Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(20)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/ia32/builtins-ia32.cc

Issue 1575973006: [builtins] Sanitize receiver patching for API functions. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: REBASE. MIPS fixes. Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/builtins.cc ('k') | src/mips/builtins-mips.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #if V8_TARGET_ARCH_IA32 5 #if V8_TARGET_ARCH_IA32
6 6
7 #include "src/code-factory.h" 7 #include "src/code-factory.h"
8 #include "src/codegen.h" 8 #include "src/codegen.h"
9 #include "src/deoptimizer.h" 9 #include "src/deoptimizer.h"
10 #include "src/full-codegen/full-codegen.h" 10 #include "src/full-codegen/full-codegen.h"
(...skipping 2229 matching lines...) Expand 10 before | Expand all | Expand 10 after
2240 __ CallRuntime(Runtime::kThrowStackOverflow); 2240 __ CallRuntime(Runtime::kThrowStackOverflow);
2241 __ int3(); 2241 __ int3();
2242 } 2242 }
2243 } 2243 }
2244 2244
2245 2245
2246 static void CompatibleReceiverCheck(MacroAssembler* masm, Register receiver, 2246 static void CompatibleReceiverCheck(MacroAssembler* masm, Register receiver,
2247 Register function_template_info, 2247 Register function_template_info,
2248 Register scratch0, Register scratch1, 2248 Register scratch0, Register scratch1,
2249 Label* receiver_check_failed) { 2249 Label* receiver_check_failed) {
2250 // If receiver is not an object, jump to receiver_check_failed.
2251 __ CmpObjectType(receiver, FIRST_JS_OBJECT_TYPE, scratch0);
2252 __ j(below, receiver_check_failed);
2253
2254 // If there is no signature, return the holder. 2250 // If there is no signature, return the holder.
2255 __ CompareRoot(FieldOperand(function_template_info, 2251 __ CompareRoot(FieldOperand(function_template_info,
2256 FunctionTemplateInfo::kSignatureOffset), 2252 FunctionTemplateInfo::kSignatureOffset),
2257 Heap::kUndefinedValueRootIndex); 2253 Heap::kUndefinedValueRootIndex);
2258 Label receiver_check_passed; 2254 Label receiver_check_passed;
2259 __ j(equal, &receiver_check_passed, Label::kNear); 2255 __ j(equal, &receiver_check_passed, Label::kNear);
2260 2256
2261 // Walk the prototype chain. 2257 // Walk the prototype chain.
2262 Label prototype_loop_start; 2258 Label prototype_loop_start;
2263 __ bind(&prototype_loop_start); 2259 __ bind(&prototype_loop_start);
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after
2317 // -- eax : number of arguments (not including the receiver) 2313 // -- eax : number of arguments (not including the receiver)
2318 // -- edi : callee 2314 // -- edi : callee
2319 // -- esi : context 2315 // -- esi : context
2320 // -- esp[0] : return address 2316 // -- esp[0] : return address
2321 // -- esp[4] : last argument 2317 // -- esp[4] : last argument
2322 // -- ... 2318 // -- ...
2323 // -- esp[eax * 4] : first argument 2319 // -- esp[eax * 4] : first argument
2324 // -- esp[(eax + 1) * 4] : receiver 2320 // -- esp[(eax + 1) * 4] : receiver
2325 // ----------------------------------- 2321 // -----------------------------------
2326 2322
2327 // Load the receiver.
2328 Operand receiver_operand(esp, eax, times_pointer_size, kPCOnStackSize);
2329 __ mov(ecx, receiver_operand);
2330
2331 // Update the receiver if this is a contextual call.
2332 Label set_global_proxy, valid_receiver;
2333 __ CompareRoot(ecx, Heap::kUndefinedValueRootIndex);
2334 __ j(equal, &set_global_proxy);
2335 __ bind(&valid_receiver);
2336
2337 // Load the FunctionTemplateInfo. 2323 // Load the FunctionTemplateInfo.
2338 __ mov(ebx, FieldOperand(edi, JSFunction::kSharedFunctionInfoOffset)); 2324 __ mov(ebx, FieldOperand(edi, JSFunction::kSharedFunctionInfoOffset));
2339 __ mov(ebx, FieldOperand(ebx, SharedFunctionInfo::kFunctionDataOffset)); 2325 __ mov(ebx, FieldOperand(ebx, SharedFunctionInfo::kFunctionDataOffset));
2340 2326
2341 // Do the compatible receiver check. 2327 // Do the compatible receiver check.
2342 Label receiver_check_failed; 2328 Label receiver_check_failed;
2329 __ mov(ecx, Operand(esp, eax, times_pointer_size, kPCOnStackSize));
2343 __ Push(eax); 2330 __ Push(eax);
2344 CompatibleReceiverCheck(masm, ecx, ebx, edx, eax, &receiver_check_failed); 2331 CompatibleReceiverCheck(masm, ecx, ebx, edx, eax, &receiver_check_failed);
2345 __ Pop(eax); 2332 __ Pop(eax);
2346 // Get the callback offset from the FunctionTemplateInfo, and jump to the 2333 // Get the callback offset from the FunctionTemplateInfo, and jump to the
2347 // beginning of the code. 2334 // beginning of the code.
2348 __ mov(edx, FieldOperand(ebx, FunctionTemplateInfo::kCallCodeOffset)); 2335 __ mov(edx, FieldOperand(ebx, FunctionTemplateInfo::kCallCodeOffset));
2349 __ mov(edx, FieldOperand(edx, CallHandlerInfo::kFastHandlerOffset)); 2336 __ mov(edx, FieldOperand(edx, CallHandlerInfo::kFastHandlerOffset));
2350 __ add(edx, Immediate(Code::kHeaderSize - kHeapObjectTag)); 2337 __ add(edx, Immediate(Code::kHeaderSize - kHeapObjectTag));
2351 __ jmp(edx); 2338 __ jmp(edx);
2352 2339
2353 __ bind(&set_global_proxy);
2354 __ mov(ecx, NativeContextOperand());
2355 __ mov(ecx, ContextOperand(ecx, Context::GLOBAL_PROXY_INDEX));
2356 __ mov(receiver_operand, ecx);
2357 __ jmp(&valid_receiver, Label::kNear);
2358
2359 // Compatible receiver check failed: pop return address, arguments and 2340 // Compatible receiver check failed: pop return address, arguments and
2360 // receiver and throw an Illegal Invocation exception. 2341 // receiver and throw an Illegal Invocation exception.
2361 __ bind(&receiver_check_failed); 2342 __ bind(&receiver_check_failed);
2362 __ Pop(eax); 2343 __ Pop(eax);
2363 __ PopReturnAddressTo(ebx); 2344 __ PopReturnAddressTo(ebx);
2364 __ lea(eax, Operand(eax, times_pointer_size, 1 * kPointerSize)); 2345 __ lea(eax, Operand(eax, times_pointer_size, 1 * kPointerSize));
2365 __ add(esp, eax); 2346 __ add(esp, eax);
2366 __ PushReturnAddressFrom(ebx); 2347 __ PushReturnAddressFrom(ebx);
2367 { 2348 {
2368 FrameScope scope(masm, StackFrame::INTERNAL); 2349 FrameScope scope(masm, StackFrame::INTERNAL);
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after
2424 2405
2425 __ bind(&ok); 2406 __ bind(&ok);
2426 __ ret(0); 2407 __ ret(0);
2427 } 2408 }
2428 2409
2429 #undef __ 2410 #undef __
2430 } // namespace internal 2411 } // namespace internal
2431 } // namespace v8 2412 } // namespace v8
2432 2413
2433 #endif // V8_TARGET_ARCH_IA32 2414 #endif // V8_TARGET_ARCH_IA32
OLDNEW
« no previous file with comments | « src/builtins.cc ('k') | src/mips/builtins-mips.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698