Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(588)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/ia32/stub-cache-ia32.cc

Issue 80623002: Array builtins proceed blithely on frozen arrays (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: a.unshift() needed special care. Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « src/builtins.cc ('k') | src/messages.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 1700 matching lines...) Expand 10 before | Expand all | Expand 10 after
1711 } 1711 }
1712 1712
1713 1713
1714 Handle<Code> CallStubCompiler::CompileArrayPushCall( 1714 Handle<Code> CallStubCompiler::CompileArrayPushCall(
1715 Handle<Object> object, 1715 Handle<Object> object,
1716 Handle<JSObject> holder, 1716 Handle<JSObject> holder,
1717 Handle<Cell> cell, 1717 Handle<Cell> cell,
1718 Handle<JSFunction> function, 1718 Handle<JSFunction> function,
1719 Handle<String> name, 1719 Handle<String> name,
1720 Code::StubType type) { 1720 Code::StubType type) {
1721 // If object is not an array or is observed, bail out to regular call. 1721 // If object is not an array or is observed or sealed, bail out to regular
1722 // call.
1722 if (!object->IsJSArray() || 1723 if (!object->IsJSArray() ||
1723 !cell.is_null() || 1724 !cell.is_null() ||
1724 Handle<JSArray>::cast(object)->map()->is_observed()) { 1725 Handle<JSArray>::cast(object)->map()->is_observed() ||
1726 !Handle<JSArray>::cast(object)->map()->is_extensible()) {
1725 return Handle<Code>::null(); 1727 return Handle<Code>::null();
1726 } 1728 }
1727 1729
1728 Label miss; 1730 Label miss;
1729 1731
1730 HandlerFrontendHeader(object, holder, name, RECEIVER_MAP_CHECK, &miss); 1732 HandlerFrontendHeader(object, holder, name, RECEIVER_MAP_CHECK, &miss);
1731 1733
1732 const int argc = arguments().immediate(); 1734 const int argc = arguments().immediate();
1733 if (argc == 0) { 1735 if (argc == 0) {
1734 // Noop, return the length. 1736 // Noop, return the length.
(...skipping 219 matching lines...) Expand 10 before | Expand all | Expand 10 after
1954 } 1956 }
1955 1957
1956 1958
1957 Handle<Code> CallStubCompiler::CompileArrayPopCall( 1959 Handle<Code> CallStubCompiler::CompileArrayPopCall(
1958 Handle<Object> object, 1960 Handle<Object> object,
1959 Handle<JSObject> holder, 1961 Handle<JSObject> holder,
1960 Handle<Cell> cell, 1962 Handle<Cell> cell,
1961 Handle<JSFunction> function, 1963 Handle<JSFunction> function,
1962 Handle<String> name, 1964 Handle<String> name,
1963 Code::StubType type) { 1965 Code::StubType type) {
1964 // If object is not an array or is observed, bail out to regular call. 1966 // If object is not an array or is observed or sealed, bail out to regular
1967 // call.
1965 if (!object->IsJSArray() || 1968 if (!object->IsJSArray() ||
1966 !cell.is_null() || 1969 !cell.is_null() ||
1967 Handle<JSArray>::cast(object)->map()->is_observed()) { 1970 Handle<JSArray>::cast(object)->map()->is_observed() ||
1971 !Handle<JSArray>::cast(object)->map()->is_extensible()) {
1968 return Handle<Code>::null(); 1972 return Handle<Code>::null();
1969 } 1973 }
1970 1974
1971 Label miss, return_undefined, call_builtin; 1975 Label miss, return_undefined, call_builtin;
1972 1976
1973 HandlerFrontendHeader(object, holder, name, RECEIVER_MAP_CHECK, &miss); 1977 HandlerFrontendHeader(object, holder, name, RECEIVER_MAP_CHECK, &miss);
1974 1978
1975 // Get the elements array of the object. 1979 // Get the elements array of the object.
1976 __ mov(ebx, FieldOperand(edx, JSArray::kElementsOffset)); 1980 __ mov(ebx, FieldOperand(edx, JSArray::kElementsOffset));
1977 1981
(...skipping 1092 matching lines...) Expand 10 before | Expand all | Expand 10 after
3070 // ----------------------------------- 3074 // -----------------------------------
3071 TailCallBuiltin(masm, Builtins::kKeyedLoadIC_Miss); 3075 TailCallBuiltin(masm, Builtins::kKeyedLoadIC_Miss);
3072 } 3076 }
3073 3077
3074 3078
3075 #undef __ 3079 #undef __
3076 3080
3077 } } // namespace v8::internal 3081 } } // namespace v8::internal
3078 3082
3079 #endif // V8_TARGET_ARCH_IA32 3083 #endif // V8_TARGET_ARCH_IA32
OLDNEW
« no previous file with comments | « src/builtins.cc ('k') | src/messages.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698