Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(68)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/compiler/verifier.cc

Issue 1683103002: [compiler] Sanitize entry points to LookupSlot access. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: REBASE. Fixes. Comments. Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/compiler/typer.cc ('k') | src/full-codegen/arm/full-codegen-arm.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 the V8 project authors. All rights reserved. 1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/compiler/verifier.h" 5 #include "src/compiler/verifier.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <deque> 8 #include <deque>
9 #include <queue> 9 #include <queue>
10 #include <sstream> 10 #include <sstream>
(...skipping 541 matching lines...) Expand 10 before | Expand all | Expand 10 after
552 case IrOpcode::kJSInstanceOf: 552 case IrOpcode::kJSInstanceOf:
553 // Type is Boolean. 553 // Type is Boolean.
554 CheckUpperIs(node, Type::Boolean()); 554 CheckUpperIs(node, Type::Boolean());
555 break; 555 break;
556 case IrOpcode::kJSTypeOf: 556 case IrOpcode::kJSTypeOf:
557 // Type is String. 557 // Type is String.
558 CheckUpperIs(node, Type::String()); 558 CheckUpperIs(node, Type::String());
559 break; 559 break;
560 560
561 case IrOpcode::kJSLoadContext: 561 case IrOpcode::kJSLoadContext:
562 case IrOpcode::kJSLoadDynamic:
563 // Type can be anything. 562 // Type can be anything.
564 CheckUpperIs(node, Type::Any()); 563 CheckUpperIs(node, Type::Any());
565 break; 564 break;
566 case IrOpcode::kJSStoreContext: 565 case IrOpcode::kJSStoreContext:
567 // Type is empty. 566 // Type is empty.
568 CheckNotTyped(node); 567 CheckNotTyped(node);
569 break; 568 break;
570 case IrOpcode::kJSCreateFunctionContext: 569 case IrOpcode::kJSCreateFunctionContext:
571 case IrOpcode::kJSCreateCatchContext: 570 case IrOpcode::kJSCreateCatchContext:
572 case IrOpcode::kJSCreateWithContext: 571 case IrOpcode::kJSCreateWithContext:
(...skipping 698 matching lines...) Expand 10 before | Expand all | Expand 10 after
1271 replacement->op()->EffectOutputCount() > 0); 1270 replacement->op()->EffectOutputCount() > 0);
1272 DCHECK(!NodeProperties::IsFrameStateEdge(edge) || 1271 DCHECK(!NodeProperties::IsFrameStateEdge(edge) ||
1273 replacement->opcode() == IrOpcode::kFrameState); 1272 replacement->opcode() == IrOpcode::kFrameState);
1274 } 1273 }
1275 1274
1276 #endif // DEBUG 1275 #endif // DEBUG
1277 1276
1278 } // namespace compiler 1277 } // namespace compiler
1279 } // namespace internal 1278 } // namespace internal
1280 } // namespace v8 1279 } // namespace v8
OLDNEW
« no previous file with comments | « src/compiler/typer.cc ('k') | src/full-codegen/arm/full-codegen-arm.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698