| OLD | NEW |
|---|
| 1 // Copyright 2006-2009 the V8 project authors. All rights reserved. | 1 // Copyright 2006-2009 the V8 project authors. All rights reserved. |
| 2 // Redistribution and use in source and binary forms, with or without | 2 // Redistribution and use in source and binary forms, with or without |
| 3 // modification, are permitted provided that the following conditions are | 3 // modification, are permitted provided that the following conditions are |
| 4 // met: | 4 // met: |
| 5 // | 5 // |
| 6 // * Redistributions of source code must retain the above copyright | 6 // * Redistributions of source code must retain the above copyright |
| 7 // notice, this list of conditions and the following disclaimer. | 7 // notice, this list of conditions and the following disclaimer. |
| 8 // * Redistributions in binary form must reproduce the above | 8 // * Redistributions in binary form must reproduce the above |
| 9 // copyright notice, this list of conditions and the following | 9 // copyright notice, this list of conditions and the following |
| 10 // disclaimer in the documentation and/or other materials provided | 10 // disclaimer in the documentation and/or other materials provided |
| (...skipping 4750 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4761 | 4761 |
| 4762 static Object* Runtime_Math_tan(Arguments args) { | 4762 static Object* Runtime_Math_tan(Arguments args) { |
| 4763 NoHandleAllocation ha; | 4763 NoHandleAllocation ha; |
| 4764 ASSERT(args.length() == 1); | 4764 ASSERT(args.length() == 1); |
| 4765 | 4765 |
| 4766 CONVERT_DOUBLE_CHECKED(x, args[0]); | 4766 CONVERT_DOUBLE_CHECKED(x, args[0]); |
| 4767 return TranscendentalCache::Get(TranscendentalCache::TAN, x); | 4767 return TranscendentalCache::Get(TranscendentalCache::TAN, x); |
| 4768 } | 4768 } |
| 4769 | 4769 |
| 4770 | 4770 |
| 4771 // The NewArguments function is only used when constructing the | |
| 4772 // arguments array when calling non-functions from JavaScript in | |
| 4773 // runtime.js:CALL_NON_FUNCTION. | |
| 4774 static Object* Runtime_NewArguments(Arguments args) { | |
| 4775 NoHandleAllocation ha; | |
| 4776 ASSERT(args.length() == 1); | |
| 4777 | |
| 4778 // ECMA-262, 3rd., 10.1.8, p.39 | |
| 4779 CONVERT_CHECKED(JSFunction, callee, args[0]); | |
| 4780 | |
| 4781 // Compute the frame holding the arguments. | |
| 4782 JavaScriptFrameIterator it; | |
| 4783 it.AdvanceToArgumentsFrame(); | |
| 4784 JavaScriptFrame* frame = it.frame(); | |
| 4785 | |
| 4786 const int length = frame->GetProvidedParametersCount(); | |
| 4787 Object* result = Heap::AllocateArgumentsObject(callee, length); | |
| 4788 if (result->IsFailure()) return result; | |
| 4789 if (length > 0) { | |
| 4790 Object* obj = Heap::AllocateFixedArray(length); | |
| 4791 if (obj->IsFailure()) return obj; | |
| 4792 FixedArray* array = FixedArray::cast(obj); | |
| 4793 ASSERT(array->length() == length); | |
| 4794 | |
| 4795 AssertNoAllocation no_gc; | |
| 4796 WriteBarrierMode mode = array->GetWriteBarrierMode(no_gc); | |
| 4797 for (int i = 0; i < length; i++) { | |
| 4798 array->set(i, frame->GetParameter(i), mode); | |
| 4799 } | |
| 4800 JSObject::cast(result)->set_elements(array); | |
| 4801 } | |
| 4802 return result; | |
| 4803 } | |
| 4804 | |
| 4805 | |
| 4806 static Object* Runtime_NewArgumentsFast(Arguments args) { | 4771 static Object* Runtime_NewArgumentsFast(Arguments args) { |
| 4807 NoHandleAllocation ha; | 4772 NoHandleAllocation ha; |
| 4808 ASSERT(args.length() == 3); | 4773 ASSERT(args.length() == 3); |
| 4809 | 4774 |
| 4810 JSFunction* callee = JSFunction::cast(args[0]); | 4775 JSFunction* callee = JSFunction::cast(args[0]); |
| 4811 Object** parameters = reinterpret_cast<Object**>(args[1]); | 4776 Object** parameters = reinterpret_cast<Object**>(args[1]); |
| 4812 const int length = Smi::cast(args[2])->value(); | 4777 const int length = Smi::cast(args[2])->value(); |
| 4813 | 4778 |
| 4814 Object* result = Heap::AllocateArgumentsObject(callee, length); | 4779 Object* result = Heap::AllocateArgumentsObject(callee, length); |
| 4815 if (result->IsFailure()) return result; | 4780 if (result->IsFailure()) return result; |
| (...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4948 // be in loops. We compile them as if they are in loops here just in case. | 4913 // be in loops. We compile them as if they are in loops here just in case. |
| 4949 ASSERT(!function->is_compiled()); | 4914 ASSERT(!function->is_compiled()); |
| 4950 if (!CompileLazyInLoop(function, Handle<Object>::null(), KEEP_EXCEPTION)) { | 4915 if (!CompileLazyInLoop(function, Handle<Object>::null(), KEEP_EXCEPTION)) { |
| 4951 return Failure::Exception(); | 4916 return Failure::Exception(); |
| 4952 } | 4917 } |
| 4953 | 4918 |
| 4954 return function->code(); | 4919 return function->code(); |
| 4955 } | 4920 } |
| 4956 | 4921 |
| 4957 | 4922 |
| 4958 static Object* Runtime_GetCalledFunction(Arguments args) { | |
| 4959 HandleScope scope; | |
| 4960 ASSERT(args.length() == 0); | |
| 4961 StackFrameIterator it; | |
| 4962 // Get past the JS-to-C exit frame. | |
| 4963 ASSERT(it.frame()->is_exit()); | |
| 4964 it.Advance(); | |
| 4965 // Get past the CALL_NON_FUNCTION activation frame. | |
| 4966 ASSERT(it.frame()->is_java_script()); | |
| 4967 it.Advance(); | |
| 4968 // Argument adaptor frames do not copy the function; we have to skip | |
| 4969 // past them to get to the real calling frame. | |
| 4970 if (it.frame()->is_arguments_adaptor()) it.Advance(); | |
| 4971 // Get the function from the top of the expression stack of the | |
| 4972 // calling frame. | |
| 4973 StandardFrame* frame = StandardFrame::cast(it.frame()); | |
| 4974 int index = frame->ComputeExpressionsCount() - 1; | |
| 4975 Object* result = frame->GetExpression(index); | |
| 4976 return result; | |
| 4977 } | |
| 4978 | |
| 4979 | |
| 4980 static Object* Runtime_GetFunctionDelegate(Arguments args) { | 4923 static Object* Runtime_GetFunctionDelegate(Arguments args) { |
| 4981 HandleScope scope; | 4924 HandleScope scope; |
| 4982 ASSERT(args.length() == 1); | 4925 ASSERT(args.length() == 1); |
| 4983 RUNTIME_ASSERT(!args[0]->IsJSFunction()); | 4926 RUNTIME_ASSERT(!args[0]->IsJSFunction()); |
| 4984 return *Execution::GetFunctionDelegate(args.at<Object>(0)); | 4927 return *Execution::GetFunctionDelegate(args.at<Object>(0)); |
| 4985 } | 4928 } |
| 4986 | 4929 |
| 4987 | 4930 |
| 4988 static Object* Runtime_GetConstructorDelegate(Arguments args) { | 4931 static Object* Runtime_GetConstructorDelegate(Arguments args) { |
| 4989 HandleScope scope; | 4932 HandleScope scope; |
| (...skipping 3251 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 8241 } else { | 8184 } else { |
| 8242 // Handle last resort GC and make sure to allow future allocations | 8185 // Handle last resort GC and make sure to allow future allocations |
| 8243 // to grow the heap without causing GCs (if possible). | 8186 // to grow the heap without causing GCs (if possible). |
| 8244 Counters::gc_last_resort_from_js.Increment(); | 8187 Counters::gc_last_resort_from_js.Increment(); |
| 8245 Heap::CollectAllGarbage(false); | 8188 Heap::CollectAllGarbage(false); |
| 8246 } | 8189 } |
| 8247 } | 8190 } |
| 8248 | 8191 |
| 8249 | 8192 |
| 8250 } } // namespace v8::internal | 8193 } } // namespace v8::internal |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 604064:
Fix stack corruption when calling non-function. (Closed)
