Chromium Code Reviews Chromium Code Reviews
Issue 2799663003:
[regexp] Add additional asserts to RegExp builtins (Closed)
| Index: src/builtins/builtins-regexp-gen.cc |
| diff --git a/src/builtins/builtins-regexp-gen.cc b/src/builtins/builtins-regexp-gen.cc |
| index d87fdf600d9f23978f1eea03b0a4fa5ba3d329d0..86772ecd398e0d66c9deddd94c8c156ad349758a 100644 |
| --- a/src/builtins/builtins-regexp-gen.cc |
| +++ b/src/builtins/builtins-regexp-gen.cc |
| @@ -69,6 +69,10 @@ void RegExpBuiltinsAssembler::StoreLastIndex(Node* context, Node* regexp, |
| Node* RegExpBuiltinsAssembler::ConstructNewResultFromMatchInfo( |
| Node* const context, Node* const regexp, Node* const match_info, |
| Node* const string) { |
| + CSA_ASSERT(this, HasInstanceType(regexp, JS_REGEXP_TYPE)); |
|
Camillo Bruni
2017/04/06 10:59:27
nit: could you use/add IsJSRegexp?
jgruber
2017/04/06 14:54:23
Done and updated all use sites.
|
| + CSA_ASSERT(this, IsFixedArrayMap(LoadMap(match_info))); |
| + CSA_ASSERT(this, IsString(string)); |
| + |
| Label named_captures(this), out(this); |
| Node* const num_indices = SmiUntag(LoadFixedArrayElement( |
| @@ -489,7 +493,7 @@ Node* RegExpBuiltinsAssembler::RegExpPrototypeExecBodyWithoutResult( |
| "RegExp.prototype.exec"); |
| } |
| - CSA_ASSERT(this, IsStringInstanceType(LoadInstanceType(string))); |
| + CSA_ASSERT(this, IsString(string)); |
| CSA_ASSERT(this, HasInstanceType(regexp, JS_REGEXP_TYPE)); |
| Variable var_result(this, MachineRepresentation::kTagged); |
| @@ -729,6 +733,11 @@ void RegExpBuiltinsAssembler::BranchIfFastRegExp(Node* const context, |
| } |
| Node* RegExpBuiltinsAssembler::IsFastRegExp(Node* const context, |
| + Node* const object) { |
| + return IsFastRegExp(context, object, LoadMap(object)); |
| +} |
| + |
| +Node* RegExpBuiltinsAssembler::IsFastRegExp(Node* const context, |
| Node* const object, |
| Node* const map) { |
| Label yup(this), nope(this), out(this); |
| @@ -819,6 +828,7 @@ Node* RegExpBuiltinsAssembler::FlagsGetter(Node* const context, |
| if (is_fastpath) { |
| // Refer to JSRegExp's flag property on the fast-path. |
| + CSA_ASSERT(this, HasInstanceType(regexp, JS_REGEXP_TYPE)); |
|
Camillo Bruni
2017/04/06 10:59:27
ditto
jgruber
2017/04/06 14:54:23
Done.
|
| Node* const flags_smi = LoadObjectField(regexp, JSRegExp::kFlagsOffset); |
| Node* const flags_intptr = SmiUntag(flags_smi); |
| var_flags.Bind(flags_intptr); |
| @@ -962,6 +972,8 @@ Node* RegExpBuiltinsAssembler::RegExpInitialize(Node* const context, |
| Node* const regexp, |
| Node* const maybe_pattern, |
| Node* const maybe_flags) { |
| + CSA_ASSERT(this, HasInstanceType(regexp, JS_REGEXP_TYPE)); |
| + |
| // Normalize pattern. |
| Node* const pattern = |
| Select(IsUndefined(maybe_pattern), [=] { return EmptyStringConstant(); }, |
| @@ -1529,6 +1541,9 @@ TF_BUILTIN(RegExpPrototypeTest, RegExpBuiltinsAssembler) { |
| Node* RegExpBuiltinsAssembler::AdvanceStringIndex(Node* const string, |
| Node* const index, |
| Node* const is_unicode) { |
| + CSA_ASSERT(this, IsString(string)); |
| + // TODO(jgruber): Handle HeapNumber index. |
| + |
| // Default to last_index + 1. |
| Node* const index_plus_one = SmiAdd(index, SmiConstant(1)); |
| Variable var_result(this, MachineRepresentation::kTagged, index_plus_one); |
| @@ -1718,6 +1733,11 @@ void RegExpBuiltinsAssembler::RegExpPrototypeMatchBody(Node* const context, |
| Node* const regexp, |
| Node* const string, |
| const bool is_fastpath) { |
| + CSA_ASSERT(this, IsString(string)); |
| + if (is_fastpath) { |
| + CSA_ASSERT(this, IsFastRegExp(context, regexp)); |
|
Camillo Bruni
2017/04/06 10:59:27
nit: oneline statement would be fine here.
if (...
jgruber
2017/04/06 14:54:23
Done.
|
| + } |
| + |
| Node* const null = NullConstant(); |
| Node* const int_zero = IntPtrConstant(0); |
| Node* const smi_zero = SmiConstant(Smi::kZero); |
| @@ -1892,6 +1912,9 @@ TF_BUILTIN(RegExpPrototypeMatch, RegExpBuiltinsAssembler) { |
| void RegExpBuiltinsAssembler::RegExpPrototypeSearchBodyFast( |
| Node* const context, Node* const regexp, Node* const string) { |
| + CSA_ASSERT(this, IsFastRegExp(context, regexp)); |
| + CSA_ASSERT(this, IsString(string)); |
| + |
| // Grab the initial value of last index. |
| Node* const previous_last_index = FastLoadLastIndex(regexp); |
| @@ -1924,6 +1947,9 @@ void RegExpBuiltinsAssembler::RegExpPrototypeSearchBodyFast( |
| void RegExpBuiltinsAssembler::RegExpPrototypeSearchBodySlow( |
| Node* const context, Node* const regexp, Node* const string) { |
| + CSA_ASSERT(this, IsJSReceiver(regexp)); |
| + CSA_ASSERT(this, IsString(string)); |
| + |
| Isolate* const isolate = this->isolate(); |
| Node* const smi_zero = SmiConstant(Smi::kZero); |
| @@ -2018,6 +2044,10 @@ void RegExpBuiltinsAssembler::RegExpPrototypeSplitBody(Node* const context, |
| Node* const regexp, |
| Node* const string, |
| Node* const limit) { |
| + CSA_ASSERT(this, IsFastRegExp(context, regexp)); |
| + CSA_ASSERT(this, TaggedIsSmi(limit)); |
| + CSA_ASSERT(this, IsString(string)); |
| + |
| Node* const null = NullConstant(); |
| Node* const smi_zero = SmiConstant(0); |
| Node* const int_zero = IntPtrConstant(0); |
| @@ -2098,6 +2128,9 @@ void RegExpBuiltinsAssembler::RegExpPrototypeSplitBody(Node* const context, |
| Node* const next_search_from = var_next_search_from.value(); |
| Node* const last_matched_until = var_last_matched_until.value(); |
| + CSA_ASSERT(this, TaggedIsSmi(next_search_from)); |
| + CSA_ASSERT(this, TaggedIsSmi(last_matched_until)); |
| + |
| // We're done if we've reached the end of the string. |
| { |
| Label next(this); |
| @@ -2261,7 +2294,7 @@ TF_BUILTIN(RegExpSplit, RegExpBuiltinsAssembler) { |
| Node* const maybe_limit = Parameter(Descriptor::kLimit); |
| Node* const context = Parameter(Descriptor::kContext); |
| - CSA_ASSERT(this, IsFastRegExp(context, regexp, LoadMap(regexp))); |
| + CSA_ASSERT(this, IsFastRegExp(context, regexp)); |
| CSA_ASSERT(this, IsString(string)); |
| // TODO(jgruber): Even if map checks send us to the fast path, we still need |
| @@ -2331,6 +2364,10 @@ Node* RegExpBuiltinsAssembler::ReplaceGlobalCallableFastPath( |
| // The fast path is reached only if {receiver} is a global unmodified |
| // JSRegExp instance and {replace_callable} is callable. |
| + CSA_ASSERT(this, IsFastRegExp(context, regexp)); |
| + CSA_ASSERT(this, IsCallable(replace_callable)); |
| + CSA_ASSERT(this, IsString(string)); |
| + |
| Isolate* const isolate = this->isolate(); |
| Node* const null = NullConstant(); |
| @@ -2545,6 +2582,10 @@ Node* RegExpBuiltinsAssembler::ReplaceSimpleStringFastPath( |
| Node* const int_zero = IntPtrConstant(0); |
| Node* const smi_zero = SmiConstant(Smi::kZero); |
| + CSA_ASSERT(this, IsFastRegExp(context, regexp)); |
| + CSA_ASSERT(this, IsString(replace_string)); |
| + CSA_ASSERT(this, IsString(string)); |
| + |
| Label out(this); |
| Variable var_result(this, MachineRepresentation::kTagged); |
| @@ -2641,7 +2682,7 @@ TF_BUILTIN(RegExpReplace, RegExpBuiltinsAssembler) { |
| Node* const replace_value = Parameter(Descriptor::kReplaceValue); |
| Node* const context = Parameter(Descriptor::kContext); |
| - CSA_ASSERT(this, IsFastRegExp(context, regexp, LoadMap(regexp))); |
| + CSA_ASSERT(this, IsFastRegExp(context, regexp)); |
| CSA_ASSERT(this, IsString(string)); |
| Label checkreplacestring(this), if_iscallable(this), |
| @@ -2749,7 +2790,10 @@ TF_BUILTIN(RegExpInternalMatch, RegExpBuiltinsAssembler) { |
| Node* const context = Parameter(Descriptor::kContext); |
| Node* const null = NullConstant(); |
| - Node* const smi_zero = SmiConstant(Smi::FromInt(0)); |
| + Node* const smi_zero = SmiConstant(0); |
| + |
| + CSA_ASSERT(this, HasInstanceType(regexp, JS_REGEXP_TYPE)); |
| + CSA_ASSERT(this, IsString(string)); |
| Node* const native_context = LoadNativeContext(context); |
| Node* const internal_match_info = LoadContextElement( |
