Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(110)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/virtual-frame.cc

Issue 47006: Fix flaw in VirtualFrame::SetElementAt handling multiple copies of elements. (Closed) Base URL: http://v8.googlecode.com/svn/branches/bleeding_edge/
Patch Set: '' Created 11 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2009 the V8 project authors. All rights reserved. 1 // Copyright 2009 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 369 matching lines...) Expand 10 before | Expand all | Expand 10 after
380 FrameElement new_element; 380 FrameElement new_element;
381 if (value->is_register()) { 381 if (value->is_register()) {
382 // There are two cases depending no whether the register already 382 // There are two cases depending no whether the register already
383 // occurs in the frame or not. 383 // occurs in the frame or not.
384 if (register_count(value->reg()) == 0) { 384 if (register_count(value->reg()) == 0) {
385 Use(value->reg()); 385 Use(value->reg());
386 elements_[frame_index] = 386 elements_[frame_index] =
387 FrameElement::RegisterElement(value->reg(), 387 FrameElement::RegisterElement(value->reg(),
388 FrameElement::NOT_SYNCED); 388 FrameElement::NOT_SYNCED);
389 } else { 389 } else {
390 for (int i = 0; i < elements_.length(); i++) { 390 int i = 0;
391 FrameElement element = elements_[i]; 391 for (; i < elements_.length(); i++) {
392 if (element.is_register() && element.reg().is(value->reg())) { 392 if (elements_[i].is_register() && elements_[i].reg().is(value->reg())) {
393 if (i < frame_index) { 393 break;
394 // The register backing store is lower in the frame than its 394 }
395 // copy. 395 }
396 elements_[frame_index] = CopyElementAt(i); 396 ASSERT(i < elements_.length());
397 } else { 397
398 // There was an early bailout for the case of setting a 398 if (i < frame_index) {
399 // register element to itself. 399 // The register backing store is lower in the frame than its copy.
400 ASSERT(i != frame_index); 400 elements_[frame_index] = CopyElementAt(i);
401 element.clear_sync(); 401 } else {
402 elements_[frame_index] = element; 402 // There was an early bailout for the case of setting a
403 elements_[i] = CopyElementAt(frame_index); 403 // register element to itself.
404 ASSERT(i != frame_index);
405 elements_[frame_index] = elements_[i];
406 elements_[i] = CopyElementAt(frame_index);
407 if (elements_[frame_index].is_synced()) {
408 elements_[i].set_sync();
409 }
410 elements_[frame_index].clear_sync();
411 for (int j = i + 1; j < elements_.length(); j++) {
412 if (elements_[j].is_copy() && elements_[j].index() == i) {
413 elements_[j].set_index(frame_index);
404 } 414 }
405 // Exit the loop once the appropriate copy is inserted.
406 break;
407 } 415 }
408 } 416 }
409 } 417 }
410 } else { 418 } else {
411 ASSERT(value->is_constant()); 419 ASSERT(value->is_constant());
412 elements_[frame_index] = 420 elements_[frame_index] =
413 FrameElement::ConstantElement(value->handle(), 421 FrameElement::ConstantElement(value->handle(),
414 FrameElement::NOT_SYNCED); 422 FrameElement::NOT_SYNCED);
415 } 423 }
416 value->Unuse(); 424 value->Unuse();
(...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after
557 #endif 565 #endif
558 if (stack_pointer_ != other->stack_pointer_) return false; 566 if (stack_pointer_ != other->stack_pointer_) return false;
559 for (int i = 0; i < elements_.length(); i++) { 567 for (int i = 0; i < elements_.length(); i++) {
560 if (!elements_[i].Equals(other->elements_[i])) return false; 568 if (!elements_[i].Equals(other->elements_[i])) return false;
561 } 569 }
562 570
563 return true; 571 return true;
564 } 572 }
565 573
566 } } // namespace v8::internal 574 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698