Reviewers: Mads Ager,
Description:
Fix Smi::IsValid assert in StringCharCodeAt deferred code.
Please review this at http://codereview.chromium.org/6303013/
Affected files:
M src/arm/lithium-codegen-arm.cc
M src/ia32/lithium-codegen-ia32.cc
M test/mjsunit/string-charcodeat.js
Index: src/arm/lithium-codegen-arm.cc
diff --git a/src/arm/lithium-codegen-arm.cc b/src/arm/lithium-codegen-arm.cc
index
23bfb2144bc658088a111f6e0c235c4c123a3b1d..d9ae6527c0d6348880a551280fe3bd2dfecbafbf
100644
--- a/src/arm/lithium-codegen-arm.cc
+++ b/src/arm/lithium-codegen-arm.cc
@@ -2887,9 +2887,16 @@ void
LCodeGen::DoDeferredStringCharCodeAt(LStringCharCodeAt* instr) {
__ PushSafepointRegisters();
__ push(string);
- // Push the index as a smi.
+ // Push the index as a smi. It's safe because this instruction must
+ // be dominated by a bounds check and because of the assert.
+ STATIC_ASSERT(String::kMaxLength <= Smi::kMaxValue);
if (instr->index()->IsConstantOperand()) {
int const_index = ToInteger32(LConstantOperand::cast(instr->index()));
+ if (!Smi::IsValid(const_index)) {
+ // Guaranteed to be out of bounds, so we can use "-1" to have a
+ // valid smi.
+ const_index = -1;
+ }
__ mov(scratch, Operand(Smi::FromInt(const_index)));
__ push(scratch);
} else {
Index: src/ia32/lithium-codegen-ia32.cc
diff --git a/src/ia32/lithium-codegen-ia32.cc
b/src/ia32/lithium-codegen-ia32.cc
index
0fc3f2541b57525d1406372b82a427c10276a623..1a3a1f796283130597be024e5735d17c85857313
100644
--- a/src/ia32/lithium-codegen-ia32.cc
+++ b/src/ia32/lithium-codegen-ia32.cc
@@ -2750,9 +2750,16 @@ void
LCodeGen::DoDeferredStringCharCodeAt(LStringCharCodeAt* instr) {
__ PushSafepointRegisters();
__ push(string);
- // Push the index as a smi.
+ // Push the index as a smi. It's safe because this instruction must
+ // be dominated by a bounds check and because of the assert.
+ STATIC_ASSERT(String::kMaxLength <= Smi::kMaxValue);
if (instr->index()->IsConstantOperand()) {
int const_index = ToInteger32(LConstantOperand::cast(instr->index()));
+ if (!Smi::IsValid(const_index)) {
+ // Guaranteed to be out of bounds, so we can use "-1" to have a
+ // valid smi.
+ const_index = -1;
+ }
__ push(Immediate(Smi::FromInt(const_index)));
} else {
Register index = ToRegister(instr->index());
Index: test/mjsunit/string-charcodeat.js
diff --git a/test/mjsunit/string-charcodeat.js
b/test/mjsunit/string-charcodeat.js
index
831f688fd4538c6cbd8b13b8c29bffc6a4759e4e..fb7ab9af86c3505df9aac480e8757a7bca5789e3
100644
--- a/test/mjsunit/string-charcodeat.js
+++ b/test/mjsunit/string-charcodeat.js
@@ -153,6 +153,17 @@ TestStringType(Slice16End, true);
TestStringType(Flat16, true);
TestStringType(NotAString16, true);
+
+function ConsNotSmiIndex() {
+ var str = Cons();
+ assertTrue(isNaN(str.charCodeAt(0x7fffffff)));
+}
+
+for (var i = 0; i < 100000; i++) {
+ ConsNotSmiIndex();
+}
+
+
for (var i = 0; i != 10; i++) {
assertEquals(101, Cons16().charCodeAt(1.1));
assertEquals('e', Cons16().charAt(1.1));
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
