| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #if V8_TARGET_ARCH_X87 | 5 #if V8_TARGET_ARCH_X87 |
| 6 | 6 |
| 7 #include "src/ast/scopes.h" | 7 #include "src/ast/scopes.h" |
| 8 #include "src/code-factory.h" | 8 #include "src/code-factory.h" |
| 9 #include "src/code-stubs.h" | 9 #include "src/code-stubs.h" |
| 10 #include "src/codegen.h" | 10 #include "src/codegen.h" |
| (...skipping 1336 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1347 context()->Plug(var); | 1347 context()->Plug(var); |
| 1348 break; | 1348 break; |
| 1349 } | 1349 } |
| 1350 | 1350 |
| 1351 case VariableLocation::LOOKUP: { | 1351 case VariableLocation::LOOKUP: { |
| 1352 Comment cmnt(masm_, "[ Lookup variable"); | 1352 Comment cmnt(masm_, "[ Lookup variable"); |
| 1353 Label done, slow; | 1353 Label done, slow; |
| 1354 // Generate code for loading from variables potentially shadowed | 1354 // Generate code for loading from variables potentially shadowed |
| 1355 // by eval-introduced variables. | 1355 // by eval-introduced variables. |
| 1356 EmitDynamicLookupFastCase(proxy, typeof_mode, &slow, &done); | 1356 EmitDynamicLookupFastCase(proxy, typeof_mode, &slow, &done); |
| 1357 __ bind(&slow); | 1357 __ Push(var->name()); |
| 1358 __ push(esi); // Context. | |
| 1359 __ push(Immediate(var->name())); | |
| 1360 Runtime::FunctionId function_id = | 1358 Runtime::FunctionId function_id = |
| 1361 typeof_mode == NOT_INSIDE_TYPEOF | 1359 typeof_mode == NOT_INSIDE_TYPEOF |
| 1362 ? Runtime::kLoadLookupSlot | 1360 ? Runtime::kLoadLookupSlot |
| 1363 : Runtime::kLoadLookupSlotNoReferenceError; | 1361 : Runtime::kLoadLookupSlotInsideTypeof; |
| 1364 __ CallRuntime(function_id); | 1362 __ CallRuntime(function_id); |
| 1365 __ bind(&done); | 1363 __ bind(&done); |
| 1366 context()->Plug(eax); | 1364 context()->Plug(eax); |
| 1367 break; | 1365 break; |
| 1368 } | 1366 } |
| 1369 } | 1367 } |
| 1370 } | 1368 } |
| 1371 | 1369 |
| 1372 | 1370 |
| 1373 void FullCodeGenerator::VisitRegExpLiteral(RegExpLiteral* expr) { | 1371 void FullCodeGenerator::VisitRegExpLiteral(RegExpLiteral* expr) { |
| (...skipping 968 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2342 __ j(equal, &uninitialized_this); | 2340 __ j(equal, &uninitialized_this); |
| 2343 __ push(Immediate(var->name())); | 2341 __ push(Immediate(var->name())); |
| 2344 __ CallRuntime(Runtime::kThrowReferenceError); | 2342 __ CallRuntime(Runtime::kThrowReferenceError); |
| 2345 __ bind(&uninitialized_this); | 2343 __ bind(&uninitialized_this); |
| 2346 EmitStoreToStackLocalOrContextSlot(var, location); | 2344 EmitStoreToStackLocalOrContextSlot(var, location); |
| 2347 | 2345 |
| 2348 } else if (!var->is_const_mode() || | 2346 } else if (!var->is_const_mode() || |
| 2349 (var->mode() == CONST && op == Token::INIT)) { | 2347 (var->mode() == CONST && op == Token::INIT)) { |
| 2350 if (var->IsLookupSlot()) { | 2348 if (var->IsLookupSlot()) { |
| 2351 // Assignment to var. | 2349 // Assignment to var. |
| 2352 __ push(eax); // Value. | 2350 __ Push(var->name()); |
| 2353 __ push(esi); // Context. | 2351 __ Push(eax); |
| 2354 __ push(Immediate(var->name())); | 2352 __ CallRuntime(is_strict(language_mode()) |
| 2355 __ push(Immediate(Smi::FromInt(language_mode()))); | 2353 ? Runtime::kStoreLookupSlot_Strict |
| 2356 __ CallRuntime(Runtime::kStoreLookupSlot); | 2354 : Runtime::kStoreLookupSlot_Sloppy); |
| 2357 } else { | 2355 } else { |
| 2358 // Assignment to var or initializing assignment to let/const in harmony | 2356 // Assignment to var or initializing assignment to let/const in harmony |
| 2359 // mode. | 2357 // mode. |
| 2360 DCHECK(var->IsStackAllocated() || var->IsContextSlot()); | 2358 DCHECK(var->IsStackAllocated() || var->IsContextSlot()); |
| 2361 MemOperand location = VarOperand(var, ecx); | 2359 MemOperand location = VarOperand(var, ecx); |
| 2362 if (generate_debug_code_ && var->mode() == LET && op == Token::INIT) { | 2360 if (generate_debug_code_ && var->mode() == LET && op == Token::INIT) { |
| 2363 // Check for an uninitialized let binding. | 2361 // Check for an uninitialized let binding. |
| 2364 __ mov(edx, location); | 2362 __ mov(edx, location); |
| 2365 __ cmp(edx, isolate()->factory()->the_hole_value()); | 2363 __ cmp(edx, isolate()->factory()->the_hole_value()); |
| 2366 __ Check(equal, kLetBindingReInitialization); | 2364 __ Check(equal, kLetBindingReInitialization); |
| (...skipping 319 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2686 if (callee->var()->IsLookupSlot()) { | 2684 if (callee->var()->IsLookupSlot()) { |
| 2687 Label slow, done; | 2685 Label slow, done; |
| 2688 SetExpressionPosition(callee); | 2686 SetExpressionPosition(callee); |
| 2689 // Generate code for loading from variables potentially shadowed by | 2687 // Generate code for loading from variables potentially shadowed by |
| 2690 // eval-introduced variables. | 2688 // eval-introduced variables. |
| 2691 EmitDynamicLookupFastCase(callee, NOT_INSIDE_TYPEOF, &slow, &done); | 2689 EmitDynamicLookupFastCase(callee, NOT_INSIDE_TYPEOF, &slow, &done); |
| 2692 | 2690 |
| 2693 __ bind(&slow); | 2691 __ bind(&slow); |
| 2694 // Call the runtime to find the function to call (returned in eax) and | 2692 // Call the runtime to find the function to call (returned in eax) and |
| 2695 // the object holding it (returned in edx). | 2693 // the object holding it (returned in edx). |
| 2696 __ push(context_register()); | 2694 __ Push(callee->name()); |
| 2697 __ push(Immediate(callee->name())); | 2695 __ CallRuntime(Runtime::kLoadLookupSlotForCall); |
| 2698 __ CallRuntime(Runtime::kLoadLookupSlot); | 2696 __ Push(eax); // Function. |
| 2699 __ push(eax); // Function. | 2697 __ Push(edx); // Receiver. |
| 2700 __ push(edx); // Receiver. | |
| 2701 PrepareForBailoutForId(expr->LookupId(), NO_REGISTERS); | 2698 PrepareForBailoutForId(expr->LookupId(), NO_REGISTERS); |
| 2702 | 2699 |
| 2703 // If fast case code has been generated, emit code to push the function | 2700 // If fast case code has been generated, emit code to push the function |
| 2704 // and receiver and have the slow path jump around this code. | 2701 // and receiver and have the slow path jump around this code. |
| 2705 if (done.is_linked()) { | 2702 if (done.is_linked()) { |
| 2706 Label call; | 2703 Label call; |
| 2707 __ jmp(&call, Label::kNear); | 2704 __ jmp(&call, Label::kNear); |
| 2708 __ bind(&done); | 2705 __ bind(&done); |
| 2709 // Push function. | 2706 // Push function. |
| 2710 __ push(eax); | 2707 __ push(eax); |
| (...skipping 1136 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3847 __ CallRuntime(Runtime::kDeleteProperty_Sloppy); | 3844 __ CallRuntime(Runtime::kDeleteProperty_Sloppy); |
| 3848 context()->Plug(eax); | 3845 context()->Plug(eax); |
| 3849 } else if (var->IsStackAllocated() || var->IsContextSlot()) { | 3846 } else if (var->IsStackAllocated() || var->IsContextSlot()) { |
| 3850 // Result of deleting non-global variables is false. 'this' is | 3847 // Result of deleting non-global variables is false. 'this' is |
| 3851 // not really a variable, though we implement it as one. The | 3848 // not really a variable, though we implement it as one. The |
| 3852 // subexpression does not have side effects. | 3849 // subexpression does not have side effects. |
| 3853 context()->Plug(is_this); | 3850 context()->Plug(is_this); |
| 3854 } else { | 3851 } else { |
| 3855 // Non-global variable. Call the runtime to try to delete from the | 3852 // Non-global variable. Call the runtime to try to delete from the |
| 3856 // context where the variable was introduced. | 3853 // context where the variable was introduced. |
| 3857 __ push(context_register()); | 3854 __ Push(var->name()); |
| 3858 __ push(Immediate(var->name())); | |
| 3859 __ CallRuntime(Runtime::kDeleteLookupSlot); | 3855 __ CallRuntime(Runtime::kDeleteLookupSlot); |
| 3860 context()->Plug(eax); | 3856 context()->Plug(eax); |
| 3861 } | 3857 } |
| 3862 } else { | 3858 } else { |
| 3863 // Result of deleting non-property, non-variable reference is true. | 3859 // Result of deleting non-property, non-variable reference is true. |
| 3864 // The subexpression may have side effects. | 3860 // The subexpression may have side effects. |
| 3865 VisitForEffect(expr->expression()); | 3861 VisitForEffect(expr->expression()); |
| 3866 context()->Plug(true); | 3862 context()->Plug(true); |
| 3867 } | 3863 } |
| 3868 break; | 3864 break; |
| (...skipping 695 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4564 Assembler::target_address_at(call_target_address, | 4560 Assembler::target_address_at(call_target_address, |
| 4565 unoptimized_code)); | 4561 unoptimized_code)); |
| 4566 return OSR_AFTER_STACK_CHECK; | 4562 return OSR_AFTER_STACK_CHECK; |
| 4567 } | 4563 } |
| 4568 | 4564 |
| 4569 | 4565 |
| 4570 } // namespace internal | 4566 } // namespace internal |
| 4571 } // namespace v8 | 4567 } // namespace v8 |
| 4572 | 4568 |
| 4573 #endif // V8_TARGET_ARCH_X87 | 4569 #endif // V8_TARGET_ARCH_X87 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1683103002:
[compiler] Sanitize entry points to LookupSlot access. (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master