src/compiler/js-typed-lowering.cc - Issue 1329293003: [runtime] Sanitize %NewClosure runtime entries.

Side by Side Diff: src/compiler/js-typed-lowering.cc

Issue 1329293003: [runtime] Sanitize %NewClosure runtime entries. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master

Patch Set: REBASE. Ports Created 5 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « src/compiler/js-operator.cc ('k') | src/compiler/linkage.cc » ('j') | no next file with comments »

OLD	NEW
1 // Copyright 2014 the V8 project authors. All rights reserved.	1 // Copyright 2014 the V8 project authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "src/code-factory.h"	5 #include "src/code-factory.h"

6 #include "src/compiler/access-builder.h"	6 #include "src/compiler/access-builder.h"

7 #include "src/compiler/js-graph.h"	7 #include "src/compiler/js-graph.h"

8 #include "src/compiler/js-typed-lowering.h"	8 #include "src/compiler/js-typed-lowering.h"

9 #include "src/compiler/linkage.h"	9 #include "src/compiler/linkage.h"

10 #include "src/compiler/node-matchers.h"	10 #include "src/compiler/node-matchers.h"

(...skipping 1099 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1110 // functions that don't need literals cloning.	1110 // functions that don't need literals cloning.

1111 if (p.pretenure() == NOT_TENURED && shared->num_literals() == 0) {	1111 if (p.pretenure() == NOT_TENURED && shared->num_literals() == 0) {

1112 Isolate* isolate = jsgraph()->isolate();	1112 Isolate* isolate = jsgraph()->isolate();

1113 Callable callable = CodeFactory::FastNewClosure(	1113 Callable callable = CodeFactory::FastNewClosure(

1114 isolate, shared->language_mode(), shared->kind());	1114 isolate, shared->language_mode(), shared->kind());

1115 CallDescriptor* desc = Linkage::GetStubCallDescriptor(	1115 CallDescriptor* desc = Linkage::GetStubCallDescriptor(

1116 isolate, graph()->zone(), callable.descriptor(), 0,	1116 isolate, graph()->zone(), callable.descriptor(), 0,

1117 CallDescriptor::kNoFlags);	1117 CallDescriptor::kNoFlags);

1118 const Operator* new_op = common()->Call(desc);	1118 const Operator* new_op = common()->Call(desc);

1119 Node* stub_code = jsgraph()->HeapConstant(callable.code());	1119 Node* stub_code = jsgraph()->HeapConstant(callable.code());

1120 node->ReplaceInput(0, jsgraph()->HeapConstant(shared));

1121 node->InsertInput(graph()->zone(), 0, stub_code);	1120 node->InsertInput(graph()->zone(), 0, stub_code);

	1121 node->InsertInput(graph()->zone(), 1, jsgraph()->HeapConstant(shared));

1122 node->set_op(new_op);	1122 node->set_op(new_op);

1123 return Changed(node);	1123 return Changed(node);

1124 }	1124 }

1125	1125

1126 return NoChange();	1126 return NoChange();

1127 }	1127 }

1128	1128

1129	1129

1130 Reduction JSTypedLowering::ReduceJSCreateLiteralArray(Node* node) {	1130 Reduction JSTypedLowering::ReduceJSCreateLiteralArray(Node* node) {

1131 DCHECK_EQ(IrOpcode::kJSCreateLiteralArray, node->opcode());	1131 DCHECK_EQ(IrOpcode::kJSCreateLiteralArray, node->opcode());

(...skipping 576 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1708 }	1708 }

1709	1709

1710	1710

1711 MachineOperatorBuilder* JSTypedLowering::machine() const {	1711 MachineOperatorBuilder* JSTypedLowering::machine() const {

1712 return jsgraph()->machine();	1712 return jsgraph()->machine();

1713 }	1713 }

1714	1714

1715 } // namespace compiler	1715 } // namespace compiler

1716 } // namespace internal	1716 } // namespace internal

1717 } // namespace v8	1717 } // namespace v8

OLD	NEW