Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(69)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/compiler/js-inlining.cc

Issue 1196623002: [ubsan] Fix HeapObjectMatcher to avoid invalid casts. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: REBASE Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« src/compiler/control-reducer.cc ('K') | « src/compiler/js-context-specialization.cc ('k') | src/compiler/js-intrinsic-lowering.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 the V8 project authors. All rights reserved. 1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/compiler/js-inlining.h" 5 #include "src/compiler/js-inlining.h"
6 6
7 #include "src/ast.h" 7 #include "src/ast.h"
8 #include "src/ast-numbering.h" 8 #include "src/ast-numbering.h"
9 #include "src/compiler/all-nodes.h" 9 #include "src/compiler/all-nodes.h"
10 #include "src/compiler/ast-graph-builder.h" 10 #include "src/compiler/ast-graph-builder.h"
(...skipping 220 matching lines...) Expand 10 before | Expand all | Expand 10 after
231 return jsgraph_->graph()->NewNode(op, params_node, node0, node0, 231 return jsgraph_->graph()->NewNode(op, params_node, node0, node0,
232 jsgraph_->UndefinedConstant(), 232 jsgraph_->UndefinedConstant(),
233 call->jsfunction(), call->frame_state()); 233 call->jsfunction(), call->frame_state());
234 } 234 }
235 235
236 236
237 Reduction JSInliner::Reduce(Node* node) { 237 Reduction JSInliner::Reduce(Node* node) {
238 if (node->opcode() != IrOpcode::kJSCallFunction) return NoChange(); 238 if (node->opcode() != IrOpcode::kJSCallFunction) return NoChange();
239 239
240 JSCallFunctionAccessor call(node); 240 JSCallFunctionAccessor call(node);
241 HeapObjectMatcher<JSFunction> match(call.jsfunction()); 241 HeapObjectMatcher match(call.jsfunction());
242 if (!match.HasValue()) return NoChange(); 242 if (!match.HasValue()) return NoChange();
243 243
244 Handle<JSFunction> function = match.Value().handle(); 244 if (!match.Value().handle()->IsJSFunction()) return NoChange();
245 if (!function->IsJSFunction()) return NoChange(); 245 Handle<JSFunction> function =
246 Handle<JSFunction>::cast(match.Value().handle());
246 if (mode_ == kRestrictedInlining && !function->shared()->force_inline()) { 247 if (mode_ == kRestrictedInlining && !function->shared()->force_inline()) {
247 return NoChange(); 248 return NoChange();
248 } 249 }
249 250
250 Zone zone; 251 Zone zone;
251 ParseInfo parse_info(&zone, function); 252 ParseInfo parse_info(&zone, function);
252 CompilationInfo info(&parse_info); 253 CompilationInfo info(&parse_info);
253 if (info_->is_deoptimization_enabled()) info.MarkAsDeoptimizationEnabled(); 254 if (info_->is_deoptimization_enabled()) info.MarkAsDeoptimizationEnabled();
254 255
255 if (!Compiler::ParseAndAnalyze(info.parse_info())) return NoChange(); 256 if (!Compiler::ParseAndAnalyze(info.parse_info())) return NoChange();
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
304 305
305 // Remember that we inlined this function. 306 // Remember that we inlined this function.
306 info_->AddInlinedFunction(info.shared_info()); 307 info_->AddInlinedFunction(info.shared_info());
307 308
308 return InlineCall(node, frame_state, start, end); 309 return InlineCall(node, frame_state, start, end);
309 } 310 }
310 311
311 } // namespace compiler 312 } // namespace compiler
312 } // namespace internal 313 } // namespace internal
313 } // namespace v8 314 } // namespace v8
OLDNEW
« src/compiler/control-reducer.cc ('K') | « src/compiler/js-context-specialization.cc ('k') | src/compiler/js-intrinsic-lowering.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698