Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(408)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/arm/macro-assembler-arm.cc

Issue 11931037: Out of bounds memory access in TestJSArrayForAllocationSiteInfo. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Comments from Ulan Created 7 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | src/ia32/macro-assembler-ia32.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 3871 matching lines...) Expand 10 before | Expand all | Expand 10 after
3882 void MacroAssembler::TestJSArrayForAllocationSiteInfo( 3882 void MacroAssembler::TestJSArrayForAllocationSiteInfo(
3883 Register receiver_reg, 3883 Register receiver_reg,
3884 Register scratch_reg, 3884 Register scratch_reg,
3885 Label* allocation_info_present) { 3885 Label* allocation_info_present) {
3886 Label no_info_available; 3886 Label no_info_available;
3887 ExternalReference new_space_start = 3887 ExternalReference new_space_start =
3888 ExternalReference::new_space_start(isolate()); 3888 ExternalReference::new_space_start(isolate());
3889 ExternalReference new_space_allocation_top = 3889 ExternalReference new_space_allocation_top =
3890 ExternalReference::new_space_allocation_top_address(isolate()); 3890 ExternalReference::new_space_allocation_top_address(isolate());
3891 ldr(scratch_reg, FieldMemOperand(receiver_reg, 3891 ldr(scratch_reg, FieldMemOperand(receiver_reg,
3892 JSArray::kSize + AllocationSiteInfo::kSize)); 3892 JSArray::kSize + AllocationSiteInfo::kSize - kHeapObjectTag));
3893 cmp(scratch_reg, Operand(new_space_start)); 3893 cmp(scratch_reg, Operand(new_space_start));
3894 b(lt, &no_info_available); 3894 b(lt, &no_info_available);
3895 cmp(scratch_reg, Operand(new_space_allocation_top)); 3895 cmp(scratch_reg, Operand(new_space_allocation_top));
3896 b(hs, &no_info_available); 3896 b(gt, &no_info_available);
3897 ldr(scratch_reg, MemOperand(scratch_reg, 0)); 3897 ldr(scratch_reg, MemOperand(scratch_reg, -AllocationSiteInfo::kSize));
3898 cmp(scratch_reg, 3898 cmp(scratch_reg,
3899 Operand(Handle<Map>(isolate()->heap()->allocation_site_info_map()))); 3899 Operand(Handle<Map>(isolate()->heap()->allocation_site_info_map())));
3900 b(eq, allocation_info_present); 3900 b(eq, allocation_info_present);
3901 bind(&no_info_available); 3901 bind(&no_info_available);
3902 } 3902 }
3903 3903
3904 3904
3905 #ifdef DEBUG 3905 #ifdef DEBUG
3906 bool AreAliased(Register reg1, 3906 bool AreAliased(Register reg1,
3907 Register reg2, 3907 Register reg2,
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after
3961 void CodePatcher::EmitCondition(Condition cond) { 3961 void CodePatcher::EmitCondition(Condition cond) {
3962 Instr instr = Assembler::instr_at(masm_.pc_); 3962 Instr instr = Assembler::instr_at(masm_.pc_);
3963 instr = (instr & ~kCondMask) | cond; 3963 instr = (instr & ~kCondMask) | cond;
3964 masm_.emit(instr); 3964 masm_.emit(instr);
3965 } 3965 }
3966 3966
3967 3967
3968 } } // namespace v8::internal 3968 } } // namespace v8::internal
3969 3969
3970 #endif // V8_TARGET_ARCH_ARM 3970 #endif // V8_TARGET_ARCH_ARM
OLDNEW
« no previous file with comments | « no previous file | src/ia32/macro-assembler-ia32.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698