S390: InstanceOfStub incorrectly interprets the hole as a prototype.

Port 2aa070be Original commit message: Repair this to match what the runtime correctly does, by first checking if the function is a constructor before we access the prototype. R=mvstanton@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com BUG= Review URL: https://codereview.chromium.org/1813003002 Cr-Commit-Position: refs/heads/master@{#34872}

S390: InstanceOfStub incorrectly interprets the hole as a prototype.
Port 2aa070be Original commit message: Repair this to match what the runtime correctly does, by first checking if the function is a constructor before we access the prototype. R=mvstanton@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com BUG= Review URL: https://codereview.chromium.org/1813003002 Cr-Commit-Position: refs/heads/master@{#34872}
71d525a3 · jyan · Commit bot · 240a0961 · 71d525a3
Commit 71d525a3 authored Mar 17, 2016 by jyan Committed by Commit bot Mar 17, 2016
Show whitespace changes
Inline Side-by-side

Showing with 5 additions and 1 deletion

code-stubs-s390.cc src/s390/code-stubs-s390.cc +5 -1

No files found.
--- a/src/s390/code-stubs-s390.cc
+++ b/src/s390/code-stubs-s390.cc
@@ -1414,8 +1414,12 @@ void InstanceOfStub::Generate(MacroAssembler* masm) {
  __ CompareObjectType(function, function_map, scratch, JS_FUNCTION_TYPE);
  __ bne(&slow_case);
-  // Ensure that {function} has an instance prototype.
+  // Go to the runtime if the function is not a constructor.
  __ LoadlB(scratch, FieldMemOperand(function_map, Map::kBitFieldOffset));
+  __ TestBit(scratch, Map::kIsConstructor, r0);
+  __ beq(&slow_case);
+  // Ensure that {function} has an instance prototype.
  __ TestBit(scratch, Map::kHasNonInstancePrototype, r0);
  __ bne(&slow_case);