Revision: 24410
Author: [email protected]
Date: Mon Oct 6 11:42:13 2014 UTC
Log: Fix representation of HLoadRoot.
HLoadRoot doesn't participate in representation inference, and its
represenation is not Tagged at code generation, which leads to incorrect
pointer map assignment and eventual stale pointer access after GC.
BUG=chromium:419036
LOG=Y
[email protected]
Review URL: https://codereview.chromium.org/626383003
https://code.google.com/p/v8/source/detail?r=24410
Modified:
/branches/bleeding_edge/src/hydrogen-instructions.h
/branches/bleeding_edge/src/hydrogen-representation-changes.cc
=======================================
--- /branches/bleeding_edge/src/hydrogen-instructions.h Thu Oct 2 09:38:28
2014 UTC
+++ /branches/bleeding_edge/src/hydrogen-instructions.h Mon Oct 6 11:42:13
2014 UTC
@@ -2716,6 +2716,7 @@
// TODO(bmeurer): We'll need kDependsOnRoots once we add the
// corresponding HStoreRoot instruction.
SetDependsOnFlag(kCalls);
+ set_representation(Representation::Tagged());
}
virtual bool IsDeletable() const OVERRIDE { return true; }
@@ -6373,11 +6374,13 @@
return !access().IsInobject() || access().offset() >= size;
}
virtual Representation RequiredInputRepresentation(int index) OVERRIDE {
- if (index == 0 && access().IsExternalMemory()) {
+ if (index == 0) {
// object must be external in case of external memory access
- return Representation::External();
+ return access().IsExternalMemory() ? Representation::External()
+ : Representation::Tagged();
}
- return Representation::Tagged();
+ DCHECK(index == 1);
+ return Representation::None();
}
virtual Range* InferRange(Zone* zone) OVERRIDE;
virtual std::ostream& PrintDataTo(std::ostream& os) const OVERRIDE; //
NOLINT
=======================================
--- /branches/bleeding_edge/src/hydrogen-representation-changes.cc Mon Aug
4 11:34:54 2014 UTC
+++ /branches/bleeding_edge/src/hydrogen-representation-changes.cc Mon Oct
6 11:42:13 2014 UTC
@@ -63,7 +63,17 @@
void HRepresentationChangesPhase::InsertRepresentationChangesForValue(
HValue* value) {
Representation r = value->representation();
- if (r.IsNone()) return;
+ if (r.IsNone()) {
+#ifdef DEBUG
+ for (HUseIterator it(value->uses()); !it.Done(); it.Advance()) {
+ HValue* use_value = it.value();
+ int use_index = it.index();
+ Representation req =
use_value->RequiredInputRepresentation(use_index);
+ DCHECK(req.IsNone());
+ }
+#endif
+ return;
+ }
if (value->HasNoUses()) {
if (value->IsForceRepresentation()) value->DeleteAndReplaceWith(NULL);
return;
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
