Commit 3a903c42 authored by mbrandy's avatar mbrandy Committed by Commit bot

PPC: InstanceOfStub incorrectly interprets the hole as a prototype.

Port 2aa070be

Original commit message:
    Repair this to match what the runtime correctly does, by first checking if the
    function is a constructor before we access the prototype.

R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1811013002

Cr-Commit-Position: refs/heads/master@{#34869}
parent 946354a7
...@@ -1421,8 +1421,12 @@ void InstanceOfStub::Generate(MacroAssembler* masm) { ...@@ -1421,8 +1421,12 @@ void InstanceOfStub::Generate(MacroAssembler* masm) {
__ CompareObjectType(function, function_map, scratch, JS_FUNCTION_TYPE); __ CompareObjectType(function, function_map, scratch, JS_FUNCTION_TYPE);
__ bne(&slow_case); __ bne(&slow_case);
// Ensure that {function} has an instance prototype. // Go to the runtime if the function is not a constructor.
__ lbz(scratch, FieldMemOperand(function_map, Map::kBitFieldOffset)); __ lbz(scratch, FieldMemOperand(function_map, Map::kBitFieldOffset));
__ TestBit(scratch, Map::kIsConstructor, r0);
__ beq(&slow_case, cr0);
// Ensure that {function} has an instance prototype.
__ TestBit(scratch, Map::kHasNonInstancePrototype, r0); __ TestBit(scratch, Map::kHasNonInstancePrototype, r0);
__ bne(&slow_case, cr0); __ bne(&slow_case, cr0);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment