[v8-dev] More -fsanitize=vptr fixes. (issue 812563002 by [email protected])

Tue, 16 Dec 2014 04:46:03 -0800 

Reviewers: Benedikt Meurer,

Description:
More -fsanitize=vptr fixes.

This actually fixes 3 different issues when accessing Operand1:

   * Object vs. HeapObject

   * Wrong defaults for equals/hash

   * silently dropping const

TEST=test/mjsunit/regress/regress-441099.js
BUG=chromium:441099
LOG=y

Please review this at https://codereview.chromium.org/812563002/

Base URL: https://chromium.googlesource.com/v8/v8.git@master

Affected files (+77, -10 lines):
  M src/compiler/arm/instruction-selector-arm.cc
  M src/compiler/arm64/instruction-selector-arm64.cc
  M src/compiler/ia32/instruction-selector-ia32.cc
  M src/compiler/instruction-selector.cc
  M src/compiler/instruction-selector-impl.h
  M src/compiler/mips/instruction-selector-mips.cc
  M src/compiler/mips64/instruction-selector-mips64.cc
  M src/compiler/operator.h
  M src/compiler/typer.cc
  M src/compiler/x64/instruction-selector-x64.cc
  A test/mjsunit/regress/regress-441099.js


Index: src/compiler/arm/instruction-selector-arm.cc
diff --git a/src/compiler/arm/instruction-selector-arm.cc b/src/compiler/arm/instruction-selector-arm.cc index 52acdc85f81d7ddf1a9921d0087ce27e1f2e652e..ef9e89ed4efa71b7bbaa51aec1c649b8980d198c 100644 
--- a/src/compiler/arm/instruction-selector-arm.cc
+++ b/src/compiler/arm/instruction-selector-arm.cc
@@ -1017,7 +1017,7 @@ void InstructionSelector::VisitFloat64RoundTiesAway(Node* node) { 

 void InstructionSelector::VisitCall(Node* node) {
   ArmOperandGenerator g(this);
-  CallDescriptor* descriptor = OpParameter<CallDescriptor*>(node);
+ const CallDescriptor* descriptor = OpParameter<const CallDescriptor*>(node); 

   FrameStateDescriptor* frame_state_descriptor = NULL;
   if (descriptor->NeedsFrameState()) {
Index: src/compiler/arm64/instruction-selector-arm64.cc
diff --git a/src/compiler/arm64/instruction-selector-arm64.cc b/src/compiler/arm64/instruction-selector-arm64.cc index 0922dace978c060e7a43e44b2b798bcb7158ca54..ee493cb75367f9b5077a262b439166383a4078a9 100644 
--- a/src/compiler/arm64/instruction-selector-arm64.cc
+++ b/src/compiler/arm64/instruction-selector-arm64.cc
@@ -1085,7 +1085,7 @@ void InstructionSelector::VisitFloat64RoundTiesAway(Node* node) { 

 void InstructionSelector::VisitCall(Node* node) {
   Arm64OperandGenerator g(this);
-  CallDescriptor* descriptor = OpParameter<CallDescriptor*>(node);
+ const CallDescriptor* descriptor = OpParameter<const CallDescriptor*>(node); 

   FrameStateDescriptor* frame_state_descriptor = NULL;
   if (descriptor->NeedsFrameState()) {
Index: src/compiler/ia32/instruction-selector-ia32.cc
diff --git a/src/compiler/ia32/instruction-selector-ia32.cc b/src/compiler/ia32/instruction-selector-ia32.cc index 6b7c01eda50ee26515b77eba417d43be0ab18c58..16063ab43b41c4b25e0618620a6f213b06985d42 100644 
--- a/src/compiler/ia32/instruction-selector-ia32.cc
+++ b/src/compiler/ia32/instruction-selector-ia32.cc
@@ -719,7 +719,7 @@ void InstructionSelector::VisitFloat64RoundTiesAway(Node* node) { 

 void InstructionSelector::VisitCall(Node* node) {
   IA32OperandGenerator g(this);
-  CallDescriptor* descriptor = OpParameter<CallDescriptor*>(node);
+ const CallDescriptor* descriptor = OpParameter<const CallDescriptor*>(node); 

   FrameStateDescriptor* frame_state_descriptor = NULL;

Index: src/compiler/instruction-selector-impl.h
diff --git a/src/compiler/instruction-selector-impl.h b/src/compiler/instruction-selector-impl.h index d1e27f0466d1c71b40913f06ec1ddcec6c304e3a..bdcd952b5f703a60aa18a4813325dd2b24ae0f91 100644 
--- a/src/compiler/instruction-selector-impl.h
+++ b/src/compiler/instruction-selector-impl.h
@@ -338,10 +338,10 @@ class FlagsContinuation FINAL {
 // TODO(bmeurer): Get rid of the CallBuffer business and make
 // InstructionSelector::VisitCall platform independent instead.
 struct CallBuffer {
-  CallBuffer(Zone* zone, CallDescriptor* descriptor,
+  CallBuffer(Zone* zone, const CallDescriptor* descriptor,
              FrameStateDescriptor* frame_state);

-  CallDescriptor* descriptor;
+  const CallDescriptor* descriptor;
   FrameStateDescriptor* frame_state_descriptor;
   NodeVector output_nodes;
   InstructionOperandVector outputs;
Index: src/compiler/instruction-selector.cc
diff --git a/src/compiler/instruction-selector.cc b/src/compiler/instruction-selector.cc index a91b7db12689f665e9884601dbbe36a5c61f3487..4f95b752bab5fe6d43b40b921363a64b74f0a4de 100644 
--- a/src/compiler/instruction-selector.cc
+++ b/src/compiler/instruction-selector.cc
@@ -298,7 +298,7 @@ void InstructionSelector::MarkAsRepresentation(MachineType rep, Node* node) { 

 // TODO(bmeurer): Get rid of the CallBuffer business and make
 // InstructionSelector::VisitCall platform independent instead.
-CallBuffer::CallBuffer(Zone* zone, CallDescriptor* d,
+CallBuffer::CallBuffer(Zone* zone, const CallDescriptor* d,
                        FrameStateDescriptor* frame_desc)
     : descriptor(d),
       frame_state_descriptor(frame_desc),
Index: src/compiler/mips/instruction-selector-mips.cc
diff --git a/src/compiler/mips/instruction-selector-mips.cc b/src/compiler/mips/instruction-selector-mips.cc index b08d0e83ae2c6357d8981b750525e608a5e845f7..0ebb3cf3e286fb34c052f532aed5731278fa8c8d 100644 
--- a/src/compiler/mips/instruction-selector-mips.cc
+++ b/src/compiler/mips/instruction-selector-mips.cc
@@ -438,7 +438,7 @@ void InstructionSelector::VisitFloat64RoundTiesAway(Node* node) { 

 void InstructionSelector::VisitCall(Node* node) {
   MipsOperandGenerator g(this);
-  CallDescriptor* descriptor = OpParameter<CallDescriptor*>(node);
+ const CallDescriptor* descriptor = OpParameter<const CallDescriptor*>(node); 

   FrameStateDescriptor* frame_state_descriptor = NULL;
   if (descriptor->NeedsFrameState()) {
Index: src/compiler/mips64/instruction-selector-mips64.cc
diff --git a/src/compiler/mips64/instruction-selector-mips64.cc b/src/compiler/mips64/instruction-selector-mips64.cc index 1d08bdf6045a897c10b17e3e74f436dd019ea916..0dba931a603c1e83f7402241003012073f15c470 100644 
--- a/src/compiler/mips64/instruction-selector-mips64.cc
+++ b/src/compiler/mips64/instruction-selector-mips64.cc
@@ -630,7 +630,7 @@ void InstructionSelector::VisitFloat64RoundTiesAway(Node* node) { 

 void InstructionSelector::VisitCall(Node* node) {
   Mips64OperandGenerator g(this);
-  CallDescriptor* descriptor = OpParameter<CallDescriptor*>(node);
+ const CallDescriptor* descriptor = OpParameter<const CallDescriptor*>(node); 

   FrameStateDescriptor* frame_state_descriptor = NULL;
   if (descriptor->NeedsFrameState()) {
Index: src/compiler/operator.h
diff --git a/src/compiler/operator.h b/src/compiler/operator.h
index d6f80ad1cf7e34affd8bc97b5ea82b2ffb220923..fb144ce896a4355a738371de31c9177a1e7f22ab 100644 
--- a/src/compiler/operator.h
+++ b/src/compiler/operator.h
@@ -172,6 +172,20 @@ inline T const& OpParameter(const Operator* op) {
   return static_cast<const Operator1<T>*>(op)->parameter();
 }
+// NOTE: We have to be careful to use the right equal/hash functions below, for 
+// float/double we always use the ones operating on the bit level.
+template <>
+inline float const& OpParameter(const Operator* op) {
+  return static_cast<const Operator1<float, base::bit_equal_to<float>,
+ base::bit_hash<float>>*>(op)->parameter(); 
+}
+
+template <>
+inline double const& OpParameter(const Operator* op) {
+  return static_cast<const Operator1<double, base::bit_equal_to<double>,
+ base::bit_hash<double>>*>(op)->parameter(); 
+}
+
 }  // namespace compiler
 }  // namespace internal
 }  // namespace v8
Index: src/compiler/typer.cc
diff --git a/src/compiler/typer.cc b/src/compiler/typer.cc
index 2ab4ab5a7283145312ee438fe5cc5e413eea2773..9101e1ddd1a5b1898aae7e69212ca4e82320628a 100644 
--- a/src/compiler/typer.cc
+++ b/src/compiler/typer.cc
@@ -626,7 +626,7 @@ Bounds Typer::Visitor::TypeNumberConstant(Node* node) {


 Bounds Typer::Visitor::TypeHeapConstant(Node* node) {
-  return Bounds(TypeConstant(OpParameter<Unique<Object> >(node).handle()));
+ return Bounds(TypeConstant(OpParameter<Unique<HeapObject> 
(node).handle()));

 }


Index: src/compiler/x64/instruction-selector-x64.cc
diff --git a/src/compiler/x64/instruction-selector-x64.cc b/src/compiler/x64/instruction-selector-x64.cc index 7ed5c08e8d0bd0442ac445f70254572312a3ef43..2dfd40134382024e3cabc88383af47dcadb29bdc 100644 
--- a/src/compiler/x64/instruction-selector-x64.cc
+++ b/src/compiler/x64/instruction-selector-x64.cc
@@ -922,7 +922,7 @@ void InstructionSelector::VisitFloat64RoundTiesAway(Node* node) { 

 void InstructionSelector::VisitCall(Node* node) {
   X64OperandGenerator g(this);
-  CallDescriptor* descriptor = OpParameter<CallDescriptor*>(node);
+ const CallDescriptor* descriptor = OpParameter<const CallDescriptor*>(node); 

   FrameStateDescriptor* frame_state_descriptor = NULL;
   if (descriptor->NeedsFrameState()) {
Index: test/mjsunit/regress/regress-441099.js
diff --git a/test/mjsunit/regress/regress-441099.js b/test/mjsunit/regress/regress-441099.js 
new file mode 100644
index 0000000000000000000000000000000000000000..63aecfd25c4e1689c83463a68a84462e9eb2295a 
--- /dev/null
+++ b/test/mjsunit/regress/regress-441099.js
@@ -0,0 +1,53 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+var Module;
+if (!Module) Module = eval('(function() { try { return Module || {} } catch(e) { return {} } })()'); 
+else if (ENVIRONMENT_IS_SHELL) {
+}
+var Runtime = {
+  stackSave: function () {
+  },
+ alignMemory: function (quantum) { var ret = size = Math.ceil()*(quantum ? quantum : 8); return ret; }} 
+function allocate() {
+}
+function callRuntimeCallbacks(callbacks) {
+    var callback = callbacks.shift();
+    var func = callback.func;
+    if (typeof func === 'number') {
+    } else {
+      func();
+    }
+}
+var __ATINIT__    = []; // functions called during startup
+function ensureInitRuntime() {
+  callRuntimeCallbacks(__ATINIT__);
+}
+/* global initializers */ __ATINIT__.push({ func: function() { runPostSets() } }); 
+    function __formatString() {
+            switch (next) {
+            }
+    }
+  var Browser={mainLoop:{queue:[],pause:function () {
+        }},moduleContextCreatedCallbacks:[],workers:[],init:function () {
+      }};
+var asm = (function() {
+  'use asm';
+function setThrew() {
+}
+function runPostSets() {
+}
+function _main() {
+}
+function _free() {
+}
+  return { runPostSets: runPostSets};
+})
+();
+var runPostSets = Module["runPostSets"] = asm["runPostSets"];
+var i64Math = (function() { // Emscripten wrapper
+  /**
+   */
+})();
+    ensureInitRuntime();


--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
--- You received this message because you are subscribed to the Google Groups "v8-dev" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to