Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(244)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/compiler/typer.cc

Issue 835883003: [turbofan] Don't crash when typing load from a Uint8ClampedArray. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Created 5 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | test/mjsunit/compiler/regress-446156.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 the V8 project authors. All rights reserved. 1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/bootstrapper.h" 5 #include "src/bootstrapper.h"
6 #include "src/compiler/graph-inl.h" 6 #include "src/compiler/graph-inl.h"
7 #include "src/compiler/graph-reducer.h" 7 #include "src/compiler/graph-reducer.h"
8 #include "src/compiler/js-operator.h" 8 #include "src/compiler/js-operator.h"
9 #include "src/compiler/node.h" 9 #include "src/compiler/node.h"
10 #include "src/compiler/node-properties-inl.h" 10 #include "src/compiler/node-properties-inl.h"
(...skipping 15 matching lines...) Expand all
26 V(Float32) \ 26 V(Float32) \
27 V(Float64) 27 V(Float64)
28 28
29 enum LazyCachedType { 29 enum LazyCachedType {
30 kNumberFunc0, 30 kNumberFunc0,
31 kNumberFunc1, 31 kNumberFunc1,
32 kNumberFunc2, 32 kNumberFunc2,
33 kImulFunc, 33 kImulFunc,
34 kClz32Func, 34 kClz32Func,
35 kArrayBufferFunc, 35 kArrayBufferFunc,
36 #define NATIVE_TYPE_CASE(Type) k##Type, k##Type##Array, k##Type##ArrayFunc, 36 #define TYPED_ARRAY_CASE(Type, type, TYPE, ctype, size) \
37 NATIVE_TYPES(NATIVE_TYPE_CASE) 37 k##Type, k##Type##Array, k##Type##ArrayFunc,
38 #undef NATIVE_TYPE_CASE 38 TYPED_ARRAYS(TYPED_ARRAY_CASE)
39 kNumLazyCachedTypes 39 #undef TYPED_ARRAY_CASE
40 kNumLazyCachedTypes
40 }; 41 };
41 42
42 43
43 // Constructs and caches types lazily. 44 // Constructs and caches types lazily.
44 // TODO(turbofan): these types could be globally cached or cached per isolate. 45 // TODO(turbofan): these types could be globally cached or cached per isolate.
45 class LazyTypeCache FINAL : public ZoneObject { 46 class LazyTypeCache FINAL : public ZoneObject {
46 public: 47 public:
47 explicit LazyTypeCache(Zone* zone) : zone_(zone) { 48 explicit LazyTypeCache(Zone* zone) : zone_(zone) {
48 memset(cache_, 0, sizeof(cache_)); 49 memset(cache_, 0, sizeof(cache_));
49 } 50 }
(...skipping 18 matching lines...) Expand all
68 return CreateNative(CreateRange<uint16_t>(), 69 return CreateNative(CreateRange<uint16_t>(),
69 Type::UntaggedUnsigned16()); 70 Type::UntaggedUnsigned16());
70 case kInt32: 71 case kInt32:
71 return CreateNative(Type::Signed32(), Type::UntaggedSigned32()); 72 return CreateNative(Type::Signed32(), Type::UntaggedSigned32());
72 case kUint32: 73 case kUint32:
73 return CreateNative(Type::Unsigned32(), Type::UntaggedUnsigned32()); 74 return CreateNative(Type::Unsigned32(), Type::UntaggedUnsigned32());
74 case kFloat32: 75 case kFloat32:
75 return CreateNative(Type::Number(), Type::UntaggedFloat32()); 76 return CreateNative(Type::Number(), Type::UntaggedFloat32());
76 case kFloat64: 77 case kFloat64:
77 return CreateNative(Type::Number(), Type::UntaggedFloat64()); 78 return CreateNative(Type::Number(), Type::UntaggedFloat64());
79 case kUint8Clamped:
80 return Get(kUint8);
78 case kNumberFunc0: 81 case kNumberFunc0:
79 return Type::Function(Type::Number(), zone()); 82 return Type::Function(Type::Number(), zone());
80 case kNumberFunc1: 83 case kNumberFunc1:
81 return Type::Function(Type::Number(), Type::Number(), zone()); 84 return Type::Function(Type::Number(), Type::Number(), zone());
82 case kNumberFunc2: 85 case kNumberFunc2:
83 return Type::Function(Type::Number(), Type::Number(), Type::Number(), 86 return Type::Function(Type::Number(), Type::Number(), Type::Number(),
84 zone()); 87 zone());
85 case kImulFunc: 88 case kImulFunc:
86 return Type::Function(Type::Signed32(), Type::Integral32(), 89 return Type::Function(Type::Signed32(), Type::Integral32(),
87 Type::Integral32(), zone()); 90 Type::Integral32(), zone());
88 case kClz32Func: 91 case kClz32Func:
89 return Type::Function(CreateRange(0, 32), Type::Number(), zone()); 92 return Type::Function(CreateRange(0, 32), Type::Number(), zone());
90 case kArrayBufferFunc: 93 case kArrayBufferFunc:
91 return Type::Function(Type::Object(zone()), Type::Unsigned32(), zone()); 94 return Type::Function(Type::Object(zone()), Type::Unsigned32(), zone());
92 #define NATIVE_TYPE_CASE(Type) \ 95 #define TYPED_ARRAY_CASE(Type, type, TYPE, ctype, size) \
93 case k##Type##Array: \ 96 case k##Type##Array: \
94 return CreateArray(Get(k##Type)); \ 97 return CreateArray(Get(k##Type)); \
95 case k##Type##ArrayFunc: \ 98 case k##Type##ArrayFunc: \
96 return CreateArrayFunction(Get(k##Type##Array)); 99 return CreateArrayFunction(Get(k##Type##Array));
97 NATIVE_TYPES(NATIVE_TYPE_CASE) 100 TYPED_ARRAYS(TYPED_ARRAY_CASE)
98 #undef NATIVE_TYPE_CASE 101 #undef TYPED_ARRAY_CASE
99 case kNumLazyCachedTypes: 102 case kNumLazyCachedTypes:
100 break; 103 break;
101 } 104 }
102 UNREACHABLE(); 105 UNREACHABLE();
103 return NULL; 106 return NULL;
104 } 107 }
105 108
106 Type* CreateArray(Type* element) const { 109 Type* CreateArray(Type* element) const {
107 return Type::Array(element, zone()); 110 return Type::Array(element, zone());
108 } 111 }
(...skipping 1499 matching lines...) Expand 10 before | Expand all | Expand 10 after
1608 1611
1609 Bounds Typer::Visitor::TypeLoadField(Node* node) { 1612 Bounds Typer::Visitor::TypeLoadField(Node* node) {
1610 return Bounds(FieldAccessOf(node->op()).type); 1613 return Bounds(FieldAccessOf(node->op()).type);
1611 } 1614 }
1612 1615
1613 1616
1614 Bounds Typer::Visitor::TypeLoadBuffer(Node* node) { 1617 Bounds Typer::Visitor::TypeLoadBuffer(Node* node) {
1615 // TODO(bmeurer): This typing is not yet correct. Since we can still access 1618 // TODO(bmeurer): This typing is not yet correct. Since we can still access
1616 // out of bounds, the type in the general case has to include Undefined. 1619 // out of bounds, the type in the general case has to include Undefined.
1617 switch (BufferAccessOf(node->op()).external_array_type()) { 1620 switch (BufferAccessOf(node->op()).external_array_type()) {
1618 #define NATIVE_TYPE_CASE(Type) \ 1621 #define TYPED_ARRAY_CASE(Type, type, TYPE, ctype, size) \
1619 case kExternal##Type##Array: \ 1622 case kExternal##Type##Array: \
1620 return Bounds(typer_->cache_->Get(k##Type)); 1623 return Bounds(typer_->cache_->Get(k##Type));
1621 NATIVE_TYPES(NATIVE_TYPE_CASE) 1624 TYPED_ARRAYS(TYPED_ARRAY_CASE)
1622 #undef NATIVE_TYPE_CASE 1625 #undef TYPED_ARRAY_CASE
1623 case kExternalUint8ClampedArray:
1624 break;
1625 } 1626 }
1626 UNREACHABLE(); 1627 UNREACHABLE();
1627 return Bounds(); 1628 return Bounds();
1628 } 1629 }
1629 1630
1630 1631
1631 Bounds Typer::Visitor::TypeLoadElement(Node* node) { 1632 Bounds Typer::Visitor::TypeLoadElement(Node* node) {
1632 return Bounds(ElementAccessOf(node->op()).type); 1633 return Bounds(ElementAccessOf(node->op()).type);
1633 } 1634 }
1634 1635
(...skipping 446 matching lines...) Expand 10 before | Expand all | Expand 10 after
2081 } else if (*value == native->uint32_array_fun()) { 2082 } else if (*value == native->uint32_array_fun()) {
2082 return typer_->cache_->Get(kUint32ArrayFunc); 2083 return typer_->cache_->Get(kUint32ArrayFunc);
2083 } else if (*value == native->float32_array_fun()) { 2084 } else if (*value == native->float32_array_fun()) {
2084 return typer_->cache_->Get(kFloat32ArrayFunc); 2085 return typer_->cache_->Get(kFloat32ArrayFunc);
2085 } else if (*value == native->float64_array_fun()) { 2086 } else if (*value == native->float64_array_fun()) {
2086 return typer_->cache_->Get(kFloat64ArrayFunc); 2087 return typer_->cache_->Get(kFloat64ArrayFunc);
2087 } 2088 }
2088 } 2089 }
2089 } else if (value->IsJSTypedArray()) { 2090 } else if (value->IsJSTypedArray()) {
2090 switch (JSTypedArray::cast(*value)->type()) { 2091 switch (JSTypedArray::cast(*value)->type()) {
2091 #define NATIVE_TYPE_CASE(Type) \ 2092 #define TYPED_ARRAY_CASE(Type, type, TYPE, ctype, size) \
2092 case kExternal##Type##Array: \ 2093 case kExternal##Type##Array: \
2093 return typer_->cache_->Get(k##Type##Array); 2094 return typer_->cache_->Get(k##Type##Array);
2094 NATIVE_TYPES(NATIVE_TYPE_CASE) 2095 TYPED_ARRAYS(TYPED_ARRAY_CASE)
2095 #undef NATIVE_TYPE_CASE 2096 #undef TYPED_ARRAY_CASE
2096 case kExternalUint8ClampedArray:
2097 // TODO(rossberg): Do we want some ClampedArray type to express this?
2098 break;
2099 } 2097 }
2100 } 2098 }
2101 return Type::Constant(value, zone()); 2099 return Type::Constant(value, zone());
2102 } 2100 }
2103 2101
2104 } // namespace compiler 2102 } // namespace compiler
2105 } // namespace internal 2103 } // namespace internal
2106 } // namespace v8 2104 } // namespace v8
OLDNEW
« no previous file with comments | « no previous file | test/mjsunit/compiler/regress-446156.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698