Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(110)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/arm64/builtins-arm64.cc

Issue 1575973006: [builtins] Sanitize receiver patching for API functions. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: REBASE. MIPS fixes. Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/arm/builtins-arm.cc ('k') | src/builtins.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 the V8 project authors. All rights reserved. 1 // Copyright 2013 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #if V8_TARGET_ARCH_ARM64 5 #if V8_TARGET_ARCH_ARM64
6 6
7 #include "src/arm64/frames-arm64.h" 7 #include "src/arm64/frames-arm64.h"
8 #include "src/codegen.h" 8 #include "src/codegen.h"
9 #include "src/debug/debug.h" 9 #include "src/debug/debug.h"
10 #include "src/deoptimizer.h" 10 #include "src/deoptimizer.h"
(...skipping 1173 matching lines...) Expand 10 before | Expand all | Expand 10 after
1184 1184
1185 static void CompatibleReceiverCheck(MacroAssembler* masm, Register receiver, 1185 static void CompatibleReceiverCheck(MacroAssembler* masm, Register receiver,
1186 Register function_template_info, 1186 Register function_template_info,
1187 Register scratch0, Register scratch1, 1187 Register scratch0, Register scratch1,
1188 Register scratch2, 1188 Register scratch2,
1189 Label* receiver_check_failed) { 1189 Label* receiver_check_failed) {
1190 Register signature = scratch0; 1190 Register signature = scratch0;
1191 Register map = scratch1; 1191 Register map = scratch1;
1192 Register constructor = scratch2; 1192 Register constructor = scratch2;
1193 1193
1194 // If the receiver is not an object, jump to receiver_check_failed.
1195 __ CompareObjectType(receiver, map, x16, FIRST_JS_OBJECT_TYPE);
1196 __ B(lo, receiver_check_failed);
1197
1198 // If there is no signature, return the holder. 1194 // If there is no signature, return the holder.
1199 __ Ldr(signature, FieldMemOperand(function_template_info, 1195 __ Ldr(signature, FieldMemOperand(function_template_info,
1200 FunctionTemplateInfo::kSignatureOffset)); 1196 FunctionTemplateInfo::kSignatureOffset));
1201 __ CompareRoot(signature, Heap::kUndefinedValueRootIndex); 1197 __ CompareRoot(signature, Heap::kUndefinedValueRootIndex);
1202 Label receiver_check_passed; 1198 Label receiver_check_passed;
1203 __ B(eq, &receiver_check_passed); 1199 __ B(eq, &receiver_check_passed);
1204 1200
1205 // Walk the prototype chain. 1201 // Walk the prototype chain.
1206 Label prototype_loop_start; 1202 Label prototype_loop_start;
1207 __ Bind(&prototype_loop_start); 1203 __ Bind(&prototype_loop_start);
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
1256 // ----------- S t a t e ------------- 1252 // ----------- S t a t e -------------
1257 // -- x0 : number of arguments excluding receiver 1253 // -- x0 : number of arguments excluding receiver
1258 // -- x1 : callee 1254 // -- x1 : callee
1259 // -- lr : return address 1255 // -- lr : return address
1260 // -- sp[0] : last argument 1256 // -- sp[0] : last argument
1261 // -- ... 1257 // -- ...
1262 // -- sp[8 * (argc - 1)] : first argument 1258 // -- sp[8 * (argc - 1)] : first argument
1263 // -- sp[8 * argc] : receiver 1259 // -- sp[8 * argc] : receiver
1264 // ----------------------------------- 1260 // -----------------------------------
1265 1261
1266 // Load the receiver.
1267 __ Ldr(x2, MemOperand(jssp, x0, LSL, kPointerSizeLog2));
1268
1269 // Update the receiver if this is a contextual call.
1270 Label set_global_proxy, valid_receiver;
1271 __ CompareRoot(x2, Heap::kUndefinedValueRootIndex);
1272 __ B(eq, &set_global_proxy);
1273 __ Bind(&valid_receiver);
1274
1275 // Load the FunctionTemplateInfo. 1262 // Load the FunctionTemplateInfo.
1276 __ Ldr(x3, FieldMemOperand(x1, JSFunction::kSharedFunctionInfoOffset)); 1263 __ Ldr(x3, FieldMemOperand(x1, JSFunction::kSharedFunctionInfoOffset));
1277 __ Ldr(x3, FieldMemOperand(x3, SharedFunctionInfo::kFunctionDataOffset)); 1264 __ Ldr(x3, FieldMemOperand(x3, SharedFunctionInfo::kFunctionDataOffset));
1278 1265
1279 // Do the compatible receiver check. 1266 // Do the compatible receiver check.
1280 Label receiver_check_failed; 1267 Label receiver_check_failed;
1268 __ Ldr(x2, MemOperand(jssp, x0, LSL, kPointerSizeLog2));
1281 CompatibleReceiverCheck(masm, x2, x3, x4, x5, x6, &receiver_check_failed); 1269 CompatibleReceiverCheck(masm, x2, x3, x4, x5, x6, &receiver_check_failed);
1282 1270
1283 // Get the callback offset from the FunctionTemplateInfo, and jump to the 1271 // Get the callback offset from the FunctionTemplateInfo, and jump to the
1284 // beginning of the code. 1272 // beginning of the code.
1285 __ Ldr(x4, FieldMemOperand(x3, FunctionTemplateInfo::kCallCodeOffset)); 1273 __ Ldr(x4, FieldMemOperand(x3, FunctionTemplateInfo::kCallCodeOffset));
1286 __ Ldr(x4, FieldMemOperand(x4, CallHandlerInfo::kFastHandlerOffset)); 1274 __ Ldr(x4, FieldMemOperand(x4, CallHandlerInfo::kFastHandlerOffset));
1287 __ Add(x4, x4, Operand(Code::kHeaderSize - kHeapObjectTag)); 1275 __ Add(x4, x4, Operand(Code::kHeaderSize - kHeapObjectTag));
1288 __ Jump(x4); 1276 __ Jump(x4);
1289 1277
1290 __ Bind(&set_global_proxy);
1291 __ LoadGlobalProxy(x2);
1292 __ Str(x2, MemOperand(jssp, x0, LSL, kPointerSizeLog2));
1293 __ B(&valid_receiver);
1294
1295 // Compatible receiver check failed: throw an Illegal Invocation exception. 1278 // Compatible receiver check failed: throw an Illegal Invocation exception.
1296 __ Bind(&receiver_check_failed); 1279 __ Bind(&receiver_check_failed);
1297 // Drop the arguments (including the receiver) 1280 // Drop the arguments (including the receiver)
1298 __ add(x0, x0, Operand(1)); 1281 __ add(x0, x0, Operand(1));
1299 __ Drop(x0); 1282 __ Drop(x0);
1300 __ TailCallRuntime(Runtime::kThrowIllegalInvocation); 1283 __ TailCallRuntime(Runtime::kThrowIllegalInvocation);
1301 } 1284 }
1302 1285
1303 1286
1304 void Builtins::Generate_OnStackReplacement(MacroAssembler* masm) { 1287 void Builtins::Generate_OnStackReplacement(MacroAssembler* masm) {
(...skipping 1203 matching lines...) Expand 10 before | Expand all | Expand 10 after
2508 } 2491 }
2509 } 2492 }
2510 2493
2511 2494
2512 #undef __ 2495 #undef __
2513 2496
2514 } // namespace internal 2497 } // namespace internal
2515 } // namespace v8 2498 } // namespace v8
2516 2499
2517 #endif // V8_TARGET_ARCH_ARM 2500 #endif // V8_TARGET_ARCH_ARM
OLDNEW
« no previous file with comments | « src/arm/builtins-arm.cc ('k') | src/builtins.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698