Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(782)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/arm/builtins-arm.cc

Issue 1469793002: [builtins] Sanitize the machinery around Construct calls. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: mips64 fix. Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | src/arm/code-stubs-arm.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #if V8_TARGET_ARCH_ARM 5 #if V8_TARGET_ARCH_ARM
6 6
7 #include "src/codegen.h" 7 #include "src/codegen.h"
8 #include "src/debug/debug.h" 8 #include "src/debug/debug.h"
9 #include "src/deoptimizer.h" 9 #include "src/deoptimizer.h"
10 #include "src/full-codegen/full-codegen.h" 10 #include "src/full-codegen/full-codegen.h"
(...skipping 1364 matching lines...) Expand 10 before | Expand all | Expand 10 after
1375 __ ldr(r0, MemOperand(fp, kFunctionOffset)); 1375 __ ldr(r0, MemOperand(fp, kFunctionOffset));
1376 __ push(r0); 1376 __ push(r0);
1377 1377
1378 // Copy all arguments from the array to the stack. 1378 // Copy all arguments from the array to the stack.
1379 Generate_PushAppliedArguments(masm, kVectorOffset, kArgumentsOffset, 1379 Generate_PushAppliedArguments(masm, kVectorOffset, kArgumentsOffset,
1380 kIndexOffset, kLimitOffset); 1380 kIndexOffset, kLimitOffset);
1381 1381
1382 // Use undefined feedback vector 1382 // Use undefined feedback vector
1383 __ LoadRoot(r2, Heap::kUndefinedValueRootIndex); 1383 __ LoadRoot(r2, Heap::kUndefinedValueRootIndex);
1384 __ ldr(r1, MemOperand(fp, kFunctionOffset)); 1384 __ ldr(r1, MemOperand(fp, kFunctionOffset));
1385 __ ldr(r4, MemOperand(fp, kNewTargetOffset)); 1385 __ ldr(r3, MemOperand(fp, kNewTargetOffset));
1386 1386
1387 // Call the function. 1387 // Call the function.
1388 CallConstructStub stub(masm->isolate(), SUPER_CONSTRUCTOR_CALL); 1388 __ Call(masm->isolate()->builtins()->Construct(),
1389 __ Call(stub.GetCode(), RelocInfo::CONSTRUCT_CALL); 1389 RelocInfo::CONSTRUCT_CALL);
1390 1390
1391 // Leave internal frame. 1391 // Leave internal frame.
1392 } 1392 }
1393 __ add(sp, sp, Operand(kStackSize * kPointerSize)); 1393 __ add(sp, sp, Operand(kStackSize * kPointerSize));
1394 __ Jump(lr); 1394 __ Jump(lr);
1395 } 1395 }
1396 1396
1397 1397
1398 void Builtins::Generate_FunctionApply(MacroAssembler* masm) { 1398 void Builtins::Generate_FunctionApply(MacroAssembler* masm) {
1399 Generate_ApplyHelper(masm, false); 1399 Generate_ApplyHelper(masm, false);
(...skipping 247 matching lines...) Expand 10 before | Expand all | Expand 10 after
1647 1647
1648 // static 1648 // static
1649 void Builtins::Generate_Construct(MacroAssembler* masm) { 1649 void Builtins::Generate_Construct(MacroAssembler* masm) {
1650 // ----------- S t a t e ------------- 1650 // ----------- S t a t e -------------
1651 // -- r0 : the number of arguments (not including the receiver) 1651 // -- r0 : the number of arguments (not including the receiver)
1652 // -- r1 : the constructor to call (can be any Object) 1652 // -- r1 : the constructor to call (can be any Object)
1653 // -- r3 : the new target (either the same as the constructor or 1653 // -- r3 : the new target (either the same as the constructor or
1654 // the JSFunction on which new was invoked initially) 1654 // the JSFunction on which new was invoked initially)
1655 // ----------------------------------- 1655 // -----------------------------------
1656 1656
1657 // Check if target has a [[Construct]] internal method. 1657 // Check if target is a Smi.
1658 Label non_constructor; 1658 Label non_constructor;
1659 __ JumpIfSmi(r1, &non_constructor); 1659 __ JumpIfSmi(r1, &non_constructor);
1660 __ ldr(r4, FieldMemOperand(r1, HeapObject::kMapOffset));
1661 __ ldrb(r2, FieldMemOperand(r4, Map::kBitFieldOffset));
1662 __ tst(r2, Operand(1 << Map::kIsConstructor));
1663 __ b(eq, &non_constructor);
1664 1660
1665 // Dispatch based on instance type. 1661 // Dispatch based on instance type.
1666 __ CompareInstanceType(r4, r5, JS_FUNCTION_TYPE); 1662 __ CompareObjectType(r1, r4, r5, JS_FUNCTION_TYPE);
1667 __ Jump(masm->isolate()->builtins()->ConstructFunction(), 1663 __ Jump(masm->isolate()->builtins()->ConstructFunction(),
1668 RelocInfo::CODE_TARGET, eq); 1664 RelocInfo::CODE_TARGET, eq);
1669 __ cmp(r5, Operand(JS_FUNCTION_PROXY_TYPE)); 1665 __ cmp(r5, Operand(JS_FUNCTION_PROXY_TYPE));
1670 __ Jump(masm->isolate()->builtins()->ConstructProxy(), RelocInfo::CODE_TARGET, 1666 __ Jump(masm->isolate()->builtins()->ConstructProxy(), RelocInfo::CODE_TARGET,
1671 eq); 1667 eq);
1672 1668
1669 // Check if target has a [[Construct]] internal method.
1670 __ ldrb(r2, FieldMemOperand(r4, Map::kBitFieldOffset));
1671 __ tst(r2, Operand(1 << Map::kIsConstructor));
1672 __ b(eq, &non_constructor);
1673
1673 // Called Construct on an exotic Object with a [[Construct]] internal method. 1674 // Called Construct on an exotic Object with a [[Construct]] internal method.
1674 { 1675 {
1675 // Overwrite the original receiver with the (original) target. 1676 // Overwrite the original receiver with the (original) target.
1676 __ str(r1, MemOperand(sp, r0, LSL, kPointerSizeLog2)); 1677 __ str(r1, MemOperand(sp, r0, LSL, kPointerSizeLog2));
1677 // Let the "call_as_constructor_delegate" take care of the rest. 1678 // Let the "call_as_constructor_delegate" take care of the rest.
1678 __ LoadGlobalFunction(Context::CALL_AS_CONSTRUCTOR_DELEGATE_INDEX, r1); 1679 __ LoadGlobalFunction(Context::CALL_AS_CONSTRUCTOR_DELEGATE_INDEX, r1);
1679 __ Jump(masm->isolate()->builtins()->CallFunction(), 1680 __ Jump(masm->isolate()->builtins()->CallFunction(),
1680 RelocInfo::CODE_TARGET); 1681 RelocInfo::CODE_TARGET);
1681 } 1682 }
1682 1683
(...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after
1834 } 1835 }
1835 } 1836 }
1836 1837
1837 1838
1838 #undef __ 1839 #undef __
1839 1840
1840 } // namespace internal 1841 } // namespace internal
1841 } // namespace v8 1842 } // namespace v8
1842 1843
1843 #endif // V8_TARGET_ARCH_ARM 1844 #endif // V8_TARGET_ARCH_ARM
OLDNEW
« no previous file with comments | « no previous file | src/arm/code-stubs-arm.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698