From: verwaest@chromium.org Date: Thu, 30 Jan 2014 17:45:09 +0000 (+0000) Subject: Fix the context check in LoadGlobalFunctionPrototype X-Git-Tag: upstream/4.7.83~10950 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=a9ba16dee322005539fd1fbce992cee2bf070e67;p=platform%2Fupstream%2Fv8.git Fix the context check in LoadGlobalFunctionPrototype R=dcarney@chromium.org Review URL: https://codereview.chromium.org/146303003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18958 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- diff --git a/src/arm/stub-cache-arm.cc b/src/arm/stub-cache-arm.cc index fe5e46c..8ef852b 100644 --- a/src/arm/stub-cache-arm.cc +++ b/src/arm/stub-cache-arm.cc @@ -295,15 +295,20 @@ void StubCompiler::GenerateDirectLoadGlobalFunctionPrototype( Register prototype, Label* miss) { Isolate* isolate = masm->isolate(); - // Check we're still in the same context. - __ ldr(prototype, - MemOperand(cp, Context::SlotOffset(Context::GLOBAL_OBJECT_INDEX))); - __ Move(ip, isolate->global_object()); - __ cmp(prototype, ip); - __ b(ne, miss); // Get the global function with the given index. Handle function( JSFunction::cast(isolate->native_context()->get(index))); + + // Check we're still in the same context. + Register scratch = prototype; + const int offset = Context::SlotOffset(Context::GLOBAL_OBJECT_INDEX); + __ ldr(scratch, MemOperand(cp, offset)); + __ ldr(scratch, FieldMemOperand(scratch, GlobalObject::kNativeContextOffset)); + __ ldr(scratch, MemOperand(scratch, Context::SlotOffset(index))); + __ Move(ip, function); + __ cmp(ip, scratch); + __ b(ne, miss); + // Load its initial map. The global functions all have initial maps. __ Move(prototype, Handle(function->initial_map())); // Load the prototype from the initial map. diff --git a/src/ia32/stub-cache-ia32.cc b/src/ia32/stub-cache-ia32.cc index df983e9..c8a9ce4 100644 --- a/src/ia32/stub-cache-ia32.cc +++ b/src/ia32/stub-cache-ia32.cc @@ -271,13 +271,17 @@ void StubCompiler::GenerateDirectLoadGlobalFunctionPrototype( int index, Register prototype, Label* miss) { - // Check we're still in the same context. - __ cmp(Operand(esi, Context::SlotOffset(Context::GLOBAL_OBJECT_INDEX)), - masm->isolate()->global_object()); - __ j(not_equal, miss); // Get the global function with the given index. Handle function( JSFunction::cast(masm->isolate()->native_context()->get(index))); + // Check we're still in the same context. + Register scratch = prototype; + const int offset = Context::SlotOffset(Context::GLOBAL_OBJECT_INDEX); + __ mov(scratch, Operand(esi, offset)); + __ mov(scratch, FieldOperand(scratch, GlobalObject::kNativeContextOffset)); + __ cmp(Operand(scratch, Context::SlotOffset(index)), function); + __ j(not_equal, miss); + // Load its initial map. The global functions all have initial maps. __ Set(prototype, Immediate(Handle(function->initial_map()))); // Load the prototype from the initial map. diff --git a/src/x64/stub-cache-x64.cc b/src/x64/stub-cache-x64.cc index 54939d1..8be604f 100644 --- a/src/x64/stub-cache-x64.cc +++ b/src/x64/stub-cache-x64.cc @@ -245,14 +245,18 @@ void StubCompiler::GenerateDirectLoadGlobalFunctionPrototype( Register prototype, Label* miss) { Isolate* isolate = masm->isolate(); - // Check we're still in the same context. - __ Move(prototype, isolate->global_object()); - __ cmpq(Operand(rsi, Context::SlotOffset(Context::GLOBAL_OBJECT_INDEX)), - prototype); - __ j(not_equal, miss); // Get the global function with the given index. Handle function( JSFunction::cast(isolate->native_context()->get(index))); + + // Check we're still in the same context. + Register scratch = prototype; + const int offset = Context::SlotOffset(Context::GLOBAL_OBJECT_INDEX); + __ movp(scratch, Operand(rsi, offset)); + __ movp(scratch, FieldOperand(scratch, GlobalObject::kNativeContextOffset)); + __ Cmp(Operand(scratch, Context::SlotOffset(index)), function); + __ j(not_equal, miss); + // Load its initial map. The global functions all have initial maps. __ Move(prototype, Handle(function->initial_map())); // Load the prototype from the initial map.