X87: Disallow subclassing Arrays.

port 290ee378 (r26931). original commit message: UG= R=weiliang.lin@intel.com Review URL: https://codereview.chromium.org/963393002 Cr-Commit-Position: refs/heads/master@{#26932}

X87: Disallow subclassing Arrays.
port 290ee378 (r26931). original commit message: UG= R=weiliang.lin@intel.com Review URL: https://codereview.chromium.org/963393002 Cr-Commit-Position: refs/heads/master@{#26932}
8b33fa60 · cdai2 · 290ee378 · 8b33fa60 · 8b33fa60 · 8b33fa60
Commit 8b33fa60 authored Feb 28, 2015 by cdai2
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 1 deletion

builtins-x87.cc src/x87/builtins-x87.cc +1 -0

code-stubs-x87.cc src/x87/code-stubs-x87.cc +13 -0

full-codegen-x87.cc src/x87/full-codegen-x87.cc +1 -1

No files found.
--- a/src/x87/builtins-x87.cc
+++ b/src/x87/builtins-x87.cc
@@ -1192,6 +1192,7 @@ void Builtins::Generate_ArrayCode(MacroAssembler* masm) {
  // Get the Array function.
  __ LoadGlobalFunction(Context::ARRAY_FUNCTION_INDEX, edi);
+  __ mov(edx, edi);
  if (FLAG_debug_code) {
    // Initial map for the builtin Array function should be a map.

--- a/src/x87/code-stubs-x87.cc
+++ b/src/x87/code-stubs-x87.cc
@@ -1939,6 +1939,7 @@ void CallIC_ArrayStub::Generate(MacroAssembler* masm) {
  __ j(not_equal, &miss);
  __ mov(ebx, ecx);
+  __ mov(edx, edi);
  ArrayConstructorStub stub(masm->isolate(), arg_count());
  __ TailCallStub(&stub);
@@ -4290,6 +4291,7 @@ void ArrayConstructorStub::Generate(MacroAssembler* masm) {
  //  -- eax : argc (only if argument_count() == ANY)
  //  -- ebx : AllocationSite or undefined
  //  -- edi : constructor
+  //  -- edx : Original constructor
  //  -- esp[0] : return address
  //  -- esp[4] : last argument
  // -----------------------------------
@@ -4309,12 +4311,20 @@ void ArrayConstructorStub::Generate(MacroAssembler* masm) {
    __ AssertUndefinedOrAllocationSite(ebx);
  }
+  Label subclassing;
+  __ cmp(edx, edi);
+  __ j(not_equal, &subclassing);
  Label no_info;
  // If the feedback vector is the undefined value call an array constructor
  // that doesn't use AllocationSites.
  __ cmp(ebx, isolate()->factory()->undefined_value());
  __ j(equal, &no_info);
+  __ cmp(edx, edi);
+  __ j(not_equal, &subclassing);
  // Only look at the lower 16 bits of the transition info.
  __ mov(edx, FieldOperand(ebx, AllocationSite::kTransitionInfoOffset));
  __ SmiUntag(edx);
@@ -4324,6 +4334,9 @@ void ArrayConstructorStub::Generate(MacroAssembler* masm) {
  __ bind(&no_info);
  GenerateDispatchToArrayStub(masm, DISABLE_ALLOCATION_SITES);
+  __ bind(&subclassing);
+  __ TailCallRuntime(Runtime::kThrowArrayNotSubclassableError, 0, 1);
 }

--- a/src/x87/full-codegen-x87.cc
+++ b/src/x87/full-codegen-x87.cc
@@ -4108,7 +4108,7 @@ void FullCodeGenerator::EmitDefaultConstructorCallSuper(CallRuntime* expr) {
  __ bind(&args_set_up);
  __ mov(edi, Operand(esp, eax, times_pointer_size, 0));
+  __ mov(ebx, Immediate(isolate()->factory()->undefined_value()));
  CallConstructStub stub(isolate(), SUPER_CONSTRUCTOR_CALL);
  __ call(stub.GetCode(), RelocInfo::CONSTRUCT_CALL);