Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(294)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/runtime/runtime-internal.cc

Issue 1404613002: Check for validity when accessing call site objects in runtime. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/messages.cc ('k') | test/mjsunit/regress-crbug-528379.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 the V8 project authors. All rights reserved. 1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/runtime/runtime-utils.h" 5 #include "src/runtime/runtime-utils.h"
6 6
7 #include "src/arguments.h" 7 #include "src/arguments.h"
8 #include "src/bootstrapper.h" 8 #include "src/bootstrapper.h"
9 #include "src/conversions.h" 9 #include "src/conversions.h"
10 #include "src/debug/debug.h" 10 #include "src/debug/debug.h"
(...skipping 300 matching lines...) Expand 10 before | Expand all | Expand 10 after
311 } 311 }
312 312
313 313
314 #define CALLSITE_GET(NAME, RETURN) \ 314 #define CALLSITE_GET(NAME, RETURN) \
315 RUNTIME_FUNCTION(Runtime_CallSite##NAME##RT) { \ 315 RUNTIME_FUNCTION(Runtime_CallSite##NAME##RT) { \
316 HandleScope scope(isolate); \ 316 HandleScope scope(isolate); \
317 DCHECK(args.length() == 1); \ 317 DCHECK(args.length() == 1); \
318 CONVERT_ARG_HANDLE_CHECKED(JSObject, call_site_obj, 0); \ 318 CONVERT_ARG_HANDLE_CHECKED(JSObject, call_site_obj, 0); \
319 Handle<String> result; \ 319 Handle<String> result; \
320 CallSite call_site(isolate, call_site_obj); \ 320 CallSite call_site(isolate, call_site_obj); \
321 RUNTIME_ASSERT(call_site.IsValid()) \
321 return RETURN(call_site.NAME(), isolate); \ 322 return RETURN(call_site.NAME(), isolate); \
322 } 323 }
323 324
324 static inline Object* ReturnDereferencedHandle(Handle<Object> obj, 325 static inline Object* ReturnDereferencedHandle(Handle<Object> obj,
325 Isolate* isolate) { 326 Isolate* isolate) {
326 return *obj; 327 return *obj;
327 } 328 }
328 329
329 330
330 static inline Object* ReturnPositiveSmiOrNull(int value, Isolate* isolate) { 331 static inline Object* ReturnPositiveSmiOrNull(int value, Isolate* isolate) {
(...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after
440 HandleScope scope(isolate); 441 HandleScope scope(isolate);
441 DCHECK_EQ(1, args.length()); 442 DCHECK_EQ(1, args.length());
442 CONVERT_ARG_HANDLE_CHECKED(Object, object, 0); 443 CONVERT_ARG_HANDLE_CHECKED(Object, object, 0);
443 Handle<String> callsite = RenderCallSite(isolate, object); 444 Handle<String> callsite = RenderCallSite(isolate, object);
444 THROW_NEW_ERROR_RETURN_FAILURE( 445 THROW_NEW_ERROR_RETURN_FAILURE(
445 isolate, NewTypeError(MessageTemplate::kCalledNonCallable, callsite)); 446 isolate, NewTypeError(MessageTemplate::kCalledNonCallable, callsite));
446 } 447 }
447 448
448 } // namespace internal 449 } // namespace internal
449 } // namespace v8 450 } // namespace v8
OLDNEW
« no previous file with comments | « src/messages.cc ('k') | test/mjsunit/regress-crbug-528379.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698