• sgjesse@chromium.org's avatar
    Ensure correct boxing of values when calling functions on them · 562f90d3
    sgjesse@chromium.org authored
    When a function is called with a value type as the receiver this is now boxed as an object.
    
    This is a low-impact solution where the receiver is only boxed when required. For IC calls to the V8 builtins values are not boxed and as most of the functions on String.prototype, Number.prototype and Boolean.prototype are sitting there most IC calls on values will not need any boxing of the receiver.
    
    For calls which are not IC calls but calls through the CallFunctionStub a flag is used to determine whether the receiver might be a value and only when that is the case will the receiver be boxed.
    
    No changtes to Function.call and Function.apply - they already boxed values. According to the ES5 spec the receiver should not be boxed for these functions, but current browsers have not adopted that change yet.
    
    BUG=223
    TEST=test/mjsunit/value-wrapper.js
    TEST=test/mjsunit/regress/regress-crbug-3184.js
    Review URL: http://codereview.chromium.org/542087
    
    git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3617 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
    562f90d3
codegen-ia32.cc 340 KB