AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
abe61bdeac
v8/test/cctest/compiler
History
bmeurer 58ab990aa8 [turbofan] Bailout if LoadBuffer typing assumption doesn't hold. 
The LoadBuffer operator that is used for asm.js heap access claims to
return only the appropriate typed array type, but out of bounds access
could make it return undefined. So far we tried to "repair" the graph
later if we see that our assumption was wrong, and for various reasons
that worked for some time. But now that wrong type information that is
propagated earlier is picked up appropriately and thus we generate wrong
code, i.e. we in the repro case we feed NaN into ChangeFloat64Uint32 and
thus get 2147483648 instead of 0 (with proper JS truncation).

This was always considered a temporary hack until we have a proper
asm.js pipeline, but since we still run asm.js through the generic
JavaScript pipeline, we have to address this now. Quickfix is to just
bailout from the pipeline when we see that the LoadBuffer type was
wrong, i.e. the result of LoadBuffer is not properly truncated and thus
undefined or NaN would be observable.

R=mstarzinger@chromium.org, jarin@chromium.org
BUG=chromium:589792
LOG=y

Review URL: https://codereview.chromium.org/1740123002

Cr-Commit-Position: refs/heads/master@{#34322}
2016-02-26 11:06:30 +00:00
..
c-signature.h [wasm] Replace the BufferedRawMachineAssemblerTester in the WasmRunner. 2016-02-18 09:55:49 +00:00
call-tester.h [wasm] Replace the BufferedRawMachineAssemblerTester in the WasmRunner. 2016-02-18 09:55:49 +00:00
codegen-tester.cc [turbofan] Store nodes use only MachineRepresentation, not MachineType. 2015-12-11 15:34:16 +00:00
codegen-tester.h [wasm] Replace the BufferedRawMachineAssemblerTester in the WasmRunner. 2016-02-18 09:55:49 +00:00
function-tester.h Fix FunctionTester constructor from given parameter count. 2016-02-18 09:28:49 +00:00
graph-builder-tester.h [turbofan] Make MachineType a pair of enums. 2015-12-10 09:03:53 +00:00
test-basic-block-profiler.cc [turbofan] Make MachineType a pair of enums. 2015-12-10 09:03:53 +00:00
test-branch-combine.cc [turbofan] Make MachineType a pair of enums. 2015-12-10 09:03:53 +00:00
test-changes-lowering.cc Revert of [turbofan] Connect ObjectIsNumber to effect and control chains. (patchset #1 id:1 of https://codereview.chromium.org/1709093002/ ) 2016-02-19 10:13:56 +00:00
test-code-stub-assembler.cc [compiler] Extend the functionality of CodeStubAssembler 2016-02-02 09:42:54 +00:00
test-gap-resolver.cc [turbofan] Make MachineType a pair of enums. 2015-12-10 09:03:53 +00:00
test-graph-visualizer.cc [tubofan] Remove .dot output of --trace-turbo 2015-12-11 16:58:31 +00:00
test-instruction.cc Disable soon to be deprecated APIs per default for v8 2015-12-09 10:35:04 +00:00
test-js-constant-cache.cc Disable soon to be deprecated APIs per default for v8 2015-12-09 10:35:04 +00:00
test-js-context-specialization.cc Remove strong mode support from binary operations. 2016-02-16 13:55:29 +00:00
test-js-typed-lowering.cc Remove strong mode support from binary operations. 2016-02-16 13:55:29 +00:00
test-jump-threading.cc Preparing the terrain for frame elision. This change is necessary to 2016-01-28 16:15:12 +00:00
test-linkage.cc [compiler] Remove CodeStub from CompilationInfo 2016-01-20 15:18:14 +00:00
test-loop-analysis.cc [turbofan] Make MachineType a pair of enums. 2015-12-10 09:03:53 +00:00
test-loop-assignment-analysis.cc Disable soon to be deprecated APIs per default for v8 2015-12-09 10:35:04 +00:00
test-machine-operator-reducer.cc [turbofan] Store nodes use only MachineRepresentation, not MachineType. 2015-12-11 15:34:16 +00:00
test-multiple-return.cc [turbofan] Make MachineType a pair of enums. 2015-12-10 09:03:53 +00:00
test-node.cc Disable soon to be deprecated APIs per default for v8 2015-12-09 10:35:04 +00:00
test-operator.cc Disable soon to be deprecated APIs per default for v8 2015-12-09 10:35:04 +00:00
test-osr.cc [turbofan] Make MachineType a pair of enums. 2015-12-10 09:03:53 +00:00
test-pipeline.cc [interpreter] CompilationInfo::unoptimized_code only for OSR. 2016-02-10 10:28:12 +00:00
test-representation-change.cc [turbofan] Replace MachineSemantic with Type in simplified lowering. 2016-01-12 05:55:08 +00:00
test-run-bytecode-graph-builder.cc Revert of [Interpreter] Implements calls through CallICStub in the interpreter. (patchset #15 id:270001 of https://codereview.chromium.org/1688283003/ ) 2016-02-24 15:16:19 +00:00
test-run-deopt.cc [turbofan] Enable tests for throwing into deopted code. 2016-02-12 10:50:17 +00:00
test-run-inlining.cc Disable soon to be deprecated APIs per default for v8 2015-12-09 10:35:04 +00:00
test-run-intrinsics.cc [builtins] Move the Boolean constructor to C++. 2016-02-16 14:03:07 +00:00
test-run-jsbranches.cc Disable soon to be deprecated APIs per default for v8 2015-12-09 10:35:04 +00:00
test-run-jscalls.cc [builtins] Migrate a bunch of Math builtins to C++. 2016-02-25 08:07:07 +00:00
test-run-jsexceptions.cc [turbofan] Deprecate --turbo-try-finally flag. 2016-02-05 15:20:44 +00:00
test-run-jsobjects.cc Basic TurboFan support for rest arguments. 2015-12-31 11:56:39 +00:00
test-run-jsops.cc Ship ES2015 sloppy-mode const semantics 2016-01-11 23:09:59 +00:00
test-run-machops.cc X87: Change the test case for X87 RunRoundUint32ToFloat32. 2016-02-23 01:50:37 +00:00
test-run-native-calls.cc X87: Change num_double_registers() to num_allocatable_double_registers() for TestStackSlot. 2016-02-01 10:54:33 +00:00
test-run-stackcheck.cc Disable soon to be deprecated APIs per default for v8 2015-12-09 10:35:04 +00:00
test-run-stubs.cc [compiler] Remove CodeStub from CompilationInfo 2016-01-20 15:18:14 +00:00
test-run-variables.cc Ship ES2015 sloppy-mode const semantics 2016-01-11 23:09:59 +00:00
test-simplified-lowering.cc Revert of [turbofan] Connect ObjectIsNumber to effect and control chains. (patchset #1 id:1 of https://codereview.chromium.org/1709093002/ ) 2016-02-19 10:13:56 +00:00
value-helper.h [wasm] Replace the BufferedRawMachineAssemblerTester in the WasmRunner. 2016-02-18 09:55:49 +00:00