From: vitalyr@chromium.org Date: Fri, 21 Jan 2011 08:30:13 +0000 (+0000) Subject: Fix Smi::IsValid assert in StringCharCodeAt deferred code. X-Git-Tag: upstream/4.7.83~20488 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=7d96f2d40fd456e7a3313307ae6f23d2485c93ba;p=platform%2Fupstream%2Fv8.git Fix Smi::IsValid assert in StringCharCodeAt deferred code. Review URL: http://codereview.chromium.org/6303013 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6424 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- diff --git a/src/arm/lithium-codegen-arm.cc b/src/arm/lithium-codegen-arm.cc index 2d1e7ba..425eaea 100644 --- a/src/arm/lithium-codegen-arm.cc +++ b/src/arm/lithium-codegen-arm.cc @@ -2821,20 +2821,31 @@ void LCodeGen::DoStringCharCodeAt(LStringCharCodeAt* instr) { LStringCharCodeAt* instr_; }; - DeferredStringCharCodeAt* deferred - = new DeferredStringCharCodeAt(this, instr); - Register scratch = scratch0(); Register string = ToRegister(instr->string()); Register index = no_reg; int const_index = -1; if (instr->index()->IsConstantOperand()) { const_index = ToInteger32(LConstantOperand::cast(instr->index())); + STATIC_ASSERT(String::kMaxLength <= Smi::kMaxValue); + if (!Smi::IsValid(const_index)) { + // Guaranteed to be out of bounds because of the assert above. + // So the bounds check that must dominate this instruction must + // have deoptimized already. + if (FLAG_debug_code) { + __ Abort("StringCharCodeAt: out of bounds index."); + } + // No code needs to be generated. + return; + } } else { index = ToRegister(instr->index()); } Register result = ToRegister(instr->result()); + DeferredStringCharCodeAt* deferred = + new DeferredStringCharCodeAt(this, instr); + Label flat_string, ascii_string, done; // Fetch the instance type of the receiver into result register. @@ -2918,7 +2929,8 @@ void LCodeGen::DoDeferredStringCharCodeAt(LStringCharCodeAt* instr) { __ PushSafepointRegisters(); __ push(string); - // Push the index as a smi. + // Push the index as a smi. This is safe because of the checks in + // DoStringCharCodeAt above. if (instr->index()->IsConstantOperand()) { int const_index = ToInteger32(LConstantOperand::cast(instr->index())); __ mov(scratch, Operand(Smi::FromInt(const_index))); diff --git a/src/ia32/lithium-codegen-ia32.cc b/src/ia32/lithium-codegen-ia32.cc index 0fc3f25..3bfb10f 100644 --- a/src/ia32/lithium-codegen-ia32.cc +++ b/src/ia32/lithium-codegen-ia32.cc @@ -2656,19 +2656,30 @@ void LCodeGen::DoStringCharCodeAt(LStringCharCodeAt* instr) { LStringCharCodeAt* instr_; }; - DeferredStringCharCodeAt* deferred - = new DeferredStringCharCodeAt(this, instr); - Register string = ToRegister(instr->string()); Register index = no_reg; int const_index = -1; if (instr->index()->IsConstantOperand()) { const_index = ToInteger32(LConstantOperand::cast(instr->index())); + STATIC_ASSERT(String::kMaxLength <= Smi::kMaxValue); + if (!Smi::IsValid(const_index)) { + // Guaranteed to be out of bounds because of the assert above. + // So the bounds check that must dominate this instruction must + // have deoptimized already. + if (FLAG_debug_code) { + __ Abort("StringCharCodeAt: out of bounds index."); + } + // No code needs to be generated. + return; + } } else { index = ToRegister(instr->index()); } Register result = ToRegister(instr->result()); + DeferredStringCharCodeAt* deferred = + new DeferredStringCharCodeAt(this, instr); + NearLabel flat_string, ascii_string, done; // Fetch the instance type of the receiver into result register. @@ -2750,7 +2761,9 @@ void LCodeGen::DoDeferredStringCharCodeAt(LStringCharCodeAt* instr) { __ PushSafepointRegisters(); __ push(string); - // Push the index as a smi. + // Push the index as a smi. This is safe because of the checks in + // DoStringCharCodeAt above. + STATIC_ASSERT(String::kMaxLength <= Smi::kMaxValue); if (instr->index()->IsConstantOperand()) { int const_index = ToInteger32(LConstantOperand::cast(instr->index())); __ push(Immediate(Smi::FromInt(const_index))); diff --git a/test/mjsunit/string-charcodeat.js b/test/mjsunit/string-charcodeat.js index 831f688..fb7ab9a 100644 --- a/test/mjsunit/string-charcodeat.js +++ b/test/mjsunit/string-charcodeat.js @@ -153,6 +153,17 @@ TestStringType(Slice16End, true); TestStringType(Flat16, true); TestStringType(NotAString16, true); + +function ConsNotSmiIndex() { + var str = Cons(); + assertTrue(isNaN(str.charCodeAt(0x7fffffff))); +} + +for (var i = 0; i < 100000; i++) { + ConsNotSmiIndex(); +} + + for (var i = 0; i != 10; i++) { assertEquals(101, Cons16().charCodeAt(1.1)); assertEquals('e', Cons16().charAt(1.1));