deps: cherry-pick 3a903c4 for PPC from V8 upstream

Original commit message:

    PPC: InstanceOfStub incorrectly interprets the hole as a prototype.
    Port 2aa070b

    Original commit message:
        Repair this to match what the runtime correctly does,
        by first checking if the function is a constructor
        before we access the prototype.

    R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com,
    michael_dawson@ca.ibm.com

    BUG=

    Review URL: https://codereview.chromium.org/1811013002

    Cr-Commit-Position: refs/heads/master@{#34869}

Fixes: https://github.com/nodejs/node/issues/7592 for PPC
PR-URL: https://github.com/nodejs/node/pull/7638
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>

1 files changed, 5 insertions, 1 deletions

diff --git a/deps/v8/src/ppc/code-stubs-ppc.cc b/deps/v8/src/ppc/code-stubs-ppc.cc
index 03c73af503..579109b731 100644
--- a/deps/v8/src/ppc/code-stubs-ppc.cc
+++ b/deps/v8/src/ppc/code-stubs-ppc.cc
@@ -1409,8 +1409,12 @@ void InstanceOfStub::Generate(MacroAssembler* masm) {
   __ CompareObjectType(function, function_map, scratch, JS_FUNCTION_TYPE);
   __ bne(&slow_case);
 
-  // Ensure that {function} has an instance prototype.
+  // Go to the runtime if the function is not a constructor.
   __ lbz(scratch, FieldMemOperand(function_map, Map::kBitFieldOffset));
+  __ TestBit(scratch, Map::kIsConstructor, r0);
+  __ beq(&slow_case, cr0);
+
+  // Ensure that {function} has an instance prototype.
   __ TestBit(scratch, Map::kHasNonInstancePrototype, r0);
   __ bne(&slow_case, cr0);