src/x64/macro-assembler-x64.cc - Issue 72813004: Fixed crashes exposed though fuzzing.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/x64/macro-assembler-x64.cc

Issue 72813004: Fixed crashes exposed though fuzzing. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge

Patch Set: Fix nits Created 7 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/x64/macro-assembler-x64.cc

diff --git a/src/x64/macro-assembler-x64.cc b/src/x64/macro-assembler-x64.cc

index 5127ddf30cd21f35839beb909c34e878af6871de..25f4bd37301b6dd12fd777216f0991bd02f47e57 100644

--- a/src/x64/macro-assembler-x64.cc

+++ b/src/x64/macro-assembler-x64.cc

@@ -3206,6 +3206,39 @@ void MacroAssembler::TaggedToI(Register result_reg,

}

+void MacroAssembler::Throw(BailoutReason reason) {

+#ifdef DEBUG

+ const char* msg = GetBailoutReason(reason);

+ if (msg != NULL) {

+ RecordComment("Throw message: ");

+ RecordComment(msg);

+ }

+#endif

+ push(rax);

+ Push(Smi::FromInt(reason));

+ if (!has_frame_) {

+ // We don't actually want to generate a pile of code for this, so just

+ // claim there is a stack frame, without generating one.

+ FrameScope scope(this, StackFrame::NONE);

+ CallRuntime(Runtime::kThrowMessage, 1);

+ } else {

+ CallRuntime(Runtime::kThrowMessage, 1);

+ }

+ // Control will not return here.

+ int3();

+void MacroAssembler::ThrowIf(Condition cc, BailoutReason reason) {

+ Label L;

+ j(NegateCondition(cc), &L);

+ Throw(reason);

+ // will not return here

+ bind(&L);

void MacroAssembler::LoadInstanceDescriptors(Register map,

movq(descriptors, FieldOperand(map, Map::kDescriptorsOffset));

@@ -4631,6 +4664,39 @@ int MacroAssembler::ArgumentStackSlotsForCFunctionCall(int num_arguments) {

}

+void MacroAssembler::EmitSeqStringSetCharCheck(Register string,

+ Register index,

+ Register value,

+ uint32_t encoding_mask) {

+ Label is_object;

+ JumpIfNotSmi(string, &is_object);

+ Throw(kNonObject);

+ bind(&is_object);

+ push(value);

+ movq(value, FieldOperand(string, HeapObject::kMapOffset));

+ movzxbq(value, FieldOperand(value, Map::kInstanceTypeOffset));

+ andb(value, Immediate(kStringRepresentationMask | kStringEncodingMask));

+ cmpq(value, Immediate(encoding_mask));

+ pop(value);

+ ThrowIf(not_equal, kUnexpectedStringType);

+ // The index is assumed to be untagged coming in, tag it to compare with the

+ // string length without using a temp register, it is restored at the end of

+ // this function.

+ Integer32ToSmi(index, index);

+ SmiCompare(index, FieldOperand(string, String::kLengthOffset));

+ ThrowIf(greater_equal, kIndexIsTooLarge);

+ SmiCompare(index, Smi::FromInt(0));

+ ThrowIf(less, kIndexIsNegative);

+ // Restore the index

+ SmiToInteger32(index, index);

void MacroAssembler::PrepareCallCFunction(int num_arguments) {

int frame_alignment = OS::ActivationFrameAlignment();

ASSERT(frame_alignment != 0);

« no previous file with comments | « src/x64/macro-assembler-x64.h ('k') | test/mjsunit/fuzz-natives-part1.js » ('j') | no next file with comments »