| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Redistribution and use in source and binary forms, with or without | 2 // Redistribution and use in source and binary forms, with or without |
| 3 // modification, are permitted provided that the following conditions are | 3 // modification, are permitted provided that the following conditions are |
| 4 // met: | 4 // met: |
| 5 // | 5 // |
| 6 // * Redistributions of source code must retain the above copyright | 6 // * Redistributions of source code must retain the above copyright |
| 7 // notice, this list of conditions and the following disclaimer. | 7 // notice, this list of conditions and the following disclaimer. |
| 8 // * Redistributions in binary form must reproduce the above | 8 // * Redistributions in binary form must reproduce the above |
| 9 // copyright notice, this list of conditions and the following | 9 // copyright notice, this list of conditions and the following |
| 10 // disclaimer in the documentation and/or other materials provided | 10 // disclaimer in the documentation and/or other materials provided |
| (...skipping 491 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 502 | 502 |
| 503 if (check_type_ == RECEIVER_MAP_CHECK) { | 503 if (check_type_ == RECEIVER_MAP_CHECK) { |
| 504 // For primitive checks the holder is set up to point to the corresponding | 504 // For primitive checks the holder is set up to point to the corresponding |
| 505 // prototype object, i.e. one step of the algorithm below has been already | 505 // prototype object, i.e. one step of the algorithm below has been already |
| 506 // performed. For non-primitive checks we clear it to allow computing | 506 // performed. For non-primitive checks we clear it to allow computing |
| 507 // targets for polymorphic calls. | 507 // targets for polymorphic calls. |
| 508 holder_ = Handle<JSObject>::null(); | 508 holder_ = Handle<JSObject>::null(); |
| 509 } | 509 } |
| 510 LookupResult lookup(type->GetIsolate()); | 510 LookupResult lookup(type->GetIsolate()); |
| 511 while (true) { | 511 while (true) { |
| 512 // If a dictionary map is found in the prototype chain before the actual |
| 513 // target, a new target can always appear. In that case, bail out. |
| 514 // TODO(verwaest): Alternatively a runtime negative lookup on the normal |
| 515 // receiver or prototype could be added. |
| 516 if (type->is_dictionary_map()) return false; |
| 512 type->LookupDescriptor(NULL, *name, &lookup); | 517 type->LookupDescriptor(NULL, *name, &lookup); |
| 513 if (lookup.IsFound()) { | 518 if (lookup.IsFound()) { |
| 514 switch (lookup.type()) { | 519 switch (lookup.type()) { |
| 515 case CONSTANT_FUNCTION: | 520 case CONSTANT_FUNCTION: |
| 516 // We surely know the target for a constant function. | 521 // We surely know the target for a constant function. |
| 517 target_ = | 522 target_ = |
| 518 Handle<JSFunction>(lookup.GetConstantFunctionFromMap(*type)); | 523 Handle<JSFunction>(lookup.GetConstantFunctionFromMap(*type)); |
| 519 return true; | 524 return true; |
| 520 case NORMAL: | 525 case NORMAL: |
| 521 case FIELD: | 526 case FIELD: |
| 522 case CALLBACKS: | 527 case CALLBACKS: |
| 523 case HANDLER: | 528 case HANDLER: |
| 524 case INTERCEPTOR: | 529 case INTERCEPTOR: |
| 525 // We don't know the target. | 530 // We don't know the target. |
| 526 return false; | 531 return false; |
| 527 case TRANSITION: | 532 case TRANSITION: |
| 528 case NONEXISTENT: | 533 case NONEXISTENT: |
| 529 UNREACHABLE(); | 534 UNREACHABLE(); |
| 530 break; | 535 break; |
| 531 } | 536 } |
| 532 } | 537 } |
| 533 // If we reach the end of the prototype chain, we don't know the target. | 538 // If we reach the end of the prototype chain, we don't know the target. |
| 534 if (!type->prototype()->IsJSObject()) return false; | 539 if (!type->prototype()->IsJSObject()) return false; |
| 535 // Go up the prototype chain, recording where we are currently. | 540 // Go up the prototype chain, recording where we are currently. |
| 536 holder_ = Handle<JSObject>(JSObject::cast(type->prototype())); | 541 holder_ = Handle<JSObject>(JSObject::cast(type->prototype())); |
| 537 if (!holder_->HasFastProperties()) return false; | |
| 538 type = Handle<Map>(holder()->map()); | 542 type = Handle<Map>(holder()->map()); |
| 539 } | 543 } |
| 540 } | 544 } |
| 541 | 545 |
| 542 | 546 |
| 543 bool Call::ComputeGlobalTarget(Handle<GlobalObject> global, | 547 bool Call::ComputeGlobalTarget(Handle<GlobalObject> global, |
| 544 LookupResult* lookup) { | 548 LookupResult* lookup) { |
| 545 target_ = Handle<JSFunction>::null(); | 549 target_ = Handle<JSFunction>::null(); |
| 546 cell_ = Handle<JSGlobalPropertyCell>::null(); | 550 cell_ = Handle<JSGlobalPropertyCell>::null(); |
| 547 ASSERT(lookup->IsFound() && | 551 ASSERT(lookup->IsFound() && |
| (...skipping 562 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1110 OS::SNPrintF(buffer, "%d", Smi::cast(*handle_)->value()); | 1114 OS::SNPrintF(buffer, "%d", Smi::cast(*handle_)->value()); |
| 1111 str = arr; | 1115 str = arr; |
| 1112 } else { | 1116 } else { |
| 1113 str = DoubleToCString(handle_->Number(), buffer); | 1117 str = DoubleToCString(handle_->Number(), buffer); |
| 1114 } | 1118 } |
| 1115 return FACTORY->NewStringFromAscii(CStrVector(str)); | 1119 return FACTORY->NewStringFromAscii(CStrVector(str)); |
| 1116 } | 1120 } |
| 1117 | 1121 |
| 1118 | 1122 |
| 1119 } } // namespace v8::internal | 1123 } } // namespace v8::internal |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 13862008:
Let ComputeTarget fail if it skips over NORMAL objects. (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge