From efab0b74ddfe44ef03cad6822910f178a1055aaa Mon Sep 17 00:00:00 2001 From: bmeurer Date: Thu, 30 Jul 2015 02:16:12 -0700 Subject: [PATCH] [turbofan] Fix invalid access to Parameter index. A Parameter operator contains a ParameterInfo payload, not an int payload, so the OpParameter cast is invalid (and only worked by coincidence currently). BUG=chromium:515215 LOG=n R=yangguo@chromium.org Review URL: https://codereview.chromium.org/1266743002 Cr-Commit-Position: refs/heads/master@{#29919} --- src/compiler/typer.cc | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/compiler/typer.cc b/src/compiler/typer.cc index 3f4bd27ec..85b73c825 100644 --- a/src/compiler/typer.cc +++ b/src/compiler/typer.cc @@ -7,6 +7,7 @@ #include "src/base/flags.h" #include "src/base/lazy-instance.h" #include "src/bootstrapper.h" +#include "src/compiler/common-operator.h" #include "src/compiler/graph-reducer.h" #include "src/compiler/js-operator.h" #include "src/compiler/node.h" @@ -571,11 +572,11 @@ Bounds Typer::Visitor::TypeIfException(Node* node) { Bounds Typer::Visitor::TypeParameter(Node* node) { - int param = OpParameter(node); - Type::FunctionType* function_type = typer_->function_type(); - if (function_type != nullptr && param >= 0 && - param < static_cast(function_type->Arity())) { - return Bounds(Type::None(), function_type->Parameter(param)); + if (Type::FunctionType* function_type = typer_->function_type()) { + int const index = ParameterIndexOf(node->op()); + if (index >= 0 && index < function_type->Arity()) { + return Bounds(Type::None(), function_type->Parameter(index)); + } } return Bounds::Unbounded(zone()); } -- 2.34.1