Reviewers: Benedikt Meurer,
Description:
Read all integer op parameters using a signed integer type.
The code was previously reading unsigned integers by performing an invalid
cast
of Operator1<intNN_t> objects to Operator1<uintNN_t> and reading the integer
directly. To fix the invalid cast, we cast to the correct type and
static_cast
the integer to uintNN_t, which is a no-op on every reasonable target.
Cleanup for cfi_vptr=1; see
https://www.chromium.org/developers/testing/control-flow-integrity
BUG=chromium:457523
[email protected]
Please review this at https://codereview.chromium.org/1310633004/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+17, -5 lines):
M src/compiler/node-matchers.h
M src/compiler/representation-change.h
Index: src/compiler/node-matchers.h
diff --git a/src/compiler/node-matchers.h b/src/compiler/node-matchers.h
index
d543425fca48606a0947291dc13bda6ecaa1c9cd..749b03cc2d670bba300f6f701a2392ac4e4f3766
100644
--- a/src/compiler/node-matchers.h
+++ b/src/compiler/node-matchers.h
@@ -77,6 +77,18 @@ struct ValueMatcher : public NodeMatcher {
template <>
+inline ValueMatcher<uint32_t, IrOpcode::kInt32Constant>::ValueMatcher(
+ Node* node)
+ : NodeMatcher(node),
+ value_(),
+ has_value_(opcode() == IrOpcode::kInt32Constant) {
+ if (has_value_) {
+ value_ = static_cast<uint32_t>(OpParameter<int32_t>(node));
+ }
+}
+
+
+template <>
inline ValueMatcher<int64_t, IrOpcode::kInt64Constant>::ValueMatcher(Node*
node)
: NodeMatcher(node), value_(), has_value_(false) {
if (opcode() == IrOpcode::kInt32Constant) {
@@ -94,10 +106,10 @@ inline ValueMatcher<uint64_t,
IrOpcode::kInt64Constant>::ValueMatcher(
Node* node)
: NodeMatcher(node), value_(), has_value_(false) {
if (opcode() == IrOpcode::kInt32Constant) {
- value_ = OpParameter<uint32_t>(node);
+ value_ = static_cast<uint32_t>(OpParameter<int32_t>(node));
has_value_ = true;
} else if (opcode() == IrOpcode::kInt64Constant) {
- value_ = OpParameter<uint64_t>(node);
+ value_ = static_cast<uint64_t>(OpParameter<int64_t>(node));
has_value_ = true;
}
}
Index: src/compiler/representation-change.h
diff --git a/src/compiler/representation-change.h
b/src/compiler/representation-change.h
index
9538684af2339a20033d12fdad3c45d72872da41..ffb86d16a26709d657296ab749f9ee50716566e0
100644
--- a/src/compiler/representation-change.h
+++ b/src/compiler/representation-change.h
@@ -75,7 +75,7 @@ class RepresentationChanger {
return node; // No change necessary.
case IrOpcode::kInt32Constant:
if (output_type & kTypeUint32) {
- uint32_t value = OpParameter<uint32_t>(node);
+ uint32_t value =
static_cast<uint32_t>(OpParameter<int32_t>(node));
return jsgraph()->Constant(static_cast<double>(value));
} else if (output_type & kTypeInt32) {
int32_t value = OpParameter<int32_t>(node);
@@ -125,7 +125,7 @@ class RepresentationChanger {
DoubleToFloat32(OpParameter<double>(node)));
case IrOpcode::kInt32Constant:
if (output_type & kTypeUint32) {
- uint32_t value = OpParameter<uint32_t>(node);
+ uint32_t value =
static_cast<uint32_t>(OpParameter<int32_t>(node));
return jsgraph()->Float32Constant(static_cast<float>(value));
} else {
int32_t value = OpParameter<int32_t>(node);
@@ -169,7 +169,7 @@ class RepresentationChanger {
return jsgraph()->Float64Constant(OpParameter<double>(node));
case IrOpcode::kInt32Constant:
if (output_type & kTypeUint32) {
- uint32_t value = OpParameter<uint32_t>(node);
+ uint32_t value =
static_cast<uint32_t>(OpParameter<int32_t>(node));
return jsgraph()->Float64Constant(static_cast<double>(value));
} else {
int32_t value = OpParameter<int32_t>(node);
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
