[v8-dev] Never call MacroAssembler::Allocate() with incorrect size. (issue 637923004 by ishell@chromium.org)

[ishell]

Reviewers: Jakob,

Message:
PTAL
Description:
Never call MacroAssembler::Allocate() with incorrect size.

BUG=chromium:412206
LOG=n

Please review this at https://codereview.chromium.org/637923004/

SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge

Affected files (+16, -9 lines):
  M src/arm/lithium-codegen-arm.cc
  M src/arm64/lithium-codegen-arm64.cc
  M src/ia32/lithium-codegen-ia32.cc
  M src/mips/lithium-codegen-mips.cc
  M src/mips64/lithium-codegen-mips64.cc
  M src/x64/lithium-codegen-x64.cc
  M src/x87/lithium-codegen-x87.cc
  A + test/mjsunit/regress/regress-412206-1.js


Index: src/arm/lithium-codegen-arm.cc
diff --git a/src/arm/lithium-codegen-arm.cc b/src/arm/lithium-codegen-arm.cc
index  
14740965bf90927a3aaa80e4e54e297f22a18157..0085b8f727b85562e7ffd1593d9b30dfc10b2c87  
100644
--- a/src/arm/lithium-codegen-arm.cc
+++ b/src/arm/lithium-codegen-arm.cc
@@ -5356,7 +5356,8 @@ void LCodeGen::DoAllocate(LAllocate* instr) {

   if (instr->size()->IsConstantOperand()) {
     int32_t size = ToInteger32(LConstantOperand::cast(instr->size()));
-    if (size <= Page::kMaxRegularHeapObjectSize) {
+    if (static_cast<uint32_t>(size) <=
+        static_cast<uint32_t>(Page::kMaxRegularHeapObjectSize)) {
       __ Allocate(size, result, scratch, scratch2, deferred->entry(),  
flags);
     } else {
       __ jmp(deferred->entry());
Index: src/arm64/lithium-codegen-arm64.cc
diff --git a/src/arm64/lithium-codegen-arm64.cc  
b/src/arm64/lithium-codegen-arm64.cc
index  
b9b67d9bbd01b1d5a5ce108e753d64d1f6fdd6eb..b900e86a14ec75e29d459a8d492029960356e8bf  
100644
--- a/src/arm64/lithium-codegen-arm64.cc
+++ b/src/arm64/lithium-codegen-arm64.cc
@@ -1570,7 +1570,8 @@ void LCodeGen::DoAllocate(LAllocate* instr) {

   if (instr->size()->IsConstantOperand()) {
     int32_t size = ToInteger32(LConstantOperand::cast(instr->size()));
-    if (size <= Page::kMaxRegularHeapObjectSize) {
+    if (static_cast<uint32_t>(size) <=
+        static_cast<uint32_t>(Page::kMaxRegularHeapObjectSize)) {
       __ Allocate(size, result, temp1, temp2, deferred->entry(), flags);
     } else {
       __ B(deferred->entry());
Index: src/ia32/lithium-codegen-ia32.cc
diff --git a/src/ia32/lithium-codegen-ia32.cc  
b/src/ia32/lithium-codegen-ia32.cc
index  
1d7c8c1b0c6f86ab6bf716e788729f5c6f483968..b449d10aa94b6696ba4b8ca10d89278b7fe7f930  
100644
--- a/src/ia32/lithium-codegen-ia32.cc
+++ b/src/ia32/lithium-codegen-ia32.cc
@@ -5153,7 +5153,8 @@ void LCodeGen::DoAllocate(LAllocate* instr) {

   if (instr->size()->IsConstantOperand()) {
     int32_t size = ToInteger32(LConstantOperand::cast(instr->size()));
-    if (size <= Page::kMaxRegularHeapObjectSize) {
+    if (static_cast<uint32_t>(size) <=
+        static_cast<uint32_t>(Page::kMaxRegularHeapObjectSize)) {
       __ Allocate(size, result, temp, no_reg, deferred->entry(), flags);
     } else {
       __ jmp(deferred->entry());
Index: src/mips/lithium-codegen-mips.cc
diff --git a/src/mips/lithium-codegen-mips.cc  
b/src/mips/lithium-codegen-mips.cc
index  
ef72560b012553ede2f4c4a20bd041d3bb32b711..ac2783cacc47bb7c28a703f7d8cc84fb01dca377  
100644
--- a/src/mips/lithium-codegen-mips.cc
+++ b/src/mips/lithium-codegen-mips.cc
@@ -5333,7 +5333,8 @@ void LCodeGen::DoAllocate(LAllocate* instr) {
   }
   if (instr->size()->IsConstantOperand()) {
     int32_t size = ToInteger32(LConstantOperand::cast(instr->size()));
-    if (size <= Page::kMaxRegularHeapObjectSize) {
+    if (static_cast<uint32_t>(size) <=
+        static_cast<uint32_t>(Page::kMaxRegularHeapObjectSize)) {
       __ Allocate(size, result, scratch, scratch2, deferred->entry(),  
flags);
     } else {
       __ jmp(deferred->entry());
Index: src/mips64/lithium-codegen-mips64.cc
diff --git a/src/mips64/lithium-codegen-mips64.cc  
b/src/mips64/lithium-codegen-mips64.cc
index  
2ed9782ff0abd47e9d6197c48be29232a6b8ed8e..37a205d8186d785c090c9359f35860b29fb8d2b2  
100644
--- a/src/mips64/lithium-codegen-mips64.cc
+++ b/src/mips64/lithium-codegen-mips64.cc
@@ -5364,7 +5364,8 @@ void LCodeGen::DoAllocate(LAllocate* instr) {
   }
   if (instr->size()->IsConstantOperand()) {
     int32_t size = ToInteger32(LConstantOperand::cast(instr->size()));
-    if (size <= Page::kMaxRegularHeapObjectSize) {
+    if (static_cast<uint32_t>(size) <=
+        static_cast<uint32_t>(Page::kMaxRegularHeapObjectSize)) {
       __ Allocate(size, result, scratch, scratch2, deferred->entry(),  
flags);
     } else {
       __ jmp(deferred->entry());
Index: src/x64/lithium-codegen-x64.cc
diff --git a/src/x64/lithium-codegen-x64.cc b/src/x64/lithium-codegen-x64.cc
index  
1981d55f7950409248ea0dd4c9e01fc7326d4ff7..23a116d20a84779b0eaf7ac1867ecd27dcf2bd61  
100644
--- a/src/x64/lithium-codegen-x64.cc
+++ b/src/x64/lithium-codegen-x64.cc
@@ -5332,7 +5332,8 @@ void LCodeGen::DoAllocate(LAllocate* instr) {

   if (instr->size()->IsConstantOperand()) {
     int32_t size = ToInteger32(LConstantOperand::cast(instr->size()));
-    if (size <= Page::kMaxRegularHeapObjectSize) {
+    if (static_cast<uint32_t>(size) <=
+        static_cast<uint32_t>(Page::kMaxRegularHeapObjectSize)) {
       __ Allocate(size, result, temp, no_reg, deferred->entry(), flags);
     } else {
       __ jmp(deferred->entry());
Index: src/x87/lithium-codegen-x87.cc
diff --git a/src/x87/lithium-codegen-x87.cc b/src/x87/lithium-codegen-x87.cc
index  
00bbe5e72bab8245367fd7619bdd6c09b94b1414..6241edf3756d0d669d9f553d71924597160c69f1  
100644
--- a/src/x87/lithium-codegen-x87.cc
+++ b/src/x87/lithium-codegen-x87.cc
@@ -5749,7 +5749,8 @@ void LCodeGen::DoAllocate(LAllocate* instr) {

   if (instr->size()->IsConstantOperand()) {
     int32_t size = ToInteger32(LConstantOperand::cast(instr->size()));
-    if (size <= Page::kMaxRegularHeapObjectSize) {
+    if (static_cast<uint32_t>(size) <=
+        static_cast<uint32_t>(Page::kMaxRegularHeapObjectSize)) {
       __ Allocate(size, result, temp, no_reg, deferred->entry(), flags);
     } else {
       __ jmp(deferred->entry());
Index: test/mjsunit/regress/regress-412206-1.js
diff --git a/test/mjsunit/regress/regress-409533.js  
b/test/mjsunit/regress/regress-412206-1.js
similarity index 69%
copy from test/mjsunit/regress/regress-409533.js
copy to test/mjsunit/regress/regress-412206-1.js
index  
e51065e4bf43f8c8ca222c458c85a96f003996a2..051cf45665973edd45a1eb23d89565bd5d562321  
100644
--- a/test/mjsunit/regress/regress-409533.js
+++ b/test/mjsunit/regress/regress-412206-1.js
@@ -2,10 +2,10 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

-// Flags: --allow-natives-syntax
+// Flags: --allow-natives-syntax --fold-constants --always-opt

 function f() {
-  %_RegExpConstructResult(0, {}, {});
+  %_RegExpConstructResult(-10, {}, {});
 }
 f();
 f();


--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
--- 
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.