Reviewers: Michael Starzinger,
Description:
Check for function in %_CallFunction.
[email protected]
BUG=v8:2285
Please review this at https://chromiumcodereview.appspot.com/10854115/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files:
M src/arm/full-codegen-arm.cc
M src/ia32/full-codegen-ia32.cc
M src/x64/full-codegen-x64.cc
A + test/mjsunit/regress/regress-2285.js
Index: src/arm/full-codegen-arm.cc
diff --git a/src/arm/full-codegen-arm.cc b/src/arm/full-codegen-arm.cc
index
fe155506cd28a39e325306d759cb5d104b3f9a72..bb937519b235bb50fd5b326889b6b06f4930e9ad
100644
--- a/src/arm/full-codegen-arm.cc
+++ b/src/arm/full-codegen-arm.cc
@@ -3417,10 +3417,11 @@ void
FullCodeGenerator::EmitCallFunction(CallRuntime* expr) {
}
VisitForAccumulatorValue(args->last()); // Function.
- // Check for proxy.
- Label proxy, done;
- __ CompareObjectType(r0, r1, r1, JS_FUNCTION_PROXY_TYPE);
- __ b(eq, &proxy);
+ Label runtime, done;
+ // Check for non-function argument (including proxy).
+ __ JumpIfSmi(r0, &runtime);
+ __ CompareObjectType(r0, r1, r1, JS_FUNCTION_TYPE);
+ __ b(ne, &runtime);
// InvokeFunction requires the function in r1. Move it in there.
__ mov(r1, result_register());
@@ -3430,7 +3431,7 @@ void FullCodeGenerator::EmitCallFunction(CallRuntime*
expr) {
__ ldr(cp, MemOperand(fp, StandardFrameConstants::kContextOffset));
__ jmp(&done);
- __ bind(&proxy);
+ __ bind(&runtime);
__ push(r0);
__ CallRuntime(Runtime::kCall, args->length());
__ bind(&done);
Index: src/ia32/full-codegen-ia32.cc
diff --git a/src/ia32/full-codegen-ia32.cc b/src/ia32/full-codegen-ia32.cc
index
67a3a9e072e696cbb5b4916b23e5dd790e92221d..904e99a8d142b406c5f344d9653fcb7850549eb5
100644
--- a/src/ia32/full-codegen-ia32.cc
+++ b/src/ia32/full-codegen-ia32.cc
@@ -3359,10 +3359,11 @@ void
FullCodeGenerator::EmitCallFunction(CallRuntime* expr) {
}
VisitForAccumulatorValue(args->last()); // Function.
- // Check for proxy.
- Label proxy, done;
- __ CmpObjectType(eax, JS_FUNCTION_PROXY_TYPE, ebx);
- __ j(equal, &proxy);
+ Label runtime, done;
+ // Check for non-function argument (including proxy).
+ __ JumpIfSmi(eax, &runtime);
+ __ CmpObjectType(eax, JS_FUNCTION_TYPE, ebx);
+ __ j(not_equal, &runtime);
// InvokeFunction requires the function in edi. Move it in there.
__ mov(edi, result_register());
@@ -3372,7 +3373,7 @@ void FullCodeGenerator::EmitCallFunction(CallRuntime*
expr) {
__ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
__ jmp(&done);
- __ bind(&proxy);
+ __ bind(&runtime);
__ push(eax);
__ CallRuntime(Runtime::kCall, args->length());
__ bind(&done);
Index: src/x64/full-codegen-x64.cc
diff --git a/src/x64/full-codegen-x64.cc b/src/x64/full-codegen-x64.cc
index
a64780402dda4d9c6e9d4b8312f4d444785f2968..3c7db52e13a08c69e494aa7d57bf47454dd2d575
100644
--- a/src/x64/full-codegen-x64.cc
+++ b/src/x64/full-codegen-x64.cc
@@ -3324,10 +3324,11 @@ void
FullCodeGenerator::EmitCallFunction(CallRuntime* expr) {
}
VisitForAccumulatorValue(args->last()); // Function.
- // Check for proxy.
- Label proxy, done;
- __ CmpObjectType(rax, JS_FUNCTION_PROXY_TYPE, rbx);
- __ j(equal, &proxy);
+ Label runtime, done;
+ // Check for non-function argument (including proxy).
+ __ JumpIfSmi(rax, &runtime);
+ __ CmpObjectType(rax, JS_FUNCTION_TYPE, rbx);
+ __ j(not_equal, &runtime);
// InvokeFunction requires the function in rdi. Move it in there.
__ movq(rdi, result_register());
@@ -3337,7 +3338,7 @@ void FullCodeGenerator::EmitCallFunction(CallRuntime*
expr) {
__ movq(rsi, Operand(rbp, StandardFrameConstants::kContextOffset));
__ jmp(&done);
- __ bind(&proxy);
+ __ bind(&runtime);
__ push(rax);
__ CallRuntime(Runtime::kCall, args->length());
__ bind(&done);
Index: test/mjsunit/regress/regress-2285.js
diff --git a/test/mjsunit/regress/regress-1898.js
b/test/mjsunit/regress/regress-2285.js
similarity index 93%
copy from test/mjsunit/regress/regress-1898.js
copy to test/mjsunit/regress/regress-2285.js
index
5440446fbf78ca593e8748cd54ea2aefad047542..efda4cde3256505c5b917b0bda22686c6abda565
100644
--- a/test/mjsunit/regress/regress-1898.js
+++ b/test/mjsunit/regress/regress-2285.js
@@ -27,11 +27,6 @@
// Flags: --allow-natives-syntax
-function f(x) {
- Math.log(Math.min(0.1, Math.abs(x)));
-}
+assertThrows(function() { %_CallFunction(null, 0, ""); });
+assertThrows(function() { %_CallFunction(null, 0, 1); });
-f(0.1);
-f(0.1);
-%OptimizeFunctionOnNextCall(f);
-f(0.1);
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
