Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(31)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/hydrogen-dehoist.cc

Issue 318073002: Revert "Clusterfuzz identified overflow check needed in dehoisting." (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | src/hydrogen-instructions.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 the V8 project authors. All rights reserved. 1 // Copyright 2013 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/hydrogen-dehoist.h" 5 #include "src/hydrogen-dehoist.h"
6 6
7 namespace v8 { 7 namespace v8 {
8 namespace internal { 8 namespace internal {
9 9
10 static void DehoistArrayIndex(ArrayInstructionInterface* array_operation) { 10 static void DehoistArrayIndex(ArrayInstructionInterface* array_operation) {
(...skipping 10 matching lines...) Expand all
21 } else if (binary_operation->right()->IsConstant()) { 21 } else if (binary_operation->right()->IsConstant()) {
22 subexpression = binary_operation->left(); 22 subexpression = binary_operation->left();
23 constant = HConstant::cast(binary_operation->right()); 23 constant = HConstant::cast(binary_operation->right());
24 } else { 24 } else {
25 return; 25 return;
26 } 26 }
27 27
28 if (!constant->HasInteger32Value()) return; 28 if (!constant->HasInteger32Value()) return;
29 int32_t sign = binary_operation->IsSub() ? -1 : 1; 29 int32_t sign = binary_operation->IsSub() ? -1 : 1;
30 int32_t value = constant->Integer32Value() * sign; 30 int32_t value = constant->Integer32Value() * sign;
31 if (value < 0) return; 31 // We limit offset values to 30 bits because we want to avoid the risk of
32 32 // overflows when the offset is added to the object header size.
33 // Check for overflow. 33 if (value >= 1 << array_operation->MaxBaseOffsetBits() || value < 0) return;
34 int32_t shift_amount =
35 1 << ElementsKindToShiftSize(array_operation->elements_kind());
36 int32_t multiplication_result = value * shift_amount;
37 if ((multiplication_result / shift_amount) != value) return;
38 value = multiplication_result;
39
40 // Ensure that the array operation can add value to existing base offset
41 // without overflowing.
42 if (!array_operation->CanIncreaseBaseOffset(value)) return;
43 array_operation->SetKey(subexpression); 34 array_operation->SetKey(subexpression);
44 if (binary_operation->HasNoUses()) { 35 if (binary_operation->HasNoUses()) {
45 binary_operation->DeleteAndReplaceWith(NULL); 36 binary_operation->DeleteAndReplaceWith(NULL);
46 } 37 }
47 array_operation->IncreaseBaseOffset(value); 38 value <<= ElementsKindToShiftSize(array_operation->elements_kind());
39 array_operation->IncreaseBaseOffset(static_cast<uint32_t>(value));
48 array_operation->SetDehoisted(true); 40 array_operation->SetDehoisted(true);
49 } 41 }
50 42
51 43
52 void HDehoistIndexComputationsPhase::Run() { 44 void HDehoistIndexComputationsPhase::Run() {
53 const ZoneList<HBasicBlock*>* blocks(graph()->blocks()); 45 const ZoneList<HBasicBlock*>* blocks(graph()->blocks());
54 for (int i = 0; i < blocks->length(); ++i) { 46 for (int i = 0; i < blocks->length(); ++i) {
55 for (HInstructionIterator it(blocks->at(i)); !it.Done(); it.Advance()) { 47 for (HInstructionIterator it(blocks->at(i)); !it.Done(); it.Advance()) {
56 HInstruction* instr = it.Current(); 48 HInstruction* instr = it.Current();
57 if (instr->IsLoadKeyed()) { 49 if (instr->IsLoadKeyed()) {
58 DehoistArrayIndex(HLoadKeyed::cast(instr)); 50 DehoistArrayIndex(HLoadKeyed::cast(instr));
59 } else if (instr->IsStoreKeyed()) { 51 } else if (instr->IsStoreKeyed()) {
60 DehoistArrayIndex(HStoreKeyed::cast(instr)); 52 DehoistArrayIndex(HStoreKeyed::cast(instr));
61 } 53 }
62 } 54 }
63 } 55 }
64 } 56 }
65 57
66 } } // namespace v8::internal 58 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « no previous file | src/hydrogen-instructions.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698