src/ic/handler-compiler.cc - Issue 2482913002: [ic] Resurrect access checks for primitive and global proxy receivers.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/ic/handler-compiler.cc

Issue 2482913002: [ic] Resurrect access checks for primitive and global proxy receivers. (Closed)

Patch Set: Addressing comments Created 4 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: src/ic/handler-compiler.cc

diff --git a/src/ic/handler-compiler.cc b/src/ic/handler-compiler.cc

index d36d66cc381da11580a1f59d56a942b9eed33d6c..05e9031915ac9ca4092939b77089a3676ef944a3 100644

--- a/src/ic/handler-compiler.cc

+++ b/src/ic/handler-compiler.cc

@@ -98,6 +98,20 @@ Register NamedLoadHandlerCompiler::FrontendHeader(Register object_reg,

Handle<Name> name,

Label* miss,

ReturnHolder return_what) {

+ if (map()->IsPrimitiveMap() || map()->IsJSGlobalProxyMap()) {

+ // If the receiver is a global proxy and if we get to this point then

+ // the compile-time (current) native context has access to global proxy's

+ // native context. Since access rights revocation is not supported at all,

+ // we can generate a check that an execution-time native context is either

+ // the same as compile-time native context or has the same access token.

+ Handle<Context> native_context = isolate()->native_context();

+ Handle<WeakCell> weak_cell(native_context->self_weak_cell(), isolate());

+ bool compare_native_contexts_only = map()->IsPrimitiveMap();

+ GenerateAccessCheck(weak_cell, scratch1(), scratch2(), miss,

+ compare_native_contexts_only);

+ }

// Check that the maps starting from the prototype haven't changed.

return CheckPrototypes(object_reg, scratch1(), scratch2(), scratch3(), name,

miss, return_what);

@@ -110,6 +124,12 @@ Register NamedStoreHandlerCompiler::FrontendHeader(Register object_reg,

Handle<Name> name,

Label* miss,

ReturnHolder return_what) {

+ if (map()->IsJSGlobalProxyMap()) {

+ Handle<Context> native_context = isolate()->native_context();

+ Handle<WeakCell> weak_cell(native_context->self_weak_cell(), isolate());

+ GenerateAccessCheck(weak_cell, scratch1(), scratch2(), miss, false);

+ }

return CheckPrototypes(object_reg, this->name(), scratch1(), scratch2(), name,

miss, return_what);

}

« no previous file with comments | « src/ic/handler-compiler.h ('k') | src/ic/handler-configuration.h » ('j') | no next file with comments »