Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(444)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/ppc/builtins-ppc.cc

Issue 1471623005: PPC: [builtins] Sanitize the machinery around Construct calls. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/full-codegen/ppc/full-codegen-ppc.cc ('k') | src/ppc/code-stubs-ppc.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 the V8 project authors. All rights reserved. 1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #if V8_TARGET_ARCH_PPC 5 #if V8_TARGET_ARCH_PPC
6 6
7 #include "src/codegen.h" 7 #include "src/codegen.h"
8 #include "src/debug/debug.h" 8 #include "src/debug/debug.h"
9 #include "src/deoptimizer.h" 9 #include "src/deoptimizer.h"
10 #include "src/full-codegen/full-codegen.h" 10 #include "src/full-codegen/full-codegen.h"
(...skipping 1376 matching lines...) Expand 10 before | Expand all | Expand 10 after
1387 __ LoadP(r3, MemOperand(fp, kFunctionOffset)); 1387 __ LoadP(r3, MemOperand(fp, kFunctionOffset));
1388 __ push(r3); 1388 __ push(r3);
1389 1389
1390 // Copy all arguments from the array to the stack. 1390 // Copy all arguments from the array to the stack.
1391 Generate_PushAppliedArguments(masm, kVectorOffset, kArgumentsOffset, 1391 Generate_PushAppliedArguments(masm, kVectorOffset, kArgumentsOffset,
1392 kIndexOffset, kLimitOffset); 1392 kIndexOffset, kLimitOffset);
1393 1393
1394 // Use undefined feedback vector 1394 // Use undefined feedback vector
1395 __ LoadRoot(r5, Heap::kUndefinedValueRootIndex); 1395 __ LoadRoot(r5, Heap::kUndefinedValueRootIndex);
1396 __ LoadP(r4, MemOperand(fp, kFunctionOffset)); 1396 __ LoadP(r4, MemOperand(fp, kFunctionOffset));
1397 __ LoadP(r7, MemOperand(fp, kNewTargetOffset)); 1397 __ LoadP(r6, MemOperand(fp, kNewTargetOffset));
1398 1398
1399 // Call the function. 1399 // Call the function.
1400 CallConstructStub stub(masm->isolate(), SUPER_CONSTRUCTOR_CALL); 1400 __ Call(masm->isolate()->builtins()->Construct(),
1401 __ Call(stub.GetCode(), RelocInfo::CONSTRUCT_CALL); 1401 RelocInfo::CONSTRUCT_CALL);
1402 1402
1403 // Leave internal frame. 1403 // Leave internal frame.
1404 } 1404 }
1405 __ addi(sp, sp, Operand(kStackSize * kPointerSize)); 1405 __ addi(sp, sp, Operand(kStackSize * kPointerSize));
1406 __ blr(); 1406 __ blr();
1407 } 1407 }
1408 1408
1409 1409
1410 void Builtins::Generate_FunctionApply(MacroAssembler* masm) { 1410 void Builtins::Generate_FunctionApply(MacroAssembler* masm) {
1411 Generate_ApplyHelper(masm, false); 1411 Generate_ApplyHelper(masm, false);
(...skipping 255 matching lines...) Expand 10 before | Expand all | Expand 10 after
1667 1667
1668 // static 1668 // static
1669 void Builtins::Generate_Construct(MacroAssembler* masm) { 1669 void Builtins::Generate_Construct(MacroAssembler* masm) {
1670 // ----------- S t a t e ------------- 1670 // ----------- S t a t e -------------
1671 // -- r3 : the number of arguments (not including the receiver) 1671 // -- r3 : the number of arguments (not including the receiver)
1672 // -- r4 : the constructor to call (can be any Object) 1672 // -- r4 : the constructor to call (can be any Object)
1673 // -- r6 : the new target (either the same as the constructor or 1673 // -- r6 : the new target (either the same as the constructor or
1674 // the JSFunction on which new was invoked initially) 1674 // the JSFunction on which new was invoked initially)
1675 // ----------------------------------- 1675 // -----------------------------------
1676 1676
1677 // Check if target has a [[Construct]] internal method. 1677 // Check if target is a Smi.
1678 Label non_constructor; 1678 Label non_constructor;
1679 __ JumpIfSmi(r4, &non_constructor); 1679 __ JumpIfSmi(r4, &non_constructor);
1680 __ LoadP(r7, FieldMemOperand(r4, HeapObject::kMapOffset));
1681 __ lbz(r5, FieldMemOperand(r7, Map::kBitFieldOffset));
1682 __ TestBit(r5, Map::kIsConstructor, r0);
1683 __ beq(&non_constructor, cr0);
1684 1680
1685 // Dispatch based on instance type. 1681 // Dispatch based on instance type.
1686 __ CompareInstanceType(r7, r8, JS_FUNCTION_TYPE); 1682 __ CompareObjectType(r4, r7, r8, JS_FUNCTION_TYPE);
1687 __ Jump(masm->isolate()->builtins()->ConstructFunction(), 1683 __ Jump(masm->isolate()->builtins()->ConstructFunction(),
1688 RelocInfo::CODE_TARGET, eq); 1684 RelocInfo::CODE_TARGET, eq);
1689 __ cmpi(r8, Operand(JS_FUNCTION_PROXY_TYPE)); 1685 __ cmpi(r8, Operand(JS_FUNCTION_PROXY_TYPE));
1690 __ Jump(masm->isolate()->builtins()->ConstructProxy(), RelocInfo::CODE_TARGET, 1686 __ Jump(masm->isolate()->builtins()->ConstructProxy(), RelocInfo::CODE_TARGET,
1691 eq); 1687 eq);
1692 1688
1689 // Check if target has a [[Construct]] internal method.
1690 __ lbz(r5, FieldMemOperand(r7, Map::kBitFieldOffset));
1691 __ TestBit(r5, Map::kIsConstructor, r0);
1692 __ beq(&non_constructor, cr0);
1693
1693 // Called Construct on an exotic Object with a [[Construct]] internal method. 1694 // Called Construct on an exotic Object with a [[Construct]] internal method.
1694 { 1695 {
1695 // Overwrite the original receiver with the (original) target. 1696 // Overwrite the original receiver with the (original) target.
1696 __ ShiftLeftImm(r8, r3, Operand(kPointerSizeLog2)); 1697 __ ShiftLeftImm(r8, r3, Operand(kPointerSizeLog2));
1697 __ StorePX(r4, MemOperand(sp, r8)); 1698 __ StorePX(r4, MemOperand(sp, r8));
1698 // Let the "call_as_constructor_delegate" take care of the rest. 1699 // Let the "call_as_constructor_delegate" take care of the rest.
1699 __ LoadGlobalFunction(Context::CALL_AS_CONSTRUCTOR_DELEGATE_INDEX, r4); 1700 __ LoadGlobalFunction(Context::CALL_AS_CONSTRUCTOR_DELEGATE_INDEX, r4);
1700 __ Jump(masm->isolate()->builtins()->CallFunction(), 1701 __ Jump(masm->isolate()->builtins()->CallFunction(),
1701 RelocInfo::CODE_TARGET); 1702 RelocInfo::CODE_TARGET);
1702 } 1703 }
(...skipping 160 matching lines...) Expand 10 before | Expand all | Expand 10 after
1863 __ bkpt(0); 1864 __ bkpt(0);
1864 } 1865 }
1865 } 1866 }
1866 1867
1867 1868
1868 #undef __ 1869 #undef __
1869 } // namespace internal 1870 } // namespace internal
1870 } // namespace v8 1871 } // namespace v8
1871 1872
1872 #endif // V8_TARGET_ARCH_PPC 1873 #endif // V8_TARGET_ARCH_PPC
OLDNEW
« no previous file with comments | « src/full-codegen/ppc/full-codegen-ppc.cc ('k') | src/ppc/code-stubs-ppc.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698