diff options
author | Michal Klocek <michal.klocek@qt.io> | 2018-06-08 09:35:48 +0200 |
---|---|---|
committer | Michal Klocek <michal.klocek@qt.io> | 2018-06-15 07:47:20 +0000 |
commit | bad02200c68d7e0c758dc4f1805e58d0e03fdea9 (patch) | |
tree | 36f303a1449ecad555b632567715a946a3e19758 | |
parent | 8cc9828a5ef78925f48d62a93d3e466435cb9cd6 (diff) |
Merged: Reland "[csa] Ensure the requested allocation size fits in a Smi"
This is a reland of 515cc07d28879265d08ab540b570ebfda75f7322
Original change's description:
> [csa] Ensure the requested allocation size fits in a Smi
>
> In CSA::AllocateRaw, ensure that the given allocation size fits into a
> Smi.
Bug: chromium:848672
Reviewed-on: https://chromium-review.googlesource.com/1086828
Change-Id: If6841a27ab2217b04bc51cc573e77d596f10b0e6
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
-rw-r--r-- | chromium/v8/src/code-stub-assembler.cc | 25 | ||||
-rw-r--r-- | chromium/v8/src/code-stub-assembler.h | 4 |
2 files changed, 29 insertions, 0 deletions
diff --git a/chromium/v8/src/code-stub-assembler.cc b/chromium/v8/src/code-stub-assembler.cc index 2027d208abc..5f73c515b2f 100644 --- a/chromium/v8/src/code-stub-assembler.cc +++ b/chromium/v8/src/code-stub-assembler.cc @@ -509,6 +509,18 @@ TNode<Smi> CodeStubAssembler::SmiFromWord32(SloppyTNode<Int32T> value) { WordShl(value_intptr, SmiShiftBitsConstant())); } +TNode<BoolT> CodeStubAssembler::IsValidPositiveSmi(TNode<IntPtrT> value) { + intptr_t constant_value; + if (ToIntPtrConstant(value, constant_value)) { + return (static_cast<uintptr_t>(constant_value) <= + static_cast<uintptr_t>(Smi::kMaxValue)) + ? ReinterpretCast<BoolT>(Int32Constant(1)) + : ReinterpretCast<BoolT>(Int32Constant(0)); + } + + return UintPtrLessThanOrEqual(value, IntPtrConstant(Smi::kMaxValue)); +} + TNode<Smi> CodeStubAssembler::SmiTag(SloppyTNode<IntPtrT> value) { int32_t constant_value; if (ToInt32Constant(value, constant_value) && Smi::IsValid(constant_value)) { @@ -911,6 +923,19 @@ void CodeStubAssembler::GotoIfForceSlowPath(Label* if_true) { Node* CodeStubAssembler::AllocateRaw(Node* size_in_bytes, AllocationFlags flags, Node* top_address, Node* limit_address) { + // TODO(jgruber, chromium:848672): TNodeify AllocateRaw. + // TODO(jgruber, chromium:848672): Call FatalProcessOutOfMemory if this fails. + { + intptr_t constant_value; + if (ToIntPtrConstant(size_in_bytes, constant_value)) { + CHECK(Internals::IsValidSmi(constant_value)); + CHECK_GT(constant_value, 0); + } else { + CSA_CHECK(this, + IsValidPositiveSmi(UncheckedCast<IntPtrT>(size_in_bytes))); + } + } + Node* top = Load(MachineType::Pointer(), top_address); Node* limit = Load(MachineType::Pointer(), limit_address); diff --git a/chromium/v8/src/code-stub-assembler.h b/chromium/v8/src/code-stub-assembler.h index 0dd7a35c4a0..ef5574c28c2 100644 --- a/chromium/v8/src/code-stub-assembler.h +++ b/chromium/v8/src/code-stub-assembler.h @@ -223,6 +223,10 @@ class V8_EXPORT_PRIVATE CodeStubAssembler : public compiler::CodeAssembler { // Select the minimum of the two provided Number values. TNode<Object> NumberMin(SloppyTNode<Object> left, SloppyTNode<Object> right); + + // Returns true iff the given value fits into smi range and is >= 0. + TNode<BoolT> IsValidPositiveSmi(TNode<IntPtrT> value); + // Tag a Word as a Smi value. TNode<Smi> SmiTag(SloppyTNode<IntPtrT> value); // Untag a Smi value as a Word. |