Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(187)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/code-stubs-hydrogen.cc

Issue 2686263002: [crankshaft] Fix Smi overflow in {HMaybeGrowElements}. (Closed)
Patch Set: Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | src/crankshaft/arm/lithium-codegen-arm.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/code-stubs.h" 5 #include "src/code-stubs.h"
6 6
7 #include <memory> 7 #include <memory>
8 8
9 #include "src/bailout-reason.h" 9 #include "src/bailout-reason.h"
10 #include "src/code-factory.h" 10 #include "src/code-factory.h"
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after
76 CompilationInfo* info() { return info_; } 76 CompilationInfo* info() { return info_; }
77 CodeStub* stub() { return code_stub_; } 77 CodeStub* stub() { return code_stub_; }
78 HContext* context() { return context_; } 78 HContext* context() { return context_; }
79 Isolate* isolate() { return info_->isolate(); } 79 Isolate* isolate() { return info_->isolate(); }
80 80
81 HLoadNamedField* BuildLoadNamedField(HValue* object, FieldIndex index); 81 HLoadNamedField* BuildLoadNamedField(HValue* object, FieldIndex index);
82 void BuildStoreNamedField(HValue* object, HValue* value, FieldIndex index, 82 void BuildStoreNamedField(HValue* object, HValue* value, FieldIndex index,
83 Representation representation, 83 Representation representation,
84 bool transition_to_field); 84 bool transition_to_field);
85 85
86 HValue* BuildPushElement(HValue* object, HValue* argc,
87 HValue* argument_elements, ElementsKind kind);
88
89 HValue* BuildToString(HValue* input, bool convert); 86 HValue* BuildToString(HValue* input, bool convert);
90 HValue* BuildToPrimitive(HValue* input, HValue* input_map); 87 HValue* BuildToPrimitive(HValue* input, HValue* input_map);
91 88
92 private: 89 private:
93 std::unique_ptr<HParameter* []> parameters_; 90 std::unique_ptr<HParameter* []> parameters_;
94 HValue* arguments_length_; 91 HValue* arguments_length_;
95 CompilationInfo* info_; 92 CompilationInfo* info_;
96 CodeStub* code_stub_; 93 CodeStub* code_stub_;
97 CodeStubDescriptor descriptor_; 94 CodeStubDescriptor descriptor_;
98 HContext* context_; 95 HContext* context_;
(...skipping 224 matching lines...) Expand 10 before | Expand all | Expand 10 after
323 Handle<Code> code = chunk->Codegen(); 320 Handle<Code> code = chunk->Codegen();
324 if (FLAG_profile_hydrogen_code_stub_compilation) { 321 if (FLAG_profile_hydrogen_code_stub_compilation) {
325 OFStream os(stdout); 322 OFStream os(stdout);
326 os << "[Lazy compilation of " << stub << " took " 323 os << "[Lazy compilation of " << stub << " took "
327 << timer.Elapsed().InMillisecondsF() << " ms]" << std::endl; 324 << timer.Elapsed().InMillisecondsF() << " ms]" << std::endl;
328 } 325 }
329 return code; 326 return code;
330 } 327 }
331 328
332 329
333 HValue* CodeStubGraphBuilderBase::BuildPushElement(HValue* object, HValue* argc,
334 HValue* argument_elements,
335 ElementsKind kind) {
336 // Precheck whether all elements fit into the array.
337 if (!IsFastObjectElementsKind(kind)) {
338 LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement);
339 HValue* start = graph()->GetConstant0();
340 HValue* key = builder.BeginBody(start, argc, Token::LT);
341 {
342 HInstruction* argument =
343 Add<HAccessArgumentsAt>(argument_elements, argc, key);
344 IfBuilder can_store(this);
345 can_store.IfNot<HIsSmiAndBranch>(argument);
346 if (IsFastDoubleElementsKind(kind)) {
347 can_store.And();
348 can_store.IfNot<HCompareMap>(argument,
349 isolate()->factory()->heap_number_map());
350 }
351 can_store.ThenDeopt(DeoptimizeReason::kFastPathFailed);
352 can_store.End();
353 }
354 builder.EndBody();
355 }
356
357 HValue* length = Add<HLoadNamedField>(object, nullptr,
358 HObjectAccess::ForArrayLength(kind));
359 HValue* new_length = AddUncasted<HAdd>(length, argc);
360 HValue* max_key = AddUncasted<HSub>(new_length, graph()->GetConstant1());
361
362 HValue* elements = Add<HLoadNamedField>(object, nullptr,
363 HObjectAccess::ForElementsPointer());
364 elements = BuildCheckForCapacityGrow(object, elements, kind, length, max_key,
365 true, STORE);
366
367 LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement);
368 HValue* start = graph()->GetConstant0();
369 HValue* key = builder.BeginBody(start, argc, Token::LT);
370 {
371 HValue* argument = Add<HAccessArgumentsAt>(argument_elements, argc, key);
372 HValue* index = AddUncasted<HAdd>(key, length);
373 AddElementAccess(elements, index, argument, object, nullptr, kind, STORE);
374 }
375 builder.EndBody();
376 return new_length;
377 }
378
379 HLoadNamedField* CodeStubGraphBuilderBase::BuildLoadNamedField( 330 HLoadNamedField* CodeStubGraphBuilderBase::BuildLoadNamedField(
380 HValue* object, FieldIndex index) { 331 HValue* object, FieldIndex index) {
381 Representation representation = index.is_double() 332 Representation representation = index.is_double()
382 ? Representation::Double() 333 ? Representation::Double()
383 : Representation::Tagged(); 334 : Representation::Tagged();
384 int offset = index.offset(); 335 int offset = index.offset();
385 HObjectAccess access = index.is_inobject() 336 HObjectAccess access = index.is_inobject()
386 ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) 337 ? HObjectAccess::ForObservableJSObjectOffset(offset, representation)
387 : HObjectAccess::ForBackingStoreOffset(offset, representation); 338 : HObjectAccess::ForBackingStoreOffset(offset, representation);
388 if (index.is_double() && 339 if (index.is_double() &&
(...skipping 358 matching lines...) Expand 10 before | Expand all | Expand 10 after
747 if_true.Return(graph()->GetConstantTrue()); 698 if_true.Return(graph()->GetConstantTrue());
748 if_true.Else(); 699 if_true.Else();
749 if_true.End(); 700 if_true.End();
750 return graph()->GetConstantFalse(); 701 return graph()->GetConstantFalse();
751 } 702 }
752 703
753 Handle<Code> ToBooleanICStub::GenerateCode() { return DoGenerateCode(this); } 704 Handle<Code> ToBooleanICStub::GenerateCode() { return DoGenerateCode(this); }
754 705
755 } // namespace internal 706 } // namespace internal
756 } // namespace v8 707 } // namespace v8
OLDNEW
« no previous file with comments | « no previous file | src/crankshaft/arm/lithium-codegen-arm.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698