Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(97)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/compiler/ia32/instruction-selector-ia32.cc

Issue 2814753003: [SAB] Validate index before value conversion (Closed)
Patch Set: use byte temp register only for int8/uint8 Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« src/builtins/builtins-sharedarraybuffer-gen.cc ('K') | « src/compiler/ia32/code-generator-ia32.cc ('k') | test/mjsunit/harmony/atomics.js » ('j') | test/mjsunit/harmony/atomics.js » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/compiler/ia32/instruction-selector-ia32.cc
diff --git a/src/compiler/ia32/instruction-selector-ia32.cc b/src/compiler/ia32/instruction-selector-ia32.cc
index 6fd1ad56564e8f976705909f4105ab5d702875ea..b0872aa7e5d26c53851e8c6df353e9d8bb906604 100644
--- a/src/compiler/ia32/instruction-selector-ia32.cc
+++ b/src/compiler/ia32/instruction-selector-ia32.cc
@@ -1864,11 +1864,7 @@ void InstructionSelector::VisitAtomicBinaryOperation(
AddressingMode addressing_mode;
InstructionOperand inputs[3];
size_t input_count = 0;
- if (type == MachineType::Int8() || type == MachineType::Uint8()) {
- inputs[input_count++] = g.UseByteRegister(value);
- } else {
- inputs[input_count++] = g.UseUniqueRegister(value);
- }
+ inputs[input_count++] = g.UseUniqueRegister(value);
inputs[input_count++] = g.UseUniqueRegister(base);
if (g.CanBeImmediate(index)) {
inputs[input_count++] = g.UseImmediate(index);
@@ -1879,7 +1875,11 @@ void InstructionSelector::VisitAtomicBinaryOperation(
}
outputs[0] = g.DefineAsFixed(node, eax);
InstructionOperand temp[1];
- temp[0] = g.TempRegister();
+ if (type == MachineType::Int8() || type == MachineType::Uint8()) {
+ temp[0] = g.UseByteRegister(node);
+ } else {
+ temp[0] = g.TempRegister();
+ }
InstructionCode code = opcode | AddressingModeField::encode(addressing_mode);
Emit(code, 1, outputs, input_count, inputs, 1, temp);
}
« src/builtins/builtins-sharedarraybuffer-gen.cc ('K') | « src/compiler/ia32/code-generator-ia32.cc ('k') | test/mjsunit/harmony/atomics.js » ('j') | test/mjsunit/harmony/atomics.js » ('J')

Powered by Google App Engine
This is Rietveld 408576698