Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(285)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/asmjs/asm-typer.cc

Issue 2181723002: [wasm][asm2wasm] Fixes a bug in 8-bit heap view accesses. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | test/cctest/asmjs/test-asm-typer.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 the V8 project authors. All rights reserved. 1 // Copyright 2016 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/asmjs/asm-typer.h" 5 #include "src/asmjs/asm-typer.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <limits> 8 #include <limits>
9 #include <memory> 9 #include <memory>
10 #include <string> 10 #include <string>
(...skipping 2444 matching lines...) Expand 10 before | Expand all | Expand 10 after
2455 ExtractHeapAccessShift(key_as_binop->right(), &shift) && 2455 ExtractHeapAccessShift(key_as_binop->right(), &shift) &&
2456 (1 << shift) == obj_type->ElementSizeInBytes()) { 2456 (1 << shift) == obj_type->ElementSizeInBytes()) {
2457 AsmType* type; 2457 AsmType* type;
2458 RECURSE(type = ValidateExpression(key_as_binop->left())); 2458 RECURSE(type = ValidateExpression(key_as_binop->left()));
2459 if (type->IsA(AsmType::Intish())) { 2459 if (type->IsA(AsmType::Intish())) {
2460 if (access_type == LoadFromHeap) { 2460 if (access_type == LoadFromHeap) {
2461 return obj_type->LoadType(); 2461 return obj_type->LoadType();
2462 } 2462 }
2463 return obj_type->StoreType(); 2463 return obj_type->StoreType();
2464 } 2464 }
2465 // TODO(jpp): it may be the case that, if type is not an Intish, we could 2465 FAIL(key_as_binop, "Invalid heap access index.");
2466 // fail here instead of letting the validator try using the "leniency"
2467 // rule (i.e., allow unshifted indexes for heap views of 8-bit integers.
2468 } 2466 }
2469 } 2467 }
2470 2468
2471 if (obj_type->ElementSizeInBytes() == 1) { 2469 if (obj_type->ElementSizeInBytes() == 1) {
2472 // Leniency: if this is a byte array, we don't require the shift operation 2470 // Leniency: if this is a byte array, we don't require the shift operation
2473 // to be present. 2471 // to be present.
2474 AsmType* index_type; 2472 AsmType* index_type;
2475 RECURSE(index_type = ValidateExpression(heap->key())); 2473 RECURSE(index_type = ValidateExpression(heap->key()));
2476 if (!index_type->IsA(AsmType::Int())) { 2474 if (!index_type->IsA(AsmType::Int())) {
2477 FAIL(heap, "Invalid heap access index for byte array."); 2475 FAIL(heap, "Invalid heap access index for byte array.");
(...skipping 261 matching lines...) Expand 10 before | Expand all | Expand 10 after
2739 return true; 2737 return true;
2740 } 2738 }
2741 2739
2742 *error_message = typer.error_message(); 2740 *error_message = typer.error_message();
2743 return false; 2741 return false;
2744 } 2742 }
2745 2743
2746 } // namespace wasm 2744 } // namespace wasm
2747 } // namespace internal 2745 } // namespace internal
2748 } // namespace v8 2746 } // namespace v8
OLDNEW
« no previous file with comments | « no previous file | test/cctest/asmjs/test-asm-typer.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698