Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(556)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/compiler/js-generic-lowering.cc

Issue 1683103002: [compiler] Sanitize entry points to LookupSlot access. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: REBASE. Fixes. Comments. Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/compiler/bytecode-graph-builder.cc ('k') | src/compiler/js-operator.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 the V8 project authors. All rights reserved. 1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/code-factory.h" 5 #include "src/code-factory.h"
6 #include "src/code-stubs.h" 6 #include "src/code-stubs.h"
7 #include "src/compiler/common-operator.h" 7 #include "src/compiler/common-operator.h"
8 #include "src/compiler/js-generic-lowering.h" 8 #include "src/compiler/js-generic-lowering.h"
9 #include "src/compiler/js-graph.h" 9 #include "src/compiler/js-graph.h"
10 #include "src/compiler/machine-operator.h" 10 #include "src/compiler/machine-operator.h"
(...skipping 504 matching lines...) Expand 10 before | Expand all | Expand 10 after
515 } 515 }
516 node->ReplaceInput(2, NodeProperties::GetValueInput(node, 1)); 516 node->ReplaceInput(2, NodeProperties::GetValueInput(node, 1));
517 node->ReplaceInput(1, jsgraph()->Int32Constant(Context::SlotOffset( 517 node->ReplaceInput(1, jsgraph()->Int32Constant(Context::SlotOffset(
518 static_cast<int>(access.index())))); 518 static_cast<int>(access.index()))));
519 NodeProperties::ChangeOp( 519 NodeProperties::ChangeOp(
520 node, machine()->Store(StoreRepresentation(MachineRepresentation::kTagged, 520 node, machine()->Store(StoreRepresentation(MachineRepresentation::kTagged,
521 kFullWriteBarrier))); 521 kFullWriteBarrier)));
522 } 522 }
523 523
524 524
525 void JSGenericLowering::LowerJSLoadDynamic(Node* node) {
526 const DynamicAccess& access = DynamicAccessOf(node->op());
527 Runtime::FunctionId function_id =
528 (access.typeof_mode() == NOT_INSIDE_TYPEOF)
529 ? Runtime::kLoadLookupSlot
530 : Runtime::kLoadLookupSlotNoReferenceError;
531 Node* projection = graph()->NewNode(common()->Projection(0), node);
532 NodeProperties::ReplaceUses(node, projection, node, node, node);
533 node->RemoveInput(NodeProperties::FirstValueIndex(node));
534 node->InsertInput(zone(), 1, jsgraph()->Constant(access.name()));
535 ReplaceWithRuntimeCall(node, function_id);
536 projection->ReplaceInput(0, node);
537 }
538
539
540 void JSGenericLowering::LowerJSCreate(Node* node) { 525 void JSGenericLowering::LowerJSCreate(Node* node) {
541 ReplaceWithRuntimeCall(node, Runtime::kNewObject); 526 ReplaceWithRuntimeCall(node, Runtime::kNewObject);
542 } 527 }
543 528
544 529
545 void JSGenericLowering::LowerJSCreateArguments(Node* node) { 530 void JSGenericLowering::LowerJSCreateArguments(Node* node) {
546 CreateArgumentsType const type = CreateArgumentsTypeOf(node->op()); 531 CreateArgumentsType const type = CreateArgumentsTypeOf(node->op());
547 switch (type) { 532 switch (type) {
548 case CreateArgumentsType::kMappedArguments: 533 case CreateArgumentsType::kMappedArguments:
549 ReplaceWithRuntimeCall(node, Runtime::kNewSloppyArguments_Generic); 534 ReplaceWithRuntimeCall(node, Runtime::kNewSloppyArguments_Generic);
(...skipping 339 matching lines...) Expand 10 before | Expand all | Expand 10 after
889 } 874 }
890 875
891 876
892 MachineOperatorBuilder* JSGenericLowering::machine() const { 877 MachineOperatorBuilder* JSGenericLowering::machine() const {
893 return jsgraph()->machine(); 878 return jsgraph()->machine();
894 } 879 }
895 880
896 } // namespace compiler 881 } // namespace compiler
897 } // namespace internal 882 } // namespace internal
898 } // namespace v8 883 } // namespace v8
OLDNEW
« no previous file with comments | « src/compiler/bytecode-graph-builder.cc ('k') | src/compiler/js-operator.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698