Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(258)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/ic/handler-compiler.cc

Issue 2482913002: [ic] Resurrect access checks for primitive and global proxy receivers. (Closed)
Patch Set: Addressing comments Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/ic/handler-compiler.h ('k') | src/ic/handler-configuration.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 the V8 project authors. All rights reserved. 1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/ic/handler-compiler.h" 5 #include "src/ic/handler-compiler.h"
6 6
7 #include "src/field-type.h" 7 #include "src/field-type.h"
8 #include "src/ic/call-optimization.h" 8 #include "src/ic/call-optimization.h"
9 #include "src/ic/handler-configuration-inl.h" 9 #include "src/ic/handler-configuration-inl.h"
10 #include "src/ic/ic-inl.h" 10 #include "src/ic/ic-inl.h"
(...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after
91 } 91 }
92 92
93 93
94 #define __ ACCESS_MASM(masm()) 94 #define __ ACCESS_MASM(masm())
95 95
96 96
97 Register NamedLoadHandlerCompiler::FrontendHeader(Register object_reg, 97 Register NamedLoadHandlerCompiler::FrontendHeader(Register object_reg,
98 Handle<Name> name, 98 Handle<Name> name,
99 Label* miss, 99 Label* miss,
100 ReturnHolder return_what) { 100 ReturnHolder return_what) {
101 if (map()->IsPrimitiveMap() || map()->IsJSGlobalProxyMap()) {
102 // If the receiver is a global proxy and if we get to this point then
103 // the compile-time (current) native context has access to global proxy's
104 // native context. Since access rights revocation is not supported at all,
105 // we can generate a check that an execution-time native context is either
106 // the same as compile-time native context or has the same access token.
107 Handle<Context> native_context = isolate()->native_context();
108 Handle<WeakCell> weak_cell(native_context->self_weak_cell(), isolate());
109
110 bool compare_native_contexts_only = map()->IsPrimitiveMap();
111 GenerateAccessCheck(weak_cell, scratch1(), scratch2(), miss,
112 compare_native_contexts_only);
113 }
114
101 // Check that the maps starting from the prototype haven't changed. 115 // Check that the maps starting from the prototype haven't changed.
102 return CheckPrototypes(object_reg, scratch1(), scratch2(), scratch3(), name, 116 return CheckPrototypes(object_reg, scratch1(), scratch2(), scratch3(), name,
103 miss, return_what); 117 miss, return_what);
104 } 118 }
105 119
106 120
107 // Frontend for store uses the name register. It has to be restored before a 121 // Frontend for store uses the name register. It has to be restored before a
108 // miss. 122 // miss.
109 Register NamedStoreHandlerCompiler::FrontendHeader(Register object_reg, 123 Register NamedStoreHandlerCompiler::FrontendHeader(Register object_reg,
110 Handle<Name> name, 124 Handle<Name> name,
111 Label* miss, 125 Label* miss,
112 ReturnHolder return_what) { 126 ReturnHolder return_what) {
127 if (map()->IsJSGlobalProxyMap()) {
128 Handle<Context> native_context = isolate()->native_context();
129 Handle<WeakCell> weak_cell(native_context->self_weak_cell(), isolate());
130 GenerateAccessCheck(weak_cell, scratch1(), scratch2(), miss, false);
131 }
132
113 return CheckPrototypes(object_reg, this->name(), scratch1(), scratch2(), name, 133 return CheckPrototypes(object_reg, this->name(), scratch1(), scratch2(), name,
114 miss, return_what); 134 miss, return_what);
115 } 135 }
116 136
117 137
118 Register PropertyHandlerCompiler::Frontend(Handle<Name> name) { 138 Register PropertyHandlerCompiler::Frontend(Handle<Name> name) {
119 Label miss; 139 Label miss;
120 if (IC::ShouldPushPopSlotAndVector(kind())) { 140 if (IC::ShouldPushPopSlotAndVector(kind())) {
121 PushVectorAndSlot(); 141 PushVectorAndSlot();
122 } 142 }
(...skipping 524 matching lines...) Expand 10 before | Expand all | Expand 10 after
647 } 667 }
648 668
649 void ElementHandlerCompiler::CompileElementHandlers( 669 void ElementHandlerCompiler::CompileElementHandlers(
650 MapHandleList* receiver_maps, List<Handle<Object>>* handlers) { 670 MapHandleList* receiver_maps, List<Handle<Object>>* handlers) {
651 for (int i = 0; i < receiver_maps->length(); ++i) { 671 for (int i = 0; i < receiver_maps->length(); ++i) {
652 handlers->Add(GetKeyedLoadHandler(receiver_maps->at(i), isolate())); 672 handlers->Add(GetKeyedLoadHandler(receiver_maps->at(i), isolate()));
653 } 673 }
654 } 674 }
655 } // namespace internal 675 } // namespace internal
656 } // namespace v8 676 } // namespace v8
OLDNEW
« no previous file with comments | « src/ic/handler-compiler.h ('k') | src/ic/handler-configuration.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698