Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(642)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/asmjs/asm-typer.cc

Issue 2426473007: [V8][asm.js] Fixes a bug in comma-expression validation. (Closed)
Patch Set: expands the tests. Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | test/mjsunit/asm/b5528-comma.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 the V8 project authors. All rights reserved. 1 // Copyright 2016 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/asmjs/asm-typer.h" 5 #include "src/asmjs/asm-typer.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <limits> 8 #include <limits>
9 #include <memory> 9 #include <memory>
10 #include <string> 10 #include <string>
(...skipping 1624 matching lines...) Expand 10 before | Expand all | Expand 10 after
1635 auto* left = comma->left(); 1635 auto* left = comma->left();
1636 if (auto* left_as_call = left->AsCall()) { 1636 if (auto* left_as_call = left->AsCall()) {
1637 RECURSE(ValidateCall(AsmType::Void(), left_as_call)); 1637 RECURSE(ValidateCall(AsmType::Void(), left_as_call));
1638 } else { 1638 } else {
1639 RECURSE(ValidateExpression(left)); 1639 RECURSE(ValidateExpression(left));
1640 } 1640 }
1641 1641
1642 auto* right = comma->right(); 1642 auto* right = comma->right();
1643 AsmType* right_type = nullptr; 1643 AsmType* right_type = nullptr;
1644 if (auto* right_as_call = right->AsCall()) { 1644 if (auto* right_as_call = right->AsCall()) {
1645 RECURSE(right_type = ValidateCall(AsmType::Void(), right_as_call)); 1645 RECURSE(right_type = ValidateFloatCoercion(right_as_call));
1646 if (right_type != AsmType::Float()) {
1647 // right_type == nullptr <-> right_as_call is not a call to fround.
1648 DCHECK(right_type == nullptr);
1649 RECURSE(right_type = ValidateCall(AsmType::Void(), right_as_call));
1650 // Unnanotated function call to something that's not fround must be a call
1651 // to a void function.
1652 DCHECK_EQ(right_type, AsmType::Void());
1653 }
1646 } else { 1654 } else {
1647 RECURSE(right_type = ValidateExpression(right)); 1655 RECURSE(right_type = ValidateExpression(right));
1648 } 1656 }
1649 1657
1650 return right_type; 1658 return right_type;
1651 } 1659 }
1652 1660
1653 // 6.8.2 NumericLiteral 1661 // 6.8.2 NumericLiteral
1654 AsmType* AsmTyper::ValidateNumericLiteral(Literal* literal) { 1662 AsmType* AsmTyper::ValidateNumericLiteral(Literal* literal) {
1655 // *VIOLATION* asm.js does not allow the use of undefined, but our parser 1663 // *VIOLATION* asm.js does not allow the use of undefined, but our parser
(...skipping 11 matching lines...) Expand all
1667 if (literal->raw_value()->IsTrue() || literal->raw_value()->IsFalse()) { 1675 if (literal->raw_value()->IsTrue() || literal->raw_value()->IsFalse()) {
1668 return AsmType::Int(); 1676 return AsmType::Int();
1669 } 1677 }
1670 1678
1671 uint32_t value; 1679 uint32_t value;
1672 if (!literal->value()->ToUint32(&value)) { 1680 if (!literal->value()->ToUint32(&value)) {
1673 int32_t value; 1681 int32_t value;
1674 if (!literal->value()->ToInt32(&value)) { 1682 if (!literal->value()->ToInt32(&value)) {
1675 FAIL(literal, "Integer literal is out of range."); 1683 FAIL(literal, "Integer literal is out of range.");
1676 } 1684 }
1677 // *VIOLATION* Not really a violation, but rather a different in the 1685 // *VIOLATION* Not really a violation, but rather a difference in
1678 // validation. The spec handles -NumericLiteral in ValidateUnaryExpression, 1686 // validation. The spec handles -NumericLiteral in ValidateUnaryExpression,
1679 // but V8's AST represents the negative literals as Literals. 1687 // but V8's AST represents the negative literals as Literals.
1680 return AsmType::Signed(); 1688 return AsmType::Signed();
1681 } 1689 }
1682 1690
1683 if (value <= LargestFixNum) { 1691 if (value <= LargestFixNum) {
1684 return AsmType::FixNum(); 1692 return AsmType::FixNum();
1685 } 1693 }
1686 1694
1687 return AsmType::Unsigned(); 1695 return AsmType::Unsigned();
(...skipping 1099 matching lines...) Expand 10 before | Expand all | Expand 10 after
2787 return true; 2795 return true;
2788 } 2796 }
2789 2797
2790 *error_message = typer.error_message(); 2798 *error_message = typer.error_message();
2791 return false; 2799 return false;
2792 } 2800 }
2793 2801
2794 } // namespace wasm 2802 } // namespace wasm
2795 } // namespace internal 2803 } // namespace internal
2796 } // namespace v8 2804 } // namespace v8
OLDNEW
« no previous file with comments | « no previous file | test/mjsunit/asm/b5528-comma.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698