Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/x64/lithium-codegen-x64.cc

Issue 10829456: Check that index and length are Smi in bounds check. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Porting changes to ARM and ia32 Created 8 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « src/x64/lithium-codegen-x64.h ('k') | test/mjsunit/regress/regress-crbug-142218.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 3665 matching lines...) Expand 10 before | Expand all | Expand 10 after
3676 case FAST_HOLEY_DOUBLE_ELEMENTS: 3676 case FAST_HOLEY_DOUBLE_ELEMENTS:
3677 case DICTIONARY_ELEMENTS: 3677 case DICTIONARY_ELEMENTS:
3678 case NON_STRICT_ARGUMENTS_ELEMENTS: 3678 case NON_STRICT_ARGUMENTS_ELEMENTS:
3679 UNREACHABLE(); 3679 UNREACHABLE();
3680 break; 3680 break;
3681 } 3681 }
3682 } 3682 }
3683 } 3683 }
3684 3684
3685 3685
3686 void LCodeGen::DeoptIfTaggedButNotSmi(LEnvironment* environment,
3687 HValue* value,
3688 LOperand* operand) {
3689 if (value->representation().IsTagged() && !value->type().IsSmi()) {
3690 Condition cc;
3691 if (operand->IsRegister()) {
3692 cc = masm()->CheckSmi(ToRegister(operand));
3693 } else {
3694 cc = masm()->CheckSmi(ToOperand(operand));
3695 }
3696 DeoptimizeIf(NegateCondition(cc), environment);
3697 }
3698 }
3699
3700
3686 void LCodeGen::DoBoundsCheck(LBoundsCheck* instr) { 3701 void LCodeGen::DoBoundsCheck(LBoundsCheck* instr) {
3702 DeoptIfTaggedButNotSmi(instr->environment(),
3703 instr->hydrogen()->length(),
3704 instr->length());
3705 DeoptIfTaggedButNotSmi(instr->environment(),
3706 instr->hydrogen()->index(),
3707 instr->index());
3687 if (instr->length()->IsRegister()) { 3708 if (instr->length()->IsRegister()) {
3688 Register reg = ToRegister(instr->length()); 3709 Register reg = ToRegister(instr->length());
3689 if (FLAG_debug_code && 3710 if (FLAG_debug_code &&
3690 !instr->hydrogen()->length()->representation().IsTagged()) { 3711 !instr->hydrogen()->length()->representation().IsTagged()) {
3691 __ AbortIfNotZeroExtended(reg); 3712 __ AbortIfNotZeroExtended(reg);
3692 } 3713 }
3693 if (instr->index()->IsConstantOperand()) { 3714 if (instr->index()->IsConstantOperand()) {
3694 int constant_index = 3715 int constant_index =
3695 ToInteger32(LConstantOperand::cast(instr->index())); 3716 ToInteger32(LConstantOperand::cast(instr->index()));
3696 if (instr->hydrogen()->length()->representation().IsTagged()) { 3717 if (instr->hydrogen()->length()->representation().IsTagged()) {
(...skipping 1467 matching lines...) Expand 10 before | Expand all | Expand 10 after
5164 FixedArray::kHeaderSize - kPointerSize)); 5185 FixedArray::kHeaderSize - kPointerSize));
5165 __ bind(&done); 5186 __ bind(&done);
5166 } 5187 }
5167 5188
5168 5189
5169 #undef __ 5190 #undef __
5170 5191
5171 } } // namespace v8::internal 5192 } } // namespace v8::internal
5172 5193
5173 #endif // V8_TARGET_ARCH_X64 5194 #endif // V8_TARGET_ARCH_X64
OLDNEW
« no previous file with comments | « src/x64/lithium-codegen-x64.h ('k') | test/mjsunit/regress/regress-crbug-142218.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698