Commit d5a52b66 authored by zhengxing.li's avatar zhengxing.li Committed by Commit bot

X87: [proxies] InstanceOfStub should bailout to %HasInPrototypeChain for proxies.

  port 0e956833 (r32549)

  original commit message:
  Whenever the InstanceOfStub finds a proxy (either passed as object or
  somewhere on the prototype chain), it should bailout to the
  %HasInPrototypeChain runtime function, which will do the right thing
  (soonish).

BUG=

Review URL: https://codereview.chromium.org/1508553002

Cr-Commit-Position: refs/heads/master@{#32634}
parent fa1b0fce
...@@ -2300,27 +2300,39 @@ void InstanceOfStub::Generate(MacroAssembler* masm) { ...@@ -2300,27 +2300,39 @@ void InstanceOfStub::Generate(MacroAssembler* masm) {
// Loop through the prototype chain looking for the {function} prototype. // Loop through the prototype chain looking for the {function} prototype.
// Assume true, and change to false if not found. // Assume true, and change to false if not found.
Register const object_prototype = object_map; Label done, loop, proxy_case;
Label done, loop;
__ mov(eax, isolate()->factory()->true_value()); __ mov(eax, isolate()->factory()->true_value());
__ bind(&loop); __ bind(&loop);
__ mov(object_prototype, FieldOperand(object_map, Map::kPrototypeOffset)); __ CmpInstanceType(object_map, JS_PROXY_TYPE);
__ cmp(object_prototype, function_prototype); __ j(equal, &proxy_case, Label::kNear);
__ mov(object, FieldOperand(object_map, Map::kPrototypeOffset));
__ cmp(object, function_prototype);
__ j(equal, &done, Label::kNear); __ j(equal, &done, Label::kNear);
__ cmp(object_prototype, isolate()->factory()->null_value()); __ cmp(object, isolate()->factory()->null_value());
__ mov(object_map, FieldOperand(object_prototype, HeapObject::kMapOffset)); __ mov(object_map, FieldOperand(object, HeapObject::kMapOffset));
__ j(not_equal, &loop); __ j(not_equal, &loop);
__ mov(eax, isolate()->factory()->false_value()); __ mov(eax, isolate()->factory()->false_value());
__ bind(&done); __ bind(&done);
__ StoreRoot(eax, scratch, Heap::kInstanceofCacheAnswerRootIndex); __ StoreRoot(eax, scratch, Heap::kInstanceofCacheAnswerRootIndex);
__ ret(0); __ ret(0);
// Slow-case: Call the runtime function. // Proxy-case: Call the %HasInPrototypeChain runtime function.
__ bind(&proxy_case);
__ PopReturnAddressTo(scratch);
__ Push(object);
__ Push(function_prototype);
__ PushReturnAddressFrom(scratch);
// Invalidate the instanceof cache.
__ Move(eax, Immediate(Smi::FromInt(0)));
__ StoreRoot(eax, scratch, Heap::kInstanceofCacheFunctionRootIndex);
__ TailCallRuntime(Runtime::kHasInPrototypeChain, 2, 1);
// Slow-case: Call the %InstanceOf runtime function.
__ bind(&slow_case); __ bind(&slow_case);
__ pop(scratch); // Pop return address. __ PopReturnAddressTo(scratch);
__ push(object); // Push {object}. __ Push(object);
__ push(function); // Push {function}. __ Push(function);
__ push(scratch); // Push return address. __ PushReturnAddressFrom(scratch);
__ TailCallRuntime(Runtime::kInstanceOf, 2, 1); __ TailCallRuntime(Runtime::kInstanceOf, 2, 1);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment