From d051e7806a6bbc3a134dd52c332e624695036da4 Mon Sep 17 00:00:00 2001 From: Richard Lau Date: Fri, 12 Aug 2016 14:53:04 -0400 Subject: [PATCH] deps: cherry-pick 71d525a for S390 from V8 upstream Original commit message: S390: InstanceOfStub incorrectly interprets the hole as a prototype. Port 2aa070b Original commit message: Repair this to match what the runtime correctly does, by first checking if the function is a constructor before we access the prototype. R=mvstanton@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com BUG= Review URL: https://codereview.chromium.org/1813003002 Cr-Commit-Position: refs/heads/master@{#34872} Fixes: https://github.com/nodejs/node/issues/7592 for S390 --- deps/v8z/src/s390/code-stubs-s390.cc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/deps/v8z/src/s390/code-stubs-s390.cc b/deps/v8z/src/s390/code-stubs-s390.cc index b243484600a..7ea53c1cf62 100644 --- a/deps/v8z/src/s390/code-stubs-s390.cc +++ b/deps/v8z/src/s390/code-stubs-s390.cc @@ -1401,8 +1401,12 @@ void InstanceOfStub::Generate(MacroAssembler* masm) { __ CompareObjectType(function, function_map, scratch, JS_FUNCTION_TYPE); __ bne(&slow_case); - // Ensure that {function} has an instance prototype. + // Go to the runtime if the function is not a constructor. __ LoadlB(scratch, FieldMemOperand(function_map, Map::kBitFieldOffset)); + __ TestBit(scratch, Map::kIsConstructor, r0); + __ beq(&slow_case); + + // Ensure that {function} has an instance prototype. __ TestBit(scratch, Map::kHasNonInstancePrototype, r0); __ bne(&slow_case);