Chromium Code Reviews Chromium Code Reviews
Issue 5686006:
Add array bound checks to code generated for SwapElements. This fixes a bug t... (Closed)
Base URL: http://v8.googlecode.com/svn/branches/bleeding_edge/| OLD | NEW |
|---|---|
| 1 // Copyright 2010 the V8 project authors. All rights reserved. | 1 // Copyright 2010 the V8 project authors. All rights reserved. |
| 2 // Redistribution and use in source and binary forms, with or without | 2 // Redistribution and use in source and binary forms, with or without |
| 3 // modification, are permitted provided that the following conditions are | 3 // modification, are permitted provided that the following conditions are |
| 4 // met: | 4 // met: |
| 5 // | 5 // |
| 6 // * Redistributions of source code must retain the above copyright | 6 // * Redistributions of source code must retain the above copyright |
| 7 // notice, this list of conditions and the following disclaimer. | 7 // notice, this list of conditions and the following disclaimer. |
| 8 // * Redistributions in binary form must reproduce the above | 8 // * Redistributions in binary form must reproduce the above |
| 9 // copyright notice, this list of conditions and the following | 9 // copyright notice, this list of conditions and the following |
| 10 // disclaimer in the documentation and/or other materials provided | 10 // disclaimer in the documentation and/or other materials provided |
| (...skipping 5574 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 5585 // Smi-tagging is equivalent to multiplying by 2. | 5585 // Smi-tagging is equivalent to multiplying by 2. |
| 5586 STATIC_ASSERT(kSmiTag == 0); | 5586 STATIC_ASSERT(kSmiTag == 0); |
| 5587 STATIC_ASSERT(kSmiTagSize == 1); | 5587 STATIC_ASSERT(kSmiTagSize == 1); |
| 5588 | 5588 |
| 5589 // Check that both indices are smis. | 5589 // Check that both indices are smis. |
| 5590 __ mov(tmp2, index1); | 5590 __ mov(tmp2, index1); |
| 5591 __ orr(tmp2, tmp2, index2); | 5591 __ orr(tmp2, tmp2, index2); |
| 5592 __ tst(tmp2, Operand(kSmiTagMask)); | 5592 __ tst(tmp2, Operand(kSmiTagMask)); |
| 5593 deferred->Branch(nz); | 5593 deferred->Branch(nz); |
| 5594 | 5594 |
| 5595 // Check that both indices are valid. | |
| 5596 __ ldr(tmp2, FieldMemOperand(object, JSArray::kLengthOffset)); | |
| 5597 __ cmp(tmp2, index1); | |
| 5598 deferred->Branch(le); | |
| 5599 __ cmp(tmp2, index2); | |
|
Lasse Reichstein
2010/12/15 08:34:55
You might consider making the second compare condi
Karl Klose
2010/12/15 09:11:45
Done.
| |
| 5600 deferred->Branch(le); | |
| 5601 | |
| 5595 // Bring the offsets into the fixed array in tmp1 into index1 and | 5602 // Bring the offsets into the fixed array in tmp1 into index1 and |
| 5596 // index2. | 5603 // index2. |
| 5597 __ mov(tmp2, Operand(FixedArray::kHeaderSize - kHeapObjectTag)); | 5604 __ mov(tmp2, Operand(FixedArray::kHeaderSize - kHeapObjectTag)); |
| 5598 __ add(index1, tmp2, Operand(index1, LSL, kPointerSizeLog2 - kSmiTagSize)); | 5605 __ add(index1, tmp2, Operand(index1, LSL, kPointerSizeLog2 - kSmiTagSize)); |
| 5599 __ add(index2, tmp2, Operand(index2, LSL, kPointerSizeLog2 - kSmiTagSize)); | 5606 __ add(index2, tmp2, Operand(index2, LSL, kPointerSizeLog2 - kSmiTagSize)); |
| 5600 | 5607 |
| 5601 // Swap elements. | 5608 // Swap elements. |
| 5602 Register tmp3 = object; | 5609 Register tmp3 = object; |
| 5603 object = no_reg; | 5610 object = no_reg; |
| 5604 __ ldr(tmp3, MemOperand(tmp1, index1)); | 5611 __ ldr(tmp3, MemOperand(tmp1, index1)); |
| (...skipping 1759 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 7364 BinaryOpIC::GetName(runtime_operands_type_)); | 7371 BinaryOpIC::GetName(runtime_operands_type_)); |
| 7365 return name_; | 7372 return name_; |
| 7366 } | 7373 } |
| 7367 | 7374 |
| 7368 | 7375 |
| 7369 #undef __ | 7376 #undef __ |
| 7370 | 7377 |
| 7371 } } // namespace v8::internal | 7378 } } // namespace v8::internal |
| 7372 | 7379 |
| 7373 #endif // V8_TARGET_ARCH_ARM | 7380 #endif // V8_TARGET_ARCH_ARM |
| OLD | NEW |
