From e5cce7acfe17ba4d33272e7e8146e9721f9791cd Mon Sep 17 00:00:00 2001 From: Franziska Hinkelmann Date: Mon, 11 Jul 2016 20:10:11 +0200 Subject: [PATCH] deps: cherry-pick 3a903c4 for PPC from V8 upstream Original commit message: PPC: InstanceOfStub incorrectly interprets the hole as a prototype. Port 2aa070b Original commit message: Repair this to match what the runtime correctly does, by first checking if the function is a constructor before we access the prototype. R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1811013002 Cr-Commit-Position: refs/heads/master@{#34869} Fixes: https://github.com/nodejs/node/issues/7592 for PPC PR-URL: https://github.com/nodejs/node/pull/7638 Reviewed-By: Anna Henningsen Reviewed-By: Ben Noordhuis Reviewed-By: Ali Ijaz Sheikh --- deps/v8/src/ppc/code-stubs-ppc.cc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/deps/v8/src/ppc/code-stubs-ppc.cc b/deps/v8/src/ppc/code-stubs-ppc.cc index 03c73af503..579109b731 100644 --- a/deps/v8/src/ppc/code-stubs-ppc.cc +++ b/deps/v8/src/ppc/code-stubs-ppc.cc @@ -1409,8 +1409,12 @@ void InstanceOfStub::Generate(MacroAssembler* masm) { __ CompareObjectType(function, function_map, scratch, JS_FUNCTION_TYPE); __ bne(&slow_case); - // Ensure that {function} has an instance prototype. + // Go to the runtime if the function is not a constructor. __ lbz(scratch, FieldMemOperand(function_map, Map::kBitFieldOffset)); + __ TestBit(scratch, Map::kIsConstructor, r0); + __ beq(&slow_case, cr0); + + // Ensure that {function} has an instance prototype. __ TestBit(scratch, Map::kHasNonInstancePrototype, r0); __ bne(&slow_case, cr0);