Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(394)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/x64/full-codegen-x64.cc

Issue 72813004: Fixed crashes exposed though fuzzing. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Implement all platforms Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« src/arm/macro-assembler-arm.cc ('K') | « src/runtime.cc ('k') | src/x64/lithium-codegen-x64.cc » ('j') | test/mjsunit/fuzz-natives-part3.js » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 3389 matching lines...) Expand 10 before | Expand all | Expand 10 after
3400 __ jmp(&done); 3400 __ jmp(&done);
3401 } 3401 }
3402 3402
3403 __ bind(&not_date_object); 3403 __ bind(&not_date_object);
3404 __ CallRuntime(Runtime::kThrowNotDateError, 0); 3404 __ CallRuntime(Runtime::kThrowNotDateError, 0);
3405 __ bind(&done); 3405 __ bind(&done);
3406 context()->Plug(rax); 3406 context()->Plug(rax);
3407 } 3407 }
3408 3408
3409 3409
3410 void FullCodeGenerator::EmitSeqStringSetCharCheck(Register string,
3411 Register index,
3412 Register value,
3413 uint32_t encoding_mask) {
3414 __ Check(masm()->CheckSmi(index), kNonSmiIndex);
3415 __ Check(masm()->CheckSmi(value), kNonSmiValue);
3416
3417 __ SmiCompare(index, FieldOperand(string, String::kLengthOffset));
3418 __ Check(less, kIndexIsTooLarge);
3419
3420 __ SmiCompare(index, Smi::FromInt(0));
3421 __ Check(greater_equal, kIndexIsNegative);
3422
3423 __ push(value);
3424 __ movq(value, FieldOperand(string, HeapObject::kMapOffset));
3425 __ movzxbq(value, FieldOperand(value, Map::kInstanceTypeOffset));
3426
3427 __ andb(value, Immediate(kStringRepresentationMask | kStringEncodingMask));
3428 __ cmpq(value, Immediate(encoding_mask));
3429 __ Check(equal, kUnexpectedStringType);
3430 __ pop(value);
3431 }
3432
3433
3434 void FullCodeGenerator::EmitOneByteSeqStringSetChar(CallRuntime* expr) { 3410 void FullCodeGenerator::EmitOneByteSeqStringSetChar(CallRuntime* expr) {
3435 ZoneList<Expression*>* args = expr->arguments(); 3411 ZoneList<Expression*>* args = expr->arguments();
3436 ASSERT_EQ(3, args->length()); 3412 ASSERT_EQ(3, args->length());
3437 3413
3438 Register string = rax; 3414 Register string = rax;
3439 Register index = rbx; 3415 Register index = rbx;
3440 Register value = rcx; 3416 Register value = rcx;
3441 3417
3442 VisitForStackValue(args->at(1)); // index 3418 VisitForStackValue(args->at(1)); // index
3443 VisitForStackValue(args->at(2)); // value 3419 VisitForStackValue(args->at(2)); // value
3444 __ pop(value); 3420 __ pop(value);
3445 __ pop(index); 3421 __ pop(index);
3446 VisitForAccumulatorValue(args->at(0)); // string 3422 VisitForAccumulatorValue(args->at(0)); // string
3447 3423
3448 if (FLAG_debug_code) { 3424 if (FLAG_debug_code) {
3449 static const uint32_t one_byte_seq_type = kSeqStringTag | kOneByteStringTag; 3425 static const uint32_t one_byte_seq_type = kSeqStringTag | kOneByteStringTag;
3450 EmitSeqStringSetCharCheck(string, index, value, one_byte_seq_type); 3426 __ EmitSeqStringSetCharCheck(string, index, value, one_byte_seq_type);
3451 } 3427 }
3452 3428
3453 __ SmiToInteger32(value, value); 3429 __ SmiToInteger32(value, value);
3454 __ SmiToInteger32(index, index); 3430 __ SmiToInteger32(index, index);
3455 __ movb(FieldOperand(string, index, times_1, SeqOneByteString::kHeaderSize), 3431 __ movb(FieldOperand(string, index, times_1, SeqOneByteString::kHeaderSize),
3456 value); 3432 value);
3457 context()->Plug(string); 3433 context()->Plug(string);
3458 } 3434 }
3459 3435
3460 3436
3461 void FullCodeGenerator::EmitTwoByteSeqStringSetChar(CallRuntime* expr) { 3437 void FullCodeGenerator::EmitTwoByteSeqStringSetChar(CallRuntime* expr) {
3462 ZoneList<Expression*>* args = expr->arguments(); 3438 ZoneList<Expression*>* args = expr->arguments();
3463 ASSERT_EQ(3, args->length()); 3439 ASSERT_EQ(3, args->length());
3464 3440
3465 Register string = rax; 3441 Register string = rax;
3466 Register index = rbx; 3442 Register index = rbx;
3467 Register value = rcx; 3443 Register value = rcx;
3468 3444
3469 VisitForStackValue(args->at(1)); // index 3445 VisitForStackValue(args->at(1)); // index
3470 VisitForStackValue(args->at(2)); // value 3446 VisitForStackValue(args->at(2)); // value
3471 __ pop(value); 3447 __ pop(value);
3472 __ pop(index); 3448 __ pop(index);
3473 VisitForAccumulatorValue(args->at(0)); // string 3449 VisitForAccumulatorValue(args->at(0)); // string
3474 3450
3475 if (FLAG_debug_code) { 3451 if (FLAG_debug_code) {
3476 static const uint32_t two_byte_seq_type = kSeqStringTag | kTwoByteStringTag; 3452 static const uint32_t two_byte_seq_type = kSeqStringTag | kTwoByteStringTag;
3477 EmitSeqStringSetCharCheck(string, index, value, two_byte_seq_type); 3453 __ EmitSeqStringSetCharCheck(string, index, value, two_byte_seq_type);
3478 } 3454 }
3479 3455
3480 __ SmiToInteger32(value, value); 3456 __ SmiToInteger32(value, value);
3481 __ SmiToInteger32(index, index); 3457 __ SmiToInteger32(index, index);
3482 __ movw(FieldOperand(string, index, times_2, SeqTwoByteString::kHeaderSize), 3458 __ movw(FieldOperand(string, index, times_2, SeqTwoByteString::kHeaderSize),
3483 value); 3459 value);
3484 context()->Plug(rax); 3460 context()->Plug(rax);
3485 } 3461 }
3486 3462
3487 3463
(...skipping 1463 matching lines...) Expand 10 before | Expand all | Expand 10 after
4951 4927
4952 ASSERT_EQ(isolate->builtins()->OsrAfterStackCheck()->entry(), 4928 ASSERT_EQ(isolate->builtins()->OsrAfterStackCheck()->entry(),
4953 Assembler::target_address_at(call_target_address)); 4929 Assembler::target_address_at(call_target_address));
4954 return OSR_AFTER_STACK_CHECK; 4930 return OSR_AFTER_STACK_CHECK;
4955 } 4931 }
4956 4932
4957 4933
4958 } } // namespace v8::internal 4934 } } // namespace v8::internal
4959 4935
4960 #endif // V8_TARGET_ARCH_X64 4936 #endif // V8_TARGET_ARCH_X64
OLDNEW
« src/arm/macro-assembler-arm.cc ('K') | « src/runtime.cc ('k') | src/x64/lithium-codegen-x64.cc » ('j') | test/mjsunit/fuzz-natives-part3.js » ('J')

Powered by Google App Engine
This is Rietveld 408576698