Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(674)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/crankshaft/hydrogen.cc

Issue 2444233004: [compiler] Properly validate stable map assumption for globals. (Closed)
Patch Set: Unsmartify Crankshaft Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/compiler/js-global-object-specialization.cc ('k') | src/runtime/runtime-utils.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 the V8 project authors. All rights reserved. 1 // Copyright 2013 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/crankshaft/hydrogen.h" 5 #include "src/crankshaft/hydrogen.h"
6 6
7 #include <memory> 7 #include <memory>
8 #include <sstream> 8 #include <sstream>
9 9
10 #include "src/allocation-site-scopes.h" 10 #include "src/allocation-site-scopes.h"
(...skipping 6500 matching lines...) Expand 10 before | Expand all | Expand 10 after
6511 } 6511 }
6512 } 6512 }
6513 HConstant* cell_constant = Add<HConstant>(cell); 6513 HConstant* cell_constant = Add<HConstant>(cell);
6514 auto access = HObjectAccess::ForPropertyCellValue(); 6514 auto access = HObjectAccess::ForPropertyCellValue();
6515 if (cell_type == PropertyCellType::kConstantType) { 6515 if (cell_type == PropertyCellType::kConstantType) {
6516 switch (cell->GetConstantType()) { 6516 switch (cell->GetConstantType()) {
6517 case PropertyCellConstantType::kSmi: 6517 case PropertyCellConstantType::kSmi:
6518 access = access.WithRepresentation(Representation::Smi()); 6518 access = access.WithRepresentation(Representation::Smi());
6519 break; 6519 break;
6520 case PropertyCellConstantType::kStableMap: { 6520 case PropertyCellConstantType::kStableMap: {
6521 // The map may no longer be stable, deopt if it's ever different from 6521 // First check that the previous value of the {cell} still has the
6522 // what is currently there, which will allow for restablization. 6522 // map that we are about to check the new {value} for. If not, then
6523 Handle<Map> map(HeapObject::cast(cell->value())->map()); 6523 // the stable map assumption was invalidated and we cannot continue
6524 // with the optimized code.
6525 Handle<HeapObject> cell_value(HeapObject::cast(cell->value()));
6526 Handle<Map> cell_value_map(cell_value->map());
6527 if (!cell_value_map->is_stable()) {
6528 return Bailout(kUnstableConstantTypeHeapObject);
6529 }
6530 top_info()->dependencies()->AssumeMapStable(cell_value_map);
6531 // Now check that the new {value} is a HeapObject with the same map.
6524 Add<HCheckHeapObject>(value); 6532 Add<HCheckHeapObject>(value);
6525 value = Add<HCheckMaps>(value, map); 6533 value = Add<HCheckMaps>(value, cell_value_map);
6526 access = access.WithRepresentation(Representation::HeapObject()); 6534 access = access.WithRepresentation(Representation::HeapObject());
6527 break; 6535 break;
6528 } 6536 }
6529 } 6537 }
6530 } 6538 }
6531 HInstruction* instr = Add<HStoreNamedField>(cell_constant, access, value); 6539 HInstruction* instr = Add<HStoreNamedField>(cell_constant, access, value);
6532 instr->ClearChangesFlag(kInobjectFields); 6540 instr->ClearChangesFlag(kInobjectFields);
6533 instr->SetChangesFlag(kGlobalVars); 6541 instr->SetChangesFlag(kGlobalVars);
6534 if (instr->HasObservableSideEffects()) { 6542 if (instr->HasObservableSideEffects()) {
6535 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE); 6543 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
(...skipping 6447 matching lines...) Expand 10 before | Expand all | Expand 10 after
12983 isolate()->GetHTracer()->TraceHydrogen(name(), graph_); 12991 isolate()->GetHTracer()->TraceHydrogen(name(), graph_);
12984 } 12992 }
12985 12993
12986 #ifdef DEBUG 12994 #ifdef DEBUG
12987 graph_->Verify(false); // No full verify. 12995 graph_->Verify(false); // No full verify.
12988 #endif 12996 #endif
12989 } 12997 }
12990 12998
12991 } // namespace internal 12999 } // namespace internal
12992 } // namespace v8 13000 } // namespace v8
OLDNEW
« no previous file with comments | « src/compiler/js-global-object-specialization.cc ('k') | src/runtime/runtime-utils.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698