Reviewers: Weiliang,
Message:
PTAL.
Description:
X87: Disallow subclassing Arrays.
port 290ee378ea44bda379cb3e1864631895c7dea774 (r26931).
original commit message:
UG=
Please review this at https://codereview.chromium.org/963393002/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+15, -1 lines):
M src/x87/builtins-x87.cc
M src/x87/code-stubs-x87.cc
M src/x87/full-codegen-x87.cc
Index: src/x87/builtins-x87.cc
diff --git a/src/x87/builtins-x87.cc b/src/x87/builtins-x87.cc
index
0a80998047c85e56b9534ef9f068b8b04cf8bdc5..9fda5a71888e6438dcd0121db006c708080e7bc9
100644
--- a/src/x87/builtins-x87.cc
+++ b/src/x87/builtins-x87.cc
@@ -1192,6 +1192,7 @@ void Builtins::Generate_ArrayCode(MacroAssembler*
masm) {
// Get the Array function.
__ LoadGlobalFunction(Context::ARRAY_FUNCTION_INDEX, edi);
+ __ mov(edx, edi);
if (FLAG_debug_code) {
// Initial map for the builtin Array function should be a map.
Index: src/x87/code-stubs-x87.cc
diff --git a/src/x87/code-stubs-x87.cc b/src/x87/code-stubs-x87.cc
index
5e69b809b05cbd9abcd70b33ea481acacf5cdb76..5da200d66e8c6b60d66dd9deeaabb10197981820
100644
--- a/src/x87/code-stubs-x87.cc
+++ b/src/x87/code-stubs-x87.cc
@@ -1939,6 +1939,7 @@ void CallIC_ArrayStub::Generate(MacroAssembler* masm)
{
__ j(not_equal, &miss);
__ mov(ebx, ecx);
+ __ mov(edx, edi);
ArrayConstructorStub stub(masm->isolate(), arg_count());
__ TailCallStub(&stub);
@@ -4290,6 +4291,7 @@ void ArrayConstructorStub::Generate(MacroAssembler*
masm) {
// -- eax : argc (only if argument_count() == ANY)
// -- ebx : AllocationSite or undefined
// -- edi : constructor
+ // -- edx : Original constructor
// -- esp[0] : return address
// -- esp[4] : last argument
// -----------------------------------
@@ -4309,12 +4311,20 @@ void ArrayConstructorStub::Generate(MacroAssembler*
masm) {
__ AssertUndefinedOrAllocationSite(ebx);
}
+ Label subclassing;
+
+ __ cmp(edx, edi);
+ __ j(not_equal, &subclassing);
+
Label no_info;
// If the feedback vector is the undefined value call an array
constructor
// that doesn't use AllocationSites.
__ cmp(ebx, isolate()->factory()->undefined_value());
__ j(equal, &no_info);
+ __ cmp(edx, edi);
+ __ j(not_equal, &subclassing);
+
// Only look at the lower 16 bits of the transition info.
__ mov(edx, FieldOperand(ebx, AllocationSite::kTransitionInfoOffset));
__ SmiUntag(edx);
@@ -4324,6 +4334,9 @@ void ArrayConstructorStub::Generate(MacroAssembler*
masm) {
__ bind(&no_info);
GenerateDispatchToArrayStub(masm, DISABLE_ALLOCATION_SITES);
+
+ __ bind(&subclassing);
+ __ TailCallRuntime(Runtime::kThrowArrayNotSubclassableError, 0, 1);
}
Index: src/x87/full-codegen-x87.cc
diff --git a/src/x87/full-codegen-x87.cc b/src/x87/full-codegen-x87.cc
index
c2ac01546fd3970ecf27bace9c9ec18738b9a605..e8d47922ad74d5615b05c1cca4591bccd8090cec
100644
--- a/src/x87/full-codegen-x87.cc
+++ b/src/x87/full-codegen-x87.cc
@@ -4108,7 +4108,7 @@ void
FullCodeGenerator::EmitDefaultConstructorCallSuper(CallRuntime* expr) {
__ bind(&args_set_up);
__ mov(edi, Operand(esp, eax, times_pointer_size, 0));
-
+ __ mov(ebx, Immediate(isolate()->factory()->undefined_value()));
CallConstructStub stub(isolate(), SUPER_CONSTRUCTOR_CALL);
__ call(stub.GetCode(), RelocInfo::CONSTRUCT_CALL);
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
