Some more comments.
https://codereview.chromium.org/376233002/diff/20001/src/builtins.cc
File src/builtins.cc (right):
https://codereview.chromium.org/376233002/diff/20001/src/builtins.cc#newcode1098
src/builtins.cc:1098: ASSERT(!iter.GetCurrent()->IsJSProxy());
What about returning heap->null_value() if
iter.GetCurrent()->IsJSProxy()?
https://codereview.chromium.org/376233002/diff/20001/src/ic.cc
File src/ic.cc (right):
https://codereview.chromium.org/376233002/diff/20001/src/ic.cc#newcode253
src/ic.cc:253: if (iter.GetCurrent()->IsNull()) return false;
IsAtEnd?
https://codereview.chromium.org/376233002/diff/20001/src/objects.cc
File src/objects.cc (right):
https://codereview.chromium.org/376233002/diff/20001/src/objects.cc#newcode805
src/objects.cc:805: if (object->IsUndefined()) {
I think this condition should never occur. Reading an element from
undefined is supposed to be a type error. Can you turn this into an
ASSERT? If it fails, for now you can keep it like this, but we should
investigate where that undefined is coming from.
https://codereview.chromium.org/376233002/diff/20001/src/objects.cc#newcode821
src/objects.cc:821:
ASSERT(PrototypeIterator::GetCurrent(iter)->IsJSObject());
This condition should be ensured by the iterator I think. The iterator
should ensure that GetCurrent after the receiver is always a JSReceiver
(JSProxy + JSObject). And it should ensure that you never try to look
beyond a JSProxy.
https://codereview.chromium.org/376233002/diff/20001/src/objects.cc#newcode6383
src/objects.cc:6383:
JSObject::cast(*PrototypeIterator::GetCurrent(iter)), isolate);
Handle<JSObject> current =
Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter)); ?
https://codereview.chromium.org/376233002/diff/20001/src/prototype.h
File src/prototype.h (right):
https://codereview.chromium.org/376233002/diff/20001/src/prototype.h#newcode73
src/prototype.h:73: } else {
What do we do in case of null_value / JSProxy? It seems like getting the
prototype of null via the map will result in null as well, but what
about proxies?
We should make those 2 cornercases explicit, and either return
null_value as a result, or ASSERT that we don't call Advance on them.
https://codereview.chromium.org/376233002/diff/20001/src/prototype.h#newcode89
src/prototype.h:89: return handle_->IsNull() ||
Should either be true for JSProxy, or we should ASSERT that we don't
call this for JSProxy.
https://codereview.chromium.org/376233002/diff/20001/src/runtime.cc
File src/runtime.cc (right):
https://codereview.chromium.org/376233002/diff/20001/src/runtime.cc#newcode12869
src/runtime.cc:12869: if (result->IsJSGlobalProxy()) {
We should revisit walking beyond the JSGlobalProxy at some point. What
if we detached the global proxy? DetachGlobal does:
SetObjectPrototype(global_proxy, factory->null_value());
https://codereview.chromium.org/376233002/
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
