Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(875)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1409993002: [turbofan] Move SimplifiedOperatorBuilder into JSGraph. (Closed)

Created:
5 years, 2 months ago by Michael Starzinger
Modified:
5 years, 2 months ago
Reviewers:
Benedikt Meurer
CC:
v8-reviews_googlegroups.com
Base URL:
https://chromium.googlesource.com/v8/v8.git@master
Target Ref:
refs/pending/heads/master
Project:
v8
Visibility:
Public.

Description

[turbofan] Move SimplifiedOperatorBuilder into JSGraph. This fixes the lifetime of nodes created by JSGlobalSpecialization that contain a simplified operator. In the case where this reducer runs as part of the inliner, the SimplifiedOperatorBuilder was instantiated with the wrong zone. This led to use-after-free of simplified operators. To avoid such situations in the future, we decided to move this operator builder into the JSGraph and make the situation uniform with all other operator builders. R=bmeurer@chromium.org BUG=chromium:543528 LOG=n Committed: https://crrev.com/b7990793cf322a4de187a6d51caa3e14c749092e Cr-Commit-Position: refs/heads/master@{#31334}

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+70 lines, -37 lines) Patch
M src/compiler/js-global-specialization.h View 2 chunks +1 line, -2 lines 0 comments Download
M src/compiler/js-global-specialization.cc View 2 chunks +6 lines, -2 lines 0 comments Download
M src/compiler/js-graph.h View 3 chunks +8 lines, -3 lines 0 comments Download
M src/compiler/js-inlining.cc View 1 chunk +2 lines, -1 line 0 comments Download
M src/compiler/pipeline.cc View 7 chunks +8 lines, -1 line 0 comments Download
M src/compiler/simplified-operator.h View 1 chunk +1 line, -1 line 0 comments Download
M test/cctest/compiler/test-changes-lowering.cc View 1 chunk +1 line, -1 line 0 comments Download
M test/cctest/compiler/test-js-constant-cache.cc View 1 chunk +1 line, -1 line 0 comments Download
M test/cctest/compiler/test-js-context-specialization.cc View 1 chunk +2 lines, -1 line 0 comments Download
M test/cctest/compiler/test-js-typed-lowering.cc View 1 chunk +2 lines, -1 line 0 comments Download
M test/cctest/compiler/test-loop-analysis.cc View 1 chunk +1 line, -1 line 0 comments Download
M test/cctest/compiler/test-machine-operator-reducer.cc View 1 chunk +1 line, -1 line 0 comments Download
M test/cctest/compiler/test-osr.cc View 1 chunk +1 line, -1 line 0 comments Download
M test/cctest/compiler/test-representation-change.cc View 1 chunk +1 line, -1 line 0 comments Download
M test/cctest/compiler/test-run-stubs.cc View 1 chunk +1 line, -1 line 0 comments Download
M test/cctest/compiler/test-simplified-lowering.cc View 2 chunks +3 lines, -2 lines 0 comments Download
M test/unittests/compiler/bytecode-graph-builder-unittest.cc View 1 chunk +2 lines, -2 lines 0 comments Download
M test/unittests/compiler/change-lowering-unittest.cc View 1 chunk +2 lines, -1 line 0 comments Download
M test/unittests/compiler/js-builtin-reducer-unittest.cc View 1 chunk +2 lines, -1 line 0 comments Download
M test/unittests/compiler/js-context-relaxation-unittest.cc View 2 chunks +4 lines, -2 lines 0 comments Download
M test/unittests/compiler/js-intrinsic-lowering-unittest.cc View 2 chunks +4 lines, -2 lines 0 comments Download
M test/unittests/compiler/js-type-feedback-unittest.cc View 2 chunks +4 lines, -2 lines 0 comments Download
M test/unittests/compiler/js-typed-lowering-unittest.cc View 1 chunk +2 lines, -1 line 0 comments Download
M test/unittests/compiler/liveness-analyzer-unittest.cc View 1 chunk +2 lines, -1 line 0 comments Download
M test/unittests/compiler/machine-operator-reducer-unittest.cc View 1 chunk +2 lines, -1 line 0 comments Download
M test/unittests/compiler/simplified-operator-reducer-unittest.cc View 1 chunk +2 lines, -1 line 0 comments Download
M test/unittests/compiler/state-values-utils-unittest.cc View 2 chunks +4 lines, -2 lines 0 comments Download

Messages

Total messages: 6 (1 generated)
Michael Starzinger
5 years, 2 months ago (2015-10-16 11:42:20 UTC) #1
Benedikt Meurer
LGTM.
5 years, 2 months ago (2015-10-16 11:44:56 UTC) #2
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1409993002/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1409993002/1
5 years, 2 months ago (2015-10-16 11:50:55 UTC) #4
commit-bot: I haz the power
Committed patchset #1 (id:1)
5 years, 2 months ago (2015-10-16 12:38:49 UTC) #5
commit-bot: I haz the power
5 years, 2 months ago (2015-10-16 12:39:01 UTC) #6
Message was sent while issue was closed. 
Patchset 1 (id:??) landed as
https://crrev.com/b7990793cf322a4de187a6d51caa3e14c749092e
Cr-Commit-Position: refs/heads/master@{#31334}

Powered by Google App Engine
This is Rietveld 408576698