Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/compiler/js-native-context-specialization.cc

Issue 2279213002: [turbofan] Introduce a dedicated ArrayBufferWasNeutered operator. (Closed)
Patch Set: Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/compiler/js-builtin-reducer.cc ('k') | src/compiler/load-elimination.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 the V8 project authors. All rights reserved. 1 // Copyright 2015 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/compiler/js-native-context-specialization.h" 5 #include "src/compiler/js-native-context-specialization.h"
6 6
7 #include "src/accessors.h" 7 #include "src/accessors.h"
8 #include "src/code-factory.h" 8 #include "src/code-factory.h"
9 #include "src/compilation-dependencies.h" 9 #include "src/compilation-dependencies.h"
10 #include "src/compiler/access-builder.h" 10 #include "src/compiler/access-builder.h"
(...skipping 1030 matching lines...) Expand 10 before | Expand all | Expand 10 after
1041 if (IsFixedTypedArrayElementsKind(elements_kind)) { 1041 if (IsFixedTypedArrayElementsKind(elements_kind)) {
1042 // Load the {receiver}s length. 1042 // Load the {receiver}s length.
1043 Node* length = effect = graph()->NewNode( 1043 Node* length = effect = graph()->NewNode(
1044 simplified()->LoadField(AccessBuilder::ForJSTypedArrayLength()), 1044 simplified()->LoadField(AccessBuilder::ForJSTypedArrayLength()),
1045 receiver, effect, control); 1045 receiver, effect, control);
1046 1046
1047 // Check if the {receiver}s buffer was neutered. 1047 // Check if the {receiver}s buffer was neutered.
1048 Node* buffer = effect = graph()->NewNode( 1048 Node* buffer = effect = graph()->NewNode(
1049 simplified()->LoadField(AccessBuilder::ForJSArrayBufferViewBuffer()), 1049 simplified()->LoadField(AccessBuilder::ForJSArrayBufferViewBuffer()),
1050 receiver, effect, control); 1050 receiver, effect, control);
1051 Node* buffer_bitfield = effect = graph()->NewNode( 1051 Node* check = effect = graph()->NewNode(
1052 simplified()->LoadField(AccessBuilder::ForJSArrayBufferBitField()), 1052 simplified()->ArrayBufferWasNeutered(), buffer, effect, control);
1053 buffer, effect, control);
1054 Node* check = graph()->NewNode(
1055 simplified()->NumberEqual(),
1056 graph()->NewNode(
1057 simplified()->NumberBitwiseAnd(), buffer_bitfield,
1058 jsgraph()->Constant(JSArrayBuffer::WasNeutered::kMask)),
1059 jsgraph()->ZeroConstant());
1060 1053
1061 // Default to zero if the {receiver}s buffer was neutered. 1054 // Default to zero if the {receiver}s buffer was neutered.
1062 length = graph()->NewNode( 1055 length = graph()->NewNode(
1063 common()->Select(MachineRepresentation::kTagged, BranchHint::kTrue), 1056 common()->Select(MachineRepresentation::kTagged, BranchHint::kFalse),
1064 check, length, jsgraph()->ZeroConstant()); 1057 check, jsgraph()->ZeroConstant(), length);
1065 1058
1066 if (store_mode == STORE_NO_TRANSITION_IGNORE_OUT_OF_BOUNDS) { 1059 if (store_mode == STORE_NO_TRANSITION_IGNORE_OUT_OF_BOUNDS) {
1067 // Check that the {index} is a valid array index, we do the actual 1060 // Check that the {index} is a valid array index, we do the actual
1068 // bounds check below and just skip the store below if it's out of 1061 // bounds check below and just skip the store below if it's out of
1069 // bounds for the {receiver}. 1062 // bounds for the {receiver}.
1070 index = effect = graph()->NewNode(simplified()->CheckBounds(), index, 1063 index = effect = graph()->NewNode(simplified()->CheckBounds(), index,
1071 jsgraph()->Constant(Smi::kMaxValue), 1064 jsgraph()->Constant(Smi::kMaxValue),
1072 effect, control); 1065 effect, control);
1073 } else { 1066 } else {
1074 // Check that the {index} is in the valid range for the {receiver}. 1067 // Check that the {index} is in the valid range for the {receiver}.
(...skipping 418 matching lines...) Expand 10 before | Expand all | Expand 10 after
1493 } 1486 }
1494 1487
1495 1488
1496 SimplifiedOperatorBuilder* JSNativeContextSpecialization::simplified() const { 1489 SimplifiedOperatorBuilder* JSNativeContextSpecialization::simplified() const {
1497 return jsgraph()->simplified(); 1490 return jsgraph()->simplified();
1498 } 1491 }
1499 1492
1500 } // namespace compiler 1493 } // namespace compiler
1501 } // namespace internal 1494 } // namespace internal
1502 } // namespace v8 1495 } // namespace v8
OLDNEW
« no previous file with comments | « src/compiler/js-builtin-reducer.cc ('k') | src/compiler/load-elimination.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698