp, 2 * kPointerSize));  // load arguments
 
   // Use inline caching to speed up access to arguments.
@@ skipping 783 matching lines @@
   Deoptimizer::EntryGenerator generator(masm, Deoptimizer::OSR);
   generator.Generate();
 }
 
 
 #undef __
 
 } }  // namespace v8::internal
 
 #endif  // V8_TARGET_ARCH_IA32