From 053918b35efab0d5d888fd37c5346f1b34b4aa29 Mon Sep 17 00:00:00 2001 From: Anisha Rohra Date: Wed, 9 Aug 2017 11:56:36 -0400 Subject: [PATCH] PPC/s390: [turbofan] Properly check new.target parameter in inlined Reflect.construct. Port cb9402aa98c0dd555c03fa66b758d6ab13ec00b2 Original Commit Message: The ConstructFunctionForwardVarargs and ConstructForwardVarargs builtins, which are used when inlining the Reflect.construct builtin into TurboFan optimized code, didn't properly check the new.target parameter whether it's a constructor. R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: I9d006961e15bedadc98ca786fcb1f032755ec608 Reviewed-on: https://chromium-review.googlesource.com/608549 Reviewed-by: Jaideep Bajwa Commit-Queue: Jaideep Bajwa Cr-Commit-Position: refs/heads/master@{#47256} --- src/builtins/ppc/builtins-ppc.cc | 20 ++++++++++++++++++++ src/builtins/s390/builtins-s390.cc | 20 ++++++++++++++++++++ 2 files changed, 40 insertions(+) diff --git a/src/builtins/ppc/builtins-ppc.cc b/src/builtins/ppc/builtins-ppc.cc index ee2cb85d9f..9d61410b95 100644 --- a/src/builtins/ppc/builtins-ppc.cc +++ b/src/builtins/ppc/builtins-ppc.cc @@ -2177,6 +2177,7 @@ void Builtins::Generate_CallOrConstructVarargs(MacroAssembler* masm, // static void Builtins::Generate_CallOrConstructForwardVarargs(MacroAssembler* masm, + CallOrConstructMode mode, Handle code) { // ----------- S t a t e ------------- // -- r3 : the number of arguments (not including the receiver) @@ -2185,6 +2186,25 @@ void Builtins::Generate_CallOrConstructForwardVarargs(MacroAssembler* masm, // -- r5 : start index (to support rest parameters) // ----------------------------------- + Register scratch = r9; + + if (mode == CallOrConstructMode::kConstruct) { + Label new_target_constructor, new_target_not_constructor; + __ JumpIfSmi(r6, &new_target_not_constructor); + __ LoadP(scratch, FieldMemOperand(r6, HeapObject::kMapOffset)); + __ lbz(scratch, FieldMemOperand(scratch, Map::kBitFieldOffset)); + __ TestBit(scratch, Map::kIsConstructor, r0); + __ bne(&new_target_constructor, cr0); + __ bind(&new_target_not_constructor); + { + FrameScope scope(masm, StackFrame::MANUAL); + __ EnterFrame(StackFrame::INTERNAL); + __ Push(r6); + __ CallRuntime(Runtime::kThrowNotConstructor); + } + __ bind(&new_target_constructor); + } + // Check if we have an arguments adaptor frame below the function frame. Label arguments_adaptor, arguments_done; __ LoadP(r7, MemOperand(fp, StandardFrameConstants::kCallerFPOffset)); diff --git a/src/builtins/s390/builtins-s390.cc b/src/builtins/s390/builtins-s390.cc index 86cb081579..a3b308eb88 100644 --- a/src/builtins/s390/builtins-s390.cc +++ b/src/builtins/s390/builtins-s390.cc @@ -2177,6 +2177,7 @@ void Builtins::Generate_CallOrConstructVarargs(MacroAssembler* masm, // static void Builtins::Generate_CallOrConstructForwardVarargs(MacroAssembler* masm, + CallOrConstructMode mode, Handle code) { // ----------- S t a t e ------------- // -- r2 : the number of arguments (not including the receiver) @@ -2185,6 +2186,25 @@ void Builtins::Generate_CallOrConstructForwardVarargs(MacroAssembler* masm, // -- r4 : start index (to support rest parameters) // ----------------------------------- + Register scratch = r8; + + if (mode == CallOrConstructMode::kConstruct) { + Label new_target_constructor, new_target_not_constructor; + __ JumpIfSmi(r5, &new_target_not_constructor); + __ LoadP(scratch, FieldMemOperand(r5, HeapObject::kMapOffset)); + __ LoadlB(scratch, FieldMemOperand(scratch, Map::kBitFieldOffset)); + __ tmll(scratch, Operand(Map::kIsConstructor)); + __ bne(&new_target_constructor); + __ bind(&new_target_not_constructor); + { + FrameScope scope(masm, StackFrame::MANUAL); + __ EnterFrame(StackFrame::INTERNAL); + __ Push(r5); + __ CallRuntime(Runtime::kThrowNotConstructor); + } + __ bind(&new_target_constructor); + } + // Check if we have an arguments adaptor frame below the function frame. Label arguments_adaptor, arguments_done; __ LoadP(r6, MemOperand(fp, StandardFrameConstants::kCallerFPOffset));