Commit 50e5aaa7 authored by yangguo@chromium.org's avatar yangguo@chromium.org

Catch non-string subject in RegExpExecStub.

There is no test case to trigger any crash. This is only to guard against the case that the native function is called with unsafe arguments.

Review URL: http://codereview.chromium.org/8554004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10064 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
parent cbf08248
...@@ -4600,13 +4600,15 @@ void RegExpExecStub::Generate(MacroAssembler* masm) { ...@@ -4600,13 +4600,15 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
Label seq_string; Label seq_string;
__ ldr(r0, FieldMemOperand(subject, HeapObject::kMapOffset)); __ ldr(r0, FieldMemOperand(subject, HeapObject::kMapOffset));
__ ldrb(r0, FieldMemOperand(r0, Map::kInstanceTypeOffset)); __ ldrb(r0, FieldMemOperand(r0, Map::kInstanceTypeOffset));
// First check for flat string. // First check for flat string. None of the following string type tests will
// succeed if kIsNotStringTag is set.
__ and_(r1, r0, Operand(kIsNotStringMask | kStringRepresentationMask), SetCC); __ and_(r1, r0, Operand(kIsNotStringMask | kStringRepresentationMask), SetCC);
STATIC_ASSERT((kStringTag | kSeqStringTag) == 0); STATIC_ASSERT((kStringTag | kSeqStringTag) == 0);
__ b(eq, &seq_string); __ b(eq, &seq_string);
// subject: Subject string // subject: Subject string
// regexp_data: RegExp data (FixedArray) // regexp_data: RegExp data (FixedArray)
// r1: whether subject is a string and if yes, its string representation
// Check for flat cons string or sliced string. // Check for flat cons string or sliced string.
// A flat cons string is a cons string where the second part is the empty // A flat cons string is a cons string where the second part is the empty
// string. In that case the subject string is just the first part of the cons // string. In that case the subject string is just the first part of the cons
...@@ -4616,10 +4618,16 @@ void RegExpExecStub::Generate(MacroAssembler* masm) { ...@@ -4616,10 +4618,16 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
Label cons_string, check_encoding; Label cons_string, check_encoding;
STATIC_ASSERT(kConsStringTag < kExternalStringTag); STATIC_ASSERT(kConsStringTag < kExternalStringTag);
STATIC_ASSERT(kSlicedStringTag > kExternalStringTag); STATIC_ASSERT(kSlicedStringTag > kExternalStringTag);
STATIC_ASSERT(kIsNotStringMask > kExternalStringTag);
__ cmp(r1, Operand(kExternalStringTag)); __ cmp(r1, Operand(kExternalStringTag));
__ b(lt, &cons_string); __ b(lt, &cons_string);
__ b(eq, &runtime); __ b(eq, &runtime);
// Catch non-string subject (should already have been guarded against).
STATIC_ASSERT(kNotStringTag != 0);
__ tst(r1, Operand(kIsNotStringMask));
__ b(ne, &runtime);
// String is sliced. // String is sliced.
__ ldr(r9, FieldMemOperand(subject, SlicedString::kOffsetOffset)); __ ldr(r9, FieldMemOperand(subject, SlicedString::kOffsetOffset));
__ mov(r9, Operand(r9, ASR, kSmiTagSize)); __ mov(r9, Operand(r9, ASR, kSmiTagSize));
......
...@@ -3603,10 +3603,12 @@ void RegExpExecStub::Generate(MacroAssembler* masm) { ...@@ -3603,10 +3603,12 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
kIsNotStringMask | kStringRepresentationMask | kStringEncodingMask); kIsNotStringMask | kStringRepresentationMask | kStringEncodingMask);
STATIC_ASSERT((kStringTag | kSeqStringTag | kTwoByteStringTag) == 0); STATIC_ASSERT((kStringTag | kSeqStringTag | kTwoByteStringTag) == 0);
__ j(zero, &seq_two_byte_string, Label::kNear); __ j(zero, &seq_two_byte_string, Label::kNear);
// Any other flat string must be a flat ascii string. // Any other flat string must be a flat ascii string. None of the following
// string type tests will succeed if kIsNotStringTag is set.
__ and_(ebx, Immediate(kIsNotStringMask | kStringRepresentationMask)); __ and_(ebx, Immediate(kIsNotStringMask | kStringRepresentationMask));
__ j(zero, &seq_ascii_string, Label::kNear); __ j(zero, &seq_ascii_string, Label::kNear);
// ebx: whether subject is a string and if yes, its string representation
// Check for flat cons string or sliced string. // Check for flat cons string or sliced string.
// A flat cons string is a cons string where the second part is the empty // A flat cons string is a cons string where the second part is the empty
// string. In that case the subject string is just the first part of the cons // string. In that case the subject string is just the first part of the cons
...@@ -3616,10 +3618,16 @@ void RegExpExecStub::Generate(MacroAssembler* masm) { ...@@ -3616,10 +3618,16 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
Label cons_string, check_encoding; Label cons_string, check_encoding;
STATIC_ASSERT(kConsStringTag < kExternalStringTag); STATIC_ASSERT(kConsStringTag < kExternalStringTag);
STATIC_ASSERT(kSlicedStringTag > kExternalStringTag); STATIC_ASSERT(kSlicedStringTag > kExternalStringTag);
STATIC_ASSERT(kIsNotStringMask > kExternalStringTag);
__ cmp(ebx, Immediate(kExternalStringTag)); __ cmp(ebx, Immediate(kExternalStringTag));
__ j(less, &cons_string); __ j(less, &cons_string);
__ j(equal, &runtime); __ j(equal, &runtime);
// Catch non-string subject (should already have been guarded against).
STATIC_ASSERT(kNotStringTag != 0);
__ test(ebx, Immediate(kIsNotStringMask));
__ j(not_zero, &runtime);
// String is sliced. // String is sliced.
__ mov(edi, FieldOperand(eax, SlicedString::kOffsetOffset)); __ mov(edi, FieldOperand(eax, SlicedString::kOffsetOffset));
__ mov(eax, FieldOperand(eax, SlicedString::kParentOffset)); __ mov(eax, FieldOperand(eax, SlicedString::kParentOffset));
......
...@@ -2650,10 +2650,12 @@ void RegExpExecStub::Generate(MacroAssembler* masm) { ...@@ -2650,10 +2650,12 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
kIsNotStringMask | kStringRepresentationMask | kStringEncodingMask)); kIsNotStringMask | kStringRepresentationMask | kStringEncodingMask));
STATIC_ASSERT((kStringTag | kSeqStringTag | kTwoByteStringTag) == 0); STATIC_ASSERT((kStringTag | kSeqStringTag | kTwoByteStringTag) == 0);
__ j(zero, &seq_two_byte_string, Label::kNear); __ j(zero, &seq_two_byte_string, Label::kNear);
// Any other flat string must be a flat ascii string. // Any other flat string must be a flat ascii string. None of the following
// string type tests will succeed if kIsNotStringTag is set.
__ andb(rbx, Immediate(kIsNotStringMask | kStringRepresentationMask)); __ andb(rbx, Immediate(kIsNotStringMask | kStringRepresentationMask));
__ j(zero, &seq_ascii_string, Label::kNear); __ j(zero, &seq_ascii_string, Label::kNear);
// rbx: whether subject is a string and if yes, its string representation
// Check for flat cons string or sliced string. // Check for flat cons string or sliced string.
// A flat cons string is a cons string where the second part is the empty // A flat cons string is a cons string where the second part is the empty
// string. In that case the subject string is just the first part of the cons // string. In that case the subject string is just the first part of the cons
...@@ -2663,10 +2665,16 @@ void RegExpExecStub::Generate(MacroAssembler* masm) { ...@@ -2663,10 +2665,16 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
Label cons_string, check_encoding; Label cons_string, check_encoding;
STATIC_ASSERT(kConsStringTag < kExternalStringTag); STATIC_ASSERT(kConsStringTag < kExternalStringTag);
STATIC_ASSERT(kSlicedStringTag > kExternalStringTag); STATIC_ASSERT(kSlicedStringTag > kExternalStringTag);
STATIC_ASSERT(kIsNotStringMask > kExternalStringTag);
__ cmpq(rbx, Immediate(kExternalStringTag)); __ cmpq(rbx, Immediate(kExternalStringTag));
__ j(less, &cons_string, Label::kNear); __ j(less, &cons_string, Label::kNear);
__ j(equal, &runtime); __ j(equal, &runtime);
// Catch non-string subject (should already have been guarded against).
STATIC_ASSERT(kNotStringTag != 0);
__ testb(rbx, Immediate(kIsNotStringMask));
__ j(not_zero, &runtime);
// String is sliced. // String is sliced.
__ SmiToInteger32(r14, FieldOperand(rdi, SlicedString::kOffsetOffset)); __ SmiToInteger32(r14, FieldOperand(rdi, SlicedString::kOffsetOffset));
__ movq(rdi, FieldOperand(rdi, SlicedString::kParentOffset)); __ movq(rdi, FieldOperand(rdi, SlicedString::kParentOffset));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment