• bmeurer's avatar
    [es2015] Remove the @@hasInstance protector cell. · 1a236208
    bmeurer authored
    We cannot skip the @@hasInstance lookup in instanceof depending on a
    global protector cell, as the lookup of the property is observable
    via proxies or accessors. So remove the global protector and properly
    implement CSA::InstanceOf via GetPropertyStub, with an appropriate
    fast-path for Function.prototype[@@hasInstance] where we call the
    builtin code object directly if the function matches, skipping all
    the checks from the call sequence, and also avoid the redundant
    ToBoolean conversion on the result.
    
    R=yangguo@chromium.org
    TBR=ulan@chromium.org
    BUG=v8:5958
    
    Review-Url: https://codereview.chromium.org/2684033012
    Cr-Commit-Position: refs/heads/master@{#43137}
    1a236208
isolate.h 58.3 KB