Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(304)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2814753003: [SAB] Validate index before value conversion (Closed)

Created:
3 years, 8 months ago by binji
Modified:
3 years, 8 months ago
CC:
aseemgarg, v8-reviews_googlegroups.com
Target Ref:
refs/heads/master
Project:
v8
Visibility:
Public.

Description

[SAB] Validate index before value conversion using ToIndex It's required by the spec -- and observable -- that the index be validated before the conversion of the value(s) via ToInteger. The previous implementation also had an old test for validating the atomic index, which has now been switched to ToIndex. This also exposed an issue in the ia32 code generator: cmpxchg_b requires a byte register, but the ia32 instruction selector was ensuring that the new_value was a byte register, not the TempRegister. This change forces the temp register to use edx, which always can be used as a byte register (dl). This is the same behavior as currently used in UseByteRegister. BUG=v8:4614 R=jarin@chromium.org,jkummerow@chromium.org Review-Url: https://codereview.chromium.org/2814753003 Cr-Commit-Position: refs/heads/master@{#44626} Committed: https://chromium.googlesource.com/v8/v8/+/7b300ba2e966c0d104d3755707a6d59a74944771

Patch Set 1 #

Patch Set 2 : add debug checks on index #

Total comments: 2

Patch Set 3 : use byte temp register only for int8/uint8 #

Total comments: 6

Patch Set 4 : feedback #

Unified diffs Side-by-side diffs Delta from patch set Stats (+135 lines, -137 lines) Patch
M src/builtins/builtins-sharedarraybuffer.cc View 1 1 chunk +9 lines, -17 lines 0 comments Download
M src/builtins/builtins-sharedarraybuffer-gen.cc View 1 2 3 7 chunks +84 lines, -97 lines 0 comments Download
M src/compiler/ia32/code-generator-ia32.cc View 1 1 chunk +1 line, -1 line 0 comments Download
M src/compiler/ia32/instruction-selector-ia32.cc View 1 2 2 chunks +6 lines, -6 lines 0 comments Download
M test/mjsunit/harmony/atomics.js View 1 2 3 3 chunks +35 lines, -4 lines 0 comments Download
M test/test262/test262.status View 1 1 chunk +0 lines, -12 lines 0 comments Download

Messages

Total messages: 25 (16 generated)
binji
3 years, 8 months ago (2017-04-11 20:39:23 UTC) #3
aseemgarg
lgtm with nits https://codereview.chromium.org/2814753003/diff/20001/src/compiler/ia32/instruction-selector-ia32.cc File src/compiler/ia32/instruction-selector-ia32.cc (right): https://codereview.chromium.org/2814753003/diff/20001/src/compiler/ia32/instruction-selector-ia32.cc#newcode1878 src/compiler/ia32/instruction-selector-ia32.cc:1878: temp[0] = g.UseByteRegister(node); Although this is ...
3 years, 8 months ago (2017-04-11 23:11:50 UTC) #10
binji
https://codereview.chromium.org/2814753003/diff/20001/src/compiler/ia32/instruction-selector-ia32.cc File src/compiler/ia32/instruction-selector-ia32.cc (right): https://codereview.chromium.org/2814753003/diff/20001/src/compiler/ia32/instruction-selector-ia32.cc#newcode1878 src/compiler/ia32/instruction-selector-ia32.cc:1878: temp[0] = g.UseByteRegister(node); On 2017/04/11 at 23:11:50, aseemgarg wrote: ...
3 years, 8 months ago (2017-04-11 23:49:12 UTC) #11
aseemgarg
lgtm
3 years, 8 months ago (2017-04-11 23:49:55 UTC) #14
Jarin
lgtm. Thanks! https://codereview.chromium.org/2814753003/diff/40001/src/builtins/builtins-sharedarraybuffer-gen.cc File src/builtins/builtins-sharedarraybuffer-gen.cc (right): https://codereview.chromium.org/2814753003/diff/40001/src/builtins/builtins-sharedarraybuffer-gen.cc#newcode341 src/builtins/builtins-sharedarraybuffer-gen.cc:341: ValidateAtomicIndex(array, index_word32, context); Nit: It would be ...
3 years, 8 months ago (2017-04-12 04:39:01 UTC) #17
Jakob Kummerow
LGTM with comments (typed those before discovering that Jaro agrees :-) ) https://codereview.chromium.org/2814753003/diff/40001/src/builtins/builtins-sharedarraybuffer-gen.cc File src/builtins/builtins-sharedarraybuffer-gen.cc ...
3 years, 8 months ago (2017-04-12 11:47:33 UTC) #18
binji
https://codereview.chromium.org/2814753003/diff/40001/src/builtins/builtins-sharedarraybuffer-gen.cc File src/builtins/builtins-sharedarraybuffer-gen.cc (right): https://codereview.chromium.org/2814753003/diff/40001/src/builtins/builtins-sharedarraybuffer-gen.cc#newcode201 src/builtins/builtins-sharedarraybuffer-gen.cc:201: #if DEBUG On 2017/04/12 at 11:47:33, Jakob Kummerow wrote: ...
3 years, 8 months ago (2017-04-12 18:43:44 UTC) #19
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2814753003/60001
3 years, 8 months ago (2017-04-12 18:44:04 UTC) #22
commit-bot: I haz the power
3 years, 8 months ago (2017-04-12 19:08:49 UTC) #25
Message was sent while issue was closed. 
Committed patchset #4 (id:60001) as
https://chromium.googlesource.com/v8/v8/+/7b300ba2e966c0d104d3755707a6d59a749...

Powered by Google App Engine
This is Rietveld 408576698