X87: [builtins] Sanitize receiver patching for API functions.

src/x87/builtins-x87.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #if V8_TARGET_ARCH_X87
 
 #include "src/code-factory.h"
 #include "src/codegen.h"
 #include "src/deoptimizer.h"
 #include "src/full-codegen/full-codegen.h"
@@ skipping 2236 matching lines @@
     __ CallRuntime(Runtime::kThrowStackOverflow);
     __ int3();
   }
 }
 
 
 static void CompatibleReceiverCheck(MacroAssembler* masm, Register receiver,
                                     Register function_template_info,
                                     Register scratch0, Register scratch1,
                                     Label* receiver_check_failed) {
-  // If receiver is not an object, jump to receiver_check_failed.
-  __ CmpObjectType(receiver, FIRST_JS_OBJECT_TYPE, scratch0);
-  __ j(below, receiver_check_failed);
-
   // If there is no signature, return the holder.
   __ CompareRoot(FieldOperand(function_template_info,
                               FunctionTemplateInfo::kSignatureOffset),
                  Heap::kUndefinedValueRootIndex);
   Label receiver_check_passed;
   __ j(equal, &receiver_check_passed, Label::kNear);
 
   // Walk the prototype chain.
   Label prototype_loop_start;
   __ bind(&prototype_loop_start);
@@ skipping 53 matching lines @@
   //  -- eax                : number of arguments (not including the receiver)
   //  -- edi                : callee
   //  -- esi                : context
   //  -- esp[0]             : return address
   //  -- esp[4]             : last argument
   //  -- ...
   //  -- esp[eax * 4]       : first argument
   //  -- esp[(eax + 1) * 4] : receiver
   // -----------------------------------
 
-  // Load the receiver.
-  Operand receiver_operand(esp, eax, times_pointer_size, kPCOnStackSize);
-  __ mov(ecx, receiver_operand);
-
-  // Update the receiver if this is a contextual call.
-  Label set_global_proxy, valid_receiver;
-  __ CompareRoot(ecx, Heap::kUndefinedValueRootIndex);
-  __ j(equal, &set_global_proxy);
-  __ bind(&valid_receiver);
-
   // Load the FunctionTemplateInfo.
   __ mov(ebx, FieldOperand(edi, JSFunction::kSharedFunctionInfoOffset));
   __ mov(ebx, FieldOperand(ebx, SharedFunctionInfo::kFunctionDataOffset));
 
   // Do the compatible receiver check.
   Label receiver_check_failed;
+  __ mov(ecx, Operand(esp, eax, times_pointer_size, kPCOnStackSize));
   __ Push(eax);
   CompatibleReceiverCheck(masm, ecx, ebx, edx, eax, &receiver_check_failed);
   __ Pop(eax);
   // Get the callback offset from the FunctionTemplateInfo, and jump to the
   // beginning of the code.
   __ mov(edx, FieldOperand(ebx, FunctionTemplateInfo::kCallCodeOffset));
   __ mov(edx, FieldOperand(edx, CallHandlerInfo::kFastHandlerOffset));
   __ add(edx, Immediate(Code::kHeaderSize - kHeapObjectTag));
   __ jmp(edx);
 
-  __ bind(&set_global_proxy);
-  __ mov(ecx, NativeContextOperand());
-  __ mov(ecx, ContextOperand(ecx, Context::GLOBAL_PROXY_INDEX));
-  __ mov(receiver_operand, ecx);
-  __ jmp(&valid_receiver, Label::kNear);
-
   // Compatible receiver check failed: pop return address, arguments and
   // receiver and throw an Illegal Invocation exception.
   __ bind(&receiver_check_failed);
   __ Pop(eax);
   __ PopReturnAddressTo(ebx);
   __ lea(eax, Operand(eax, times_pointer_size, 1 * kPointerSize));
   __ add(esp, eax);
   __ PushReturnAddressFrom(ebx);
   {
     FrameScope scope(masm, StackFrame::INTERNAL);
@@ skipping 55 matching lines @@
 
   __ bind(&ok);
   __ ret(0);
 }
 
 #undef __
 }  // namespace internal
 }  // namespace v8
 
 #endif  // V8_TARGET_ARCH_X87