Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(67)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/compiler/js-generic-lowering.cc

Issue 1469793002: [builtins] Sanitize the machinery around Construct calls. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: mips64 fix. Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « src/code-stubs.cc ('k') | src/crankshaft/arm/lithium-arm.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/compiler/js-generic-lowering.cc
diff --git a/src/compiler/js-generic-lowering.cc b/src/compiler/js-generic-lowering.cc
index 5a6e9411346f317ebcc894fc82431ee060992174..3dc7693978b413160070de7924062ade1185e103 100644
--- a/src/compiler/js-generic-lowering.cc
+++ b/src/compiler/js-generic-lowering.cc
@@ -540,22 +540,20 @@ void JSGenericLowering::LowerJSCreateScriptContext(Node* node) {
void JSGenericLowering::LowerJSCallConstruct(Node* node) {
CallConstructParameters const& p = CallConstructParametersOf(node->op());
- int const arity = static_cast<int>(p.arity());
- // TODO(bmeurer): Use the Construct builtin here.
- CallConstructStub stub(isolate(), SUPER_CONSTRUCTOR_CALL);
- CallInterfaceDescriptor d = stub.GetCallInterfaceDescriptor();
+ int const arg_count = static_cast<int>(p.arity() - 2);
CallDescriptor::Flags flags = AdjustFrameStatesForCall(node);
- CallDescriptor* desc =
- Linkage::GetStubCallDescriptor(isolate(), zone(), d, arity - 1, flags);
- Node* stub_code = jsgraph()->HeapConstant(stub.GetCode());
- Node* target = NodeProperties::GetValueInput(node, 0);
- Node* new_target = NodeProperties::GetValueInput(node, arity - 1);
- node->RemoveInput(arity - 1); // Drop new target.
+ Callable callable = CodeFactory::Construct(isolate());
+ CallDescriptor* desc = Linkage::GetStubCallDescriptor(
+ isolate(), zone(), callable.descriptor(), arg_count + 1, flags);
+ Node* stub_code = jsgraph()->HeapConstant(callable.code());
+ Node* stub_arity = jsgraph()->Int32Constant(arg_count);
+ Node* new_target = node->InputAt(arg_count + 1);
+ Node* receiver = jsgraph()->UndefinedConstant();
+ node->RemoveInput(arg_count + 1); // Drop new target.
node->InsertInput(zone(), 0, stub_code);
- node->InsertInput(zone(), 1, jsgraph()->Int32Constant(arity - 2));
- node->InsertInput(zone(), 2, target);
- node->InsertInput(zone(), 3, new_target);
- node->InsertInput(zone(), 4, jsgraph()->UndefinedConstant());
+ node->InsertInput(zone(), 2, new_target);
+ node->InsertInput(zone(), 3, stub_arity);
+ node->InsertInput(zone(), 4, receiver);
NodeProperties::ChangeOp(node, common()->Call(desc));
}
« no previous file with comments | « src/code-stubs.cc ('k') | src/crankshaft/arm/lithium-arm.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698