Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(15)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/x64/builtins-x64.cc

Issue 1575973006: [builtins] Sanitize receiver patching for API functions. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: REBASE. MIPS fixes. Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/mips64/builtins-mips64.cc ('k') | test/cctest/test-api.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #if V8_TARGET_ARCH_X64 5 #if V8_TARGET_ARCH_X64
6 6
7 #include "src/code-factory.h" 7 #include "src/code-factory.h"
8 #include "src/codegen.h" 8 #include "src/codegen.h"
9 #include "src/deoptimizer.h" 9 #include "src/deoptimizer.h"
10 #include "src/full-codegen/full-codegen.h" 10 #include "src/full-codegen/full-codegen.h"
(...skipping 2314 matching lines...) Expand 10 before | Expand all | Expand 10 after
2325 2325
2326 static void CompatibleReceiverCheck(MacroAssembler* masm, Register receiver, 2326 static void CompatibleReceiverCheck(MacroAssembler* masm, Register receiver,
2327 Register function_template_info, 2327 Register function_template_info,
2328 Register scratch0, Register scratch1, 2328 Register scratch0, Register scratch1,
2329 Register scratch2, 2329 Register scratch2,
2330 Label* receiver_check_failed) { 2330 Label* receiver_check_failed) {
2331 Register signature = scratch0; 2331 Register signature = scratch0;
2332 Register map = scratch1; 2332 Register map = scratch1;
2333 Register constructor = scratch2; 2333 Register constructor = scratch2;
2334 2334
2335 // If the receiver is not an object, jump to receiver_check_failed.
2336 __ CmpObjectType(receiver, FIRST_JS_OBJECT_TYPE, kScratchRegister);
2337 __ j(below, receiver_check_failed);
2338
2339 // If there is no signature, return the holder. 2335 // If there is no signature, return the holder.
2340 __ movp(signature, FieldOperand(function_template_info, 2336 __ movp(signature, FieldOperand(function_template_info,
2341 FunctionTemplateInfo::kSignatureOffset)); 2337 FunctionTemplateInfo::kSignatureOffset));
2342 __ CompareRoot(signature, Heap::kUndefinedValueRootIndex); 2338 __ CompareRoot(signature, Heap::kUndefinedValueRootIndex);
2343 Label receiver_check_passed; 2339 Label receiver_check_passed;
2344 __ j(equal, &receiver_check_passed, Label::kNear); 2340 __ j(equal, &receiver_check_passed, Label::kNear);
2345 2341
2346 // Walk the prototype chain. 2342 // Walk the prototype chain.
2347 Label prototype_loop_start; 2343 Label prototype_loop_start;
2348 __ bind(&prototype_loop_start); 2344 __ bind(&prototype_loop_start);
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after
2401 // -- rdi : callee 2397 // -- rdi : callee
2402 // -- rsi : context 2398 // -- rsi : context
2403 // -- rsp[0] : return address 2399 // -- rsp[0] : return address
2404 // -- rsp[8] : last argument 2400 // -- rsp[8] : last argument
2405 // -- ... 2401 // -- ...
2406 // -- rsp[rax * 8] : first argument 2402 // -- rsp[rax * 8] : first argument
2407 // -- rsp[(rax + 1) * 8] : receiver 2403 // -- rsp[(rax + 1) * 8] : receiver
2408 // ----------------------------------- 2404 // -----------------------------------
2409 2405
2410 StackArgumentsAccessor args(rsp, rax); 2406 StackArgumentsAccessor args(rsp, rax);
2411 __ movp(rcx, args.GetReceiverOperand());
2412
2413 // Update the receiver if this is a contextual call.
2414 Label set_global_proxy, valid_receiver;
2415 __ CompareRoot(rcx, Heap::kUndefinedValueRootIndex);
2416 __ j(equal, &set_global_proxy);
2417 __ bind(&valid_receiver);
2418 2407
2419 // Load the FunctionTemplateInfo. 2408 // Load the FunctionTemplateInfo.
2420 __ movp(rbx, FieldOperand(rdi, JSFunction::kSharedFunctionInfoOffset)); 2409 __ movp(rbx, FieldOperand(rdi, JSFunction::kSharedFunctionInfoOffset));
2421 __ movp(rbx, FieldOperand(rbx, SharedFunctionInfo::kFunctionDataOffset)); 2410 __ movp(rbx, FieldOperand(rbx, SharedFunctionInfo::kFunctionDataOffset));
2422 2411
2423 // Do the compatible receiver check. 2412 // Do the compatible receiver check.
2424 Label receiver_check_failed; 2413 Label receiver_check_failed;
2414 __ movp(rcx, args.GetReceiverOperand());
2425 CompatibleReceiverCheck(masm, rcx, rbx, rdx, r8, r9, &receiver_check_failed); 2415 CompatibleReceiverCheck(masm, rcx, rbx, rdx, r8, r9, &receiver_check_failed);
2426 2416
2427 // Get the callback offset from the FunctionTemplateInfo, and jump to the 2417 // Get the callback offset from the FunctionTemplateInfo, and jump to the
2428 // beginning of the code. 2418 // beginning of the code.
2429 __ movp(rdx, FieldOperand(rbx, FunctionTemplateInfo::kCallCodeOffset)); 2419 __ movp(rdx, FieldOperand(rbx, FunctionTemplateInfo::kCallCodeOffset));
2430 __ movp(rdx, FieldOperand(rdx, CallHandlerInfo::kFastHandlerOffset)); 2420 __ movp(rdx, FieldOperand(rdx, CallHandlerInfo::kFastHandlerOffset));
2431 __ addp(rdx, Immediate(Code::kHeaderSize - kHeapObjectTag)); 2421 __ addp(rdx, Immediate(Code::kHeaderSize - kHeapObjectTag));
2432 __ jmp(rdx); 2422 __ jmp(rdx);
2433 2423
2434 __ bind(&set_global_proxy);
2435 __ movp(rcx, NativeContextOperand());
2436 __ movp(rcx, ContextOperand(rcx, Context::GLOBAL_PROXY_INDEX));
2437 __ movp(args.GetReceiverOperand(), rcx);
2438 __ jmp(&valid_receiver, Label::kNear);
2439
2440 // Compatible receiver check failed: pop return address, arguments and 2424 // Compatible receiver check failed: pop return address, arguments and
2441 // receiver and throw an Illegal Invocation exception. 2425 // receiver and throw an Illegal Invocation exception.
2442 __ bind(&receiver_check_failed); 2426 __ bind(&receiver_check_failed);
2443 __ PopReturnAddressTo(rbx); 2427 __ PopReturnAddressTo(rbx);
2444 __ leap(rax, Operand(rax, times_pointer_size, 1 * kPointerSize)); 2428 __ leap(rax, Operand(rax, times_pointer_size, 1 * kPointerSize));
2445 __ addp(rsp, rax); 2429 __ addp(rsp, rax);
2446 __ PushReturnAddressFrom(rbx); 2430 __ PushReturnAddressFrom(rbx);
2447 { 2431 {
2448 FrameScope scope(masm, StackFrame::INTERNAL); 2432 FrameScope scope(masm, StackFrame::INTERNAL);
2449 __ TailCallRuntime(Runtime::kThrowIllegalInvocation); 2433 __ TailCallRuntime(Runtime::kThrowIllegalInvocation);
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after
2503 __ ret(0); 2487 __ ret(0);
2504 } 2488 }
2505 2489
2506 2490
2507 #undef __ 2491 #undef __
2508 2492
2509 } // namespace internal 2493 } // namespace internal
2510 } // namespace v8 2494 } // namespace v8
2511 2495
2512 #endif // V8_TARGET_ARCH_X64 2496 #endif // V8_TARGET_ARCH_X64
OLDNEW
« no previous file with comments | « src/mips64/builtins-mips64.cc ('k') | test/cctest/test-api.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698