Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(142)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/mips/builtins-mips.cc

Issue 1575973006: [builtins] Sanitize receiver patching for API functions. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: REBASE. MIPS fixes. Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/ia32/builtins-ia32.cc ('k') | src/mips64/builtins-mips64.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #if V8_TARGET_ARCH_MIPS 5 #if V8_TARGET_ARCH_MIPS
6 6
7 #include "src/codegen.h" 7 #include "src/codegen.h"
8 #include "src/debug/debug.h" 8 #include "src/debug/debug.h"
9 #include "src/deoptimizer.h" 9 #include "src/deoptimizer.h"
10 #include "src/full-codegen/full-codegen.h" 10 #include "src/full-codegen/full-codegen.h"
(...skipping 1208 matching lines...) Expand 10 before | Expand all | Expand 10 after
1219 1219
1220 // Clobbers {t2, t3, t4, t5}. 1220 // Clobbers {t2, t3, t4, t5}.
1221 static void CompatibleReceiverCheck(MacroAssembler* masm, Register receiver, 1221 static void CompatibleReceiverCheck(MacroAssembler* masm, Register receiver,
1222 Register function_template_info, 1222 Register function_template_info,
1223 Label* receiver_check_failed) { 1223 Label* receiver_check_failed) {
1224 Register signature = t2; 1224 Register signature = t2;
1225 Register map = t3; 1225 Register map = t3;
1226 Register constructor = t4; 1226 Register constructor = t4;
1227 Register scratch = t5; 1227 Register scratch = t5;
1228 1228
1229 // If the receiver is not an object, jump to receiver_check_failed.
1230 __ GetObjectType(receiver, map, scratch);
1231 __ Branch(receiver_check_failed, lo, scratch, Operand(FIRST_JS_OBJECT_TYPE));
1232
1233 // If there is no signature, return the holder. 1229 // If there is no signature, return the holder.
1234 __ lw(signature, FieldMemOperand(function_template_info, 1230 __ lw(signature, FieldMemOperand(function_template_info,
1235 FunctionTemplateInfo::kSignatureOffset)); 1231 FunctionTemplateInfo::kSignatureOffset));
1236 Label receiver_check_passed; 1232 Label receiver_check_passed;
1237 __ JumpIfRoot(signature, Heap::kUndefinedValueRootIndex, 1233 __ JumpIfRoot(signature, Heap::kUndefinedValueRootIndex,
1238 &receiver_check_passed); 1234 &receiver_check_passed);
1239 1235
1240 // Walk the prototype chain. 1236 // Walk the prototype chain.
1241 Label prototype_loop_start; 1237 Label prototype_loop_start;
1242 __ bind(&prototype_loop_start); 1238 __ bind(&prototype_loop_start);
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after
1289 // ----------- S t a t e ------------- 1285 // ----------- S t a t e -------------
1290 // -- a0 : number of arguments excluding receiver 1286 // -- a0 : number of arguments excluding receiver
1291 // -- a1 : callee 1287 // -- a1 : callee
1292 // -- ra : return address 1288 // -- ra : return address
1293 // -- sp[0] : last argument 1289 // -- sp[0] : last argument
1294 // -- ... 1290 // -- ...
1295 // -- sp[4 * (argc - 1)] : first argument 1291 // -- sp[4 * (argc - 1)] : first argument
1296 // -- sp[4 * argc] : receiver 1292 // -- sp[4 * argc] : receiver
1297 // ----------------------------------- 1293 // -----------------------------------
1298 1294
1299 // Load the receiver.
1300 __ sll(at, a0, kPointerSizeLog2);
1301 __ Addu(t8, sp, at);
1302 __ lw(t0, MemOperand(t8));
1303
1304 // Update the receiver if this is a contextual call.
1305 Label set_global_proxy, valid_receiver;
1306 __ JumpIfRoot(t0, Heap::kUndefinedValueRootIndex, &set_global_proxy);
1307
1308 // Load the FunctionTemplateInfo. 1295 // Load the FunctionTemplateInfo.
1309 __ bind(&valid_receiver);
1310 __ lw(t1, FieldMemOperand(a1, JSFunction::kSharedFunctionInfoOffset)); 1296 __ lw(t1, FieldMemOperand(a1, JSFunction::kSharedFunctionInfoOffset));
1311 __ lw(t1, FieldMemOperand(t1, SharedFunctionInfo::kFunctionDataOffset)); 1297 __ lw(t1, FieldMemOperand(t1, SharedFunctionInfo::kFunctionDataOffset));
1312 1298
1313 // Do the compatible receiver check. 1299 // Do the compatible receiver check.
1314 Label receiver_check_failed; 1300 Label receiver_check_failed;
1301 __ sll(at, a0, kPointerSizeLog2);
1302 __ Addu(t8, sp, at);
1303 __ lw(t0, MemOperand(t8));
1315 CompatibleReceiverCheck(masm, t0, t1, &receiver_check_failed); 1304 CompatibleReceiverCheck(masm, t0, t1, &receiver_check_failed);
1316 1305
1317 // Get the callback offset from the FunctionTemplateInfo, and jump to the 1306 // Get the callback offset from the FunctionTemplateInfo, and jump to the
1318 // beginning of the code. 1307 // beginning of the code.
1319 __ lw(t2, FieldMemOperand(t1, FunctionTemplateInfo::kCallCodeOffset)); 1308 __ lw(t2, FieldMemOperand(t1, FunctionTemplateInfo::kCallCodeOffset));
1320 __ lw(t2, FieldMemOperand(t2, CallHandlerInfo::kFastHandlerOffset)); 1309 __ lw(t2, FieldMemOperand(t2, CallHandlerInfo::kFastHandlerOffset));
1321 __ Addu(t2, t2, Operand(Code::kHeaderSize - kHeapObjectTag)); 1310 __ Addu(t2, t2, Operand(Code::kHeaderSize - kHeapObjectTag));
1322 __ Jump(t2); 1311 __ Jump(t2);
1323 1312
1324 __ bind(&set_global_proxy);
1325 __ LoadGlobalProxy(t0);
1326 __ sw(t0, MemOperand(t8));
1327 __ Branch(&valid_receiver);
1328
1329 // Compatible receiver check failed: throw an Illegal Invocation exception. 1313 // Compatible receiver check failed: throw an Illegal Invocation exception.
1330 __ bind(&receiver_check_failed); 1314 __ bind(&receiver_check_failed);
1331 // Drop the arguments (including the receiver); 1315 // Drop the arguments (including the receiver);
1332 __ Addu(t8, t8, Operand(kPointerSize)); 1316 __ Addu(t8, t8, Operand(kPointerSize));
1333 __ addu(sp, t8, zero_reg); 1317 __ addu(sp, t8, zero_reg);
1334 __ TailCallRuntime(Runtime::kThrowIllegalInvocation); 1318 __ TailCallRuntime(Runtime::kThrowIllegalInvocation);
1335 } 1319 }
1336 1320
1337 1321
1338 void Builtins::Generate_OnStackReplacement(MacroAssembler* masm) { 1322 void Builtins::Generate_OnStackReplacement(MacroAssembler* masm) {
(...skipping 1127 matching lines...) Expand 10 before | Expand all | Expand 10 after
2466 } 2450 }
2467 } 2451 }
2468 2452
2469 2453
2470 #undef __ 2454 #undef __
2471 2455
2472 } // namespace internal 2456 } // namespace internal
2473 } // namespace v8 2457 } // namespace v8
2474 2458
2475 #endif // V8_TARGET_ARCH_MIPS 2459 #endif // V8_TARGET_ARCH_MIPS
OLDNEW
« no previous file with comments | « src/ia32/builtins-ia32.cc ('k') | src/mips64/builtins-mips64.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698