[v8-dev] [v8] r6424 committed - Fix Smi::IsValid assert in StringCharCodeAt deferred code....

Fri, 21 Jan 2011 00:30:51 -0800 

Revision: 6424
Author: [email protected]
Date: Fri Jan 21 00:30:13 2011
Log: Fix Smi::IsValid assert in StringCharCodeAt deferred code.

Review URL: http://codereview.chromium.org/6303013
http://code.google.com/p/v8/source/detail?r=6424

Modified:
 /branches/bleeding_edge/src/arm/lithium-codegen-arm.cc
 /branches/bleeding_edge/src/ia32/lithium-codegen-ia32.cc
 /branches/bleeding_edge/test/mjsunit/string-charcodeat.js

=======================================
--- /branches/bleeding_edge/src/arm/lithium-codegen-arm.cc Thu Jan 20 09:42:29 2011 +++ /branches/bleeding_edge/src/arm/lithium-codegen-arm.cc Fri Jan 21 00:30:13 2011 
@@ -2821,20 +2821,31 @@
     LStringCharCodeAt* instr_;
   };

-  DeferredStringCharCodeAt* deferred
-      = new DeferredStringCharCodeAt(this, instr);
-
   Register scratch = scratch0();
   Register string = ToRegister(instr->string());
   Register index = no_reg;
   int const_index = -1;
   if (instr->index()->IsConstantOperand()) {
     const_index = ToInteger32(LConstantOperand::cast(instr->index()));
+    STATIC_ASSERT(String::kMaxLength <= Smi::kMaxValue);
+    if (!Smi::IsValid(const_index)) {
+      // Guaranteed to be out of bounds because of the assert above.
+      // So the bounds check that must dominate this instruction must
+      // have deoptimized already.
+      if (FLAG_debug_code) {
+        __ Abort("StringCharCodeAt: out of bounds index.");
+      }
+      // No code needs to be generated.
+      return;
+    }
   } else {
     index = ToRegister(instr->index());
   }
   Register result = ToRegister(instr->result());

+  DeferredStringCharCodeAt* deferred =
+      new DeferredStringCharCodeAt(this, instr);
+
   Label flat_string, ascii_string, done;

   // Fetch the instance type of the receiver into result register.
@@ -2918,7 +2929,8 @@

   __ PushSafepointRegisters();
   __ push(string);
-  // Push the index as a smi.
+  // Push the index as a smi. This is safe because of the checks in
+  // DoStringCharCodeAt above.
   if (instr->index()->IsConstantOperand()) {
     int const_index = ToInteger32(LConstantOperand::cast(instr->index()));
     __ mov(scratch, Operand(Smi::FromInt(const_index)));
=======================================
--- /branches/bleeding_edge/src/ia32/lithium-codegen-ia32.cc Thu Jan 20 06:20:54 2011 +++ /branches/bleeding_edge/src/ia32/lithium-codegen-ia32.cc Fri Jan 21 00:30:13 2011 
@@ -2656,19 +2656,30 @@
     LStringCharCodeAt* instr_;
   };

-  DeferredStringCharCodeAt* deferred
-      = new DeferredStringCharCodeAt(this, instr);
-
   Register string = ToRegister(instr->string());
   Register index = no_reg;
   int const_index = -1;
   if (instr->index()->IsConstantOperand()) {
     const_index = ToInteger32(LConstantOperand::cast(instr->index()));
+    STATIC_ASSERT(String::kMaxLength <= Smi::kMaxValue);
+    if (!Smi::IsValid(const_index)) {
+      // Guaranteed to be out of bounds because of the assert above.
+      // So the bounds check that must dominate this instruction must
+      // have deoptimized already.
+      if (FLAG_debug_code) {
+        __ Abort("StringCharCodeAt: out of bounds index.");
+      }
+      // No code needs to be generated.
+      return;
+    }
   } else {
     index = ToRegister(instr->index());
   }
   Register result = ToRegister(instr->result());

+  DeferredStringCharCodeAt* deferred =
+      new DeferredStringCharCodeAt(this, instr);
+
   NearLabel flat_string, ascii_string, done;

   // Fetch the instance type of the receiver into result register.
@@ -2750,7 +2761,9 @@

   __ PushSafepointRegisters();
   __ push(string);
-  // Push the index as a smi.
+  // Push the index as a smi. This is safe because of the checks in
+  // DoStringCharCodeAt above.
+  STATIC_ASSERT(String::kMaxLength <= Smi::kMaxValue);
   if (instr->index()->IsConstantOperand()) {
     int const_index = ToInteger32(LConstantOperand::cast(instr->index()));
     __ push(Immediate(Smi::FromInt(const_index)));
=======================================
--- /branches/bleeding_edge/test/mjsunit/string-charcodeat.js Tue Dec 7 03:01:02 2010 +++ /branches/bleeding_edge/test/mjsunit/string-charcodeat.js Fri Jan 21 00:30:13 2011 
@@ -153,6 +153,17 @@
 TestStringType(Flat16, true);
 TestStringType(NotAString16, true);

+
+function ConsNotSmiIndex() {
+  var str = Cons();
+  assertTrue(isNaN(str.charCodeAt(0x7fffffff)));
+}
+
+for (var i = 0; i < 100000; i++) {
+  ConsNotSmiIndex();
+}
+
+
 for (var i = 0; i != 10; i++) {
   assertEquals(101, Cons16().charCodeAt(1.1));
   assertEquals('e', Cons16().charAt(1.1));

--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

Reply via email to