Revision: 20458
Author: [email protected]
Date: Thu Apr 3 07:04:46 2014 UTC
Log: Check in Lithium that allocation size in Smi range.
This is to avoid triggering an assertion from Smi::FromInt. The
generated code is unreachable, so it is not a real bug.
[email protected]
BUG=
Review URL: https://codereview.chromium.org/221743005
http://code.google.com/p/v8/source/detail?r=20458
Added:
/branches/bleeding_edge/test/mjsunit/regress/regress-alloc-smi-check.js
Modified:
/branches/bleeding_edge/src/arm/lithium-codegen-arm.cc
/branches/bleeding_edge/src/ia32/lithium-codegen-ia32.cc
=======================================
--- /dev/null
+++ /branches/bleeding_edge/test/mjsunit/regress/regress-alloc-smi-check.js
Thu Apr 3 07:04:46 2014 UTC
@@ -0,0 +1,16 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax
+
+var x = {};
+
+function f(a) {
+ a[200000000] = x;
+}
+
+f(new Array(100000));
+f([]);
+%OptimizeFunctionOnNextCall(f);
+f([]);
=======================================
--- /branches/bleeding_edge/src/arm/lithium-codegen-arm.cc Wed Apr 2
11:30:13 2014 UTC
+++ /branches/bleeding_edge/src/arm/lithium-codegen-arm.cc Thu Apr 3
07:04:46 2014 UTC
@@ -5358,7 +5358,13 @@
__ push(size);
} else {
int32_t size = ToInteger32(LConstantOperand::cast(instr->size()));
- __ Push(Smi::FromInt(size));
+ if (size >= 0 && size <= Smi::kMaxValue) {
+ __ Push(Smi::FromInt(size));
+ } else {
+ // We should never get here at runtime => abort
+ __ stop("invalid allocation size");
+ return;
+ }
}
int flags = AllocateDoubleAlignFlag::encode(
=======================================
--- /branches/bleeding_edge/src/ia32/lithium-codegen-ia32.cc Wed Apr 2
11:30:13 2014 UTC
+++ /branches/bleeding_edge/src/ia32/lithium-codegen-ia32.cc Thu Apr 3
07:04:46 2014 UTC
@@ -5952,7 +5952,13 @@
__ push(size);
} else {
int32_t size = ToInteger32(LConstantOperand::cast(instr->size()));
- __ push(Immediate(Smi::FromInt(size)));
+ if (size >= 0 && size <= Smi::kMaxValue) {
+ __ push(Immediate(Smi::FromInt(size)));
+ } else {
+ // We should never get here at runtime => abort
+ __ int3();
+ return;
+ }
}
int flags = AllocateDoubleAlignFlag::encode(
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
