src/x64/full-codegen-x64.cc - Issue 72813004: Fixed crashes exposed though fuzzing.

Side by Side Diff: src/x64/full-codegen-x64.cc

Issue 72813004: Fixed crashes exposed though fuzzing. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge

Patch Set: Fix nits Created 7 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright 2012 the V8 project authors. All rights reserved.	1 // Copyright 2012 the V8 project authors. All rights reserved.

2 // Redistribution and use in source and binary forms, with or without	2 // Redistribution and use in source and binary forms, with or without

3 // modification, are permitted provided that the following conditions are	3 // modification, are permitted provided that the following conditions are

4 // met:	4 // met:

5 //	5 //

6 // * Redistributions of source code must retain the above copyright	6 // * Redistributions of source code must retain the above copyright

7 // notice, this list of conditions and the following disclaimer.	7 // notice, this list of conditions and the following disclaimer.

8 // * Redistributions in binary form must reproduce the above	8 // * Redistributions in binary form must reproduce the above

9 // copyright notice, this list of conditions and the following	9 // copyright notice, this list of conditions and the following

10 // disclaimer in the documentation and/or other materials provided	10 // disclaimer in the documentation and/or other materials provided

(...skipping 3389 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
3400 __ jmp(&done);	3400 __ jmp(&done);

3401 }	3401 }

3402	3402

3403 __ bind(&not_date_object);	3403 __ bind(&not_date_object);

3404 __ CallRuntime(Runtime::kThrowNotDateError, 0);	3404 __ CallRuntime(Runtime::kThrowNotDateError, 0);

3405 __ bind(&done);	3405 __ bind(&done);

3406 context()->Plug(rax);	3406 context()->Plug(rax);

3407 }	3407 }

3408	3408

3409	3409

3410 void FullCodeGenerator::EmitSeqStringSetCharCheck(Register string,

3411 Register index,

3412 Register value,

3413 uint32_t encoding_mask) {

3414 __ Check(masm()->CheckSmi(index), kNonSmiIndex);

3415 __ Check(masm()->CheckSmi(value), kNonSmiValue);

3416

3417 __ SmiCompare(index, FieldOperand(string, String::kLengthOffset));

3418 __ Check(less, kIndexIsTooLarge);

3419

3420 __ SmiCompare(index, Smi::FromInt(0));

3421 __ Check(greater_equal, kIndexIsNegative);

3422

3423 __ push(value);

3424 __ movq(value, FieldOperand(string, HeapObject::kMapOffset));

3425 __ movzxbq(value, FieldOperand(value, Map::kInstanceTypeOffset));

3426

3427 __ andb(value, Immediate(kStringRepresentationMask \| kStringEncodingMask));

3428 __ cmpq(value, Immediate(encoding_mask));

3429 __ Check(equal, kUnexpectedStringType);

3430 __ pop(value);

3431 }

3432

3433

3434 void FullCodeGenerator::EmitOneByteSeqStringSetChar(CallRuntime* expr) {	3410 void FullCodeGenerator::EmitOneByteSeqStringSetChar(CallRuntime* expr) {

3435 ZoneList<Expression> args = expr->arguments();	3411 ZoneList<Expression> args = expr->arguments();

3436 ASSERT_EQ(3, args->length());	3412 ASSERT_EQ(3, args->length());

3437	3413

3438 Register string = rax;	3414 Register string = rax;

3439 Register index = rbx;	3415 Register index = rbx;

3440 Register value = rcx;	3416 Register value = rcx;

3441	3417

3442 VisitForStackValue(args->at(1)); // index	3418 VisitForStackValue(args->at(1)); // index

3443 VisitForStackValue(args->at(2)); // value	3419 VisitForStackValue(args->at(2)); // value

3444 __ pop(value);	3420 __ pop(value);

3445 __ pop(index);	3421 __ pop(index);

3446 VisitForAccumulatorValue(args->at(0)); // string	3422 VisitForAccumulatorValue(args->at(0)); // string

3447	3423

3448 if (FLAG_debug_code) {	3424 if (FLAG_debug_code) {

3449 static const uint32_t one_byte_seq_type = kSeqStringTag \| kOneByteStringTag;	3425 __ ThrowIf(NegateCondition(__ CheckSmi(value)), kNonSmiValue);

3450 EmitSeqStringSetCharCheck(string, index, value, one_byte_seq_type);	3426 __ ThrowIf(NegateCondition(__ CheckSmi(index)), kNonSmiValue);

3451 }	3427 }

3452	3428

3453 __ SmiToInteger32(value, value);	3429 __ SmiToInteger32(value, value);

3454 __ SmiToInteger32(index, index);	3430 __ SmiToInteger32(index, index);

	3431

	3432 if (FLAG_debug_code) {

	3433 static const uint32_t one_byte_seq_type = kSeqStringTag \| kOneByteStringTag;

	3434 __ EmitSeqStringSetCharCheck(string, index, value, one_byte_seq_type);

	3435 }

	3436

3455 __ movb(FieldOperand(string, index, times_1, SeqOneByteString::kHeaderSize),	3437 __ movb(FieldOperand(string, index, times_1, SeqOneByteString::kHeaderSize),

3456 value);	3438 value);

3457 context()->Plug(string);	3439 context()->Plug(string);

3458 }	3440 }

3459	3441

3460	3442

3461 void FullCodeGenerator::EmitTwoByteSeqStringSetChar(CallRuntime* expr) {	3443 void FullCodeGenerator::EmitTwoByteSeqStringSetChar(CallRuntime* expr) {

3462 ZoneList<Expression> args = expr->arguments();	3444 ZoneList<Expression> args = expr->arguments();

3463 ASSERT_EQ(3, args->length());	3445 ASSERT_EQ(3, args->length());

3464	3446

3465 Register string = rax;	3447 Register string = rax;

3466 Register index = rbx;	3448 Register index = rbx;

3467 Register value = rcx;	3449 Register value = rcx;

3468	3450

3469 VisitForStackValue(args->at(1)); // index	3451 VisitForStackValue(args->at(1)); // index

3470 VisitForStackValue(args->at(2)); // value	3452 VisitForStackValue(args->at(2)); // value

3471 __ pop(value);	3453 __ pop(value);

3472 __ pop(index);	3454 __ pop(index);

3473 VisitForAccumulatorValue(args->at(0)); // string	3455 VisitForAccumulatorValue(args->at(0)); // string

3474	3456

3475 if (FLAG_debug_code) {	3457 if (FLAG_debug_code) {

3476 static const uint32_t two_byte_seq_type = kSeqStringTag \| kTwoByteStringTag;	3458 __ ThrowIf(NegateCondition(__ CheckSmi(value)), kNonSmiValue);

3477 EmitSeqStringSetCharCheck(string, index, value, two_byte_seq_type);	3459 __ ThrowIf(NegateCondition(__ CheckSmi(index)), kNonSmiValue);

3478 }	3460 }

3479	3461

3480 __ SmiToInteger32(value, value);	3462 __ SmiToInteger32(value, value);

3481 __ SmiToInteger32(index, index);	3463 __ SmiToInteger32(index, index);

	3464

	3465 if (FLAG_debug_code) {

	3466 static const uint32_t two_byte_seq_type = kSeqStringTag \| kTwoByteStringTag;

	3467 __ EmitSeqStringSetCharCheck(string, index, value, two_byte_seq_type);

	3468 }

	3469

3482 __ movw(FieldOperand(string, index, times_2, SeqTwoByteString::kHeaderSize),	3470 __ movw(FieldOperand(string, index, times_2, SeqTwoByteString::kHeaderSize),

3483 value);	3471 value);

3484 context()->Plug(rax);	3472 context()->Plug(rax);

3485 }	3473 }

3486	3474

3487	3475

3488 void FullCodeGenerator::EmitMathPow(CallRuntime* expr) {	3476 void FullCodeGenerator::EmitMathPow(CallRuntime* expr) {

3489 // Load the arguments on the stack and call the runtime function.	3477 // Load the arguments on the stack and call the runtime function.

3490 ZoneList<Expression> args = expr->arguments();	3478 ZoneList<Expression> args = expr->arguments();

3491 ASSERT(args->length() == 2);	3479 ASSERT(args->length() == 2);

(...skipping 1459 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
4951	4939

4952 ASSERT_EQ(isolate->builtins()->OsrAfterStackCheck()->entry(),	4940 ASSERT_EQ(isolate->builtins()->OsrAfterStackCheck()->entry(),

4953 Assembler::target_address_at(call_target_address));	4941 Assembler::target_address_at(call_target_address));

4954 return OSR_AFTER_STACK_CHECK;	4942 return OSR_AFTER_STACK_CHECK;

4955 }	4943 }

4956	4944

4957	4945

4958 } } // namespace v8::internal	4946 } } // namespace v8::internal

4959	4947

4960 #endif // V8_TARGET_ARCH_X64	4948 #endif // V8_TARGET_ARCH_X64

OLD	NEW

« no previous file with comments | « src/runtime.cc ('k') | src/x64/lithium-codegen-x64.cc » ('j') | no next file with comments »