Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(38)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/compiler/x64/instruction-selector-x64.cc

Issue 825403002: [turbofan] Fix invalid bounds check with overflowing offset. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Created 5 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | test/mjsunit/compiler/regress-445267.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 the V8 project authors. All rights reserved. 1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/compiler/instruction-selector-impl.h" 5 #include "src/compiler/instruction-selector-impl.h"
6 #include "src/compiler/node-matchers.h" 6 #include "src/compiler/node-matchers.h"
7 7
8 namespace v8 { 8 namespace v8 {
9 namespace internal { 9 namespace internal {
10 namespace compiler { 10 namespace compiler {
(...skipping 219 matching lines...) Expand 10 before | Expand all | Expand 10 after
230 opcode = kCheckedLoadFloat64; 230 opcode = kCheckedLoadFloat64;
231 break; 231 break;
232 default: 232 default:
233 UNREACHABLE(); 233 UNREACHABLE();
234 return; 234 return;
235 } 235 }
236 if (offset->opcode() == IrOpcode::kInt32Add && CanCover(node, offset)) { 236 if (offset->opcode() == IrOpcode::kInt32Add && CanCover(node, offset)) {
237 Int32Matcher mlength(length); 237 Int32Matcher mlength(length);
238 Int32BinopMatcher moffset(offset); 238 Int32BinopMatcher moffset(offset);
239 if (mlength.HasValue() && moffset.right().HasValue() && 239 if (mlength.HasValue() && moffset.right().HasValue() &&
240 moffset.right().Value() >= 0 &&
240 mlength.Value() >= moffset.right().Value()) { 241 mlength.Value() >= moffset.right().Value()) {
241 Emit(opcode, g.DefineAsRegister(node), g.UseRegister(buffer), 242 Emit(opcode, g.DefineAsRegister(node), g.UseRegister(buffer),
242 g.UseRegister(moffset.left().node()), 243 g.UseRegister(moffset.left().node()),
243 g.UseImmediate(moffset.right().node()), g.UseImmediate(length)); 244 g.UseImmediate(moffset.right().node()), g.UseImmediate(length));
244 return; 245 return;
245 } 246 }
246 } 247 }
247 InstructionOperand* length_operand = 248 InstructionOperand* length_operand =
248 g.CanBeImmediate(length) ? g.UseImmediate(length) : g.UseRegister(length); 249 g.CanBeImmediate(length) ? g.UseImmediate(length) : g.UseRegister(length);
249 Emit(opcode, g.DefineAsRegister(node), g.UseRegister(buffer), 250 Emit(opcode, g.DefineAsRegister(node), g.UseRegister(buffer),
(...skipping 28 matching lines...) Expand all
278 default: 279 default:
279 UNREACHABLE(); 280 UNREACHABLE();
280 return; 281 return;
281 } 282 }
282 InstructionOperand* value_operand = 283 InstructionOperand* value_operand =
283 g.CanBeImmediate(value) ? g.UseImmediate(value) : g.UseRegister(value); 284 g.CanBeImmediate(value) ? g.UseImmediate(value) : g.UseRegister(value);
284 if (offset->opcode() == IrOpcode::kInt32Add && CanCover(node, offset)) { 285 if (offset->opcode() == IrOpcode::kInt32Add && CanCover(node, offset)) {
285 Int32Matcher mlength(length); 286 Int32Matcher mlength(length);
286 Int32BinopMatcher moffset(offset); 287 Int32BinopMatcher moffset(offset);
287 if (mlength.HasValue() && moffset.right().HasValue() && 288 if (mlength.HasValue() && moffset.right().HasValue() &&
289 moffset.right().Value() >= 0 &&
288 mlength.Value() >= moffset.right().Value()) { 290 mlength.Value() >= moffset.right().Value()) {
289 Emit(opcode, nullptr, g.UseRegister(buffer), 291 Emit(opcode, nullptr, g.UseRegister(buffer),
290 g.UseRegister(moffset.left().node()), 292 g.UseRegister(moffset.left().node()),
291 g.UseImmediate(moffset.right().node()), g.UseImmediate(length), 293 g.UseImmediate(moffset.right().node()), g.UseImmediate(length),
292 value_operand); 294 value_operand);
293 return; 295 return;
294 } 296 }
295 } 297 }
296 InstructionOperand* length_operand = 298 InstructionOperand* length_operand =
297 g.CanBeImmediate(length) ? g.UseImmediate(length) : g.UseRegister(length); 299 g.CanBeImmediate(length) ? g.UseImmediate(length) : g.UseRegister(length);
(...skipping 1010 matching lines...) Expand 10 before | Expand all | Expand 10 after
1308 MachineOperatorBuilder::kFloat64Ceil | 1310 MachineOperatorBuilder::kFloat64Ceil |
1309 MachineOperatorBuilder::kFloat64RoundTruncate | 1311 MachineOperatorBuilder::kFloat64RoundTruncate |
1310 MachineOperatorBuilder::kWord32ShiftIsSafe; 1312 MachineOperatorBuilder::kWord32ShiftIsSafe;
1311 } 1313 }
1312 return MachineOperatorBuilder::kNoFlags; 1314 return MachineOperatorBuilder::kNoFlags;
1313 } 1315 }
1314 1316
1315 } // namespace compiler 1317 } // namespace compiler
1316 } // namespace internal 1318 } // namespace internal
1317 } // namespace v8 1319 } // namespace v8
OLDNEW
« no previous file with comments | « no previous file | test/mjsunit/compiler/regress-445267.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698