| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/v8.h" | 5 #include "src/v8.h" |
| 6 | 6 |
| 7 #if V8_TARGET_ARCH_X87 | 7 #if V8_TARGET_ARCH_X87 |
| 8 | 8 |
| 9 #include "src/base/bits.h" | 9 #include "src/base/bits.h" |
| 10 #include "src/bootstrapper.h" | 10 #include "src/bootstrapper.h" |
| (...skipping 1921 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1932 __ mov(ecx, FieldOperand(ebx, edx, times_half_pointer_size, | 1932 __ mov(ecx, FieldOperand(ebx, edx, times_half_pointer_size, |
| 1933 FixedArray::kHeaderSize)); | 1933 FixedArray::kHeaderSize)); |
| 1934 | 1934 |
| 1935 // Verify that ecx contains an AllocationSite | 1935 // Verify that ecx contains an AllocationSite |
| 1936 Factory* factory = masm->isolate()->factory(); | 1936 Factory* factory = masm->isolate()->factory(); |
| 1937 __ cmp(FieldOperand(ecx, HeapObject::kMapOffset), | 1937 __ cmp(FieldOperand(ecx, HeapObject::kMapOffset), |
| 1938 factory->allocation_site_map()); | 1938 factory->allocation_site_map()); |
| 1939 __ j(not_equal, &miss); | 1939 __ j(not_equal, &miss); |
| 1940 | 1940 |
| 1941 __ mov(ebx, ecx); | 1941 __ mov(ebx, ecx); |
| 1942 __ mov(edx, edi); |
| 1942 ArrayConstructorStub stub(masm->isolate(), arg_count()); | 1943 ArrayConstructorStub stub(masm->isolate(), arg_count()); |
| 1943 __ TailCallStub(&stub); | 1944 __ TailCallStub(&stub); |
| 1944 | 1945 |
| 1945 __ bind(&miss); | 1946 __ bind(&miss); |
| 1946 GenerateMiss(masm); | 1947 GenerateMiss(masm); |
| 1947 | 1948 |
| 1948 // The slow case, we need this no matter what to complete a call after a miss. | 1949 // The slow case, we need this no matter what to complete a call after a miss. |
| 1949 CallFunctionNoFeedback(masm, | 1950 CallFunctionNoFeedback(masm, |
| 1950 arg_count(), | 1951 arg_count(), |
| 1951 true, | 1952 true, |
| (...skipping 2331 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4283 UNREACHABLE(); | 4284 UNREACHABLE(); |
| 4284 } | 4285 } |
| 4285 } | 4286 } |
| 4286 | 4287 |
| 4287 | 4288 |
| 4288 void ArrayConstructorStub::Generate(MacroAssembler* masm) { | 4289 void ArrayConstructorStub::Generate(MacroAssembler* masm) { |
| 4289 // ----------- S t a t e ------------- | 4290 // ----------- S t a t e ------------- |
| 4290 // -- eax : argc (only if argument_count() == ANY) | 4291 // -- eax : argc (only if argument_count() == ANY) |
| 4291 // -- ebx : AllocationSite or undefined | 4292 // -- ebx : AllocationSite or undefined |
| 4292 // -- edi : constructor | 4293 // -- edi : constructor |
| 4294 // -- edx : Original constructor |
| 4293 // -- esp[0] : return address | 4295 // -- esp[0] : return address |
| 4294 // -- esp[4] : last argument | 4296 // -- esp[4] : last argument |
| 4295 // ----------------------------------- | 4297 // ----------------------------------- |
| 4296 if (FLAG_debug_code) { | 4298 if (FLAG_debug_code) { |
| 4297 // The array construct code is only set for the global and natives | 4299 // The array construct code is only set for the global and natives |
| 4298 // builtin Array functions which always have maps. | 4300 // builtin Array functions which always have maps. |
| 4299 | 4301 |
| 4300 // Initial map for the builtin Array function should be a map. | 4302 // Initial map for the builtin Array function should be a map. |
| 4301 __ mov(ecx, FieldOperand(edi, JSFunction::kPrototypeOrInitialMapOffset)); | 4303 __ mov(ecx, FieldOperand(edi, JSFunction::kPrototypeOrInitialMapOffset)); |
| 4302 // Will both indicate a NULL and a Smi. | 4304 // Will both indicate a NULL and a Smi. |
| 4303 __ test(ecx, Immediate(kSmiTagMask)); | 4305 __ test(ecx, Immediate(kSmiTagMask)); |
| 4304 __ Assert(not_zero, kUnexpectedInitialMapForArrayFunction); | 4306 __ Assert(not_zero, kUnexpectedInitialMapForArrayFunction); |
| 4305 __ CmpObjectType(ecx, MAP_TYPE, ecx); | 4307 __ CmpObjectType(ecx, MAP_TYPE, ecx); |
| 4306 __ Assert(equal, kUnexpectedInitialMapForArrayFunction); | 4308 __ Assert(equal, kUnexpectedInitialMapForArrayFunction); |
| 4307 | 4309 |
| 4308 // We should either have undefined in ebx or a valid AllocationSite | 4310 // We should either have undefined in ebx or a valid AllocationSite |
| 4309 __ AssertUndefinedOrAllocationSite(ebx); | 4311 __ AssertUndefinedOrAllocationSite(ebx); |
| 4310 } | 4312 } |
| 4311 | 4313 |
| 4314 Label subclassing; |
| 4315 |
| 4316 __ cmp(edx, edi); |
| 4317 __ j(not_equal, &subclassing); |
| 4318 |
| 4312 Label no_info; | 4319 Label no_info; |
| 4313 // If the feedback vector is the undefined value call an array constructor | 4320 // If the feedback vector is the undefined value call an array constructor |
| 4314 // that doesn't use AllocationSites. | 4321 // that doesn't use AllocationSites. |
| 4315 __ cmp(ebx, isolate()->factory()->undefined_value()); | 4322 __ cmp(ebx, isolate()->factory()->undefined_value()); |
| 4316 __ j(equal, &no_info); | 4323 __ j(equal, &no_info); |
| 4317 | 4324 |
| 4325 __ cmp(edx, edi); |
| 4326 __ j(not_equal, &subclassing); |
| 4327 |
| 4318 // Only look at the lower 16 bits of the transition info. | 4328 // Only look at the lower 16 bits of the transition info. |
| 4319 __ mov(edx, FieldOperand(ebx, AllocationSite::kTransitionInfoOffset)); | 4329 __ mov(edx, FieldOperand(ebx, AllocationSite::kTransitionInfoOffset)); |
| 4320 __ SmiUntag(edx); | 4330 __ SmiUntag(edx); |
| 4321 STATIC_ASSERT(AllocationSite::ElementsKindBits::kShift == 0); | 4331 STATIC_ASSERT(AllocationSite::ElementsKindBits::kShift == 0); |
| 4322 __ and_(edx, Immediate(AllocationSite::ElementsKindBits::kMask)); | 4332 __ and_(edx, Immediate(AllocationSite::ElementsKindBits::kMask)); |
| 4323 GenerateDispatchToArrayStub(masm, DONT_OVERRIDE); | 4333 GenerateDispatchToArrayStub(masm, DONT_OVERRIDE); |
| 4324 | 4334 |
| 4325 __ bind(&no_info); | 4335 __ bind(&no_info); |
| 4326 GenerateDispatchToArrayStub(masm, DISABLE_ALLOCATION_SITES); | 4336 GenerateDispatchToArrayStub(masm, DISABLE_ALLOCATION_SITES); |
| 4337 |
| 4338 __ bind(&subclassing); |
| 4339 __ TailCallRuntime(Runtime::kThrowArrayNotSubclassableError, 0, 1); |
| 4327 } | 4340 } |
| 4328 | 4341 |
| 4329 | 4342 |
| 4330 void InternalArrayConstructorStub::GenerateCase( | 4343 void InternalArrayConstructorStub::GenerateCase( |
| 4331 MacroAssembler* masm, ElementsKind kind) { | 4344 MacroAssembler* masm, ElementsKind kind) { |
| 4332 Label not_zero_case, not_one_case; | 4345 Label not_zero_case, not_one_case; |
| 4333 Label normal_sequence; | 4346 Label normal_sequence; |
| 4334 | 4347 |
| 4335 __ test(eax, eax); | 4348 __ test(eax, eax); |
| 4336 __ j(not_zero, ¬_zero_case); | 4349 __ j(not_zero, ¬_zero_case); |
| (...skipping 461 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4798 ApiParameterOperand(2), kStackSpace, nullptr, | 4811 ApiParameterOperand(2), kStackSpace, nullptr, |
| 4799 Operand(ebp, 7 * kPointerSize), NULL); | 4812 Operand(ebp, 7 * kPointerSize), NULL); |
| 4800 } | 4813 } |
| 4801 | 4814 |
| 4802 | 4815 |
| 4803 #undef __ | 4816 #undef __ |
| 4804 | 4817 |
| 4805 } } // namespace v8::internal | 4818 } } // namespace v8::internal |
| 4806 | 4819 |
| 4807 #endif // V8_TARGET_ARCH_X87 | 4820 #endif // V8_TARGET_ARCH_X87 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 963393002:
X87: Disallow subclassing Arrays. (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master