AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
b967c0d138
v8/test/mjsunit/regress/regress-1166136-0.js
Jakob Gruber 0ef84f9930 [compiler] Use StateValuesAccess to access frame state parameters 
FrameState parameters must not be iterated directly since parameters
can be encoded into StateValues (i.e. parameter i is not necessarily
InputAt(i)). Instead, they should be accessed through the
StateValuesAccess helper class.

One example:

 82: StateValues[sparse:^^^^^^](81, 31, 32, 33, 34, 35)
  81: StateValues[sparse:^^^^^^^^](110, 24, 25, 26, 27, 28, 29, 30)
  31: NumberConstant[8]
  32: NumberConstant[9]
  33: NumberConstant[10]
  34: NumberConstant[11]
  35: NumberConstant[13]

Here, node 81 holds multiple parameters. These are properly iterated
by the StateValuesAccess class.

Bug: chromium:1166136
Change-Id: I12725f83994e1c05571bcba153ff45154b16d93f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2625879
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72126}
2021-01-18 07:56:20 +00:00

42 lines
1.1 KiB
JavaScript
Raw Blame History

// Copyright 2021 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
//
// Flags: --allow-natives-syntax --opt --turbo-inlining
function main() {
function vul(arg0, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9,
arg10, arg11, arg12, arg13, arg14, arg15, arg16, arg17, arg18,
arg19, arg20, arg21, arg22, arg23, arg24, arg25, arg26,) {
let local_0 = Reflect.construct(Object,arguments,vul);
let local_1;
let local_2;
let local_3;
let local_4;
let local_5;
let local_6;
let local_7;
let local_8;
let local_9;
let local_10;
let local_11;
let local_12;
let local_13;
let local_14;
let local_15;
let local_16;
let local_17;
let local_18;
let local_19;
let local_20;
}
%PrepareFunctionForOptimization(vul);
vul(1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1,1);
}
%PrepareFunctionForOptimization(main);
main();
%OptimizeFunctionOnNextCall(main);
main();
Reference in New Issue View Git Blame Copy Permalink