Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(68)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/codegen-ia32.cc

Issue 21392: Change compiler to safely write unsafe smis when they are spilled from... (Closed) Base URL: http://v8.googlecode.com/svn/branches/experimental/toiger/
Patch Set: '' Created 11 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « src/codegen-ia32.h ('k') | src/register-allocator-ia32.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/codegen-ia32.cc
===================================================================
--- src/codegen-ia32.cc (revision 1293)
+++ src/codegen-ia32.cc (working copy)
@@ -1317,7 +1317,13 @@
is_smi.Bind(&left_side, &right_side);
left_side.ToRegister();
// Test smi equality and comparison by signed int comparison.
+ if (IsUnsafeSmi(right_side.handle())) {
+ right_side.ToRegister();
+ ASSERT(right_side.is_valid());
+ __ cmp(left_side.reg(), Operand(right_side.reg()));
+ } else {
__ cmp(Operand(left_side.reg()), Immediate(right_side.handle()));
+ }
iposva 2009/02/17 17:27:06 This apparently survived your purge of unrelated s
William Hesse 2009/02/18 09:04:56 This is not an unrelated change. It is one of the
left_side.Unuse();
right_side.Unuse();
dest->Split(cc);
@@ -3045,21 +3051,26 @@
void CodeGenerator::VisitLiteral(Literal* node) {
Comment cmnt(masm_, "[ Literal");
- if (node->handle()->IsSmi() && !IsInlineSmi(node)) {
- // To prevent long attacker-controlled byte sequences in code, larger
- // Smis are loaded in two steps via a temporary register.
- Result temp = allocator_->Allocate();
- ASSERT(temp.is_valid());
- int bits = reinterpret_cast<int>(*node->handle());
- __ Set(temp.reg(), Immediate(bits & 0x0000FFFF));
- __ xor_(temp.reg(), bits & 0xFFFF0000);
- frame_->Push(&temp);
- } else {
frame_->Push(node->handle());
}
+
+
+void CodeGenerator::LoadUnsafeSmi(Register target, Handle<Object> value) {
+ ASSERT(target.is_valid());
+ ASSERT(value->IsSmi());
+ int bits = reinterpret_cast<int>(*value);
+ __ Set(target, Immediate(bits & 0x0000FFFF));
+ __ xor_(target, bits & 0xFFFF0000);
}
+bool CodeGenerator::IsUnsafeSmi(Handle<Object> value) {
+ if (!value->IsSmi()) return false;
+ int int_value = Smi::cast(*value)->value();
+ return !is_intn(int_value, kMaxSmiInlinedBits);
+}
+
+
class DeferredRegExpLiteral: public DeferredCode {
public:
DeferredRegExpLiteral(CodeGenerator* generator, RegExpLiteral* node)
« no previous file with comments | « src/codegen-ia32.h ('k') | src/register-allocator-ia32.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698