[v8-dev] [v8] r6750 committed - Merge revisions 6742 and 6745 to the 3.0 branch....

Fri, 11 Feb 2011 05:25:14 -0800 

Revision: 6750
Author: [email protected]
Date: Fri Feb 11 05:22:38 2011
Log: Merge revisions 6742 and 6745 to the 3.0 branch.

These fix a pair of bugs that could potentially crash the VM.

Review URL: http://codereview.chromium.org/6489029
http://code.google.com/p/v8/source/detail?r=6750

Modified:
 /branches/3.0/src/arm/full-codegen-arm.cc
 /branches/3.0/src/hydrogen-instructions.h
 /branches/3.0/src/hydrogen.cc
 /branches/3.0/src/ia32/full-codegen-ia32.cc
 /branches/3.0/src/version.cc
 /branches/3.0/src/x64/full-codegen-x64.cc

=======================================
--- /branches/3.0/src/arm/full-codegen-arm.cc   Wed Feb  9 23:21:03 2011
+++ /branches/3.0/src/arm/full-codegen-arm.cc   Fri Feb 11 05:22:38 2011
@@ -2988,26 +2988,30 @@
         // Result of deleting non-global, non-dynamic variables is false.
         // The subexpression does not have side effects.
         context()->Plug(false);
-      } else {
-        // Property or variable reference.  Call the delete builtin with
-        // object and property name as arguments.
-        if (prop != NULL) {
+      } else if (prop != NULL) {
+        if (prop->is_synthetic()) {
+          // Result of deleting parameters is false, even when they rewrite
+          // to accesses on the arguments object.
+          context()->Plug(false);
+        } else {
           VisitForStackValue(prop->obj());
           VisitForStackValue(prop->key());
           __ InvokeBuiltin(Builtins::DELETE, CALL_JS);
-        } else if (var->is_global()) {
-          __ ldr(r1, GlobalObjectOperand());
-          __ mov(r0, Operand(var->name()));
-          __ Push(r1, r0);
-          __ InvokeBuiltin(Builtins::DELETE, CALL_JS);
-        } else {
-          // Non-global variable.  Call the runtime to delete from the
-          // context where the variable was introduced.
-          __ push(context_register());
-          __ mov(r2, Operand(var->name()));
-          __ push(r2);
-          __ CallRuntime(Runtime::kDeleteContextSlot, 2);
-        }
+          context()->Plug(r0);
+        }
+      } else if (var->is_global()) {
+        __ ldr(r1, GlobalObjectOperand());
+        __ mov(r0, Operand(var->name()));
+        __ Push(r1, r0);
+        __ InvokeBuiltin(Builtins::DELETE, CALL_JS);
+        context()->Plug(r0);
+      } else {
+        // Non-global variable.  Call the runtime to try to delete from the
+        // context where the variable was introduced.
+        __ push(context_register());
+        __ mov(r2, Operand(var->name()));
+        __ push(r2);
+        __ CallRuntime(Runtime::kDeleteContextSlot, 2);
         context()->Plug(r0);
       }
       break;
=======================================
--- /branches/3.0/src/hydrogen-instructions.h   Wed Feb  9 23:21:03 2011
+++ /branches/3.0/src/hydrogen-instructions.h   Fri Feb 11 05:22:38 2011
@@ -2041,7 +2041,11 @@
   }

   void SetInputRepresentation(Representation r);
-  virtual bool EmitAtUses() const { return uses()->length() <= 1; }
+
+  virtual bool EmitAtUses() const {
+    return !HasSideEffects() && (uses()->length() <= 1);
+  }
+
   virtual Representation RequiredInputRepresentation(int index) const {
     return input_representation_;
   }
@@ -2079,7 +2083,10 @@
     SetFlag(kUseGVN);
   }

-  virtual bool EmitAtUses() const { return uses()->length() <= 1; }
+  virtual bool EmitAtUses() const {
+    return !HasSideEffects() && (uses()->length() <= 1);
+  }
+
   virtual Representation RequiredInputRepresentation(int index) const {
     return Representation::Tagged();
   }
@@ -2098,7 +2105,11 @@
     set_representation(Representation::Tagged());
     SetFlag(kUseGVN);
   }
-  virtual bool EmitAtUses() const { return uses()->length() <= 1; }
+
+  virtual bool EmitAtUses() const {
+    return !HasSideEffects() && (uses()->length() <= 1);
+  }
+
   virtual Representation RequiredInputRepresentation(int index) const {
     return Representation::Tagged();
   }
@@ -2237,7 +2248,9 @@
     SetAllSideEffects();
   }

-  virtual bool EmitAtUses() const { return uses()->length() <= 1; }
+  virtual bool EmitAtUses() const {
+    return !HasSideEffects() && (uses()->length() <= 1);
+  }

   virtual Representation RequiredInputRepresentation(int index) const {
     return Representation::Tagged();
=======================================
--- /branches/3.0/src/hydrogen.cc       Fri Feb 11 01:02:40 2011
+++ /branches/3.0/src/hydrogen.cc       Fri Feb 11 05:22:38 2011
@@ -4571,12 +4571,18 @@
       // The subexpression does not have side effects.
       ast_context()->ReturnValue(graph()->GetConstantFalse());
     } else if (prop != NULL) {
-      VISIT_FOR_VALUE(prop->obj());
-      VISIT_FOR_VALUE(prop->key());
-      HValue* key = Pop();
-      HValue* obj = Pop();
-      ast_context()->ReturnInstruction(new HDeleteProperty(obj, key),
-                                       expr->id());
+      if (prop->is_synthetic()) {
+        // Result of deleting parameters is false, even when they rewrite
+        // to accesses on the arguments object.
+        ast_context()->ReturnValue(graph()->GetConstantFalse());
+      } else {
+        VISIT_FOR_VALUE(prop->obj());
+        VISIT_FOR_VALUE(prop->key());
+        HValue* key = Pop();
+        HValue* obj = Pop();
+        HDeleteProperty* instr = new HDeleteProperty(obj, key);
+        ast_context()->ReturnInstruction(instr, expr->id());
+      }
     } else if (var->is_global()) {
       BAILOUT("delete with global variable");
     } else {
=======================================
--- /branches/3.0/src/ia32/full-codegen-ia32.cc Wed Feb  9 23:21:03 2011
+++ /branches/3.0/src/ia32/full-codegen-ia32.cc Fri Feb 11 05:22:38 2011
@@ -3694,24 +3694,28 @@
         // Result of deleting non-global, non-dynamic variables is false.
         // The subexpression does not have side effects.
         context()->Plug(false);
-      } else {
-        // Property or variable reference.  Call the delete builtin with
-        // object and property name as arguments.
-        if (prop != NULL) {
+      } else if (prop != NULL) {
+        if (prop->is_synthetic()) {
+          // Result of deleting parameters is false, even when they rewrite
+          // to accesses on the arguments object.
+          context()->Plug(false);
+        } else {
           VisitForStackValue(prop->obj());
           VisitForStackValue(prop->key());
           __ InvokeBuiltin(Builtins::DELETE, CALL_FUNCTION);
-        } else if (var->is_global()) {
-          __ push(GlobalObjectOperand());
-          __ push(Immediate(var->name()));
-          __ InvokeBuiltin(Builtins::DELETE, CALL_FUNCTION);
-        } else {
-          // Non-global variable.  Call the runtime to delete from the
-          // context where the variable was introduced.
-          __ push(context_register());
-          __ push(Immediate(var->name()));
-          __ CallRuntime(Runtime::kDeleteContextSlot, 2);
-        }
+          context()->Plug(eax);
+        }
+      } else if (var->is_global()) {
+        __ push(GlobalObjectOperand());
+        __ push(Immediate(var->name()));
+        __ InvokeBuiltin(Builtins::DELETE, CALL_FUNCTION);
+        context()->Plug(eax);
+      } else {
+        // Non-global variable.  Call the runtime to try to delete from the
+        // context where the variable was introduced.
+        __ push(context_register());
+        __ push(Immediate(var->name()));
+        __ CallRuntime(Runtime::kDeleteContextSlot, 2);
         context()->Plug(eax);
       }
       break;
=======================================
--- /branches/3.0/src/version.cc        Fri Feb 11 01:37:16 2011
+++ /branches/3.0/src/version.cc        Fri Feb 11 05:22:38 2011
@@ -35,7 +35,7 @@
 #define MAJOR_VERSION     3
 #define MINOR_VERSION     0
 #define BUILD_NUMBER      12
-#define PATCH_LEVEL       17
+#define PATCH_LEVEL       18
 #define CANDIDATE_VERSION false

 // Define SONAME to have the SCons build the put a specific SONAME into the
=======================================
--- /branches/3.0/src/x64/full-codegen-x64.cc   Wed Feb  9 23:21:03 2011
+++ /branches/3.0/src/x64/full-codegen-x64.cc   Fri Feb 11 05:22:38 2011
@@ -3005,24 +3005,28 @@
         // Result of deleting non-global, non-dynamic variables is false.
         // The subexpression does not have side effects.
         context()->Plug(false);
-      } else {
-        // Property or variable reference.  Call the delete builtin with
-        // object and property name as arguments.
-        if (prop != NULL) {
+      } else if (prop != NULL) {
+        if (prop->is_synthetic()) {
+          // Result of deleting parameters is false, even when they rewrite
+          // to accesses on the arguments object.
+          context()->Plug(false);
+        } else {
           VisitForStackValue(prop->obj());
           VisitForStackValue(prop->key());
           __ InvokeBuiltin(Builtins::DELETE, CALL_FUNCTION);
-        } else if (var->is_global()) {
-          __ push(GlobalObjectOperand());
-          __ Push(var->name());
-          __ InvokeBuiltin(Builtins::DELETE, CALL_FUNCTION);
-        } else {
-          // Non-global variable.  Call the runtime to delete from the
-          // context where the variable was introduced.
-          __ push(context_register());
-          __ Push(var->name());
-          __ CallRuntime(Runtime::kDeleteContextSlot, 2);
-        }
+          context()->Plug(rax);
+        }
+      } else if (var->is_global()) {
+        __ push(GlobalObjectOperand());
+        __ Push(var->name());
+        __ InvokeBuiltin(Builtins::DELETE, CALL_FUNCTION);
+        context()->Plug(rax);
+      } else {
+        // Non-global variable.  Call the runtime to try to delete from the
+        // context where the variable was introduced.
+        __ push(context_register());
+        __ Push(var->name());
+        __ CallRuntime(Runtime::kDeleteContextSlot, 2);
         context()->Plug(rax);
       }
       break;

--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

Reply via email to