diff --git a/src/builtins/ppc/builtins-ppc.cc b/src/builtins/ppc/builtins-ppc.cc index 360aa7c239..09e3fc83c2 100644 --- a/src/builtins/ppc/builtins-ppc.cc +++ b/src/builtins/ppc/builtins-ppc.cc @@ -2163,7 +2163,8 @@ void Builtins::Generate_Apply(MacroAssembler* masm) { // Create the list of arguments from the array-like argumentsList. { - Label create_arguments, create_array, create_runtime, done_create; + Label create_arguments, create_array, create_holey_array, create_runtime, + done_create; __ JumpIfSmi(r3, &create_runtime); // Load the map of argumentsList into r5. @@ -2207,17 +2208,37 @@ void Builtins::Generate_Apply(MacroAssembler* masm) { __ mr(r3, r7); __ b(&done_create); + // For holey JSArrays we need to check that the array prototype chain + // protector is intact and our prototype is the Array.prototype actually. + __ bind(&create_holey_array); + __ LoadP(r5, FieldMemOperand(r5, Map::kPrototypeOffset)); + __ LoadP(r7, ContextMemOperand(r7, Context::INITIAL_ARRAY_PROTOTYPE_INDEX)); + __ cmp(r5, r7); + __ bne(&create_runtime); + __ LoadRoot(r7, Heap::kArrayProtectorRootIndex); + __ LoadP(r5, FieldMemOperand(r7, PropertyCell::kValueOffset)); + __ CmpSmiLiteral(r5, Smi::FromInt(Isolate::kProtectorValid), r0); + __ bne(&create_runtime); + __ LoadP(r5, FieldMemOperand(r3, JSArray::kLengthOffset)); + __ LoadP(r3, FieldMemOperand(r3, JSArray::kElementsOffset)); + __ SmiUntag(r5); + __ b(&done_create); + // Try to create the list from a JSArray object. + // -- r5 and r7 must be preserved till bne create_holey_array. __ bind(&create_array); - __ lbz(r5, FieldMemOperand(r5, Map::kBitField2Offset)); - __ DecodeField(r5); + __ lbz(r8, FieldMemOperand(r5, Map::kBitField2Offset)); + __ DecodeField(r8); STATIC_ASSERT(FAST_SMI_ELEMENTS == 0); STATIC_ASSERT(FAST_HOLEY_SMI_ELEMENTS == 1); STATIC_ASSERT(FAST_ELEMENTS == 2); - __ cmpi(r5, Operand(FAST_ELEMENTS)); + STATIC_ASSERT(FAST_HOLEY_ELEMENTS == 3); + __ cmpi(r8, Operand(FAST_HOLEY_ELEMENTS)); __ bgt(&create_runtime); - __ cmpi(r5, Operand(FAST_HOLEY_SMI_ELEMENTS)); - __ beq(&create_runtime); + // Only FAST_XXX after this point, FAST_HOLEY_XXX are odd values. + __ TestBit(r8, Map::kHasNonInstancePrototype, r0); + __ bne(&create_holey_array, cr0); + // FAST_SMI_ELEMENTS or FAST_ELEMENTS after this point. __ LoadP(r5, FieldMemOperand(r3, JSArray::kLengthOffset)); __ LoadP(r3, FieldMemOperand(r3, JSArray::kElementsOffset)); __ SmiUntag(r5); @@ -2252,15 +2273,20 @@ void Builtins::Generate_Apply(MacroAssembler* masm) { // Push arguments onto the stack (thisArgument is already on the stack). { - Label loop, no_args; + __ LoadRoot(r9, Heap::kUndefinedValueRootIndex); + Label loop, no_args, skip; __ cmpi(r5, Operand::Zero()); __ beq(&no_args); __ addi(r3, r3, Operand(FixedArray::kHeaderSize - kHeapObjectTag - kPointerSize)); __ mtctr(r5); __ bind(&loop); - __ LoadPU(r0, MemOperand(r3, kPointerSize)); - __ push(r0); + __ LoadPU(ip, MemOperand(r3, kPointerSize)); + __ CompareRoot(ip, Heap::kTheHoleValueRootIndex); + __ bne(&skip); + __ mr(ip, r9); + __ bind(&skip); + __ push(ip); __ bdnz(&loop); __ bind(&no_args); __ mr(r3, r5); diff --git a/src/builtins/s390/builtins-s390.cc b/src/builtins/s390/builtins-s390.cc index edd96ce8de..306769b187 100644 --- a/src/builtins/s390/builtins-s390.cc +++ b/src/builtins/s390/builtins-s390.cc @@ -2174,7 +2174,8 @@ void Builtins::Generate_Apply(MacroAssembler* masm) { // Create the list of arguments from the array-like argumentsList. { - Label create_arguments, create_array, create_runtime, done_create; + Label create_arguments, create_array, create_holey_array, create_runtime, + done_create; __ JumpIfSmi(r2, &create_runtime); // Load the map of argumentsList into r4. @@ -2218,17 +2219,37 @@ void Builtins::Generate_Apply(MacroAssembler* masm) { __ LoadRR(r2, r6); __ b(&done_create); + // For holey JSArrays we need to check that the array prototype chain + // protector is intact and our prototype is the Array.prototype actually. + __ bind(&create_holey_array); + __ LoadP(r4, FieldMemOperand(r4, Map::kPrototypeOffset)); + __ LoadP(r6, ContextMemOperand(r6, Context::INITIAL_ARRAY_PROTOTYPE_INDEX)); + __ CmpP(r4, r6); + __ bne(&create_runtime); + __ LoadRoot(r6, Heap::kArrayProtectorRootIndex); + __ LoadP(r4, FieldMemOperand(r6, PropertyCell::kValueOffset)); + __ CmpSmiLiteral(r4, Smi::FromInt(Isolate::kProtectorValid), r0); + __ bne(&create_runtime); + __ LoadP(r4, FieldMemOperand(r2, JSArray::kLengthOffset)); + __ LoadP(r2, FieldMemOperand(r2, JSArray::kElementsOffset)); + __ SmiUntag(r4); + __ b(&done_create); + // Try to create the list from a JSArray object. + // -- r4 and r6 must be preserved till bne create_holey_array. __ bind(&create_array); - __ LoadlB(r4, FieldMemOperand(r4, Map::kBitField2Offset)); - __ DecodeField(r4); + __ LoadlB(r7, FieldMemOperand(r4, Map::kBitField2Offset)); + __ DecodeField(r7); STATIC_ASSERT(FAST_SMI_ELEMENTS == 0); STATIC_ASSERT(FAST_HOLEY_SMI_ELEMENTS == 1); STATIC_ASSERT(FAST_ELEMENTS == 2); - __ CmpP(r4, Operand(FAST_ELEMENTS)); + STATIC_ASSERT(FAST_HOLEY_ELEMENTS == 3); + __ CmpP(r7, Operand(FAST_HOLEY_ELEMENTS)); __ bgt(&create_runtime); - __ CmpP(r4, Operand(FAST_HOLEY_SMI_ELEMENTS)); - __ beq(&create_runtime); + // Only FAST_XXX after this point, FAST_HOLEY_XXX are odd values. + __ TestBit(r7, Map::kHasNonInstancePrototype, r0); + __ bne(&create_holey_array); + // FAST_SMI_ELEMENTS or FAST_ELEMENTS after this point. __ LoadP(r4, FieldMemOperand(r2, JSArray::kLengthOffset)); __ LoadP(r2, FieldMemOperand(r2, JSArray::kElementsOffset)); __ SmiUntag(r4); @@ -2263,16 +2284,21 @@ void Builtins::Generate_Apply(MacroAssembler* masm) { // Push arguments onto the stack (thisArgument is already on the stack). { - Label loop, no_args; + __ LoadRoot(r8, Heap::kUndefinedValueRootIndex); + Label loop, no_args, skip; __ CmpP(r4, Operand::Zero()); __ beq(&no_args); __ AddP(r2, r2, Operand(FixedArray::kHeaderSize - kHeapObjectTag - kPointerSize)); __ LoadRR(r1, r4); __ bind(&loop); - __ LoadP(r0, MemOperand(r2, kPointerSize)); + __ LoadP(ip, MemOperand(r2, kPointerSize)); __ la(r2, MemOperand(r2, kPointerSize)); - __ push(r0); + __ CompareRoot(ip, Heap::kTheHoleValueRootIndex); + __ bne(&skip, Label::kNear); + __ LoadRR(ip, r8); + __ bind(&skip); + __ push(ip); __ BranchOnCount(r1, &loop); __ bind(&no_args); __ LoadRR(r2, r4);