| OLD | NEW |
|---|
| 1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file |
| 2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
| 3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
| 4 | 4 |
| 5 #include "vm/globals.h" // NOLINT | 5 #include "vm/globals.h" // NOLINT |
| 6 #if defined(TARGET_ARCH_MIPS) | 6 #if defined(TARGET_ARCH_MIPS) |
| 7 | 7 |
| 8 #include "vm/assembler.h" | 8 #include "vm/assembler.h" |
| 9 #include "vm/longjump.h" | 9 #include "vm/longjump.h" |
| 10 #include "vm/runtime_entry.h" | 10 #include "vm/runtime_entry.h" |
| (...skipping 854 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 865 Register temp_reg) { | 865 Register temp_reg) { |
| 866 ASSERT(!in_delay_slot_); | 866 ASSERT(!in_delay_slot_); |
| 867 ASSERT(failure != NULL); | 867 ASSERT(failure != NULL); |
| 868 if (FLAG_inline_alloc) { | 868 if (FLAG_inline_alloc) { |
| 869 const intptr_t instance_size = cls.instance_size(); | 869 const intptr_t instance_size = cls.instance_size(); |
| 870 Heap* heap = Isolate::Current()->heap(); | 870 Heap* heap = Isolate::Current()->heap(); |
| 871 Heap::Space space = heap->SpaceForAllocation(cls.id()); | 871 Heap::Space space = heap->SpaceForAllocation(cls.id()); |
| 872 const uword top_address = heap->TopAddress(space); | 872 const uword top_address = heap->TopAddress(space); |
| 873 LoadImmediate(temp_reg, top_address); | 873 LoadImmediate(temp_reg, top_address); |
| 874 lw(instance_reg, Address(temp_reg)); | 874 lw(instance_reg, Address(temp_reg)); |
| 875 // TODO(koda): Protect against unsigned overflow here. |
| 875 AddImmediate(instance_reg, instance_size); | 876 AddImmediate(instance_reg, instance_size); |
| 876 | 877 |
| 877 // instance_reg: potential next object start. | 878 // instance_reg: potential next object start. |
| 878 const uword end_address = heap->EndAddress(space); | 879 const uword end_address = heap->EndAddress(space); |
| 879 ASSERT(top_address < end_address); | 880 ASSERT(top_address < end_address); |
| 880 lw(TMP, Address(temp_reg, end_address - top_address)); | 881 lw(TMP, Address(temp_reg, end_address - top_address)); |
| 881 // Fail if heap end unsigned less than or equal to instance_reg. | 882 // Fail if heap end unsigned less than or equal to instance_reg. |
| 882 BranchUnsignedLessEqual(TMP, instance_reg, failure); | 883 BranchUnsignedLessEqual(TMP, instance_reg, failure); |
| 883 | 884 |
| 884 // Successfully allocated the object, now update top to point to | 885 // Successfully allocated the object, now update top to point to |
| (...skipping 22 matching lines...) Expand all Loading... |
| 907 Register end_address, | 908 Register end_address, |
| 908 Register temp1, | 909 Register temp1, |
| 909 Register temp2) { | 910 Register temp2) { |
| 910 if (FLAG_inline_alloc) { | 911 if (FLAG_inline_alloc) { |
| 911 Isolate* isolate = Isolate::Current(); | 912 Isolate* isolate = Isolate::Current(); |
| 912 Heap* heap = isolate->heap(); | 913 Heap* heap = isolate->heap(); |
| 913 Heap::Space space = heap->SpaceForAllocation(cid); | 914 Heap::Space space = heap->SpaceForAllocation(cid); |
| 914 LoadImmediate(temp1, heap->TopAddress(space)); | 915 LoadImmediate(temp1, heap->TopAddress(space)); |
| 915 lw(instance, Address(temp1, 0)); // Potential new object start. | 916 lw(instance, Address(temp1, 0)); // Potential new object start. |
| 916 // Potential next object start. | 917 // Potential next object start. |
| 917 AddImmediateDetectOverflow(end_address, instance, instance_size, CMPRES1); | 918 AddImmediate(end_address, instance, instance_size); |
| 918 bltz(CMPRES1, failure); // CMPRES1 < 0 on overflow. | 919 // Branch on unsigned overflow. |
| 920 BranchUnsignedLess(end_address, instance, failure); |
| 919 | 921 |
| 920 // Check if the allocation fits into the remaining space. | 922 // Check if the allocation fits into the remaining space. |
| 921 // instance: potential new object start. | 923 // instance: potential new object start. |
| 922 // end_address: potential next object start. | 924 // end_address: potential next object start. |
| 923 LoadImmediate(temp2, heap->EndAddress(space)); | 925 LoadImmediate(temp2, heap->EndAddress(space)); |
| 924 lw(temp2, Address(temp2, 0)); | 926 lw(temp2, Address(temp2, 0)); |
| 925 BranchUnsignedGreaterEqual(end_address, temp2, failure); | 927 BranchUnsignedGreaterEqual(end_address, temp2, failure); |
| 926 | 928 |
| 927 | 929 |
| 928 // Successfully allocated the object(s), now update top to point to | 930 // Successfully allocated the object(s), now update top to point to |
| (...skipping 280 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1209 Label stop; | 1211 Label stop; |
| 1210 b(&stop); | 1212 b(&stop); |
| 1211 Emit(reinterpret_cast<int32_t>(message)); | 1213 Emit(reinterpret_cast<int32_t>(message)); |
| 1212 Bind(&stop); | 1214 Bind(&stop); |
| 1213 break_(Instr::kStopMessageCode); | 1215 break_(Instr::kStopMessageCode); |
| 1214 } | 1216 } |
| 1215 | 1217 |
| 1216 } // namespace dart | 1218 } // namespace dart |
| 1217 | 1219 |
| 1218 #endif // defined TARGET_ARCH_MIPS | 1220 #endif // defined TARGET_ARCH_MIPS |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1096063002:
Fix array allocation overflow check on arm/arm64/mips. (Closed)
Base URL: http://dart.googlecode.com/svn/branches/bleeding_edge/dart/