Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(182)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/wasm/ast-decoder.h

Issue 2425983002: [turbofan] Use uint32 to store the number of control outputs instead of uint16. (Closed)
Patch Set: Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | test/mjsunit/regress/wasm/regression-5531.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 the V8 project authors. All rights reserved. 1 // Copyright 2015 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef V8_WASM_AST_DECODER_H_ 5 #ifndef V8_WASM_AST_DECODER_H_
6 #define V8_WASM_AST_DECODER_H_ 6 #define V8_WASM_AST_DECODER_H_
7 7
8 #include "src/base/compiler-specific.h" 8 #include "src/base/compiler-specific.h"
9 #include "src/globals.h" 9 #include "src/globals.h"
10 #include "src/signature.h" 10 #include "src/signature.h"
(...skipping 202 matching lines...) Expand 10 before | Expand all | Expand 10 after
213 213
214 struct BranchTableOperand { 214 struct BranchTableOperand {
215 uint32_t table_count; 215 uint32_t table_count;
216 const byte* start; 216 const byte* start;
217 const byte* table; 217 const byte* table;
218 inline BranchTableOperand(Decoder* decoder, const byte* pc) { 218 inline BranchTableOperand(Decoder* decoder, const byte* pc) {
219 DCHECK_EQ(kExprBrTable, decoder->checked_read_u8(pc, 0, "opcode")); 219 DCHECK_EQ(kExprBrTable, decoder->checked_read_u8(pc, 0, "opcode"));
220 start = pc + 1; 220 start = pc + 1;
221 unsigned len1 = 0; 221 unsigned len1 = 0;
222 table_count = decoder->checked_read_u32v(pc, 1, &len1, "table count"); 222 table_count = decoder->checked_read_u32v(pc, 1, &len1, "table count");
223 if (table_count > (UINT_MAX / sizeof(uint32_t)) - 1 || 223 // The limit of {table_count} is UINT16_MAX because that is the maximum
224 // value of the switch parameter in TurboFan.
225 if (table_count >
titzer 2016/10/18 12:34:07 Can we instead fix the TurboFan operator? IIRC suc
226 static_cast<uint32_t>(std::numeric_limits<uint16_t>::max()) ||
224 len1 > UINT_MAX - (table_count + 1) * sizeof(uint32_t)) { 227 len1 > UINT_MAX - (table_count + 1) * sizeof(uint32_t)) {
225 decoder->error(pc, "branch table size overflow"); 228 decoder->error(pc, "branch table size overflow");
226 } 229 }
227 table = pc + 1 + len1; 230 table = pc + 1 + len1;
228 } 231 }
229 inline uint32_t read_entry(Decoder* decoder, unsigned i) { 232 inline uint32_t read_entry(Decoder* decoder, unsigned i) {
230 DCHECK(i <= table_count); 233 DCHECK(i <= table_count);
231 return table ? decoder->read_u32(table + i * sizeof(uint32_t)) : 0; 234 return table ? decoder->read_u32(table + i * sizeof(uint32_t)) : 0;
232 } 235 }
233 }; 236 };
(...skipping 184 matching lines...) Expand 10 before | Expand all | Expand 10 after
418 } 421 }
419 422
420 bool has_next() { return pc_ < end_; } 423 bool has_next() { return pc_ < end_; }
421 }; 424 };
422 425
423 } // namespace wasm 426 } // namespace wasm
424 } // namespace internal 427 } // namespace internal
425 } // namespace v8 428 } // namespace v8
426 429
427 #endif // V8_WASM_AST_DECODER_H_ 430 #endif // V8_WASM_AST_DECODER_H_
OLDNEW
« no previous file with comments | « no previous file | test/mjsunit/regress/wasm/regression-5531.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698