| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #if V8_TARGET_ARCH_X64 | 5 #if V8_TARGET_ARCH_X64 |
| 6 | 6 |
| 7 #include "src/ast/scopes.h" | 7 #include "src/ast/scopes.h" |
| 8 #include "src/code-factory.h" | 8 #include "src/code-factory.h" |
| 9 #include "src/code-stubs.h" | 9 #include "src/code-stubs.h" |
| 10 #include "src/codegen.h" | 10 #include "src/codegen.h" |
| (...skipping 1362 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1373 break; | 1373 break; |
| 1374 } | 1374 } |
| 1375 | 1375 |
| 1376 case VariableLocation::LOOKUP: { | 1376 case VariableLocation::LOOKUP: { |
| 1377 Comment cmnt(masm_, "[ Lookup slot"); | 1377 Comment cmnt(masm_, "[ Lookup slot"); |
| 1378 Label done, slow; | 1378 Label done, slow; |
| 1379 // Generate code for loading from variables potentially shadowed | 1379 // Generate code for loading from variables potentially shadowed |
| 1380 // by eval-introduced variables. | 1380 // by eval-introduced variables. |
| 1381 EmitDynamicLookupFastCase(proxy, typeof_mode, &slow, &done); | 1381 EmitDynamicLookupFastCase(proxy, typeof_mode, &slow, &done); |
| 1382 __ bind(&slow); | 1382 __ bind(&slow); |
| 1383 __ Push(rsi); // Context. | |
| 1384 __ Push(var->name()); | 1383 __ Push(var->name()); |
| 1385 Runtime::FunctionId function_id = | 1384 Runtime::FunctionId function_id = |
| 1386 typeof_mode == NOT_INSIDE_TYPEOF | 1385 typeof_mode == NOT_INSIDE_TYPEOF |
| 1387 ? Runtime::kLoadLookupSlot | 1386 ? Runtime::kLoadLookupSlot |
| 1388 : Runtime::kLoadLookupSlotNoReferenceError; | 1387 : Runtime::kLoadLookupSlotInsideTypeof; |
| 1389 __ CallRuntime(function_id); | 1388 __ CallRuntime(function_id); |
| 1390 __ bind(&done); | 1389 __ bind(&done); |
| 1391 context()->Plug(rax); | 1390 context()->Plug(rax); |
| 1392 break; | 1391 break; |
| 1393 } | 1392 } |
| 1394 } | 1393 } |
| 1395 } | 1394 } |
| 1396 | 1395 |
| 1397 | 1396 |
| 1398 void FullCodeGenerator::VisitRegExpLiteral(RegExpLiteral* expr) { | 1397 void FullCodeGenerator::VisitRegExpLiteral(RegExpLiteral* expr) { |
| (...skipping 929 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2328 __ j(equal, &uninitialized_this); | 2327 __ j(equal, &uninitialized_this); |
| 2329 __ Push(var->name()); | 2328 __ Push(var->name()); |
| 2330 __ CallRuntime(Runtime::kThrowReferenceError); | 2329 __ CallRuntime(Runtime::kThrowReferenceError); |
| 2331 __ bind(&uninitialized_this); | 2330 __ bind(&uninitialized_this); |
| 2332 EmitStoreToStackLocalOrContextSlot(var, location); | 2331 EmitStoreToStackLocalOrContextSlot(var, location); |
| 2333 | 2332 |
| 2334 } else if (!var->is_const_mode() || | 2333 } else if (!var->is_const_mode() || |
| 2335 (var->mode() == CONST && op == Token::INIT)) { | 2334 (var->mode() == CONST && op == Token::INIT)) { |
| 2336 if (var->IsLookupSlot()) { | 2335 if (var->IsLookupSlot()) { |
| 2337 // Assignment to var. | 2336 // Assignment to var. |
| 2338 __ Push(rax); // Value. | |
| 2339 __ Push(rsi); // Context. | |
| 2340 __ Push(var->name()); | 2337 __ Push(var->name()); |
| 2341 __ Push(Smi::FromInt(language_mode())); | 2338 __ Push(rax); |
| 2342 __ CallRuntime(Runtime::kStoreLookupSlot); | 2339 __ CallRuntime(is_strict(language_mode()) |
| 2340 ? Runtime::kStoreLookupSlot_Strict |
| 2341 : Runtime::kStoreLookupSlot_Sloppy); |
| 2343 } else { | 2342 } else { |
| 2344 // Assignment to var or initializing assignment to let/const in harmony | 2343 // Assignment to var or initializing assignment to let/const in harmony |
| 2345 // mode. | 2344 // mode. |
| 2346 DCHECK(var->IsStackAllocated() || var->IsContextSlot()); | 2345 DCHECK(var->IsStackAllocated() || var->IsContextSlot()); |
| 2347 MemOperand location = VarOperand(var, rcx); | 2346 MemOperand location = VarOperand(var, rcx); |
| 2348 if (generate_debug_code_ && var->mode() == LET && op == Token::INIT) { | 2347 if (generate_debug_code_ && var->mode() == LET && op == Token::INIT) { |
| 2349 // Check for an uninitialized let binding. | 2348 // Check for an uninitialized let binding. |
| 2350 __ movp(rdx, location); | 2349 __ movp(rdx, location); |
| 2351 __ CompareRoot(rdx, Heap::kTheHoleValueRootIndex); | 2350 __ CompareRoot(rdx, Heap::kTheHoleValueRootIndex); |
| 2352 __ Check(equal, kLetBindingReInitialization); | 2351 __ Check(equal, kLetBindingReInitialization); |
| (...skipping 318 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2671 VariableProxy* callee = expr->expression()->AsVariableProxy(); | 2670 VariableProxy* callee = expr->expression()->AsVariableProxy(); |
| 2672 if (callee->var()->IsLookupSlot()) { | 2671 if (callee->var()->IsLookupSlot()) { |
| 2673 Label slow, done; | 2672 Label slow, done; |
| 2674 SetExpressionPosition(callee); | 2673 SetExpressionPosition(callee); |
| 2675 // Generate code for loading from variables potentially shadowed by | 2674 // Generate code for loading from variables potentially shadowed by |
| 2676 // eval-introduced variables. | 2675 // eval-introduced variables. |
| 2677 EmitDynamicLookupFastCase(callee, NOT_INSIDE_TYPEOF, &slow, &done); | 2676 EmitDynamicLookupFastCase(callee, NOT_INSIDE_TYPEOF, &slow, &done); |
| 2678 __ bind(&slow); | 2677 __ bind(&slow); |
| 2679 // Call the runtime to find the function to call (returned in rax) and | 2678 // Call the runtime to find the function to call (returned in rax) and |
| 2680 // the object holding it (returned in rdx). | 2679 // the object holding it (returned in rdx). |
| 2681 __ Push(context_register()); | |
| 2682 __ Push(callee->name()); | 2680 __ Push(callee->name()); |
| 2683 __ CallRuntime(Runtime::kLoadLookupSlot); | 2681 __ CallRuntime(Runtime::kLoadLookupSlotForCall); |
| 2684 __ Push(rax); // Function. | 2682 __ Push(rax); // Function. |
| 2685 __ Push(rdx); // Receiver. | 2683 __ Push(rdx); // Receiver. |
| 2686 PrepareForBailoutForId(expr->LookupId(), NO_REGISTERS); | 2684 PrepareForBailoutForId(expr->LookupId(), NO_REGISTERS); |
| 2687 | 2685 |
| 2688 // If fast case code has been generated, emit code to push the function | 2686 // If fast case code has been generated, emit code to push the function |
| 2689 // and receiver and have the slow path jump around this code. | 2687 // and receiver and have the slow path jump around this code. |
| 2690 if (done.is_linked()) { | 2688 if (done.is_linked()) { |
| 2691 Label call; | 2689 Label call; |
| 2692 __ jmp(&call, Label::kNear); | 2690 __ jmp(&call, Label::kNear); |
| 2693 __ bind(&done); | 2691 __ bind(&done); |
| (...skipping 1157 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3851 __ CallRuntime(Runtime::kDeleteProperty_Sloppy); | 3849 __ CallRuntime(Runtime::kDeleteProperty_Sloppy); |
| 3852 context()->Plug(rax); | 3850 context()->Plug(rax); |
| 3853 } else if (var->IsStackAllocated() || var->IsContextSlot()) { | 3851 } else if (var->IsStackAllocated() || var->IsContextSlot()) { |
| 3854 // Result of deleting non-global variables is false. 'this' is | 3852 // Result of deleting non-global variables is false. 'this' is |
| 3855 // not really a variable, though we implement it as one. The | 3853 // not really a variable, though we implement it as one. The |
| 3856 // subexpression does not have side effects. | 3854 // subexpression does not have side effects. |
| 3857 context()->Plug(is_this); | 3855 context()->Plug(is_this); |
| 3858 } else { | 3856 } else { |
| 3859 // Non-global variable. Call the runtime to try to delete from the | 3857 // Non-global variable. Call the runtime to try to delete from the |
| 3860 // context where the variable was introduced. | 3858 // context where the variable was introduced. |
| 3861 __ Push(context_register()); | |
| 3862 __ Push(var->name()); | 3859 __ Push(var->name()); |
| 3863 __ CallRuntime(Runtime::kDeleteLookupSlot); | 3860 __ CallRuntime(Runtime::kDeleteLookupSlot); |
| 3864 context()->Plug(rax); | 3861 context()->Plug(rax); |
| 3865 } | 3862 } |
| 3866 } else { | 3863 } else { |
| 3867 // Result of deleting non-property, non-variable reference is true. | 3864 // Result of deleting non-property, non-variable reference is true. |
| 3868 // The subexpression may have side effects. | 3865 // The subexpression may have side effects. |
| 3869 VisitForEffect(expr->expression()); | 3866 VisitForEffect(expr->expression()); |
| 3870 context()->Plug(true); | 3867 context()->Plug(true); |
| 3871 } | 3868 } |
| (...skipping 693 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4565 DCHECK_EQ(isolate->builtins()->OsrAfterStackCheck()->entry(), | 4562 DCHECK_EQ(isolate->builtins()->OsrAfterStackCheck()->entry(), |
| 4566 Assembler::target_address_at(call_target_address, | 4563 Assembler::target_address_at(call_target_address, |
| 4567 unoptimized_code)); | 4564 unoptimized_code)); |
| 4568 return OSR_AFTER_STACK_CHECK; | 4565 return OSR_AFTER_STACK_CHECK; |
| 4569 } | 4566 } |
| 4570 | 4567 |
| 4571 } // namespace internal | 4568 } // namespace internal |
| 4572 } // namespace v8 | 4569 } // namespace v8 |
| 4573 | 4570 |
| 4574 #endif // V8_TARGET_ARCH_X64 | 4571 #endif // V8_TARGET_ARCH_X64 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1683103002:
[compiler] Sanitize entry points to LookupSlot access. (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master