| OLD | NEW |
|---|
| 1 // Copyright 2014 the V8 project authors. All rights reserved. | 1 // Copyright 2014 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/compiler/js-context-specialization.h" | 5 #include "src/compiler/js-context-specialization.h" |
| 6 #include "src/compiler/js-graph.h" |
| 6 #include "src/compiler/js-operator.h" | 7 #include "src/compiler/js-operator.h" |
| 7 #include "src/compiler/node-matchers.h" | 8 #include "src/compiler/node-matchers.h" |
| 8 #include "src/compiler/node-properties.h" | 9 #include "src/compiler/node-properties.h" |
| 9 #include "src/compiler/source-position.h" | 10 #include "src/compiler/source-position.h" |
| 10 #include "test/cctest/cctest.h" | 11 #include "test/cctest/cctest.h" |
| 11 #include "test/cctest/compiler/function-tester.h" | 12 #include "test/cctest/compiler/function-tester.h" |
| 12 #include "test/cctest/compiler/graph-builder-tester.h" | 13 #include "test/cctest/compiler/graph-builder-tester.h" |
| 13 | 14 |
| 14 using namespace v8::internal; | 15 using namespace v8::internal; |
| 15 using namespace v8::internal::compiler; | 16 using namespace v8::internal::compiler; |
| (...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 84 | 85 |
| 85 { | 86 { |
| 86 // Mutable slot, constant context, depth > 0 => fold-in parent context. | 87 // Mutable slot, constant context, depth > 0 => fold-in parent context. |
| 87 Node* load = t.graph()->NewNode( | 88 Node* load = t.graph()->NewNode( |
| 88 t.javascript()->LoadContext(2, Context::GLOBAL_EVAL_FUN_INDEX, false), | 89 t.javascript()->LoadContext(2, Context::GLOBAL_EVAL_FUN_INDEX, false), |
| 89 deep_const_context, deep_const_context, start); | 90 deep_const_context, deep_const_context, start); |
| 90 Reduction r = t.spec()->ReduceJSLoadContext(load); | 91 Reduction r = t.spec()->ReduceJSLoadContext(load); |
| 91 CHECK(r.Changed()); | 92 CHECK(r.Changed()); |
| 92 Node* new_context_input = NodeProperties::GetValueInput(r.replacement(), 0); | 93 Node* new_context_input = NodeProperties::GetValueInput(r.replacement(), 0); |
| 93 CHECK_EQ(IrOpcode::kHeapConstant, new_context_input->opcode()); | 94 CHECK_EQ(IrOpcode::kHeapConstant, new_context_input->opcode()); |
| 94 HeapObjectMatcher<Context> match(new_context_input); | 95 HeapObjectMatcher match(new_context_input); |
| 95 CHECK_EQ(*native, *match.Value().handle()); | 96 CHECK_EQ(*native, *match.Value().handle()); |
| 96 ContextAccess access = OpParameter<ContextAccess>(r.replacement()); | 97 ContextAccess access = OpParameter<ContextAccess>(r.replacement()); |
| 97 CHECK_EQ(Context::GLOBAL_EVAL_FUN_INDEX, static_cast<int>(access.index())); | 98 CHECK_EQ(Context::GLOBAL_EVAL_FUN_INDEX, static_cast<int>(access.index())); |
| 98 CHECK_EQ(0, static_cast<int>(access.depth())); | 99 CHECK_EQ(0, static_cast<int>(access.depth())); |
| 99 CHECK_EQ(false, access.immutable()); | 100 CHECK_EQ(false, access.immutable()); |
| 100 } | 101 } |
| 101 | 102 |
| 102 { | 103 { |
| 103 // Immutable slot, constant context, depth = 0 => specialize. | 104 // Immutable slot, constant context, depth = 0 => specialize. |
| 104 Node* load = t.graph()->NewNode(t.javascript()->LoadContext(0, slot, true), | 105 Node* load = t.graph()->NewNode(t.javascript()->LoadContext(0, slot, true), |
| 105 const_context, const_context, start); | 106 const_context, const_context, start); |
| 106 Reduction r = t.spec()->ReduceJSLoadContext(load); | 107 Reduction r = t.spec()->ReduceJSLoadContext(load); |
| 107 CHECK(r.Changed()); | 108 CHECK(r.Changed()); |
| 108 CHECK(r.replacement() != load); | 109 CHECK(r.replacement() != load); |
| 109 | 110 |
| 110 HeapObjectMatcher<Object> match(r.replacement()); | 111 HeapObjectMatcher match(r.replacement()); |
| 111 CHECK(match.HasValue()); | 112 CHECK(match.HasValue()); |
| 112 CHECK_EQ(*expected, *match.Value().handle()); | 113 CHECK_EQ(*expected, *match.Value().handle()); |
| 113 } | 114 } |
| 114 | 115 |
| 115 // TODO(titzer): test with other kinds of contexts, e.g. a function context. | 116 // TODO(titzer): test with other kinds of contexts, e.g. a function context. |
| 116 // TODO(sigurds): test that loads below create context are not optimized | 117 // TODO(sigurds): test that loads below create context are not optimized |
| 117 } | 118 } |
| 118 | 119 |
| 119 | 120 |
| 120 TEST(ReduceJSStoreContext) { | 121 TEST(ReduceJSStoreContext) { |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 163 | 164 |
| 164 { | 165 { |
| 165 // Mutable slot, constant context, depth > 0 => fold-in parent context. | 166 // Mutable slot, constant context, depth > 0 => fold-in parent context. |
| 166 Node* load = t.graph()->NewNode( | 167 Node* load = t.graph()->NewNode( |
| 167 t.javascript()->StoreContext(2, Context::GLOBAL_EVAL_FUN_INDEX), | 168 t.javascript()->StoreContext(2, Context::GLOBAL_EVAL_FUN_INDEX), |
| 168 deep_const_context, deep_const_context, start); | 169 deep_const_context, deep_const_context, start); |
| 169 Reduction r = t.spec()->ReduceJSStoreContext(load); | 170 Reduction r = t.spec()->ReduceJSStoreContext(load); |
| 170 CHECK(r.Changed()); | 171 CHECK(r.Changed()); |
| 171 Node* new_context_input = NodeProperties::GetValueInput(r.replacement(), 0); | 172 Node* new_context_input = NodeProperties::GetValueInput(r.replacement(), 0); |
| 172 CHECK_EQ(IrOpcode::kHeapConstant, new_context_input->opcode()); | 173 CHECK_EQ(IrOpcode::kHeapConstant, new_context_input->opcode()); |
| 173 HeapObjectMatcher<Context> match(new_context_input); | 174 HeapObjectMatcher match(new_context_input); |
| 174 CHECK_EQ(*native, *match.Value().handle()); | 175 CHECK_EQ(*native, *match.Value().handle()); |
| 175 ContextAccess access = OpParameter<ContextAccess>(r.replacement()); | 176 ContextAccess access = OpParameter<ContextAccess>(r.replacement()); |
| 176 CHECK_EQ(Context::GLOBAL_EVAL_FUN_INDEX, static_cast<int>(access.index())); | 177 CHECK_EQ(Context::GLOBAL_EVAL_FUN_INDEX, static_cast<int>(access.index())); |
| 177 CHECK_EQ(0, static_cast<int>(access.depth())); | 178 CHECK_EQ(0, static_cast<int>(access.depth())); |
| 178 CHECK_EQ(false, access.immutable()); | 179 CHECK_EQ(false, access.immutable()); |
| 179 } | 180 } |
| 180 } | 181 } |
| 181 | 182 |
| 182 | 183 |
| 183 // TODO(titzer): factor out common code with effects checking in typed lowering. | 184 // TODO(titzer): factor out common code with effects checking in typed lowering. |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 238 graph_reducer.AddReducer(&spec); | 239 graph_reducer.AddReducer(&spec); |
| 239 graph_reducer.ReduceGraph(); | 240 graph_reducer.ReduceGraph(); |
| 240 | 241 |
| 241 // Effects should have been forwarded (not replaced with a value). | 242 // Effects should have been forwarded (not replaced with a value). |
| 242 CheckEffectInput(effect_in, effect_use); | 243 CheckEffectInput(effect_in, effect_use); |
| 243 | 244 |
| 244 // Use of {other_load} should not have been replaced. | 245 // Use of {other_load} should not have been replaced. |
| 245 CHECK_EQ(other_load, other_use->InputAt(0)); | 246 CHECK_EQ(other_load, other_use->InputAt(0)); |
| 246 | 247 |
| 247 Node* replacement = value_use->InputAt(0); | 248 Node* replacement = value_use->InputAt(0); |
| 248 HeapObjectMatcher<Object> match(replacement); | 249 HeapObjectMatcher match(replacement); |
| 249 CHECK(match.HasValue()); | 250 CHECK(match.HasValue()); |
| 250 CHECK_EQ(*expected, *match.Value().handle()); | 251 CHECK_EQ(*expected, *match.Value().handle()); |
| 251 } | 252 } |
| 252 // TODO(titzer): clean up above test and test more complicated effects. | 253 // TODO(titzer): clean up above test and test more complicated effects. |
| 253 } | 254 } |
| 254 | 255 |
| 255 | 256 |
| 256 TEST(SpecializeJSFunction_ToConstant1) { | 257 TEST(SpecializeJSFunction_ToConstant1) { |
| 257 FunctionTester T( | 258 FunctionTester T( |
| 258 "(function() { var x = 1; function inc(a)" | 259 "(function() { var x = 1; function inc(a)" |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 301 { | 302 { |
| 302 FunctionTester T( | 303 FunctionTester T( |
| 303 "(function() { if (false) { var x = 1; } function inc(a)" | 304 "(function() { if (false) { var x = 1; } function inc(a)" |
| 304 " { return a + x; } return inc; })()"); // x is undefined! | 305 " { return a + x; } return inc; })()"); // x is undefined! |
| 305 | 306 |
| 306 CHECK(T.Call(T.Val(0.0), T.Val(0.0)).ToHandleChecked()->IsNaN()); | 307 CHECK(T.Call(T.Val(0.0), T.Val(0.0)).ToHandleChecked()->IsNaN()); |
| 307 CHECK(T.Call(T.Val(2.0), T.Val(0.0)).ToHandleChecked()->IsNaN()); | 308 CHECK(T.Call(T.Val(2.0), T.Val(0.0)).ToHandleChecked()->IsNaN()); |
| 308 CHECK(T.Call(T.Val(-2.1), T.Val(0.0)).ToHandleChecked()->IsNaN()); | 309 CHECK(T.Call(T.Val(-2.1), T.Val(0.0)).ToHandleChecked()->IsNaN()); |
| 309 } | 310 } |
| 310 } | 311 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1196623002:
[ubsan] Fix HeapObjectMatcher to avoid invalid casts. (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master