Chromium Code Reviews Chromium Code Reviews
Issue 2628863002:
Do security checks in the promise constructor (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2016 the V8 project authors. All rights reserved. | 1 // Copyright 2016 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 #include "src/code-stub-assembler.h" | 4 #include "src/code-stub-assembler.h" |
| 5 #include "src/code-factory.h" | 5 #include "src/code-factory.h" |
| 6 #include "src/frames-inl.h" | 6 #include "src/frames-inl.h" |
| 7 #include "src/frames.h" | 7 #include "src/frames.h" |
| 8 | 8 |
| 9 namespace v8 { | 9 namespace v8 { |
| 10 namespace internal { | 10 namespace internal { |
| (...skipping 2958 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2969 | 2969 |
| 2970 Node* CodeStubAssembler::IsUnseededNumberDictionary(Node* object) { | 2970 Node* CodeStubAssembler::IsUnseededNumberDictionary(Node* object) { |
| 2971 return WordEqual(LoadMap(object), | 2971 return WordEqual(LoadMap(object), |
| 2972 LoadRoot(Heap::kUnseededNumberDictionaryMapRootIndex)); | 2972 LoadRoot(Heap::kUnseededNumberDictionaryMapRootIndex)); |
| 2973 } | 2973 } |
| 2974 | 2974 |
| 2975 Node* CodeStubAssembler::IsJSFunction(Node* object) { | 2975 Node* CodeStubAssembler::IsJSFunction(Node* object) { |
| 2976 return HasInstanceType(object, JS_FUNCTION_TYPE); | 2976 return HasInstanceType(object, JS_FUNCTION_TYPE); |
| 2977 } | 2977 } |
| 2978 | 2978 |
| 2979 Node* CodeStubAssembler::IsJSFunctionInstanceType(Node* instance_type) { | |
|
Igor Sheludko
2017/01/12 10:12:57
I think it would be nice to have one helper method
| |
| 2980 return Word32Equal(instance_type, Int32Constant(JS_FUNCTION_TYPE)); | |
| 2981 } | |
| 2982 | |
| 2983 Node* CodeStubAssembler::IsJSBoundFunctionInstanceType(Node* instance_type) { | |
| 2984 return Word32Equal(instance_type, Int32Constant(JS_BOUND_FUNCTION_TYPE)); | |
| 2985 } | |
| 2986 | |
| 2979 Node* CodeStubAssembler::StringCharCodeAt(Node* string, Node* index, | 2987 Node* CodeStubAssembler::StringCharCodeAt(Node* string, Node* index, |
| 2980 ParameterMode parameter_mode) { | 2988 ParameterMode parameter_mode) { |
| 2981 CSA_ASSERT(this, IsString(string)); | 2989 CSA_ASSERT(this, IsString(string)); |
| 2982 // Translate the {index} into a Word. | 2990 // Translate the {index} into a Word. |
| 2983 index = ParameterToWord(index, parameter_mode); | 2991 index = ParameterToWord(index, parameter_mode); |
| 2984 | 2992 |
| 2985 // We may need to loop in case of cons or sliced strings. | 2993 // We may need to loop in case of cons or sliced strings. |
| 2986 Variable var_index(this, MachineType::PointerRepresentation()); | 2994 Variable var_index(this, MachineType::PointerRepresentation()); |
| 2987 Variable var_result(this, MachineRepresentation::kWord32); | 2995 Variable var_result(this, MachineRepresentation::kWord32); |
| 2988 Variable var_string(this, MachineRepresentation::kTagged); | 2996 Variable var_string(this, MachineRepresentation::kTagged); |
| (...skipping 5346 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 8335 StoreObjectFieldNoWriteBarrier(result, | 8343 StoreObjectFieldNoWriteBarrier(result, |
| 8336 PromiseReactionJobInfo::kDebugNameOffset, | 8344 PromiseReactionJobInfo::kDebugNameOffset, |
| 8337 SmiConstant(kDebugNotActive)); | 8345 SmiConstant(kDebugNotActive)); |
| 8338 StoreObjectFieldNoWriteBarrier(result, PromiseReactionJobInfo::kContextOffset, | 8346 StoreObjectFieldNoWriteBarrier(result, PromiseReactionJobInfo::kContextOffset, |
| 8339 context); | 8347 context); |
| 8340 return result; | 8348 return result; |
| 8341 } | 8349 } |
| 8342 | 8350 |
| 8343 } // namespace internal | 8351 } // namespace internal |
| 8344 } // namespace v8 | 8352 } // namespace v8 |
| OLD | NEW |
