Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(11)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/arm/builtins-arm.cc

Issue 1575973006: [builtins] Sanitize receiver patching for API functions. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: REBASE. MIPS fixes. Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | src/arm64/builtins-arm64.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #if V8_TARGET_ARCH_ARM 5 #if V8_TARGET_ARCH_ARM
6 6
7 #include "src/codegen.h" 7 #include "src/codegen.h"
8 #include "src/debug/debug.h" 8 #include "src/debug/debug.h"
9 #include "src/deoptimizer.h" 9 #include "src/deoptimizer.h"
10 #include "src/full-codegen/full-codegen.h" 10 #include "src/full-codegen/full-codegen.h"
(...skipping 1194 matching lines...) Expand 10 before | Expand all | Expand 10 after
1205 1205
1206 static void CompatibleReceiverCheck(MacroAssembler* masm, Register receiver, 1206 static void CompatibleReceiverCheck(MacroAssembler* masm, Register receiver,
1207 Register function_template_info, 1207 Register function_template_info,
1208 Register scratch0, Register scratch1, 1208 Register scratch0, Register scratch1,
1209 Register scratch2, 1209 Register scratch2,
1210 Label* receiver_check_failed) { 1210 Label* receiver_check_failed) {
1211 Register signature = scratch0; 1211 Register signature = scratch0;
1212 Register map = scratch1; 1212 Register map = scratch1;
1213 Register constructor = scratch2; 1213 Register constructor = scratch2;
1214 1214
1215 // If the receiver is not an object, jump to receiver_check_failed.
1216 __ CompareObjectType(receiver, map, ip, FIRST_JS_OBJECT_TYPE);
1217 __ b(lo, receiver_check_failed);
1218
1219 // If there is no signature, return the holder. 1215 // If there is no signature, return the holder.
1220 __ ldr(signature, FieldMemOperand(function_template_info, 1216 __ ldr(signature, FieldMemOperand(function_template_info,
1221 FunctionTemplateInfo::kSignatureOffset)); 1217 FunctionTemplateInfo::kSignatureOffset));
1222 __ CompareRoot(signature, Heap::kUndefinedValueRootIndex); 1218 __ CompareRoot(signature, Heap::kUndefinedValueRootIndex);
1223 Label receiver_check_passed; 1219 Label receiver_check_passed;
1224 __ b(eq, &receiver_check_passed); 1220 __ b(eq, &receiver_check_passed);
1225 1221
1226 // Walk the prototype chain. 1222 // Walk the prototype chain.
1227 Label prototype_loop_start; 1223 Label prototype_loop_start;
1228 __ bind(&prototype_loop_start); 1224 __ bind(&prototype_loop_start);
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
1277 // ----------- S t a t e ------------- 1273 // ----------- S t a t e -------------
1278 // -- r0 : number of arguments excluding receiver 1274 // -- r0 : number of arguments excluding receiver
1279 // -- r1 : callee 1275 // -- r1 : callee
1280 // -- lr : return address 1276 // -- lr : return address
1281 // -- sp[0] : last argument 1277 // -- sp[0] : last argument
1282 // -- ... 1278 // -- ...
1283 // -- sp[4 * (argc - 1)] : first argument 1279 // -- sp[4 * (argc - 1)] : first argument
1284 // -- sp[4 * argc] : receiver 1280 // -- sp[4 * argc] : receiver
1285 // ----------------------------------- 1281 // -----------------------------------
1286 1282
1287 // Load the receiver.
1288 __ ldr(r2, MemOperand(sp, r0, LSL, kPointerSizeLog2));
1289
1290 // Update the receiver if this is a contextual call.
1291 Label set_global_proxy, valid_receiver;
1292 __ CompareRoot(r2, Heap::kUndefinedValueRootIndex);
1293 __ b(eq, &set_global_proxy);
1294 __ bind(&valid_receiver);
1295
1296 // Load the FunctionTemplateInfo. 1283 // Load the FunctionTemplateInfo.
1297 __ ldr(r3, FieldMemOperand(r1, JSFunction::kSharedFunctionInfoOffset)); 1284 __ ldr(r3, FieldMemOperand(r1, JSFunction::kSharedFunctionInfoOffset));
1298 __ ldr(r3, FieldMemOperand(r3, SharedFunctionInfo::kFunctionDataOffset)); 1285 __ ldr(r3, FieldMemOperand(r3, SharedFunctionInfo::kFunctionDataOffset));
1299 1286
1300 // Do the compatible receiver check. 1287 // Do the compatible receiver check.
1301 Label receiver_check_failed; 1288 Label receiver_check_failed;
1289 __ ldr(r2, MemOperand(sp, r0, LSL, kPointerSizeLog2));
1302 CompatibleReceiverCheck(masm, r2, r3, r4, r5, r6, &receiver_check_failed); 1290 CompatibleReceiverCheck(masm, r2, r3, r4, r5, r6, &receiver_check_failed);
1303 1291
1304 // Get the callback offset from the FunctionTemplateInfo, and jump to the 1292 // Get the callback offset from the FunctionTemplateInfo, and jump to the
1305 // beginning of the code. 1293 // beginning of the code.
1306 __ ldr(r4, FieldMemOperand(r3, FunctionTemplateInfo::kCallCodeOffset)); 1294 __ ldr(r4, FieldMemOperand(r3, FunctionTemplateInfo::kCallCodeOffset));
1307 __ ldr(r4, FieldMemOperand(r4, CallHandlerInfo::kFastHandlerOffset)); 1295 __ ldr(r4, FieldMemOperand(r4, CallHandlerInfo::kFastHandlerOffset));
1308 __ add(r4, r4, Operand(Code::kHeaderSize - kHeapObjectTag)); 1296 __ add(r4, r4, Operand(Code::kHeaderSize - kHeapObjectTag));
1309 __ Jump(r4); 1297 __ Jump(r4);
1310 1298
1311 __ bind(&set_global_proxy);
1312 __ LoadGlobalProxy(r2);
1313 __ str(r2, MemOperand(sp, r0, LSL, kPointerSizeLog2));
1314 __ b(&valid_receiver);
1315
1316 // Compatible receiver check failed: throw an Illegal Invocation exception. 1299 // Compatible receiver check failed: throw an Illegal Invocation exception.
1317 __ bind(&receiver_check_failed); 1300 __ bind(&receiver_check_failed);
1318 // Drop the arguments (including the receiver) 1301 // Drop the arguments (including the receiver)
1319 __ add(r0, r0, Operand(1)); 1302 __ add(r0, r0, Operand(1));
1320 __ add(sp, sp, Operand(r0, LSL, kPointerSizeLog2)); 1303 __ add(sp, sp, Operand(r0, LSL, kPointerSizeLog2));
1321 __ TailCallRuntime(Runtime::kThrowIllegalInvocation); 1304 __ TailCallRuntime(Runtime::kThrowIllegalInvocation);
1322 } 1305 }
1323 1306
1324 1307
1325 void Builtins::Generate_OnStackReplacement(MacroAssembler* masm) { 1308 void Builtins::Generate_OnStackReplacement(MacroAssembler* masm) {
(...skipping 1035 matching lines...) Expand 10 before | Expand all | Expand 10 after
2361 } 2344 }
2362 } 2345 }
2363 2346
2364 2347
2365 #undef __ 2348 #undef __
2366 2349
2367 } // namespace internal 2350 } // namespace internal
2368 } // namespace v8 2351 } // namespace v8
2369 2352
2370 #endif // V8_TARGET_ARCH_ARM 2353 #endif // V8_TARGET_ARCH_ARM
OLDNEW
« no previous file with comments | « no previous file | src/arm64/builtins-arm64.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698